Infrastructure
Agent Discovery
Sigil exposes structured data at every layer so AI agents can discover capabilities, consume scan results, and interact with tools programmatically. This page covers all the discovery mechanisms.
Discovery stack
Four complementary standards give agents everything they need, from a quick product summary to executable tool schemas:
Agent Card
Machine-readable “business card” at /.well-known/agent-card.json. Lists Sigil's identity, 7 MCP skills with full input schemas, auth requirements, and API endpoint links. Follows the Google A2A protocol (IANA-registered well-known URI).
Browser-Exposed Tools
Forms and interactive components expose tools via Chrome's WebMCP standard. Newsletter signup, waitlist, and scan search are all registered as callable tools for compatible AI agents.
llms.txt + llms-full.txt
Human- and LLM-readable plain text files with product summary, install commands, scan phases, pricing, and all documentation links. llms.txt is the concise version; llms-full.txt is the complete technical reference.
JSON-LD Structured Data
Every page embeds schema.org JSON-LD: SoftwareApplication on the homepage, TechArticle + FAQPage on scan reports, BreadcrumbList on all docs pages, and DigitalDocument on signed attestations.
A2A Agent Card
The agent card tells other agents what Sigil can do. It includes 7 skills (6 MCP tools + attestation verification), each with full JSON Schema for inputs.
curl https://sigilsec.ai/.well-known/agent-card.json | jq '.skills[].id'"sigil_scan"
"sigil_scan_package"
"sigil_clone"
"sigil_quarantine"
"sigil_approve"
"sigil_reject"
"sigil_verify_attestation"The card also includes links to all API endpoints, documentation, and discovery files in the _links section.
| Field | Value |
|---|---|
| schemaVersion | 1.0 |
| name | Sigil |
| provider | NOMARK Pty Ltd |
| authSchemes | none (CLI runs locally) |
| skills | 7 tools with input schemas |
WebMCP tools
Sigil uses both declarative HTML attributes and imperative JavaScript registration to expose tools to WebMCP-compatible agents.
Declarative tools (HTML attributes)
Forms annotated with toolname, tooldescription, and toolparamdescription attributes. Ignored by browsers that don't support WebMCP.
| Tool | Component | Parameters |
|---|---|---|
| subscribeToNewsletter | Newsletter form | |
| requestEarlyAccess | Waitlist form | email, use_case, team_size |
Imperative tools (JavaScript)
The scan database page registers a searchSigilScans tool via navigator.modelContext.registerTool() that lets agents search and filter scan results by ecosystem, verdict, and package name.
llms.txt
Two plain-text files designed for LLM consumption:
llms.txt
Concise product summary, install commands, doc links, scan phases, pricing, attestation endpoints. Under 100 lines.
llms-full.txt
Complete technical reference: CLI commands, API endpoints, MCP tool schemas, Claude Code plugin, CI/CD config, attestation verification, troubleshooting FAQ.
JSON-LD structured data
Schema.org JSON-LD is embedded on every page for search engines and AI agents:
| Page | Schema | Purpose |
|---|---|---|
| Homepage | SoftwareApplication | Product identity, version, pricing, features |
| Scan reports | TechArticle + FAQPage | Scan results, “Is X safe?” answers |
| Signed scans | DigitalDocument | Attestation URL, content digest, encoding format |
| Docs pages | BreadcrumbList | Navigation hierarchy |
| Blog posts | Article + BreadcrumbList | Author, date, publisher, navigation |
| Docs with FAQ | FAQPage + HowTo | Troubleshooting, quickstart steps |
API endpoints for agents
All endpoints return JSON with CORS headers. No authentication required for public data.
| Endpoint | Description |
|---|---|
| GET /api/v1/feed | Scan feed with ecosystem/verdict/since filters |
| GET /api/v1/attestation/{id} | DSSE envelope for a signed scan |
| GET /api/v1/verify | Server-side attestation verification |
| GET /badge/{eco}/{pkg} | SVG scan badge for README embeds |
| GET /feed.xml | RSS 2.0 feed of recent scans |
Discovery file index
All machine-readable discovery files at a glance:
| File | Standard | Purpose |
|---|---|---|
| /.well-known/agent-card.json | A2A | Agent capabilities, skills, auth |
| /.well-known/sigil-verify.json | Custom | Signing keys, verification instructions |
| /llms.txt | llms.txt | Concise product summary for LLMs |
| /llms-full.txt | llms.txt | Complete technical reference |
| /robots.txt | robots.txt | Crawl directives + agent card reference |
| /sitemap.xml | Sitemap | All crawlable URLs including scan pages |
See also
- •MCP Server — run Sigil as a tool server for AI agents
- •Scan Attestations — cryptographic verification of scan results
- •Sigil Bot — the autonomous scanner that powers the scan database
Need help?
Ask a question in GitHub Discussions or check the troubleshooting guide.