Aegis Rollouts and Rollback
Use plan/apply/rollback APIs in sequence and verify each change with signed rollout receipts.
Overview
Axis exposes rollout control at `/api/rollouts/plan`, `/api/rollouts/apply`, and `/api/rollouts/rollback`.
Every successful step emits a signed receipt retrievable via `/api/rollout-receipts` APIs.
Endpoint Assumptions
- Production auth and API host:
https://axis.velikey.com(signin:https://axis.velikey.com/auth/signin). - Non-production override: set
AXIS_BASE_URLexplicitly before running docs commands. - Manual operator substitutions: provide tenant-scoped values for cookies, bearer tokens, agent IDs, and tenant slugs.
Actionable Steps
- Generate a plan with canary and maintenance window settings.
- Apply in dry-run first, then apply with explicit confirmation.
- Record and validate receipt IDs and rollback tokens.
# manual-only example
# production default; set AXIS_BASE_URL explicitly for staging/test.
export AXIS_BASE_URL="${AXIS_BASE_URL:-https://axis.velikey.com}"
export SESSION_COOKIE="axis-session=REDACTED"
curl -fsS -X POST "$AXIS_BASE_URL/api/rollouts/plan" \
-H "Content-Type: application/json" \
-H "Cookie: $SESSION_COOKIE" \
-d '{"policyId":"policy-prod-001","canaryPercent":5,"explain":true}' | jq
curl -fsS -X POST "$AXIS_BASE_URL/api/rollouts/apply" \
-H "Content-Type: application/json" \
-H "Cookie: $SESSION_COOKIE" \
-d '{"planId":"plan-001","dryRun":false,"confirm":true,"confirmation":"APPLY"}' | jq
Validation Checks (Last Step)
# executable example command -v curl command -v jq date -u +"%Y-%m-%dT%H:%M:%SZ"
Timestamp capture is useful when correlating rollout events to receipt timelines.
Common Failure Modes
- Non-dry-run apply without `confirm=true` and `confirmation="APPLY"` is rejected.
- Rollback without `confirmation="ROLLBACK"` is blocked server-side.
- Operators capture plan/apply output but fail to persist receipt IDs for audit evidence.
Navigate Docs
Docs Index • Previous: Aegis Policies • Next: Axis Overview • Troubleshooting