# ============================================================================= # SXM Certification Check - GitHub Actions Workflow # ============================================================================= # Automatically evaluates your AI skill against the Scientia Ex Machina # three-pillar certification framework on every push and pull request. # # Prerequisites: # 1. An sxm-manifest.json file in your repository root # 2. GitHub Secrets configured: # - SXM_API_KEY: Your API key from https://sxm-five.vercel.app/register # - SXM_SKILL_ID: (Optional) Your skill ID if already registered # # Download this file: # curl -o .github/workflows/sxm-certify.yml https://sxm-five.vercel.app/api/ci/github-action # # Learn more: https://sxm-five.vercel.app/for-developers # ============================================================================= name: SXM Certification Check on: push: branches: [main] pull_request: branches: [main] jobs: certify: name: SXM Three-Pillar Evaluation runs-on: ubuntu-latest steps: # ------------------------------------------------------------------ # Step 1: Check out the repository # ------------------------------------------------------------------ - name: Checkout code uses: actions/checkout@v4 # ------------------------------------------------------------------ # Step 2: Validate that sxm-manifest.json exists and is valid JSON # ------------------------------------------------------------------ - name: Validate skill manifest id: manifest run: | if [ ! -f "sxm-manifest.json" ]; then echo "::error::No sxm-manifest.json found in repository root. See https://sxm-five.vercel.app/manifest-spec" exit 1 fi # Validate JSON syntax if ! jq empty sxm-manifest.json 2>/dev/null; then echo "::error::sxm-manifest.json is not valid JSON" exit 1 fi # Check required fields NAME=$(jq -r '.name // empty' sxm-manifest.json) VERSION=$(jq -r '.version // empty' sxm-manifest.json) if [ -z "$NAME" ] || [ -z "$VERSION" ]; then echo "::error::sxm-manifest.json must include 'name' and 'version' fields" exit 1 fi echo "name=$NAME" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT echo "manifest=$(cat sxm-manifest.json | jq -c .)" >> $GITHUB_OUTPUT echo "::notice::Found manifest for $NAME v$VERSION" # ------------------------------------------------------------------ # Step 3: Submit to SXM for three-pillar evaluation # ------------------------------------------------------------------ - name: Submit to SXM for evaluation id: evaluate env: SXM_API_KEY: ${{ secrets.SXM_API_KEY }} SXM_SKILL_ID: ${{ secrets.SXM_SKILL_ID }} SXM_BASE_URL: https://sxm-five.vercel.app run: | if [ -z "$SXM_API_KEY" ]; then echo "::error::SXM_API_KEY secret not configured. Register at https://sxm-five.vercel.app/register" exit 1 fi if [ -n "$SXM_SKILL_ID" ]; then # Skill already registered: trigger re-evaluation echo "::notice::Re-evaluating existing skill $SXM_SKILL_ID" RESULT=$(curl -sf -X POST "${SXM_BASE_URL}/api/skills/${SXM_SKILL_ID}/evaluate" \ -H "Content-Type: application/json" \ -H "X-Api-Key: ${SXM_API_KEY}" \ --max-time 120) || { echo "::error::Failed to connect to SXM API" exit 1 } else # First time: submit the skill for certification VERSION=$(jq -r '.version // "1.0.0"' sxm-manifest.json) NAME=$(jq -r '.name // "unnamed"' sxm-manifest.json) DESCRIPTION=$(jq -r '.description // "No description provided"' sxm-manifest.json) PLATFORM=$(jq -r '.platform // "generic"' sxm-manifest.json) CATEGORY=$(jq -r '.category // "other"' sxm-manifest.json) AUTHOR=$(jq -r '.author // "Unknown"' sxm-manifest.json) AUTHOR_EMAIL=$(jq -r '.author_email // ""' sxm-manifest.json) SOURCE_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" echo "::notice::Submitting new skill: $NAME v$VERSION" RESULT=$(curl -sf -X POST "${SXM_BASE_URL}/api/skills/submit" \ -H "Content-Type: application/json" \ -H "X-Api-Key: ${SXM_API_KEY}" \ --max-time 120 \ -d "{ \"skill_name\": \"${NAME}\", \"description\": \"${DESCRIPTION}\", \"version\": \"${VERSION}\", \"platform\": \"${PLATFORM}\", \"category\": \"${CATEGORY}\", \"author\": \"${AUTHOR}\", \"author_email\": \"${AUTHOR_EMAIL}\", \"source_url\": \"${SOURCE_URL}\", \"skill_manifest\": $(cat sxm-manifest.json | jq -c .) }") || { echo "::error::Failed to submit skill to SXM API" exit 1 } fi echo "result=$(echo $RESULT | jq -c .)" >> $GITHUB_OUTPUT # Extract scores and status OVERALL=$(echo "$RESULT" | jq -r '.evaluation.overall_score // .overall // 0') STATUS=$(echo "$RESULT" | jq -r '.evaluation.status // .status // "unknown"') FUNC=$(echo "$RESULT" | jq -r '.evaluation.functional_score // "n/a"') SEC=$(echo "$RESULT" | jq -r '.evaluation.security_score // "n/a"') PERF=$(echo "$RESULT" | jq -r '.evaluation.performance_score // "n/a"') echo "overall=$OVERALL" >> $GITHUB_OUTPUT echo "status=$STATUS" >> $GITHUB_OUTPUT echo "functional=$FUNC" >> $GITHUB_OUTPUT echo "security=$SEC" >> $GITHUB_OUTPUT echo "performance=$PERF" >> $GITHUB_OUTPUT # Log results echo "::notice::SXM Score: $OVERALL/100 (Func: $FUNC | Sec: $SEC | Perf: $PERF) - Status: $STATUS" if [ "$STATUS" = "failed" ]; then echo "::warning::SXM Certification: Score $OVERALL/100 (99+ required for certification)" fi # ------------------------------------------------------------------ # Step 4: Post results as a PR comment (pull requests only) # ------------------------------------------------------------------ - name: Post results as PR comment if: github.event_name == 'pull_request' uses: actions/github-script@v7 with: script: | const overall = '${{ steps.evaluate.outputs.overall }}'; const status = '${{ steps.evaluate.outputs.status }}'; const func = '${{ steps.evaluate.outputs.functional }}'; const sec = '${{ steps.evaluate.outputs.security }}'; const perf = '${{ steps.evaluate.outputs.performance }}'; const emoji = status === 'certified' ? '✅' : status === 'failed' ? '❌' : '⏳'; const statusLabel = status.charAt(0).toUpperCase() + status.slice(1); const body = [ `## ${emoji} SXM Certification Report`, '', `**Overall Score:** ${overall}/100`, `**Status:** ${statusLabel}`, '', '| Pillar | Score |', '|--------|-------|', `| Functional Verification | ${func}/100 |`, `| Security Audit | ${sec}/100 |`, `| Performance Benchmarking | ${perf}/100 |`, '', status === 'certified' ? '> This skill meets the SXM certification threshold (99+/100).' : '> This skill does not yet meet the certification threshold. Review the [evaluation report](https://sxm-five.vercel.app) for details.', '', '---', '*Evaluated by [Scientia Ex Machina](https://sxm-five.vercel.app) — the trust layer for AI skills.*', ].join('\n'); github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body }); # ------------------------------------------------------------------ # Step 5: Fail the workflow if certification threshold not met # ------------------------------------------------------------------ - name: Check certification threshold if: steps.evaluate.outputs.status == 'failed' run: | echo "::error::SXM certification failed with score ${{ steps.evaluate.outputs.overall }}/100 (99+ required)" echo "" echo "Breakdown:" echo " Functional: ${{ steps.evaluate.outputs.functional }}/100" echo " Security: ${{ steps.evaluate.outputs.security }}/100" echo " Performance: ${{ steps.evaluate.outputs.performance }}/100" echo "" echo "Review the full report at https://sxm-five.vercel.app" exit 1