Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sigilcore.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

A warranty.md file is a signed, operator-defined policy that tells Sigil Sign what your agent is and isn’t allowed to do. It is the contract between you and your agent’s execution layer. Sigil Sign evaluates every agent intent against this file before allowing any action to proceed. If the action violates policy, it is denied before it executes — not audited after.

Generate Your Policy

Use Sigil Warrant at sigilcore.com/tools/warrant to generate, sign, and download your warranty.md. Two paths are available:
  • Warrant Builder — guided step-by-step flow. No policy syntax required. Recommended for first-time operators.
  • Manual Warrant — write your policy directly in the warranty.md format. Full control over every field. For developers familiar with the warranty.md schema.
Both paths produce an identical signed warranty.md that Sigil Sign accepts at boot.

File Format

warranty.md uses a plain-text, typed-block format. Blocks are defined by ## headers. At least one of ## evm, ## tool_calls, or ## custom is required. 
version: 1.0.0

## evm
max_transaction_eth: 5.0
allowed_chains: 1, 8453, 42161
allowed_actions: wallet.transfer, contract.call
consensus_threshold_eth: 3.0
consensus_require_hold: true

## tool_calls
allowed: bash, web_fetch, file_write, wallet_sign, email.send
bash.blocked_commands: rm -rf, curl, wget
web_fetch.blocked_domains: evil.com, malicious.io
file_write.blocked_paths: /etc, /root, ~/.ssh
email.require_approval: true

## custom
# Operator-defined rules — evaluated FIRST before all other checks
deny_if.intent.metadata.email_to contains "@competitor.com"
deny_string: "DROP TABLE"
deny_string: "OPENAI_API_KEY"

## soft_limits
daily_evm_limit_eth: 20.0
daily_tool_calls: 500

## signature
sigil-sig: <base64url>

Policy Sections

## evm

Controls EVM transaction execution — spend limits, allowed chains, allowed actions, and consensus hold thresholds.
FieldDescription
max_transaction_ethMaximum ETH value per transaction
allowed_chainsComma-separated chain IDs
allowed_actionsPermitted EVM actions
chain_actionsOptional per-chain action overrides (takes precedence over allowed_actions)
consensus_threshold_ethTransactions above this require human approval
consensus_require_holdSet true to enable the hold

## tool_calls

Controls non-EVM agent tool execution.
FieldDescription
allowedPermitted tool types
bash.blocked_commandsSubstrings that trigger denial in bash
web_fetch.blocked_domainsHostnames blocked for web requests
file_write.blocked_pathsPath prefixes blocked for file writes
email.require_approvalHold all email.send for human approval

## custom

Operator-defined rules evaluated before all other checks. Two rule types: 
# Block a specific field value
deny_if.<field_path> <operator> <value>

# Block any intent containing a string in any field
deny_string: <literal>
Operators: contains, starts_with, ends_with, equals, not_equals, matches (regex)

## soft_limits

Informational limits flagged for audit but never hard-enforced. Included so the policyHash reflects the operator’s stated intent.

## signature

Ed25519 signature over all content above this block. Generated by Sigil Warrant. A missing or invalid signature causes Sigil Sign to reject the policy unconditionally at startup.

Deployment

Place your signed warranty.md at config/warranty.md relative to process.cwd(), or set WARRANTY_PATH to its location: 
WARRANTY_PATH=/path/to/your/warranty.md
The file is loaded once at startup and cached. Changes require a process restart.

Security

  • The policy file is signed with your Ed25519 operator key
  • The SHA-256 hash of the policy content is embedded in every Intent Attestation JWT (policyHash claim)
  • If the file is modified after signing, Sigil Sign detects it at next startup and refuses to start
  • Never commit your live warranty.md to version control — it contains your signing credentials
config/warranty.md is gitignored by default in the sigil-sign repo.