Docs
Get an agent signed, governed, and producing receipts.
Siglify is early and built with a small group of design partners. These docs cover the core concepts and the shortest path to a running, governed agent. APIs may change before GA.
Quickstart
- 1Install the CLI and authenticate against your workspace.
- 2Sign your first agent against the Siglify Root CA (or counter-sign with your own PKI).
- 3Attach a policy bundle and run the agent inside the governed box.
- 4Tail the audit log and export your first signed evidence bundle.
Core concepts
- The box
- The governed runtime an agent executes inside. Strict egress allowlist, no privilege escalation, read-only mounts, sandboxed tool access. Properties of the box, not settings an agent can change.
- The gate
- A deterministic policy boundary enforced in code. If the policy says no, the action does not run. Routine actions clear a signed policy bundle locally; sensitive or unknown actions escalate for a signed verdict.
- The passport
- An agent's signing certificate doubles as its access credential. It proves identity before the agent is allowed to act, and it can be revoked like any other principal.
- The ledger
- An append-only, hash-chained log of every consequential action, signed with a key held outside the database. Replicates to immutable storage and exports to your SIEM.
Need more?
Full API reference and self-hosting guides ship with design-partner onboarding. If you want access, reach out and we'll get you set up.