Documentation
Sigil Docs
Everything you need to quarantine, scan, and secure AI agent code. From first install to CI/CD pipeline integration.
Start Here
Quick Start
Install Sigil and scan your first package in under 60 seconds.
Reference
CLI Reference
All commands, flags, output formats, exit codes, and scan configuration.
Reference
API Reference
REST API for Pro and Team plans. Scan history, threat intel, and CI/CD integration.
Integration
Skills.sh Skill
Install Sigil as a skills.sh skill for 12 AI coding agents. Eight-phase scanning with one command.
Integration
Claude Code Plugin
Native Sigil plugin for Claude Code with slash commands, security agents, and auto-scan hooks.
Integration
MCP Server
Run Sigil as an MCP server. AI agents scan dependencies before installing them.
Reference
Configuration
Config file spec, scan policies, threshold tuning, and ignore rules.
Integration
CI/CD
GitHub Actions, GitLab CI, Jenkins, CircleCI, Bitbucket, and Docker pipeline integration.
Infrastructure
Sigil Bot
Autonomous registry monitor that watches PyPI, npm, ClawHub, and GitHub for new and updated packages.
Infrastructure
Scan Attestations
Cryptographic verification of scan results. Ed25519 signatures, in-toto attestations, and Sigstore transparency log.
Infrastructure
Agent Discovery
How AI agents find and interact with Sigil. A2A agent card, WebMCP tools, llms.txt, and JSON-LD structured data.
Resources
Troubleshooting
Common issues, fixes, and frequently asked questions about Sigil.
Source code
Sigil is open source under the Apache 2.0 license. The README in the main repo covers installation and all scan flags. View on GitHub
Need help?
Ask a question in GitHub Discussions or check the troubleshooting guide.