Reusable workflow ready
The action runtime is already proven, and the reusable workflow path is now the preferred rollout model for downstream repositories that want less YAML drift.
Maintainer runbook
Sigillum already has a first-party hosted PR check. This page now acts as the maintainer-facing setup surface: what to wire, what to expect on a pull request, and which proof artifacts should always appear after a live run.
Maintainer surface
These cards translate the live Sigillum product state into a maintainer/admin runbook without exposing raw payloads or editing the payment path.
The action runtime is already proven, and the reusable workflow path is now the preferred rollout model for downstream repositories that want less YAML drift.
Every successful PR check should end with a persisted receipt ID, payment reference, recommendation, and `Sigillum Risk Score` that link back into the public proof surfaces.
Today the workflow can fail on warn. Maintainers still need clearer gating controls for recommendation thresholds, score ceilings, and comment behavior.
Primary runbook
Use this sequence when enabling Sigillum in a new repository. It keeps the GitHub workflow surface aligned with the existing hosted payment flow and receipt registry.
The first production-ready move is a checked-in workflow file that runs on pull requests and points at either the reusable workflow or the first-party Sigillum action.
Live inspect flows still need the buyer-side x402 payment credentials. Maintainers should treat those as repository or organization secrets, never inline configuration.
A production-ready maintainer experience should not stop at a green step. Reviewers need the Sigillum outcome, proof link, and payment trace right in the PR context.
Reference snippets
Keep these snippets aligned with the current hosted Sigillum flow and existing workflow inputs. They are admin guidance only, not mock runtime data.
Reference workflow inputs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
sigillum_base_url: https://usesigillum.vercel.app
fail_on_warn: false
save_receipt_json: trueReusable workflow adoption path
jobs:
sigillum:
uses: Devendurance/sigillum/.github/workflows/sigillum-pr-check-reusable.yml@main
with:
comment_mode: sticky
fail_on_warn: false
max_risk_score: "85"
max_allowed_recommendation: warn
max_quote_amount_usdc: "0.000500"
secrets:
x402_buyer_private_key: ${{ secrets.X402_BUYER_PRIVATE_KEY }}
x402_rpc_url: ${{ secrets.X402_RPC_URL }}Secrets the repo admin should already have
env:
X402_BUYER_PRIVATE_KEY: ${{ secrets.X402_BUYER_PRIVATE_KEY }}
X402_NETWORK: arcTestnet
X402_RPC_URL: ${{ secrets.X402_RPC_URL }}Admin checks
Before rolling the action across repos, these are the checks the admin surface should make obvious.
Admin metrics
These are the operational proof points the current GitHub, policy, and pricing surfaces should make easy to audit before expanding scope.
Required result
Branch protection should map cleanly to the Sigillum outcome. The check must never look green while hiding a blocking receipt.
Expected outputs
Receipt ID, receipt URL, recommendation, risk score, agent decision, payment reference, and paid amount should all remain visible to maintainers.
Live flow
The action must stay on the same hosted payment and inspection path as the CLI and dashboard, not a private CI-only shortcut.
Operator posture
The repo admin experience is mostly about correct secret wiring, review policy, and making receipt links easy to trust during code review.
Canonical docs
The dashboard page is now the runbook surface. The full long-form source of truth for setup, policy, and outputs should live in the public docs route.
Useful links
These routes let maintainers move from runbook guidance back into live proof without hunting through internal docs.