How checks run
Evaluation flow
- Load
prodverdict.ymland validate schema (version: 1). - Collect observations — read-only Stripe/Paddle API, read-only DB, repo files, or fixtures.
- Apply rules — deterministic comparisons; no LLM.
- Emit findings —
{ contract, severity, entity, message, fix? }. - Compute verdict —
pass|warn|failfrom highest severity.
Where secrets run
| Contract | Credentials | Where |
|---|---|---|
| Access | STRIPE_SECRET_KEY, DATABASE_URL | Your laptop or CI only |
| Config | Repo files + optional env | CI / local |
| Migration | SQL files in repo | CI / local |
| Remote MCP | GitHub App token | ProdVerdict cloud reads repo files only |
ProdVerdict cloud stores verdict metadata — never subscription rows or PII from your database.
Fixture mode
--fixtures loads JSON from fixtures/ or --fixtures-dir instead of live APIs. Use for demos, unit-style runs, and agent onboarding without credentials.
Phase order
When running multiple contracts, evaluate in this order: Access → Config → Migration → Boundary → Webhook → Restore.
npx prodverdict check all