sill.SECURITY
SECURITY & TRUST
INDEPENDENTLY VERIFIABLE

Security & trust

Sill is the governance layer between an arriving AI agent and a merchant’s payment and inventory systems. The security properties below describe what the architecture guarantees, what anyone can verify themselves, and where the bounds are.

Sill holds no security certifications today and does not claim any. Where we describe properties of the architecture, we say so; where we describe what has been validated end-to-end, we bound the scope of that validation.

01Never custodies funds

The merchant’s existing payment processor — for example Stripe — holds the card, authorizes the charge, settles the transaction, and pays out to the merchant. Sill issues the signed authorization (the mandate) and the signed audit record that captures what happened. Sill never touches funds, never holds balances, and never moves money.

02Signed, end-to-end pipeline

The full path — signed mandate → policy evaluation → Stripe payment authorization → signed, Merkle-chained audit record — has been validated end-to-end on the live Stripe rail in production.

SCOPEThis validates the pipeline on the live rail; it is not a claim of scaled, multi-merchant payment volume.

03Independently verifiable

Sill signs with ed25519. The public signing key is published at edge.sill.so/.well-known/jwks.json. Anyone can reproduce the signatures on a Sill agent card or ARD catalog using only published standards — RFC-8785 JCS canonicalization and ed25519 — with no access to Sill’s code.

04Tamper-evident audit

Audit records are append-only, signed with ed25519, and Merkle-chained so that any later modification breaks the chain. Records are exportable as JSON, NDJSON, or a signed bundle for archival or external review.

05PCI-minimal architecture

Sill handles only opaque processor tokens issued by the merchant’s payment processor — for example, Stripe pm_* and tok_* identifiers. Raw payment card numbers never enter any Sill system. This boundary is enforced by the architecture and by a CI gate.

SCOPEThis is an architectural property, not a PCI certification. Sill holds no PCI attestation.

06Framework mappings

Sill maintains public, control-by-control mappings between its guardrails and the OWASP LLM Top 10, the OWASP Top 10 for Agentic Applications, MITRE ATLAS, and the NIST AI RMF. These are mappings, not certifications.

See the full control-by-control table at /standards.

07Sign-in

Dashboard access uses magic-link sign-in. There are no passwords to phish, reuse, or leak.

Verify the signatures yourself.

Install Discovery in about 90 seconds. The agent card and ARD catalog Sill emits for your site are signed with the public key at edge.sill.so/.well-known/jwks.json — no access to our code required.

Check agent readinessFree Discovery · no card required