Documentation Index
Fetch the complete documentation index at: https://docs.sigilcore.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
@sigilcore/agent-hooks is the client-side enforcement layer for Sigil. It intercepts an agent’s intended tool call before it executes, submits it to the Sigil Sign /v1/authorize endpoint, and blocks or holds the action based on the policy decision.
Without agent-hooks, Sigil Sign governs EVM transactions only. With agent-hooks, Sigil governs any agent action on any framework — bash commands, HTTP requests, file writes, wallet signing, and email sends.
Installation
How It Works
Every tool call an agent attempts is intercepted before execution:Supported Frameworks
| Framework | ID | Adapter |
|---|---|---|
| Coinbase AgentKit | agentkit | checkAnthropicToolUse |
| ElizaOS | eliza | checkElizaAction |
| USD1 AgentPay (WLFI) | agentpay | checkIntent |
| OpenClaw | openclaw | checkIntent |
| Nanoclaw | nanoclaw | checkIntent |
| Ironclaw | ironclaw | checkIntent |
| Nanobot | nanobot | checkIntent |
| Hermes Agent | hermes | checkIntent |
| LangChain | langchain | wrapLangChainTool |
| Claude Code / Anthropic SDK | anthropic-sdk | checkAnthropicToolUse |
| OpenAI Agents SDK | openai-sdk | checkIntent |
| Any framework | (custom) | checkIntent (generic) |
Governed Actions
| Action | Description |
|---|---|
bash | Shell command execution |
web_fetch | Outbound HTTP requests |
file_write | Filesystem writes |
wallet_sign | EVM wallet signing |
email.send | Outbound email |
wallet.transfer | EVM token transfers |
contract.call | EVM contract calls |
Prerequisites
You need a Sigil API key and a signedwarranty.md policy file deployed to Sigil Sign.
- Get an API key: sigilcore.com/tools/keys
- Generate a policy: sigilcore.com/tools/warrant
Fail-Open Behavior
Network errors to the Sigil Sign API result in a fail-open APPROVED decision with a warn log. This is intentional — Sigil is a governance layer, not a kill switch. Agent workflows must not break when Sigil is temporarily unreachable. Operators who require fail-closed behavior should handle theonError callback and implement their own circuit breaker.