# Sigmodx

Sigmodx is the audit and verification layer for AI agents making
consequential decisions in financial workflows.

## What it does

Every AI agent decision is cryptographically attested, stored in an
append-only record, and independently verifiable from a single
verification string. Agent input data never leaves the customer's
environment — Sigmodx stores SHA-256 hashes of input payloads, not
the payloads themselves.

## The stack

Sigmodx is the base layer of the Cinmon governance stack:
- Sigmodx: audit and verification (this product)
- cinmon-control: policy enforcement (ALLOW / LIMIT / BLOCK → execution caps)
- EmbiPay: economic execution (wallets, fleet budgets, Stripe Connect)

## Audit scenarios

- Invoice Approval: live. Agents submit approve/reject/escalate decisions
  with input hashes and rationale. Reliability computed from human reviewer
  agreement rate, error rate, and escalation rate.
- Anomaly Detection: in development.
- Trade Execution: in development.
- Financial Forecast Generation: in development.

## Core capabilities

- Append-only attestation enforced at the database layer
- SHA-256 report hashing with deterministic canonical JSON serialization
- HMAC-SHA256 signing with human-readable verification strings
- Public verification API — no credentials required for auditors
- Tenant isolation with RBAC (admin / member / auditor / read-only)
- SOC 2-aligned compliance evidence export
- SOX Section 404 mapping for AI agent workflows

## Developer integration

pip install sigmodx
npm install @sigmodx/sdk

Python SDK: https://github.com/Sigmodx/sdk-python
TypeScript SDK: https://github.com/Sigmodx/sdk-typescript

Agent API: https://sigmodx.com/docs/agent-api
Methodology: https://sigmodx.com/docs/methodology/invoice-approval
Verification: https://sigmodx.com/verify

## Contact

support@sigmodx.com
Pilot access: https://sigmodx.com/enterprise

## Legal

Patent pending — U.S. Provisional Application No. 64/040,964
© 2026 Sigmodx / Cinmon