# Promotion and Sync (GitOps)

Staging to validated to production promotion for directory and routing artifacts, with signed bundles and CLI workflows.

## Model

- **Staging:** Editable branch or workspace where artifacts (participant/endpoint config, BIN tables, signed routing bundles) are authored and validated.
- **Validated:** Output of validation (schema, lint, and rail-specific checks). Artifacts are signed and ready for promotion.
- **Production:** Deployed state consumed by the resolver and gateways. Updated only via promote from validated; rollback to a previous validated bundle when needed.

Signed bundles carry payload plus signature/fingerprint and optional effective_from / effective_to. Use the existing signed-bundle and routing artifact format (see [data model](../architecture/data-model.md) and [connectors](../architecture/connectors.md)).

## CLI commands

When [packages/cli](../../packages/cli) (or equivalent) is present, support these workflows:

- **as4-411-cli diff** — Compare staging artifact set (or branch) against current production (or another ref). Output human- and machine-readable diff (participants, endpoints, routing_artifacts, policies).
- **as4-411-cli validate** — Validate staging: schema validation and linting per rail (using [\_rail-template](../protocols/_rail-template.md) and protocol validators). Exit non-zero on failure; report errors by file and rule.
- **as4-411-cli promote** — Promote validated, signed bundle to production. Verify signatures and effective dates; apply to store (or write to production artifact store). Record promotion in audit_log.
- **as4-411-cli rollback** — Rollback production to a previous validated revision (by tag or bundle id). Re-apply that revision's artifacts and invalidate affected caches.

Schema validation and linting must run per rail so that protocol-specific rules (e.g. BIN format, identifier types) are enforced before promotion.