Governed deployments across every cloud you ship on
LaunchOps turns multi-vendor deployments into a declarative, reviewable workflow. One tenant manifest. Plan, approve, apply, verify - across Stripe, GitHub, Cloudflare, Vercel, Supabase, and AWS - with audit-grade evidence at every step.
# 1. Plan all vendors against your manifest
launchops plan ./tenant.yaml
# 2. Approve risky actions interactively
launchops approve --action stripe.product.create
# 3. Apply and verify across every adapter
launchops apply ./tenant.yaml --report ./launch.html
# 4. Watch for drift
launchops watch ./tenant.yaml --interval 15m
Multi-cloud deployment, with a governance harness around it
LaunchOps is the deployment-layer counterpart to the Enterprise Skills harness. Same governance philosophy: deterministic, auditable, multi-vendor.
Declarative tenant manifests
Describe Stripe products, GitHub repo settings, Cloudflare DNS, Vercel projects, and Supabase databases in one signed YAML manifest. Vendor overrides keep edge cases first-class.
Plan → approve → apply → verify
Every adapter computes a typed diff, waits for human approval on risky actions, applies through governed APIs, and verifies the live state. No more 'did it deploy?' guesswork.
Drift-aware Launch Reports
Continuous drift detection produces dated HTML/PDF Launch Reports your auditors can sign. Every change is signed, scoped, and re-runnable.
First-party adapters
Six vendors at launch. The pluggable adapter contract makes it straightforward to add the next one - your stack will not be left out for long.
Stripe
Products, prices, webhooks
GitHub
Repo settings, branch protection, encrypted secrets
Cloudflare
Zones, DNS records, WAF baseline
Vercel
Projects, env vars, domains
Supabase
Projects, DB roles, RLS posture
AWS
IAM, S3, Lambda, API Gateway
How a launch flows
Four phases, the same shape across every adapter, every environment.
01
Author a tenant manifest
One YAML file describes the desired state across vendors. Templates ship for SaaS, marketplace, and internal-tool launches.
02
Plan the launch
launchops plan computes a typed diff per vendor and surfaces risky actions for approval. Secrets are resolved through your secret manager - never copied.
03
Approve and apply
Reviewers approve specific actions in the CLI or dashboard. Adapters apply via governed APIs and stream evidence to the audit log.
04
Verify and watch
Each adapter re-reads the live state to confirm convergence. The drift watcher flags out-of-band changes and produces a fresh Launch Report.
Built for review, not for risk
LaunchOps was designed so that adopting it does not enlarge your attack surface or pull customer secrets through a third party. The hard parts are by-default.
- BYO-dataplane: vendor tokens stay in your secret manager. The control plane never custodies them.
- Every action is bounded: scoped tokens, rate-limited adapters, and per-tenant quotas.
- Signed Launch Reports, append-only audit log, and reproducible plans give procurement and SOC 2 reviewers what they need.
Bring your stack. Keep your governance.
LaunchOps Agent ships as part of the Enterprise Skills harness. Get early access and we will help you wire up your first manifest end-to-end.