Developer FAQ
Short, direct answers to the questions developers ask most. For symptom-driven fixes see Troubleshooting; for the full picture start with What is Sill.
What is Sill, in one sentence?
Section titled “What is Sill, in one sentence?”Sill is agent-governance infrastructure that sits in front of a merchant’s existing commerce stack and answers three questions about every AI agent that interacts with it: identity (who is the agent), intent (what it is authorized to do), and proof (a signed, exportable record of what happened). Sill never custodies funds.
Is there an SDK I need to install?
Section titled “Is there an SDK I need to install?”No. Discovery installs with a one-line script tag — no SDK, no package to vendor, no Sill code in your bundle. The signature-verification path is deliberately standard-only: any reputable RFC 8785 and ed25519 library works.
Which agent protocols does Sill support?
Section titled “Which agent protocols does Sill support?”Live at the boundary today: A2A, AP2, and MCP. ACP, UCP, and x402 are on the roadmap, not enabled. See Protocols for the current status table.
What does the install snippet look like?
Section titled “What does the install snippet look like?”The canonical embed snippet is:
<!-- paste before </body> --><script async src="https://cdn.sill.so/embed.js" data-site-key="sk_…" data-proof-token="pf_…"></script>The data-site-key is the public site identifier (see below). The data-proof-token is a per-site, opaque ownership proof: the embed runtime does not read or transmit it. It exists only so Sill’s origin can server-fetch your published HTML and confirm the snippet (and therefore your control of the domain) is present. Both attributes are public-by-design once the snippet ships.
Is the data-site-key a secret?
Section titled “Is the data-site-key a secret?”No. The site key is a public credential — it ships in every visitor’s page source, the same way a Stripe publishable key does. Seeing it in your HTML is not a leak. It identifies your site; it does not authorize sensitive actions.
Does Discovery cost anything?
Section titled “Does Discovery cost anything?”No. Discovery is free and unlimited — identify agent traffic, publish your agent card, MCP server, and ARD catalog, all independently verifiable. Sill does not publish other pricing yet.
How do I verify that a Sill signature is genuine?
Section titled “How do I verify that a Sill signature is genuine?”Fetch the public JWKS, canonicalize the manifest with RFC 8785 (JCS), and verify the detached ed25519 JWS against the matching key — using only off-the-shelf tooling, no Sill code. Full recipe with a JavaScript sketch and a negative-control test: Verify a signature.
Can I self-host Sill?
Section titled “Can I self-host Sill?”No. Sill runs as managed infrastructure (the mandate/discovery engine at the edge, with audit and registry at the origin). You integrate by installing the embed and, for the transactional path, connecting your own processor.
Does Sill store card numbers?
Section titled “Does Sill store card numbers?”No. Sill handles only opaque processor tokens (e.g. Stripe pm_* / tok_*); raw card numbers never enter any Sill system. This is an architectural property enforced by a CI gate — it is not a PCI certification. See Security.
What region does Sill run in?
Section titled “What region does Sill run in?”US-East today (Phase 1). Sill does not publish latency or uptime figures.
Are there rate limits?
Section titled “Are there rate limits?”Yes. Rate-limited requests return outcome: rate_limited with HTTP 429 and a retry_after_seconds value to back off against. The MCP server additionally enforces a per-session burst limit.
What’s the difference between Discovery and Transactional?
Section titled “What’s the difference between Discovery and Transactional?”Discovery (free, live) identifies and logs which agents touch your site and publishes agent-readable manifests — read-only, no payment authorization. Transactional (Phase 2, early access) adds signed mandates, the policy engine, human-in-the-loop escalation, and payment authorization on your processor. Transactional is validated in limited production on the live Stripe rail — not scaled multi-merchant volume.
How do AI agents discover what my site offers?
Section titled “How do AI agents discover what my site offers?”Through three signed, agent-readable surfaces Sill publishes per site: the A2A agent card, the MCP server (tools/list), and the signed ARD ai-catalog.json. All are verifiable against the public JWKS.
What happens when a mandate is escalated?
Section titled “What happens when a mandate is escalated?”It’s held for human review (outcome: escalated, HTTP 202) — no charge occurs until a reviewer approves it. Each merchant decides which actions run unattended and which require review; the default policy ships conservative.
Can I use Sill’s framework mappings in my own audit?
Section titled “Can I use Sill’s framework mappings in my own audit?”Sill publishes control mappings to the OWASP LLM Top 10, OWASP Top 10 for Agentic Applications, MITRE ATLAS, and NIST AI RMF. These are mappings, not certifications — Sill holds no security certification today. They can inform your own assessment but do not substitute for an accredited audit.