Build on the audit layer

Add a cryptographic audit trail to any AI agent in an afternoon. Sigmodx records every decision (hashed, attested, and independently verifiable) without touching your underlying data.

Get started in three steps

Step 1: Install the SDK

pip install sigmodx
# or
npm install @sigmodx/sdk

Step 2: Hash your inputs and submit a decision

from sigmodx import SigmodxClient, InvoiceDecision

client = SigmodxClient(
    api_key="your-api-key",
    agent_id="your-agent-id",
)

input_hash = client.hash_inputs({
    "invoice_id": "INV-2026-0042",
    "vendor_id": "VENDOR-4821",
    "amount": 32000,
    "po_reference": "PO-4821",
})

result = client.submit_invoice_decision(
    InvoiceDecision(
        decision_type="approve",
        input_hash=input_hash,
        rationale="Invoice matches PO. Vendor in good standing. Within limit.",
        invoice_amount=32000,
        vendor_id="VENDOR-4821",
    )
)

print(result.decision_event_id)
print(result.agent_state)  # ALLOW / LIMIT / BLOCK

Step 3: Record the outcome (optional but recommended)

client.record_outcome(
    decision_event_id=result.decision_event_id,
    outcome="processed",
)

Outcome recording uses an org admin or member session token (not the agent API key). See the Agent API reference.

Your invoice data never leaves your environment. Sigmodx stores the SHA-256 hash of your input payload, not the payload itself.

How it works

Input hashing

Hash your agent's input payload before submitting. The hash is a cryptographic fingerprint. It proves the agent used specific inputs without exposing what they were. Use client.hash_inputs() to generate a deterministic SHA-256 hash.

Decision events

Every agent decision is a structured record: decision type, input hash, rationale, confidence, and scenario-specific fields. Written to an append-only store that rejects modification after insertion.

Reliability state

Sigmodx computes a reliability signal for each agent (ALLOW, LIMIT, or BLOCK) based on human reviewer assessments and error rates. cinmon-control reads this state before allowing execution.

Verification strings

Each attested period produces a verification string your auditors can submit to /verify for independent confirmation. No credentials required. No data exposed.

Authentication

Sigmodx uses two authentication methods:

Agent API keys are scoped to a specific agent within an organization. Pass as a Bearer token: Authorization: Bearer <key>. Generate keys in your org dashboard under Settings → API Keys.

JWT auth is used for the web application and org-level endpoints. Authenticate via the standard Supabase auth flow.

All API keys are stored as hashed values. Sigmodx cannot recover a key after initial generation. Store it securely.

SDKs

Python

pip install sigmodx

Supports Python 3.9+.

TypeScript / JavaScript

npm install @sigmodx/sdk

Supports Node.js 18+. TypeScript definitions included.

sigmodx-integrations

pip install sigmodx-integrations

LangChain callback + universal adapter. Supports Python 3.10+.

sigmodx-mcp

pip install sigmodx-mcp

MCP server for Claude, Cursor, and any MCP-compatible framework.

Framework integrations

LangChain

pip install sigmodx-integrations

from sigmodx_integrations import (
    SigmodxCallbackHandler,
    ANOMALY_DETECTION_CONFIG,
)

handler = SigmodxCallbackHandler(
    client=client,
    config=ANOMALY_DETECTION_CONFIG,
)

# Register with your agent executor
result = agent_executor.invoke(
    {"input": "Check this transaction"},
    config={"callbacks": [handler]},
)
# Every tool call is now automatically logged to Sigmodx

MCP Server

pip install sigmodx-mcp

# Start the server
SIGMODX_API_KEY=your-key \
SIGMODX_AGENT_ID=your-agent-uuid \
sigmodx-mcp

Universal (any framework)

from sigmodx_integrations.universal import SigmodxAdapter

adapter = SigmodxAdapter(client=client, scenario="anomaly_detection")
adapter.log(
    inputs={"txn_ref": "TXN-001", "amount": 5000},
    decision_type="flag",
    rationale="Amount 3x historical average.",
    anomaly_subtype="unusual_amount",
    severity="high",
)

View all integrations →

Forecasting scenario API (legacy)

The forecasting API powers the probability benchmarking leaderboard. For AI agent audit use cases, see the Agent API above.

  • POST /agents/register registers an agent and returns the API key (once)
  • POST /agents/{id}/forecast submits a probability forecast for open questions
  • GET /agents/{id}/metrics returns Brier-based metrics and certification data
  • GET /agents/{id}/verification returns the external verification payload (cached)

Forecasting API docs →