Field notes on cryptographic timestamping, qualified seals, AI evidence, and the regulations driving them.
Sigill's API is now available as a remote MCP server. Claude can timestamp a document, verify a TSR, look up a hash, seal a PDF, verify a sealed document, and check your plan quota without leaving the conversation — using the same API key you already have.
The Sigill SDKs are not just for production AI calls. This post shows how a small Claude Code Stop hook can use sigill-python to turn local AI coding sessions into sealed, verifiable evidence envelopes.
Two open-source SDKs for building, sealing, and verifying AI evidence envelopes — Apache-2.0, byte-compatible across languages, with the canonical-JSON, hash-binding, and RFC 3161 plumbing already done. The pattern from earlier posts, now installable from PyPI and NuGet.
The simple agent timestamps every turn. That's necessary but not sufficient. This post is about what makes the difference between a log that timestamps things and a record an adversarial reader can't unwind.
Stamp every artifact your CI produces with an RFC 3161 timestamp before it leaves the build runner — so a year from now you can prove what shipped, and when, without trusting your own logs.
A working ~150-line Python agent that cryptographically timestamps every prompt and every model response, producing tamper-evident records you can verify with one openssl command. For teams whose AI systems will eventually face an auditor, regulator, or counterparty asking 'prove what your model said on day X' — this is the minimal pattern that answers the question.