!(function () {
  // Prevent analytics from loading in development mode
  if (
    window.location.hostname === "localhost" ||
    window.location.hostname === "127.0.0.1" ||
    window.location.hostname.startsWith("localhost:") ||
    window.location.hostname === "[::1]"
  ) {
    console.log("Customer.io analytics disabled in development mode")
    return
  }

  var i = "cioanalytics",
    analytics = (window[i] = window[i] || [])
  if (!analytics.initialize)
    if (analytics.invoked)
      window.console &&
        console.error &&
        console.error("Snippet included twice.")
    else {
      analytics.invoked = !0
      analytics.methods = [
        "trackSubmit",
        "trackClick",
        "trackLink",
        "trackForm",
        "pageview",
        "identify",
        "reset",
        "group",
        "track",
        "ready",
        "alias",
        "debug",
        "page",
        "once",
        "off",
        "on",
        "addSourceMiddleware",
        "addIntegrationMiddleware",
        "setAnonymousId",
        "addDestinationMiddleware",
      ]
      analytics.factory = function (e) {
        return function () {
          var t = Array.prototype.slice.call(arguments)
          t.unshift(e)
          analytics.push(t)
          return analytics
        }
      }
      for (var e = 0; e < analytics.methods.length; e++) {
        var key = analytics.methods[e]
        analytics[key] = analytics.factory(key)
      }
      analytics.load = function (key, e) {
        var t = document.createElement("script")
        t.type = "text/javascript"
        t.async = !0
        t.setAttribute("data-global-customerio-analytics-key", i)
        t.src =
          "https://cdp.customer.io/v1/analytics-js/snippet/" +
          key +
          "/analytics.min.js"
        var n = document.getElementsByTagName("script")[0]
        n.parentNode.insertBefore(t, n)
        analytics._writeKey = key
        analytics._loadOptions = e
      }
      analytics.SNIPPET_VERSION = "4.15.3"
      analytics.load("cea47b98e8fec0e88d51")

      window.navigation.addEventListener("navigate", (event) => {
        cioanalytics.page()
      })
    }
})()


Downloads artifacts stored in the Chainloop Content Addressable Storage (CAS).

The artifact is identified by its cryptographic digest, which serves as both the unique
identifier and integrity verification mechanism. The endpoint behavior varies based on
the client type detected via the Accept header.

**Client-Specific Behavior:**
- **Browser clients** (Accept contains "text/html"): Receives a user-friendly message with 
  a 1-second delayed redirect using the Refresh header
- **CLI/API clients** (other Accept values): Receives immediate 302 redirect via Location header


Download Artifacts from CAS

bearerToken

Successful redirect to artifact download URL.
Response behavior depends on the Accept header:

**For browsers** (Accept contains "text/html"):
- Uses `Refresh` header with 1-second delay
- Returns user-friendly message in response body
- Provides better UX for browser downloads

**For CLI tools** (other Accept values):
- Uses standard `Location` header for immediate redirect
- Empty response body
- Suitable for automated tools like curl


Chainloop secures your software supply chain by automating compliance, ensuring traceability, and enhancing collaboration across Dev, Sec, and Ops. With real-time visibility, a centralized evidence store, and a curated policy library, it accelerates delivery and helps teams ship secure, compliant software faster.

Chainloop Documentation

Chainloop provides a centralized platform for artifact management, real-time visibility, and automated compliance for your Software Delivery Process.

Welcome to Chainloop

Quickstart

Overview

Setup

Your First Attestation

Set Metadata expectations

Set Policies expectations

Project Compliance

Next Steps

Get an overview of the core concepts of Chainloop.

Attestations

Workflows

Contracts

Chainloop supports the following pieces of evidence types that can be attached during the attestation process.

Material Types

Implement control gates and security checks in your attestations.

Policies

Group policies together to simplify their management.

Policy Groups

Projects and Versions

Compliance Frameworks and Requirements

Integrations

Content Addressable Storage (CAS) backend

How to configure Chainloop MCP in your AI clients and agents

How to use the Chainloop MCP server

How to configure Chainloop to perform attestation from GitLab without the need to provide Chainloop API tokens.

Chainloop Controlplane Endpoints

Platform Endpoints

Download Artifacts from CAS

Authorizations

Headers

Path Parameters

Response