seal

Overview

The seal tool creates immutable blockchain attestations for git artifacts. It’s the universal sealing mechanism for all code-related proofs.

Parameters

project string requis

Project ID as configured in SESHAT.

type string requis

Type of artifact to seal.

Type	Description
commit	Specific git commit
pr	Merged pull request
tag	Git tag (version)
release	GitHub/GitLab release

ref string requis

Reference to the artifact.

Type	Ref Format	Example
commit	SHA	abc1234
pr	PR number	42
tag	Tag name	v1.0.0
release	Release tag	v1.0.0

asset_types string[]

Types d’actifs IP proteges. Plusieurs valeurs possibles.

Type	Description
logiciel	Code source (defaut pour PRs)
base_donnees	Base de donnees
programme_rnd	Programme R&D
savoir_faire	Secret industriel
brevet	Invention brevetee
dessin_modele	Design industriel

Astuce

Si le projet a des default_asset_types configures, ils sont utilises automatiquement.

objective string

Objectif R&D pour tracabilite CIR. Exemple : "Optimisation latence API".

dry_run boolean défaut: false

Si true, previsualise sans creer d’attestation blockchain.

Astuce

Toujours utiliser dry_run: true d’abord pour verifier avant d’ancrer.

Response

{
  "project": "my-project",
  "type": "pr",
  "reference": "42",
  "description": "PR #42: Add new feature",
  "tree_hash": "sha512:def456...",
  "timestamp": "2026-01-16T10:30:00Z",
  "asset_types": ["logiciel"],
  "objective": null,
  "dry_run": false,
  "eas_uid": "0x1234567890abcdef...",
  "tx_hash": "0xabcdef1234567890...",
  "blockchain_message": "Attestation anchored on-chain. Verify at: https://base.easscan.org/attestation/view/0x1234..."
}

blockchain_message string

Message explicite sur l’etat de l’attestation : "Preview mode - no proof created" (dry_run), "Proof stored locally only" (pas de blockchain), "Attestation anchored on-chain. Verify at: ..." (succes).

Seal Types

Commit

Seal a specific commit. Use sparingly - prefer PRs for development flow.

Seal commit "abc1234" for project "my-project"

Note

Commits are rarely sealed individually. Most workflows use PRs or tags.

Pull Request

Seal a merged PR with full metadata. Most common for development.

Seal PR 42 for project "my-project"

Attention

The PR must be merged. Attempting to seal an open PR will fail.

The attestation includes:

• Merge commit SHA
• Tree hash at merge point
• PR title and description
• Author and merger info
• Merge timestamp

Tag

Seal a version tag. Use for milestones and releases.

Seal tag "v1.0.0" for project "my-project"

Tags represent stable points in your codebase. Sealing a tag proves:

• Exact code state at that version
• Timestamp of tag creation
• All content at that point

Release

Seal a GitHub/GitLab release (includes release notes).

Seal release "v1.0.0" for project "my-project"

Releases add:

• Release notes
• Associated assets
• Publication timestamp

Workflow Examples

After Merging a PR

1. Merge the PR

   Complete code review and merge on your git host.

2. Seal the PR

   Seal PR 42 for project "my-project" as type "pr"

3. Verify

   Check the EAS UID on base.easscan.org

Creating a Release

1. Create git tag

   git tag v1.0.0
   git push origin v1.0.0

2. Seal the tag

   Seal tag "v1.0.0" for project "my-project"

3. Generate bundle (optional)

   Generate legal bundle for tag "v1.0.0"

Error Handling

Error	Cause	Solution
PR not merged	Attempting to seal open PR	Wait for merge
Already sealed	Duplicate attestation	Safe to ignore
Git host not configured	Missing credentials	Check config
Tag not found	Invalid tag reference	Verify tag exists

Agentic Recommendations

The agent should proactively recommend sealing when:

User says…	Agent should…
”I just merged a PR”	Suggest sealing it
”Feature is complete”	Suggest sealing the PR and/or tagging
”Time for a release”	Suggest tag + seal + bundle workflow
”We hit milestone X”	Suggest creating and sealing a tag

Astuce

Best practice: Seal every merged PR for a continuous, verifiable proof chain.