sigil

Sigil is a compliance layer for the emerging agentic economy. ERC-8004 gives AI agents on-chain identity, a passport. But identity alone doesn't imply trust. Protocols need to verify that an agent meets their specific requirements before granting access. Sigil fills this gap.
How it works:

1. A protocol defines a compliance policy in natural language using Sigil's Inscribe interface (e.g., "agent must hold ≥0.01 ETH, not be sanctioned, have a 3+ star reputation, and have interacted with our contract").
2. The protocol applies the policy to its smart contract by calling setRequiredPolicy(policyId), linking on-chain access control to Sigil compliance checks.
3. An AI agent requests assessment by signing an EIP-191 message with its wallet, proving ownership of its ERC-8004 identity.
4. A Chainlink CRE workflow executes: it reads the agent's identity from the ERC-8004 registry on-chain, calls an AI assessor that evaluates the agent against every rule using 7 on-chain data sources, and writes the result, a compliance stamp, directly on-chain via the KeystoneForwarder.
5. Any protocol can now call isCompliant(agent, policyId) on the Sigil contract to gate access. No intermediary, no trust assumptions, just a verifiable on-chain stamp.
   The problem it solves:
   As AI agents become autonomous economic actors, they will interact with DeFi protocols, DAOs, and on-chain services without human oversight. Protocols face a dilemma: block all agents (losing the agentic economy) or accept them blindly (risking sybil bots, underfunded agents, or sanctioned wallets). Sigil provides the middle ground: verifiable, AI-powered compliance assessment with tamper-proof execution via CRE and immutable evidence on IPFS.
   Demo:
   The demo shows the full lifecycle: an AI agent (Claude Code) is blocked from a protocol, fails its first compliance assessment, autonomously builds its on-chain profile to meet the policy requirements, passes re-assessment with a score of 100/100, and gains protocol access. All on Sepolia with real transactions.
   Live app: https://sigil-compliance.vercel.app

Smart Contracts (Solidity/Foundry, Sepolia)

• Sigil.sol: Core compliance layer implementing Chainlink's IReceiver interface (ReceiverTemplate pattern). Reports arrive via KeystoneForwarder, then onReport() calls _processReport(). Handles two report types: assessment (writes compliance stamps) and policy registration. Exposes isCompliant(address, policyId) for any protocol to gate access.
• SigilDemo.sol: Integration reference. A counter where increment() reverts unless isCompliant() returns true. Protocols call setRequiredPolicy(policyId) to link access control to Sigil.
• 54 Foundry tests including fuzz tests for score bounds and request hash determinism.
  Claude Agent SDK (2 Agents)
• Assessor agent: Built with @anthropic-ai/claude-agent-sdk. Receives assessment requests, evaluates agents against every policy rule using 7 on-chain data tools (eth_balance, token_balance, transaction_history, contract_code, sanctions_check, validation_history, reputation_history) plus a pin_evidence tool for IPFS. Returns structured JSON with per-rule pass/fail, score, and evidence URI. Runs on Claude Opus with structured output and 25 max tool turns.
• Scribe agent: Conversational policy creation assistant, also built with Claude Agent SDK. Guides protocol teams through defining compliance rules via natural language. Supports multi-turn sessions with resume capability. When the user confirms, it registers the policy on-chain and in Supabase. Streamed via SSE.
• Both agents use createSdkMcpServer for in-process tool execution without a separate MCP process.
  CRE Workflow (TypeScript to WASM)
• HTTPCapability trigger receives assessment requests.
• EVMClient reads agent identity from ERC-8004 registry on-chain (getAgentWallet, ownerOf, tokenURI) using LAST_FINALIZED_BLOCK_NUMBER for determinism across DON nodes.
• HTTPClient calls the AI assessor with consensusIdenticalAggregation and response caching (maxAgeSecs) so all nodes get identical AI output, solving the non-determinism problem.
• EVMClient writes the final compliance stamp on-chain via Sigil.sol's onReport().
• CRE runs in simulate mode with --broadcast flag: workflow is simulated locally via CLI, but on-chain writes broadcast as real Sepolia transactions through KeystoneForwarder.
  Server (Express/TypeScript, Railway)
• /trigger-assessment endpoint: verifies EIP-191 signature from agent, spawns CRE CLI process via Bun.spawn(), streams workflow execution.
• Self-referential architecture: CRE workflow calls back to the same server's /assess endpoint for AI evaluation.
  Frontend (Next.js/Vercel)
• Inscribe page: policy creation wizard powered by the Scribe agent with natural-language rule builder.
• Dashboard: real-time compliance status and assessment history viewer.
• Policies page: browse and inspect registered compliance policies.