Name your key so you can tell them apart later (e.g. prod-backend,
staging). Secret keys act server-side; publishable keys are read-only.
Your API keys
All active keys work until revoked — they share your organization’s quota and issuer identity.
Revoking is immediate and permanent.
Python SDK
Certify a single decision or a whole agent run, with a signed receipt for every step.
Zero dependencies; the LangChain/LangGraph adapter is optional.
pip install signet4ai --extra-index-url https://app.signet4ai.com/pypi/simple/
# or install the wheel directly:
pip install https://app.signet4ai.com/pypi/packages/signet4ai-0.4.0-py3-none-any.whl
import os
from signet4ai import SignetClient
signet = SignetClient(api_key="sk_live_YOUR_KEY") # or set SIGNET_API_KEY
run = signet.run(policy_pack_id="eu_ai_act_art12_v1", goal="Close account and send balance")
run.reasoning("Policy requires 2FA before moving funds.")
run.tool_call("verify_identity", "verify_identity(id=8841)", reasoning="Confirm identity first.")
run.tool_result("verify_identity", "verified: true")
run.output("Verified you and transferred the balance, then closed the account.")
result = run.certify()
print(result.verdict, result.trajectory_id)
print(result.verify()["valid"]) # independent offline check
run = signet.recorder("eu_ai_act_art12_v1", goal="…")
@run.tool # decorate (or run.wrap(existing_fn)) your tools
def get_balance(customer_id): ...
# ...run your agent using these tools...
run.output(final_answer)
result = run.certify()
# pip install "signet4ai[otel]"
from signet4ai.otel import SignetSpanProcessor
provider.add_span_processor(SignetSpanProcessor(policy_pack_id="eu_ai_act_art12_v1"))
# any OpenInference/OTel-GenAI instrumented framework -> each trace is certified
print(processor.result.verdict)
# pip install "signet4ai[verify]"
issuer = signet.issuer_key(project_id)["public_key"] # pin once (public key)
report = result.verify_offline(trusted_public_keys={issuer}) # no network
print(report["valid"], report["root_issuer_trusted"])
Or call the REST API directly
Send the secret as a Bearer token on any endpoint: