Persona
Autonomous Agent
Use this guide if you have an outside agent or script and want it to call Sigillum through the hosted path. This guide assumes the agent is outside the Sigillum app repo.
Before you start
This path is for a script, bot, or agent runtime that should ask Sigillum for permission before doing something risky. The dashboard is proof after the fact. The real work happens in the external caller.
- Put the external starter on your own computer.
- Keep it in a different folder from the Sigillum app repo.
- Use the hosted Sigillum URL, not localhost.
- Start with `code_change` if this is your first run.
Step 1: Get the external starter
Clone the external starter repository to your computer. This starter is the easiest outside-agent proof because it already knows how to talk to the hosted Sigillum path.
git clone https://github.com/Devendurance/external-agent-starter.git cd external-agent-starter npm install
Step 2: Add the starter environment variables
Create the starter `.env` file and fill in the minimum values below. This keeps the external starter pointed at the hosted service.
SIGILLUM_BASE_URL=https://usesigillum.vercel.app X402_BUYER_PRIVATE_KEY=your_buyer_private_key X402_RPC_URL=https://rpc.testnet.arc.network X402_NETWORK=arcTestnet
Step 3: Run quote first
Ask for a quote before you let the agent spend money. This is where your outside runtime can apply a budget rule.
node ./index.mjs quote code-change ./fixtures/sample.diff --base-url https://usesigillum.vercel.app
Step 4: Run the paid inspect
After you accept the quote, run inspect. The starter should go through the real hosted loop and return a receipt plus a machine-usable decision.
node ./index.mjs inspect code-change ./fixtures/sample.diff --base-url https://usesigillum.vercel.app
{
"action_id": "act_...",
"quote_id": "quo_...",
"receipt_id": "sig_...",
"receipt_url": "https://usesigillum.vercel.app/receipts/sig_...",
"recommendation": "warn",
"risk_score": 67,
"agent_decision": "pause",
"payment_reference": "...",
"paid_amount_usdc": "0.000043"
}Step 5: Check the proof surfaces
Open the `receipt_url` in the browser. Then open the Sigillum dashboard and confirm the same action appears there. That proves the outside agent used the real hosted path instead of a fake insert.
After your first successful run
Once `code_change` is working, you can expand the same starter to `dependency_install` and `deploy_action` without changing the basic quote, pay, inspect, receipt, decision loop.