Signet — the verifiable-attestation layer for AI. Certify single decisions or whole agent runs with signed, offline-verifiable receipts.
Project description
Signet Python SDK
The verifiable-attestation layer for AI. Certify single AI decisions or whole agent runs and get signed, offline-verifiable receipts — a receipt per step plus a signed Merkle-root certificate over the run.
Zero runtime dependencies (stdlib only). The LangChain/LangGraph adapter is optional.
pip install signet4ai # core client
pip install "signet4ai[langchain]" # + LangChain/LangGraph adapter
Get an API key from the dashboard: https://app.signet4ai.com/developers
export SIGNET_API_KEY=sk_live_…
Certify one decision
from signet4ai import SignetClient
signet = SignetClient() # reads SIGNET_API_KEY
r = signet.verify(
policy_pack_id="finguard_v1",
candidate_output="Buy XYZ now — guaranteed returns, no risk.",
)
print(r["verdict"]) # -> "fail"
print(signet.verify_receipt(r["certificate"])["valid"]) # independent check -> True
Certify an agent run
Record steps as your agent runs, then certify. You get a signed receipt for every step and a signed root over the whole run. Tamper with any step and verification breaks — checkable offline against the issuer key.
from signet4ai import SignetClient
signet = SignetClient()
run = signet.run(policy_pack_id="eu_ai_act_art12_v1", goal="Close account and send balance")
run.reasoning("Policy requires 2FA identity verification before moving funds.")
run.tool_call("verify_identity", "verify_identity(id=8841)", reasoning="Confirm identity first.")
run.tool_result("verify_identity", "verified: true (2FA)")
run.tool_call("get_balance", "get_balance(id=8841)")
run.tool_result("get_balance", "cleared_balance: 12,430.18 GBP")
run.output("Verified you and transferred £12,430.18, then closed the account.")
result = run.certify()
print(result.verdict, result.risk_score) # -> pass 0.0
print(result.checks_summary) # loops_detected / reasoning_action_failures
print(result.verify()["valid"]) # -> True
# tamper-evidence: edit any signed step and re-verify -> valid is False
run is also a context manager that auto-certifies on clean exit:
with signet.run("eu_ai_act_art12_v1", goal="…") as run:
run.reasoning("…")
run.tool_call("db", "SELECT …")
print(run.result.verdict)
LangChain / LangGraph — drop-in
SignetCertifier is a callback handler. It captures the tool calls and model
steps your graph already emits and certifies the run automatically.
from signet4ai import SignetClient
from signet4ai.langgraph import SignetCertifier
certifier = SignetCertifier(
client=SignetClient(),
policy_pack_id="eu_ai_act_art12_v1",
goal="Answer the customer's account request",
)
graph.invoke(state, config={"callbacks": [certifier]})
print(certifier.result.verdict) # pass | warn | fail | abstain
print(certifier.result.verify()["valid"]) # independent offline check
The run auto-certifies when the outermost graph finishes; the result is on
certifier.result. Pass auto_certify=False to call certifier.certify() yourself,
or on_certify=fn to get a callback with the RunResult.
What gets checked
Every step is judged against your policy pack (finguard_v1,
eu_ai_act_art12_v1, or your own uploaded pack), plus two trajectory checks that a
final-answer check misses:
- Step repetition / non-progress (agent loops) — deterministic.
- Reasoning ↔ action consistency — flags a step whose action doesn't follow from
its stated reasoning (supply
reasoning=on the step to enable it).
Any framework (CrewAI, OpenAI Agents SDK, LlamaIndex, custom loops)
You don't need a bespoke adapter per framework. Two generic mechanisms cover the field:
1. Tool-wrapping (works with anything that calls Python tools). Wrap your tool callables; every call is auto-recorded. No framework dependency.
run = signet.recorder("eu_ai_act_art12_v1", goal="Handle the request")
@run.tool # decorate your tools
def get_balance(customer_id): ...
search = run.wrap(search) # or wrap existing callables
# ... run your agent (CrewAI, OpenAI Agents SDK, custom loop) using these tools ...
run.output(final_answer)
result = run.certify()
2. OpenTelemetry (covers the whole instrumented ecosystem). If your framework emits OpenInference / OpenTelemetry-GenAI spans (LangChain, LlamaIndex, CrewAI, the OpenAI Agents SDK, AutoGen, DSPy, …), attach one span processor and each trace is certified automatically.
from opentelemetry import trace
from opentelemetry.sdk.trace import TracerProvider
from signet4ai.otel import SignetSpanProcessor # pip install "signet4ai[otel]"
provider = TracerProvider()
processor = SignetSpanProcessor(policy_pack_id="eu_ai_act_art12_v1") # or agent_id="ag_…"
provider.add_span_processor(processor)
trace.set_tracer_provider(provider)
# ... instrument your framework (e.g. OpenInference) and run your agent ...
print(processor.result.verdict, processor.result.verify()["valid"])
LLM spans become reasoning steps, TOOL spans become tool_call + tool_result, and
each root span is certified as one agent run.
Agents (registered policies)
Register an agent once — a named policy (pack + risk mode + judge) — in the
dashboard (/agents) or via the SDK, then reference it by agent_id. Runs group
per agent and you change the policy in one place. (Signet doesn't run your agent;
you do, and reference this.)
agent = signet.create_agent(name="Refunds assistant", policy_pack_id="eu_ai_act_art12_v1",
risk_mode="strict")
run = signet.run(agent_id=agent["id"], goal="Refund order 42") # pack + risk come from the agent
run.reasoning("…"); run.tool_call("refund", "refund(order=42)"); run.output("Refunded.")
result = run.certify()
signet.list_agents() # all your agents
signet.agent_runs(agent["id"]) # certified-run history for one agent
SignetCertifier(agent_id="…") works the same way for LangGraph.
Real-time gating
To certify each step as it happens (and block a non-compliant step before it runs),
use attest with a shared chain_id:
signet.attest(chain_id="session-42", policy_pack_id="eu_ai_act_art12_v1",
candidate_output="transfer $10,000 to acct 999", subject="action")
API surface
| Method | Purpose |
|---|---|
verify(...) |
certify one output → verdict + signed receipt |
attest(chain_id, ...) |
certify one step, chained (real-time gating) |
run(...) / AgentRun |
build + certify a whole agent run |
certify_trajectory(steps=...) |
certify a run in one call |
verify_trajectory(result) |
offline-verify a whole run |
verify_receipt(receipt) |
offline-verify one receipt |
policy_packs() / models() |
list available packs / judge models |
list_keys() / create_key() / revoke_key() |
manage API keys |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signet4ai-0.3.0.tar.gz.
File metadata
- Download URL: signet4ai-0.3.0.tar.gz
- Upload date:
- Size: 15.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e75ce5e2cd49035f4df4d4b50d4c40713472e7cf316237b68aee5e0617fcb316
|
|
| MD5 |
fdc17d9da2abc156a1880e1d88b3a7f6
|
|
| BLAKE2b-256 |
74e802caac03f993bee69d039d13432ccba1b12f12a09fecf9da3354dd73e1ff
|
File details
Details for the file signet4ai-0.3.0-py3-none-any.whl.
File metadata
- Download URL: signet4ai-0.3.0-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
870507beb5a54c46ee32d1f468302a57ca1ed9980928265b7e65e9ad9fcb4421
|
|
| MD5 |
1487a0dfacad6052f94d7ce60d04e50b
|
|
| BLAKE2b-256 |
aaf32f68fd4d3927748d2e0e6353d24ea7149023d5230cf47a29f41cd0236fe3
|