Commands

Interact with Vigil via PR comments.

/vigil retry

Re-run all signals from scratch. Post a comment on the PR with exactly /vigil retry and Vigil will create a new check run, re-execute every signal, and update the PR comment with fresh results.

PR comment
/vigil retry

This is useful when external conditions have changed since the original run — for example, a CI pipeline that was temporarily broken, or a preview deployment that was not ready yet.

@vigil recheck

Alias for /vigil retry — re-runs all signals from scratch. Useful if you prefer the @ mention style.

PR comment
@vigil recheck

@vigil explain [finding]

Ask Vigil to explain a specific finding in more detail. Vigil will use the LLM to provide context about why the finding was flagged and what you should consider.

PR comment
@vigil explain hardcoded redirect URI

@vigil verify [claim]

Manually verify a specific claim against the diff. Useful when you want Vigil to check something specific that wasn't in the original PR description.

PR comment
@vigil verify rate limiting is applied to all API endpoints

@vigil ignore [finding]

Suppress a finding permanently for this repository. Vigil stores the ignore pattern in the database and will skip matching findings in all future PRs for this repo.

PR comment
# Ignore a specific false positive
@vigil ignore hardcoded redirect URI

# The pattern matches case-insensitively against finding labels and messages
💡

Repo Memory

Ignore rules are stored per repository and persist across PRs. You can review stored rules by checking the repo_rules database table. Rules are scoped by owner/repo so they never leak across repositories.

Trust Model

Only users with one of the following GitHub associations can trigger Vigil commands:

  • OWNER — repository owner
  • MEMBER — organization member
  • COLLABORATOR — invited collaborator

This prevents external users from spamming retries on public repositories. If an unauthorized user posts a retry command, Vigil silently ignores it.

🔒

Fork PR Trust Boundaries

For fork PRs, the retry command respects the same trust boundaries as the initial run. Fork PR authors cannot trigger retries unless they are collaborators on the upstream repository.

What Happens on Retry

When a retry is triggered, Vigil:

  • Creates a new GitHub Check Run (the old one remains for history)
  • Re-executes all six verification signals
  • Recalculates the confidence score based on the new results
  • Updates the existing PR comment with a (retry) tag in the title

The PR comment is updated in place — Vigil does not create duplicate comments. The retry tag makes it clear that the results reflect a re-run rather than the initial analysis.

← PreviousConfidence ScoreNext →Dashboard