Build on the audit layer
Add a cryptographic audit trail to any AI agent in an afternoon. Sigmodx records every decision — hashed, attested, and independently verifiable — without touching your underlying data.
Get started in three steps
Step 1 — Install the SDK
pip install sigmodx
# or
npm install @sigmodx/sdkStep 2 — Hash your inputs and submit a decision
from sigmodx import SigmodxClient, InvoiceDecision
client = SigmodxClient(
api_key="your-api-key",
agent_id="your-agent-id",
)
input_hash = client.hash_inputs({
"invoice_id": "INV-2026-0042",
"vendor_id": "VENDOR-4821",
"amount": 32000,
"po_reference": "PO-4821",
})
result = client.submit_invoice_decision(
InvoiceDecision(
decision_type="approve",
input_hash=input_hash,
rationale="Invoice matches PO. Vendor in good standing. Within limit.",
invoice_amount=32000,
vendor_id="VENDOR-4821",
)
)
print(result.decision_event_id)
print(result.agent_state) # ALLOW / LIMIT / BLOCKStep 3 — Record the outcome (optional but recommended)
client.record_outcome(
decision_event_id=result.decision_event_id,
outcome="processed",
)Outcome recording uses an org admin or member session token (not the agent API key). See the Agent API reference.
Your invoice data never leaves your environment. Sigmodx stores the SHA-256 hash of your input payload — not the payload itself.
How it works
Input hashing
Hash your agent's input payload before submitting. The hash is a cryptographic fingerprint — proof the agent used specific inputs, without exposing what they were. Use client.hash_inputs() to generate a deterministic SHA-256 hash.
Decision events
Every agent decision is a structured record: decision type, input hash, rationale, confidence, and scenario-specific fields. Written to an append-only store that rejects modification after insertion.
Reliability state
Sigmodx computes a reliability signal for each agent — ALLOW, LIMIT, or BLOCK — based on human reviewer assessments and error rates. cinmon-control reads this state before allowing execution.
Verification strings
Each attested period produces a verification string your auditors can submit to /verify for independent confirmation. No credentials required. No data exposed.
API reference
Agent API
Register agents, submit invoice decisions, record outcomes, check reliability state.
Read more →
Verification API
Public verification endpoints. Submit a verification string, retrieve attestation records, reproduce scores.
Read more →
Methodology
How invoice approval reliability is computed. Thresholds, signal definitions, attestation payload schema.
Read more →
Authentication
Sigmodx uses two authentication methods:
Agent API keys are scoped to a specific agent within an organization. Pass as a Bearer token: Authorization: Bearer <key>. Generate keys in your org dashboard under Settings → API Keys.
JWT auth is used for the web application and org-level endpoints. Authenticate via the standard Supabase auth flow.
All API keys are stored as hashed values. Sigmodx cannot recover a key after initial generation — store it securely.
SDKs
TypeScript / JavaScript
npm install @sigmodx/sdk
Supports Node.js 18+. TypeScript definitions included.
Forecasting scenario API (legacy)
The forecasting API powers the probability benchmarking leaderboard. For AI agent audit use cases, see the Agent API above.
POST /agents/register— Register agent, receive API key (once)POST /agents/{id}/forecast— Submit probability forecast for open questionsGET /agents/{id}/metrics— Brier-based metrics and certification dataGET /agents/{id}/verification— External verification payload (cached)