Persona
GitHub Maintainer
Use this guide if you want Sigillum to check pull requests inside GitHub. Follow the steps in order and you will end with a real PR check, a receipt link, and a matching dashboard record.
Before you start
This path is for repository owners and maintainers. You should choose it if your team reviews code in pull requests and you want Sigillum to act like a real gate before merge.
- You need permission to add a workflow file to the repository.
- You need permission to add GitHub Actions secrets.
- You need a buyer private key that can pay for x402 inspections.
- You need an Arc testnet RPC URL.
Step 1: Add the GitHub secrets
Open your GitHub repository, then go to `Settings -> Secrets and variables -> Actions`. Create the secrets below exactly as written.
- Create `X402_BUYER_PRIVATE_KEY` and paste the buyer private key value.
- Create `X402_RPC_URL` and paste your Arc testnet RPC URL.
- You do not need to add Supabase secrets, seller keys, or dashboard secrets to the downstream repo.
X402_BUYER_PRIVATE_KEY=your_buyer_private_key X402_RPC_URL=https://rpc.testnet.arc.network
Step 2: Add the workflow file
Create a file at `.github/workflows/sigillum-pr-check.yml` in the repository you want to protect. Paste the workflow below.
name: Sigillum PR Check
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
sigillum:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Sigillum PR Check
uses: Devendurance/sigillum/.github/actions/sigillum-pr-check@main
with:
github_token: ${{ github.token }}
fail_on_warn: "false"
comment_mode: sticky
env:
X402_BUYER_PRIVATE_KEY: ${{ secrets.X402_BUYER_PRIVATE_KEY }}
X402_NETWORK: arcTestnet
X402_RPC_URL: ${{ secrets.X402_RPC_URL }}Step 3: Open or update a pull request
Push a branch with changes and open a pull request. GitHub Actions should start the Sigillum job automatically. Wait for the job to finish.
Step 4: Read the result inside GitHub
Open the successful or failed Sigillum job and look for the proof values in the summary.
- Recommendation
- Sigillum Risk Score
- Agent decision
- Payment reference
- Receipt ID
- Receipt URL
What success looks like
You are done when the PR has a real Sigillum result, the receipt URL opens, and the same action appears on the Sigillum dashboard.