Success posture
What success should look like
The job completes only when the token is present, the release bundle resolves, checksums verify, and tobi canon or tobi golden exits with code 0.
Docs / GitLab CI/CD Component
Run Tobi Validator through the GitLab CI/CD Catalog component
The GitLab CI/CD component is the public GitLab wrapper surface for the released
AI Verification Engine / Tobi Validator line. It lets GitLab pipelines run
controlled canon and golden checks without exposing validator source code
or private compiler internals.
The component is public. Execution remains controlled. Consumer projects must provide
TOBI_DIST_TOKEN as a GitLab CI/CD variable before the component can download and
verify the packaged validator from the private distribution line.
Use this page when
- your team uses GitLab pipelines instead of GitHub Actions
- you want a Catalog component rather than a hand-written download flow
- you can store
TOBI_DIST_TOKENin GitLab CI/CD variables - you want
canonandgoldenchecks as a narrow CI gate
Controlled execution. The component is public, but the validator binary is not an unrestricted public download.
What this is
A public GitLab CI/CD Catalog component for adding the released validator CLI to a narrow GitLab pipeline gate.
What remains controlled
Binary delivery and execution require TOBI_DIST_TOKEN. The private validator distribution remains separate.
What it is not
Not validator source publication, not unrestricted binary distribution, not a hosted API, and not a Stage 2 launch.
Component reference
Use the Organetic namespace and an explicit release version
The current public Catalog reference is:
include:
- component: $CI_SERVER_FQDN/organetic/tobi-gitlab-component/[email protected]Use explicit SemVer in production pipelines. Avoid floating references unless your project explicitly accepts automatic component updates.
Representative YAML
Minimal GitLab consumer example for canon
Store the controlled distribution token as TOBI_DIST_TOKEN in the consuming GitLab project before running this pipeline.
stages:
- test
include:
- component: $CI_SERVER_FQDN/organetic/tobi-gitlab-component/[email protected]
inputs:
mode: canon
canon_input: examples/sample.tsubasa
platform: linux-x86_64
report_path: reports/tobi-canon-report.txtGolden mode
Run golden fixtures as a GitLab gate
Use golden mode when the project already has a JSON fixture file that should remain stable across validator runs.
stages:
- test
include:
- component: $CI_SERVER_FQDN/organetic/tobi-gitlab-component/[email protected]
inputs:
mode: golden
golden_fixtures: examples/golden/fixtures.json
platform: linux-x86_64
report_path: reports/tobi-golden-report.txtRequired variable
Configure TOBI_DIST_TOKEN in the consuming project
- Open GitLab CI/CD variables in the consuming GitLab project.
- Add the controlled token as
TOBI_DIST_TOKEN. - Mask the variable and disable variable-reference expansion.
- Check protected scope before tag pipelines if a tag pipeline cannot see the variable.
Failure posture
What should fail the workflow
Missing token, missing input path, download authorization failure, checksum mismatch, deterministic reject, and golden mismatch should all block the job.
Scope discipline
What not to infer
The GitLab component does not publish validator source, expose a Stage 2 surface, create a public API, or claim unrestricted public binary distribution.
Workflow fit
Ready to test Tobi Validator in GitLab CI/CD?
Start with the Catalog component and shipped examples. Move to repository-owned .tsubasa artifacts only after the controlled execution path is stable.