Zero-trust identity mesh for AI agents.
Task-Bound Identity Tokens, cryptographic delegation chains,
and tamper-evident Merkle tree audit ledger.
Features · Architecture · Quick Start · Security Model · Contributing
SIGIL — Zero-trust identity mesh monitoring and agent delegation dashboard
---- Features
- Architecture
- Core Concepts
- Components
- Quick Start
- Security Model
- Configuration
- Contributing
- License
- Task-Bound Identity Tokens (TBITs) -- short-lived, Ed25519-signed JWTs scoped to a single task
- Cryptographic Delegation Chains -- verifiable chain-of-custody for every agent-to-agent delegation
- SPIFFE-Compatible Identity -- every agent gets a standards-based SPIFFE ID
- Merkle Tree Audit Ledger -- tamper-evident, append-only log of all token operations
- OPA Policy Engine -- Rego-based authorization with natural-language policy compilation
- Real-Time Dashboard -- React + D3 visualization of delegation graphs, token inspection, and audit timelines
SIGIL Architecture
+------------------------------------------------------------------+
| |
| Orchestrator / Human Operator |
| | |
| v |
| +---------------------+ +-------------------------+ |
| | TBIT Issuer | | Policy Engine (Go) | |
| | (Rust / gRPC) |<----->| OPA Rego + Claude NL | |
| | | | Policy Compiler | |
| | - Ed25519 Signing | +-------------------------+ |
| | - SPIFFE IDs | | |
| | - JWT Minting | | |
| +--------+------------+ | |
| | | |
| v v |
| +---------------------+ +-------------------------+ |
| | Delegation Chain | | TBIT Validator | |
| | (Rust) | | (Rust Library) | |
| | | | | |
| | - Chain Signing |------>| - Signature Verify | |
| | - Attestations | | - Chain Walk | |
| | - Parent Linking | | - Scope Narrowing | |
| +--------+------------+ +-------------------------+ |
| | | |
| v v |
| +--------------------------------------------------+ |
| | Audit Ledger (Rust) | |
| | | |
| | - Merkle Tree (SHA-256) | |
| | - Append-Only Log | |
| | - Compliance Queries | |
| +--------------------------------------------------+ |
| | |
| v |
| +--------------------------------------------------+ |
| | Dashboard (React + D3 + TypeScript) | |
| | | |
| | - Delegation Graph Visualization | |
| | - Token Inspector | |
| | - Policy Editor | |
| | - Audit Timeline | |
| +--------------------------------------------------+ |
| |
+------------------------------------------------------------------+
TBITs are short-lived, cryptographically signed JWTs that bind an AI agent's identity to a specific task. Unlike traditional API keys or OAuth tokens, TBITs encode:
- task_id: The specific task this token authorizes
- tool_scope: An allow-list of tools/APIs the agent can invoke
- delegation_chain: A cryptographic chain proving who delegated authority
- max_ttl: Maximum time-to-live, enforced at every hop
When Agent A delegates work to Agent B, SIGIL creates a cryptographic chain:
sign(parent_hash || child_spiffe_id || timestamp || scope_narrowing)
Each delegation MUST narrow scope -- a child agent can never have more permissions than its parent.
Every agent receives a SPIFFE ID following the format:
spiffe://sigil.mesh/agent/<agent-type>/<instance-id>
| Component | Language | Description |
|---|---|---|
tbit-issuer |
Rust | gRPC service that mints Ed25519-signed TBITs |
tbit-validator |
Rust | Library for validating TBITs and delegation chains |
delegation-chain |
Rust | Ed25519 signature chaining and attestation |
audit-ledger |
Rust | Merkle tree append-only audit log |
policy-engine |
Go | OPA Rego evaluation + NL-to-Rego compiler |
dashboard |
TypeScript | React + D3 visualization dashboard |
deploy |
YAML | Kubernetes CRDs, operator, RBAC |
# Build all Rust components
make build
# Run the TBIT issuer
make run-issuer
# Run the policy engine
make run-policy-engine
# Start the dashboard
make run-dashboard
# Run all tests
make test- Zero Trust: Every agent-to-agent call requires a valid TBIT
- Scope Narrowing: Delegated tokens can only have equal or fewer permissions
- Cryptographic Audit: Every token issuance and validation is Merkle-tree anchored
- Short-Lived Tokens: TBITs have a maximum TTL of 300 seconds by default
- Ed25519 Signatures: All tokens and delegation chains use Ed25519
Found a security vulnerability? Please see our Security Policy for responsible disclosure instructions.
sigil:
issuer:
max_ttl: 300
key_rotation_interval: 3600
spiffe_trust_domain: "sigil.mesh"
validator:
cache_ttl: 60
max_chain_depth: 10
audit:
merkle_hash: "sha256"
compaction_interval: 86400We welcome contributions from the community! Please read our Contributing Guide before submitting pull requests.
Apache License 2.0 -- See LICENSE for details.
Copyright 2025 SIGIL Contributors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0