prodverdict.yml reference

Config file at your repo root. version must be 1.

Minimal access contract

version: 1
contracts:
  - type: access
    source_of_truth: stripe
    database:
      url_env: DATABASE_URL
      users_table: users
      columns:
        id: id
        stripe_customer_id: stripe_customer_id
        has_paid_access: has_paid_access
        plan: plan
    stripe:
      secret_env: STRIPE_SECRET_KEY
    plans:
      price_1ABCxxxPro: pro
      price_1ABCxxxStarter: starter
    severity: high

Add config contract

  - type: config
    env_example: .env.example
    scan_globs:
      - "**/*.{ts,tsx,js,jsx}"
    severity: medium

Add migration contract

  - type: migration
    paths:
      - prisma/migrations/**/*.sql
      - drizzle/**/*.sql
    severity: high

Other contract types (v0.9)

Add boundary, webhook, or restore blocks to contracts as needed. See the public SDK examples and production contracts for field shapes.

Common fields

Field	Description
`type`	`access` \| `config` \| `migration` \| `boundary` \| `webhook` \| `restore`
`severity`	Default severity for findings: `high` \| `medium` \| `low`
`fix`	Optional default remediation hint for agents

Validate

npx prodverdict validate --config prodverdict.yml

See contract-specific pages for rule details.

Minimal access contract​

Add config contract​

Add migration contract​

Other contract types (v0.9)​

Common fields​

Validate​