sigil

Double-click anywhere. I know everything about Sigil.

or I can help you find anything

Ask about Sigil — or anything in the ecosystem

Enter to askEsc to close
The trust root, on chainRead the spec

Every action, traceable to a human.

The Global Anchor Layer is Sigil's trust root. It anchors human roots, organisation lineages, and agent authority directly on chain. Resolve any DID, verify any signer, prove any chain of delegation — without trusting any intermediary.

Read the GAL specIdentity standard →
sigil · liverunning
Resolving subjectverifying…
did:oas:sigil:agent:analyst-7
parent · did:oas:sigil:agent:l1fe-research
  1. 01 · Revocation check
    No active revocation against did or its lineage
  2. 02 · Root anchor
    HMR record resolved · sequence 421 · status Active
    pending
  3. 03 · Document commitment
    Off-chain doc hashes the on-chain commitment
    pending
  4. 04 · Parent signature
    Ed25519 signature verifies against parent agent key
    pending
  5. 05 · Org Merkle inclusion
    Proof witnesses OrgLineageRoot ✓
    pending
Verdict
Awaiting all five proofs.
Subject
did:oas:sigil:agent:analyst-7
Awaiting verification
01

Revocation check

No active revocation against this DID, its parent, or its root.

rejects → revoked
02

Root anchor

HMR / MHR / ENR root exists, is Active, and sequence matches.

rejects → rootNotActive
03

Document commitment

Off-chain document hashes the on-chain commitment.

rejects → docHashMismatch
04

Parent signature

Parent agent in the lineage chain signed this child claim.

rejects → parentSignatureInvalid
05

Org Merkle inclusion

Subject DID is in the organisation lineage Merkle tree.

rejects → notInOrgTree

Verdict

Awaiting all five proofs.

01 / 07
Trust

The trust problem

Anonymous chains let any signer act as anyone.

A signature alone proves a key controlled the bond — not that the actor was authorised. Sigil binds every privileged action to a verified subject DID and a five-gate proof. Skip a gate and the action fails closed.

Gate 1 · Revocation

Revocation runs first. Always.

Before any other check, the verifier asks: has this DID — or any of its ancestors — been revoked? Revocation is cascade-aware: revoking a parent revokes every descendant in a single transaction. A revoked subject never reaches gate 2.

Gate 2 · Root anchor

Every lineage ends at a real root.

The chain stores three kinds of root: Human (HMR), Machine (MHR), and Enterprise (ENR). The verifier walks the subject's lineage up to one of those roots and confirms the root record is Active. No root, no authority.

Gate 3 · Document commitment

On-chain commits to off-chain.

The chain stores a hash; the document lives in IPFS, S3, your DHT — wherever. The verifier hashes the document the client supplied and compares it to the on-chain commitment. Drift fails the gate before any signature is even checked.

Gate 4 · Parent signature

The parent agent vouches in writing.

Every non-root agent carries an AgentLineageProof signed by its parent. The verifier checks the parent's Ed25519 signature over BLAKE3 of a domain-separated lineage payload. Forge a parent's signature and the cryptography fails this gate.

Gate 5 · Org Merkle inclusion

The org's tree must remember the agent.

Organisations publish an OrgLineageRoot — a Merkle commitment over the set of agents the org authorises. The verifier checks an inclusion proof for the subject. Off-tree agents never reach the privileged path.

Authority granted

All five passed. Action permitted.

The verdict propagates to the calling contract. Compute, labor, governance, treasury — all gated by the same five rules. No exception path, no admin override, no “trusted” intermediary. The chain is the trust layer.

Seven checks in parallel

Authority is verified, not assumed.

Every privileged action runs through seven independent checks: revocation, root anchor, document hash, lineage proof, cascade revocation, parent signature, and organisation inclusion. Any failure halts the action. Trust is earned by the proof, not by the title.

RESOLVING ·idlePASS · 18,204 · REJECT · 142R01revocationR02anchorR03commitmentR04lineageR05cascadeR06signatureR07inclusionevery privileged path runs all seven rules · fail-closed · revocation first

One ledger, seven records

Roots, lineages, organisations — all on chain.

The chain stores seven kinds of identity record: human roots, machine roots, employer roots, agent lineages, tool lineages, organisation trees, and revocations. Each is typed, each is signed, each is independently verifiable.

TYPED RECORDS · sigil-core::galidleHmrAnchorsingle-human rootfields:controller_pubkey · seq · statusR01MhrAnchorthreshold rootfields:policy · profit_shares · seqR02EnrAnchorenterprise rootfields:governance · authorized_signers · seqR03OrgLineageRootorg Merkle commitmentfields:merkle_root · leaf_countR04ShardAssignmentper-DID placementfields:shard_id · affinity · seqR05RevocationRecordcascade-aware revokefields:kind · parent_root · reasonR06ShardTopologyEntrytopology change logfields:op · affected · applied_blockR07seven typed records · one ledger · all anchored on Sigil

Anchor your authority.

Issue a DID. Bind it to a parent. Settle authority on chain. Every agent your team ships gets a verifiable lineage to a real person.

Identity standardStart building →