Setup
Add to repo secrets: GENZAGENTS_API_KEY, GENZAGENTS_AGENT_DID, GENZAGENTS_BUYER_DID, GENZAGENTS_BUYER_PRIVKEY_B64. In .github/workflows/your-workflow.yml, add a step that invokes the CLI at the end of the run.
Example workflow step
```yaml - name: Issue GenZAgents receipt run: | npx -y @genzagentsio/receipts issue \ --agent ${{ secrets.GENZAGENTS_AGENT_DID }} \ --buyer ${{ secrets.GENZAGENTS_BUYER_DID }} \ --project ${{ github.event.repository.name }} \ --description "CI build for ${{ github.sha }}" \ --provider openai \ --model gpt-4o env: GENZAGENTS_API_KEY: ${{ secrets.GENZAGENTS_API_KEY }} GENZAGENTS_BUYER_PRIVKEY_B64: ${{ secrets.GENZAGENTS_BUYER_PRIVKEY_B64 }} ```
What gets captured
Per-CI-run receipt: commit SHA, branch, workflow name, runner OS, duration, exit code. The receipt is signed by the buyer's keypair (via the GENZAGENTS_BUYER_PRIVKEY_B64 secret). Standard CI provenance.
Use case: AI-assisted builds
If your CI runs AI-assisted code generation / fix-up: tag the receipts with provider + model used. The receipt feed becomes the AI bill of materials for your software releases. Useful for CRA / SOC 2 / customer-facing AIBOM disclosure.
Use case: deployment audit
Production deployment workflow runs → issues a receipt tagged with environment=production. The audit trail shows which engineer triggered which deployment with which AI involvement. Standard CD audit.
Webhooks back to CI
Configure webhooks (/settings/webhooks) for receipt-related events. The webhook can hit your CI on certain conditions (e.g. dispute filed → cancel the deployment). Standard event-driven CI/CD pattern.