API
The oracle speaks JSON. No cookies required.
Endpoint
GET /api/reading
Returns a three-card reading as JSON. No authentication required.
Rate limit: 60 requests per minute per IP. Exceeding the limit returns 429 with a Retry-After: 60 header.
| Parameter | Required | Description |
|---|---|---|
role | Yes | Your role. See valid values below. |
intent | Yes | What you are deploying. See valid values below. |
Example Request
curl "https://deploytarot.com/api/reading?role=devops&intent=full-release"
Example Response
{
"verdict": "tread-carefully",
"verdict_label": "Tread Carefully ⚠️",
"verdict_text": "The cards have spoken. Proceed, but with ceremony.",
"role": "DevOps Engineer",
"intent": "Full Release",
"cards": [
{
"position": "foundation",
"position_label": "The Foundation",
"name": "The Tower",
"reversed": false,
"narrative": "The Foundation reveals The Tower upright — sudden disruption..."
},
{
"position": "crossing",
"position_label": "The Crossing",
"name": "The Star",
"reversed": true,
"narrative": "..."
},
{
"position": "outcome",
"position_label": "The Outcome",
"name": "The World",
"reversed": false,
"narrative": "..."
}
],
"share_url": "https://deploytarot.com/r/..."
}
On invalid role or intent: 422 with valid_roles and valid_intents lists.
On rate limit exceeded: 429 with Retry-After: 60.
GitHub Actions
The official action is at rembish/deploytarot-action. It auto-detects intent from the workflow event and defaults role to devops. Both can be overridden.
Zero-config
- uses: rembish/deploytarot-action@v1
Full control
- uses: rembish/deploytarot-action@v1
with:
role: senior-dev
intent: db-migration
fail_on_abort: "true"
Use the verdict downstream
- uses: rembish/deploytarot-action@v1 id: tarot - name: Proceed only if the cards allow it if: steps.tarot.outputs.verdict != 'abort-mission' run: ./deploy.sh
When fail_on_abort is true, the step exits with a non-zero code on abort-mission and blocks further steps. Default is false.
The action posts a formatted card table to the GitHub Actions job summary automatically.
Role auto-detection
When role is omitted, the action inspects github.actor:
| Actor pattern | Detected role |
|---|---|
any actor ending in [bot] (dependabot, renovate, copilot, …) | ai-agent |
github-actions | ai-agent |
| any human actor | devops |
Set role explicitly to override.
Intent auto-detection
When intent is omitted in the action, it is inferred from the workflow event:
| Event / condition | Inferred intent |
|---|---|
release published | full-release |
push to main / master / tag | full-release |
pull_request · branch fix/* or hotfix/* | hotfix-prod |
pull_request · branch feat/* or feature/* | new-feature |
pull_request · branch refactor/* or chore/* | refactor |
pull_request · branch db/* or migration/* | db-migration |
pull_request · branch infra/* or ops/* | infra-change |
pull_request · branch docs/* | public-doc-release |
pull_request · branch security/* | security-patch |
| Dependabot PR | dependency-update |
schedule | dependency-update |
workflow_dispatch | just-vibes |
| anything else | quick-fix |
Valid roles
business-analyst
ceo
ciso
cto
cleaning-lady
client
consultant
contractor
dba
data-scientist
designer
devops
doc-writer
eng-manager
hr
intern
junior-dev
offshore-dev
product-manager
project-manager
qa
receptionist
sales
scrum-master
security
senior-dev
shadow-it
sre
stakeholder
system-analyst
tech-lead
vp-eng
ai-agent
rubber-duck
tarot-reader
Valid intents
ab-test
ai-integration
api-release
auth-rewrite
config-change
db-migration
dependency-update
deprecation
feature-flag
full-release
gdpr-compliance
hotfix-prod
infra-change
ipo
just-vibes
mobile-release
new-feature
open-source
performance
public-doc-release
quick-fix
rebranding
redesign
refactor
rollback
security-patch
seo-optimization
sunset
Each call generates a fresh seed. The same role and intent will produce different cards on each request. The oracle does not repeat itself. Usually.