Skip to main content

What runs in CI

  1. Checkout — Your committed .geval/ (contract + policies) is on the runner.
  2. Signals — Either use a committed signals.json or generate one in a step (LangSmith, other tools, or cp from a known path).
  3. geval validate-contract — Fast validation without signals.
  4. geval check — One or more --contract paths, one --signals path.
  5. Policy — Fail the job on exit 2 (BLOCK); optionally treat exit 1 (REQUIRE_APPROVAL) differently—see GitHub Actions.

Committed signals (no generator)

- uses: actions/checkout@v4
- name: Install Geval
  run: curl -fsSL https://github.com/geval-labs/geval/releases/latest/download/geval-linux-x86_64 -o geval && chmod +x geval
- name: Check
  run: ./geval check --contract .geval/contract.yaml --signals .geval/signals.json

Generated signals (e.g. LangSmith)

- name: Generate signals
  run: python .github/scripts/generate_signals.py > signals.json
- name: Check
  run: ./geval check --contract .geval/contract.yaml --signals signals.json
Only the generator is vendor-specific; Geval’s CLI is the same.

Sketch with validate

steps:
  - uses: actions/checkout@v4
  - name: Install Geval
    run: curl -fsSL https://github.com/geval-labs/geval/releases/latest/download/geval-linux-x86_64 -o geval && chmod +x geval
  - name: Validate contract
    run: ./geval validate-contract .geval/contract.yaml
  - name: Run check
    run: ./geval check --contract .geval/contract.yaml --signals .geval/signals.json

Artifact upload

Upload .geval/decisions/*.json for audit. See Decision artifacts.

See also

GitHub Actions · Exit codes