Skip to content
Sill Docs

Quickstart

This quickstart installs Discovery — Sill’s free, observation-only mode. It identifies AI-agent traffic on your site, logs each interaction to a signed audit envelope, and publishes signed, agent-readable manifests (A2A agent card, MCP server, ARD ai-catalog.json) at Sill’s edge.

Discovery does not authorize charges, mutate orders, or move money. For the signed-mandate pipeline, see the Transactional overview.

Before you start

Section titled “Before you start”

You need:

  • A site you control (a public domain).
  • The ability to add a <script> tag to your site’s pages, or to drop a DNS CNAME record for domain verification.
  • An email address to receive a magic-link sign-in.

1. Sign in

Section titled “1. Sign in”

Open the Sill dashboard at app.sill.so and request a magic link. Sill uses magic-link sign-in only — no passwords. SSO is on the roadmap.

2. Add a site

Section titled “2. Add a site”

In the dashboard, create a site for the domain you want to instrument. You will receive a site key — a public credential that identifies your site to Sill’s edge, much like a Stripe publishable key. The site key is safe to embed in client-side HTML.

Alongside the site key, the dashboard issues an opaque per-site proof token. The browser-side embed runtime never reads or transmits the proof token; it exists only so Sill’s origin can server-fetch your published HTML and confirm the snippet is present — an anti-spoofing ownership proof tied to the site key. Both values are surfaced in the install snippet below.

3. Verify domain ownership

Section titled “3. Verify domain ownership”

Sill verifies that you control the domain via a DNS CNAME record before it issues a signed agent card, MCP endpoint, or ARD catalog for the site. See Domain verification.

4. Paste the embed snippet

Section titled “4. Paste the embed snippet”

Add this snippet to your site, immediately before the closing </body> tag:

<!-- paste before </body> -->
<script async src="https://cdn.sill.so/embed.js"
        data-site-key="sk_…"
        data-proof-token="pf_…"></script>

Replace sk_… and pf_… with the site key and proof token shown in the dashboard for this site.

That is the whole install. The script loads asynchronously, identifies the visiting client against Sill’s seeded identity registry, and beacons each agent interaction to Sill’s edge. The browser-side runtime reads only the site key; the proof token is there for Sill’s origin to fetch and verify out-of-band.

5. Confirm traffic is logging

Section titled “5. Confirm traffic is logging”

Open the Audit log view in the dashboard. As soon as an identifiable AI-agent client visits your site, you will see signed audit records appear. Each record is part of the append-only, Merkle-chained audit envelope and can be exported (HTML today; see Audit log and export).

What you get next

Section titled “What you get next”

Once the site is verified, three signed, agent-readable surfaces become available at Sill’s edge:

  • Agent card at https://edge.sill.so/v1/agent-card/{site_key}.json — see Agent card.
  • MCP server at POST https://edge.sill.so/v1/mcp/{site_key} — see MCP server.
  • ARD catalog at https://edge.sill.so/v1/catalog/{site_key}.json — see ARD catalog.

Anyone can verify the signatures on these surfaces against Sill’s public JWKS, using only off-the-shelf ed25519 tooling. See Verify a signature.