Auditable Identity for AI Agents
An open protocol for verifiable agent identity, signed delegation chains, and machine-speed accountability for AI systems.
The Problem
When an AI agent makes a call to a core system—a banking platform, hospital records, insurance claims processor, or enterprise resource planning system—the receiving system has no reliable way to answer three basic questions:- Which agent is this?
- Who authorized it to act?
- What chain of delegation does it represent?
The accountability gap: In multi-agent architectures, accountability dissolves through delegation. Agent A calls Agent B, which triggers Agent C. By the time something breaks, the originating authorization has passed through enough layers that no one can say with confidence who is responsible.
How It Works
Sigilum separates control plane from data plane:Control Plane
Sigilum API + DashboardManages identity, authorization state, approvals/revocations, and notifications.
Data Plane
Sigilum GatewayEnforces request signing, approved-claim checks, and proxies requests to upstream providers. Provider secrets stay in your gateway.
Deploy Modes
| Mode | Control Plane | Gateway | Use Case |
|---|---|---|---|
| Managed | Hosted at api.sigilum.id | Customer-side (local/VM/VPC) | Recommended. Production use. |
| Enterprise | Self-hosted | Self-hosted | Full on-prem/private network. |
| OSS-Local | Local (open-source API) | Local | Development and testing. |
What Sigilum Provides
Verifiable Agent Identity
Every AI agent gets a cryptographically verifiable identity. No more anonymous service accounts.
Signed Delegation Chains
Every delegation from a human or another agent is signed, creating an auditable chain of custody.
Machine-Speed Revocation
Compromised agents can be revoked instantly. Agents operating at machine speed need revocation at machine speed.
Authorization Proof
When a regulator asks “who authorized this,” the answer is traceable all the way back to a human decision.
Quick Start
Managed Mode
Get started with hosted Sigilum control plane in minutes. Your gateway runs where your agent runs.
Self-Hosted / Local Development
Run the full open-source stack locally for development, testing, or fully self-hosted deployments.
Architecture Overview
- Agent makes request with cryptographic signature
- Gateway verifies agent identity and approved claims
- Gateway proxies to upstream provider (OpenAI, Linear, etc.)
- Humans approve/revoke through dashboard or API
- All actions logged with full delegation chain
Why Sigilum Exists
From the Manifesto:The capability curve outran the trust infrastructure
The capability curve outran the trust infrastructure
We went from language models to autonomous personal agents in roughly four years. GPT-3 could write a convincing paragraph but couldn’t do anything with it. Then came function calling, reasoning architectures, code generation engines. Now with OpenClaw, personal AI agents run locally on your operating system with full access to your files, email, browser, and code execution.The identity and accountability layer that should have been built alongside that progression simply wasn’t. We’re now deploying agents into regulated, high-stakes environments using trust primitives—shared API keys, service accounts, platform-level credentials—that were designed for a world where software didn’t make its own decisions.
Alignment is necessary but not sufficient
Alignment is necessary but not sufficient
Frontier model companies are doing important work to ensure models behave safely and follow instructions faithfully. But alignment alone does not solve the accountability problem.A well-aligned agent that follows its instructions perfectly can still participate in a delegation chain that produces a catastrophic outcome, because the chain itself was never designed to be auditable or interruptible.Alignment is the safety engineering inside the vehicle. Sigilum is the infrastructure on the road: the license that identifies who is driving, the registration that traces the vehicle to its owner, and the cameras that record what happens when something goes wrong.
Accountability decays at machine speed
Accountability decays at machine speed
In multi-agent architectures, accountability dissolves through delegation. Agent A calls Agent B, which triggers Agent C, which writes and deploys code or executes a transaction. By the time something breaks, the originating authorization has passed through enough layers that no one can say with confidence who is responsible.This is a familiar failure pattern. Financial derivatives laundered risk through layers of abstraction until it became orphaned. Agent chains do the same thing, except they do it in seconds.Sigilum exists to make sure identity doesn’t decay at machine speed.
Resources
API Reference
REST API endpoints, authentication, and authorization flows
TypeScript SDK
Official TypeScript SDK with signing and delegation helpers
Python SDK
Official Python SDK for agent integration
Go SDK
Official Go SDK for high-performance systems
CLI Reference
Complete command reference for the Sigilum CLI
Protocol Specs
DID method specification and SDK signing profile
Use Cases
Banking & Financial Services
Banking & Financial Services
Bank examiners need proof that an AI agent acting on a customer’s account was specifically authorized to perform that specific action. Sigilum provides per-agent, per-action traceability with signed delegation chains from human authorization to agent execution.
Healthcare & HIPAA Compliance
Healthcare & HIPAA Compliance
Healthcare auditors need to know that an agent accessing patient records had proper authorization under HIPAA. Sigilum creates an auditable trail showing which agent accessed what data, when, and under whose authority.
Insurance Claims Processing
Insurance Claims Processing
Insurance regulators want to know which agent processed a claim and under whose authority. Sigilum enables traceable agent actions with cryptographic proof of authorization.
Multi-Agent Workflows
Multi-Agent Workflows
When Agent A delegates to Agent B which triggers Agent C, accountability dissolves through layers. Sigilum maintains the full delegation chain so you can reconstruct the authorization path at any point.
OpenClaw Personal Agents
OpenClaw Personal Agents
Personal AI agents with full system access need verifiable identity and revocable credentials. Sigilum integrates with OpenClaw to provide cryptographic agent identity for local autonomous agents.
Get Started
Choose your deployment mode:Choose Your Mode
- Managed (recommended): Hosted control plane, your gateway runs where your agent runs
- Self-Hosted: Full control, run everything in your own infrastructure
- OSS-Local: Development and testing with the open-source stack
Follow the Quickstart
Integrate Your Agents
Use the TypeScript SDK, Python SDK, or Go SDK to add Sigilum signing to your agents.
Open Source
Sigilum is open source under the MIT License.- GitHub: github.com/PaymanAI/sigilum
- Issues: Report bugs or request features
- Discussions: Join the community
Contributing: Sigilum is actively developed. We welcome contributions, bug reports, and feature requests. See the contribution guidelines to get started.