A lightweight web of trust. Domain as stake. Humans required.
Your domain is your identity. A human who knows you vouches for it. That's the whole protocol.
- You publish a
sigyl.jsonat your domain root with your public key - A mirror admin vouches your domain; staking their domain's reputation
- The mirror crawls your
sigyl.jsondaily, verifies your key, lists you - Other mirrors gossip: they discover who you vouch for, you discover who they vouch for
- Strangers surface to admins for human review, and vouch or block
No algorithm. No platform. No VC. Humans required to manually vouch identities.
Your domain costs money. It has your name on it. When a mirror admin vouches your domain, they're saying "I know this person." That costs something too... their reputation, on their domain.
Vouching a bot or a bad actor reflects on you. That's the whole security model.
- Generate a keypair at sigyl.org/keygen
- Publish
sigyl.jsonat your domain root:
{
"public_key": "your-ed25519-public-key-base64"
}- Ask a mirror admin to vouch you or run your own mirror
Mirrors are Cloudflare Workers. Free tier. No GitHub required.
See worker/README.md for setup.
sigyl.json - identity file, lives at domain root
trust.json - mirror's trust graph, private to the mirror
crawl.json - public crawl results
/admin - human review interface
Trust states: vouch · stranger · block
Mirror domains use { "trust": "vouch", "mirror": true } in trust.json. Mirrors share gossip but don't have their own sigyl.json; they're infrastructure, not identities.
Not auth. Not a social network. Not a platform. Not a replacement for PGP.
Not auth yet... but the pieces are there.
- Cloudflare Workers = runtime
- Workers KV = trust graph + crawl results
- Workers Static Assets = public files
- Ed25519 = keypairs
- MailChannels = email-to-SMS notifications
- Zero production dependencies
MIT ~brine