Your agent pretends to be you.
That's the vulnerability.

Sigilum gives every AI agent its own cryptographic identity. Services know who it is, who owns it, and what it's allowed to do. Like SSH keys, but for AI agents.

npm install @sigilum/sdk
Create AccountGitHub
The Problem

Right now, your agent is you.

Every agent framework today works the same way: you paste API keys into an env file, and the agent uses them. The service can't tell if it's you or your agent. If the agent leaks, your keys leak. If the agent goes rogue, it has full access.

.env · today
OPENAI_API_KEY=sk-proj-8kF3x...a9Qm
STRIPE_SECRET_KEY=sk_live_51N...xYz
BANK_API_TOKEN=pat_4f8b2c...d71e
# the agent has YOUR keys. it IS you.
with Sigilum
identity: did:sigilum:tyllen:claude#a3bf
signed_with: clawbot_agent:ed25519:nMBM...Kx9P
authorized: true approved by human
# no secrets. identity is the credential.
Without Sigilum

Shared secrets everywhere

Agent holds your API keys. If compromised, the attacker has full access to your accounts.

With Sigilum

Agent has its own identity

Agent generates its own keypair. Only the public key is registered. Private key never leaves the machine.

Without Sigilum

No way to revoke one agent

You rotate the API key and every integration breaks. All-or-nothing access control.

With Sigilum

Revoke one agent, keep the rest

Each agent has a separate authorization per service. Revoke one without touching others.

Without Sigilum

Service can't tell human from agent

Same credentials, same access. No audit trail of what the agent did vs. what you did.

With Sigilum

Every request is signed and attributable

Service sees exactly which agent made the call, who authorized it, and when.

How It Works

Three steps. No secrets exchanged.

Your agent gets its own identity. You control what it can access. Services verify cryptographically.

🔑
Step 01

Agent creates a keypair

Your agent generates an Ed25519 keypair locally. The private key never leaves the machine. The public key is its identity.

👤
Step 02

You approve access

From your dashboard, review and approve the agent's request with a passkey. The authorization is recorded on-chain.

Step 03

Service verifies locally

The agent signs every request. The service checks the Ed25519 signature against the registry. No network call to Sigilum needed.

app.sigilum.id/dashboard
Overview
Authorizations2
Services
Policy
Settings
Namespace
did:sigilum:tyllen
did:sigilum:tyllen
  ├── claude
  │   ├── clawbot_agent:ed25519:nMBM… (approved)
  │   └── hamza_agent:ed25519:Kx9P… (approved)
  ├── stripe
  │   └── clawbot_agent:ed25519:Qm7R… (approved)
  └── slack
      └── hamza_agent:ed25519:Ht4W… (pending)
Why not just API keys?

API keys were built for humans, not agents.

An API key is a shared secret. Whoever has it is you. Sigilum uses public-key cryptography. The agent proves its identity without sharing any secret.

API KeysSigilum
Agent leaks credentials✗ Full account access✓ Only that agent's key. Revoke in one click.
Service knows who called✗ Just "your account"✓ Exact agent + owner + authorization
Revoke one agent✗ Rotate key, break everything✓ Revoke one, keep the rest
Offline verification✗ Must call auth server✓ Ed25519 signature verified locally
Works across services✗ One key per service✓ One identity, authorized per service
Integrate

One package. Five lines of code.

TypeScript SDK. Works with any agent framework. LangChain, CrewAI, OpenClaw, or your own.

npm install @sigilum/sdk
import { SigilumAgent } from '@sigilum/sdk';

const agent = new SigilumAgent({
  namespace: 'tyllen',
  service: 'stripe',
  agent: 'clawbot_agent'
});
await agent.bootstrap();  // generates Ed25519 keypair, requests authorization

// sign any outgoing request
const headers = agent.sign({
  method: 'POST',
  path: '/v1/transfer',
  body
});

await fetch(url, { method: 'POST', headers, body });
Security

Built on cryptography, not trust.

🔐

Keys stay local

Private keys generated on the agent's machine. Never transmitted. Sigilum only stores public keys.

Replay protection

Every signed request includes a timestamp and nonce. Expired or duplicate requests are rejected.

📡

Offline verification

Ed25519 signatures verified locally. No network dependency on Sigilum at runtime.

On-chain consent

Only you can approve or revoke agent access. Enforced by smart contract. No admin overrides.

🎯

Scoped per service

Each authorization is tied to one service. Revoking one doesn't affect others.

👤

Human in control

Dashboard shows every agent and connection. Approve, revoke, or rotate with a passkey.

Why "Sigilum"
"In 1582, John Dee created the Sigillum Dei Aemeth, a seal to authenticate communication between humans and higher intelligences."
The seal was proof that both sides were who they claimed to be.

We're in 2026. AI agents call APIs, move money, and act on behalf of humans. The question is the same it was in 1582: how does a service know if this agent is authorized to act on behalf of its owner?

Sigilum is an open identity registry for AI agents. Open source. MIT licensed. The protocol, smart contract, and SDK are all public. Verification runs locally in your infrastructure. No vendor lock-in.

Every agent needs a seal.

Give your agent an identity that services can verify and you can control.

Create AccountView on GitHub
MIT License