Documentation Index
Fetch the complete documentation index at: https://docs.sigilcore.com/llms.txt
Use this file to discover all available pages before exploring further.
Sigil Open Framework (SOF)
The Sigil Open Framework (SOF) is the open-source policy engine that sits between your agent and production. Define what’s allowed once. Everything else is blocked automatically — before it fires. While standard AI frameworks give agents the intelligence to act, SOF gives them the cryptographic and legal boundaries required to operate safely in the real world. SOF bridges the gap between autonomous code and real-world compliance through a governed protocol stack: a domain-agnostic enforcement engine, a legal governance layer, and a set of vertical boilerplates that bring both together for specific deployment contexts. If standard agentic frameworks are the accelerator pedal, SOF is the cryptographic brake system and the vehicle’s registration.The Doctrine of Structural Trust
Safety is not a property of prompts. Safety is a property of architecture.The Sigil Open Framework is built on a single, non-negotiable principle: autonomous agents cannot be trusted to self-govern. Trust must be structurally enforced — cryptographically, deterministically, and before execution, not after loss. Under SOF, every compliant agent operates within these guarantees:
- AI agents never hold private keys
- AI agents never see raw API credentials
- AI agents cannot execute without deterministic authorization
- High-stakes actions must route through a policy enforcement layer
- OEE enforces it technically — no execution without cryptographic authorization
- FAF enforces it legally — no liability exposure without structural governance
- Sigil Attestations proves it cryptographically — every authorized action is verifiable
A Governed Protocol Stack
SOF is not a single codebase. It is a composable protocol stack — three layers, each independently useful, each enabling the one above it. Think of it as a franchise protocol. The enforcement substrate is universal — every SOF-compliant deployment runs on the same cryptographic enforcement primitives, regardless of industry. The legal layer converts those guarantees into fiduciary instruments. The vertical boilerplates are the franchise concepts: enforcement and legal pre-assembled for a specific deployment context, ready to go.Layer 1: The Enforcement Engine (OEE)
Open Execution Engine is the domain-agnostic execution enforcement
substrate. It provides the deterministic primitives every SOF-compliant agent
runs on: policy evaluation via Sigil Sign, Intent Attestation issuance,
consensus hold management, and gated RPC/bundler execution. Not specific to
any industry — it is the substrate.
Layer 2: The Legal Governance Layer (FAF)
Fiduciary Agent Framework converts OEE’s technical enforcement into
bounded fiduciary instruments — entity templates, operating agreements, and
warranty.md policy structure so human General Partners can assume
quantifiable liability without unlimited personal exposure.
Layer 3: Vertical Boilerplates
Domain-specific implementations of OEE + FAF. Each vertical inherits the full
enforcement stack and adds domain-appropriate warranty.md policy templates,
sector-specific legal wrapper guidance, and integration examples. Healthcare,
banking, and enterprise verticals follow the same pattern: enforcement and
legal pre-assembled for a deployment context, ready to go.
Operator Surface: Command & Vault
The protocol stack governs execution. These two components extend governance into the human layer and the credential layer.Sigil Command
Operator console. Read-only, real-time violation log for every policy
enforcement event on your API key. Magic link auth, included on every tier.
See what your firewall is doing, resolve consensus holds, and audit agent
behavior.
Sigil Vault
JIT credential broker. Non-custodial, cryptographically-gated credential
injection for agent requests. Agents never possess API keys or cloud secrets
— Vault fetches them on-demand from your own infrastructure after validating
an Intent Attestation.
Client-Side Enforcement: Agent Hooks
The protocol stack governs what happens at the execution layer.@sigilcore/agent-hooks is the client-side package that connects your agent framework to that layer — intercepting every tool call before it executes and routing it through Sigil Sign for policy evaluation.
Without agent-hooks, Sigil governs EVM transactions. With agent-hooks, Sigil governs any agent action on any framework: bash commands, HTTP requests, file writes, wallet signing, and email sends. The agent never reaches the API — or the blockchain — without a verified clearance.
Agent Hooks Overview
Install
@sigilcore/agent-hooks and connect Claude Code, ELIZA, LangChain,
or any framework to your Sigil policy in minutes.AgentPay (WLFI) Compatibility
agent-hooks is fully compatible with the AgentPay SDK. USD1 transfers on
Ethereum and BNB Smart Chain route through your Sigil policy before the
transaction is signed.The Standard: Intent Attestations
The entire framework relies on a single cryptographic primitive: the Intent Attestation. Before an agent can execute a transaction on-chain, it must evaluate its intent against the deterministic constraints defined in its policy. If the intent is compliant, the Sigil execution firewall issues a short-lived, Ed25519-signed JWT. The EVM gateway physically rejects any write operation that does not include this valid attestation.Read the Attestation Specification
Explore the canonical specification for generating, binding, and verifying
Ed25519 Intent Attestations.
Start Building
Choose your path to get started with the Sigil Open Framework.Developer Toolkit
Fastest time to value. Download our local testing environment to
simulate the Sigil execution firewall offline. Includes a mock Express.js
engine and Python LangChain authorizer.
Getting Started API
Ready for production. Learn the exact two-step flow to request an Intent
Attestation and route a live transaction through the Sigil gateway.