PUBLIC RECEIPT

VERIFIED BY SIGILLUM

sig_1085e13fcd15

This persisted receipt records the paid inspection result for one real Sigillum action, including the payment settlement reference, deterministic findings, and the returned agent decision.

RECOMMENDATION

BLOCK

Sigillum Risk Score 43

Paid0.000043 USDC
Changed Lines4
Findings2
Decisionstop merge

PAYMENT REFERENCE

9a175b83-8849-40dc-aec5-1d048c12a962

TRANSACTION HASH

0x0ecf123defd8d641e2c47fe3175c52f3c60c55ea3fecdca79b9866e06bd39db2

RECEIPT HASH

sha256:4366a52ff05af3b224523f983a86028eb4bf8db7e1afa51886ce0920470e9356

RECEIPT DETAILS

Action IDact_d5f6bf0bf13f
AgentExternalCodeChangeAgent
Action Typecode_change
Railx402
NetworkArc testnet
Settlement Statuscompleted
Settlement Scopeindividual
Settlement Sourcegateway transfer payload
Batch ReferenceUnavailable
Transaction ConfirmedJul 4, 2026, 4:58 PM
TimestampJul 4, 2026, 4:54 PM
SealVerified by Sigillum

AGENT DECISION

Decisionstop_merge
Policy Matchedblock_on.secret_exposure
Next Actionremove_secret_and_regenerate_patch
ReasonCritical secret exposure detected in the diff.

FINDINGS

secret_exposure

Potential secret value is present in a sample environment file.

CRITICAL | src/example.ts:2
syntax_structure_signal

Mixed code, config, and markdown surfaces parsed cleanly enough to produce bounded inspection signals.

INFO

PATCH RECOMMENDATION

Remove the exposed secret, rotate the credential, and regenerate the patch.

CANONICAL RECEIPT JSONSERVER PAYLOAD
{
  "receipt_id": "sig_1085e13fcd15",
  "action_id": "act_d5f6bf0bf13f",
  "agent_name": "ExternalCodeChangeAgent",
  "action_type": "code_change",
  "risk_score": 43,
  "recommendation": "block",
  "paid_amount_usdc": "0.000043",
  "rail": "x402",
  "network": "Arc testnet",
  "transaction_hash": "0x0ecf123defd8d641e2c47fe3175c52f3c60c55ea3fecdca79b9866e06bd39db2",
  "payment_reference": "9a175b83-8849-40dc-aec5-1d048c12a962",
  "settlement_status": "completed",
  "settlement_scope": "individual",
  "settlement_source": "gateway_transfer_payload",
  "transaction_confirmed_at": "2026-07-04T16:58:05.398Z",
  "batch_reference": null,
  "inspected_units": {
    "strings": 1,
    "ast_nodes": 8,
    "changed_lines": 4,
    "config_mutations": 0,
    "dependency_changes": 0
  },
  "findings": [
    {
      "file": "src/example.ts",
      "line": 2,
      "message": "Potential secret value is present in a sample environment file.",
      "category": "secret_exposure",
      "severity": "critical"
    },
    {
      "message": "Mixed code, config, and markdown surfaces parsed cleanly enough to produce bounded inspection signals.",
      "category": "syntax_structure_signal",
      "severity": "info"
    }
  ],
  "patch_recommendation": "Remove the exposed secret, rotate the credential, and regenerate the patch.",
  "agent_decision": {
    "agent_decision": "stop_merge",
    "reason": "Critical secret exposure detected in the diff.",
    "next_action": "remove_secret_and_regenerate_patch",
    "policy_matched": "block_on.secret_exposure"
  },
  "timestamp": "2026-07-04T16:54:14.051Z",
  "seal": "Verified by Sigillum",
  "receipt_hash": "sha256:4366a52ff05af3b224523f983a86028eb4bf8db7e1afa51886ce0920470e9356"
}