Docs // Scroll Gate · Forgejo
Gate unsigned agent merges in Forgejo and Gitea Actions.
Forgejo and Gitea ship GitHub Actions–compatible runners. Add ssx360 check to pull requests — hosted verify maps to SLSA L1–2 commit provenance.
Scroll Gate · Forgejo / Gitea
Ed25519
commit envelopes
offline-verifiable proof
local-only
CLI & HOOKS
repo never uploaded
Scroll Gate
PR enforcement
signed vs unsigned
SSX360
control plane
identity · billing · audit
Last verified against matrixscroll 0.5.1. Enable Actions in your Forgejo or Gitea instance, then add the workflow below. Community tier includes 100 hosted verifications per day.
Copy-paste
Forgejo / Gitea Actions workflow
Runs on every pull request targeting a protected branch. Syntax matches GitHub Actions — place under .forgejo/workflows/ or .gitea/workflows/.
name: Scroll Gate
on:
pull_request:
branches: [main]
jobs:
provenance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install Matrix Scroll
run: pip install "matrixscroll==0.5.1"
- name: Scroll Gate verify
env:
SSX360_API_KEY: ${{ secrets.SSX360_API_KEY }}
run: ssx360 check --hosted --base origin/main --head HEADOne secret
Repository secret
Store your SSX360 API key as SSX360_API_KEY — never commit keys to the repo.
# Repository → Settings → Secrets → Actions SSX360_API_KEY=sk_live_... # Community or Team key from ssx360.com/settings
Full spec: SCROLL_GATE_V2.md · GitHub Actions · SLSA mapping