Evidence-backed pull request governance for agentic development.
Tabellio is an open-source experiment in what Git review should capture when agents write code: not just the diff, but the task, reason, commands, checks, artifacts, and protected side effects behind the change.
Tabellio attaches a structured evidence packet to a pull request. The packet is small enough to inspect in review and strict enough to validate in CI.
| Area | Evidence |
|---|---|
| Task | Source request, issue, ticket, or manual prompt summary |
| Git | Repository, base branch, head branch, commit SHA, and PR metadata |
| Runtime | Human, CI, or agent runtime that produced the change |
| Diff | Changed files |
| Validation | Commands run and check results |
| Approvals | Required, granted, denied, or skipped approvals |
| Side effects | Deployment, migration, infra, billing, secret, provider, and destructive-action policy |
| Artifacts | Evidence files generated by the run |
AI-assisted pull requests should not depend on reviewer trust alone. Tabellio gives reviewers a repeatable answer to:
- What changed?
- Why did it change?
- What commands ran?
- What failed or was skipped?
- Did the workflow try to deploy, migrate, read secrets, touch billing, or mutate infrastructure?
- Where is the machine-readable audit packet?
| Layer | Tooling | Role |
|---|---|---|
| Runtime | Node.js 20+ | Runs the local writer and validators |
| CI | GitHub Actions | Hosts the reusable pull request evidence workflow |
| Evidence contract | JSON Schema | Validates the evidence envelope and external-action policy |
| Security signal | OpenSSF Scorecard | Publishes a non-gating public repository health signal |
| Code scanning output | SARIF | Carries Scorecard output into GitHub code scanning |
| Review surface | GitHub Pull Requests | Shows checks, artifacts, and reviewer context |
| Stacked review | Graphite | Intended companion for small dependent PR stacks |
| Checkpoint ledger | Entire and Entire CLI | Intended companion for agent session and checkpoint context |
| Git substrate | GitHub today; Code Storage compatible direction | Stores repositories, branches, commits, patches, and machine-created code state |
| Agent review | OpenAI Codex | Optional review layer when configured |
| Prior art | SLSA and in-toto | Inspiration for provenance and supply-chain evidence, without a compliance claim |
The startup/tool tags describe the workflow ecosystem. Tabellio v0.1.0 does not call vendor APIs for Code Storage, Entire, Graphite, or Codex.
| Path | Purpose |
|---|---|
.github/workflows/tabellio-evidence.yml |
Reusable evidence workflow for pull requests |
.github/workflows/scorecard.yml |
Non-gating OpenSSF Scorecard scan |
schemas/ |
Evidence and external-action JSON schemas |
scripts/ |
Dependency-free writer and validators |
examples/ |
Minimal valid evidence fixture and consumer workflow example |
templates/ |
Pull request checklist for evidence-backed review |
docs/ |
Setup, schema, workflow model, Codex review, tooling stack, and research grounding |
Add Tabellio to another repository:
name: Tabellio Evidence
on:
pull_request:
permissions:
contents: read
actions: read
jobs:
evidence:
uses: IntelIP/Tabellio/.github/workflows/tabellio-evidence.yml@v0.1.0
with:
# Replace with the repository's normal validation command.
validation_command: npm test
toolkit_ref: v0.1.0toolkit_ref is required when the consumer repository does not vendor the Tabellio scripts. In consumer repositories, setting it forces the workflow to use the pinned Tabellio toolkit instead of PR-controlled local scripts. Pin it to the same release tag or SHA as the reusable workflow. Before the first release tag exists, use main instead of v0.1.0.
Validate the bundled fixture:
node scripts/check-tabellio-evidence-envelope.mjs --evidence examples/tabellio-evidence/minimal-evidence.json
node scripts/check-tabellio-external-actions.mjs --evidence examples/tabellio-evidence/minimal-evidence.jsonGenerate evidence from the current Git state:
node scripts/write-tabellio-evidence-envelope.mjs --out tabellio-pr-evidence.json
node scripts/check-tabellio-evidence-envelope.mjs --evidence tabellio-pr-evidence.json
node scripts/check-tabellio-external-actions.mjs --evidence tabellio-pr-evidence.jsonPackage scripts:
npm run check
npm run tabellio:evidence:write
npm run tabellio:evidence:check
npm run tabellio:external-actions:checkThese actions require explicit approval before attempted execution:
- deployment
- database migration
- infrastructure change
- DNS or hosting change
- billing or live-money action
- credentialed provider read
- secret-value read
- destructive workspace action
The external-action checker fails when an action is marked attempted: true without approved: true.