00 — THE THRESHOLD

2026 / Q2

Soon every checkout will need to know whether the buyer is human, agent, or hybrid.

Sill answers, signs, and audits — so your checkout knows who's on the other side.

FOR MERCHANTS, PLATFORMS & AGENCIES · START FREE IN DISCOVERY MODE

https://

We'll read your site, propose skills, and generate your endpoint. About 90 seconds.

 FREE DISCOVERY NO CARD REQUIRED AP2 · MCP · x402

SILL · AUDIT BUNDLE

Signed mandate, verified end-to-end.

VERIFIED

MANDATE

pm_8A3F9C12

AGENT

ChatGPT v4.1 (AP2)

USER

eleanor@gmail.com

AMOUNT

$47.20 USD

DECISION

ALLOWED

LATENCY

31 ms

IDENTITY

INTENT

CART

LIMITS

POLICY

sig: 0x9f2c8a4b1d…7e3a · ed25519 · ts 2026‑05‑10 18:42Z

DOC SB‑20260510‑PM_8A3F9C12PAGE 1 / 3

01a — RUNTIME · AUTOMATEDREAL SILL COMPONENTS · NOT A VIDEO

SCN 1/2

VISITOR ARRIVES

STOREFRONT

mill-valley-coffee.com

MANDATE PRESENTED

awaiting…

POLICY EVALUATION

rate_limit · 60/min

sku_in_allowlist

amount_under_cap

signature_valid

LOOP · 12s · PHASE 0/4 · NEXT SCENARIO IN —

01b — RUNTIME · HUMAN IN THE LOOPESCALATION PATH FOR AMBIGUOUS MANDATES

~12s LOOP

HIGH-VALUE MANDATE

STOREFRONT

westport-jewelry.com

POLICY · WITH ESCALATION

rate_limit · 60/min

sku_in_allowlist

amount_under_cap

signature_valid

high_value_review_required

OPERATOR REVIEW

idle…

PHASE 0/6 · ESCALATION → REVIEW → SIGNED RECORD

02 — AUDIT TRAILEVERY MANDATE · SIGNED · EXPORTABLE

Every mandate becomes a signed, timestamped record.

Designed to support EU AI Act Article 12 record-keeping requirements. The bundle includes the agent identity, principal delegation, intent, full decision trace, framework mappings, and a cryptographic anchor.

Exportable as JSON, NDJSON, or signed PDF for audit submission. Compliance remains the merchant's responsibility; Sill produces the artifacts.

FORMATJSON · NDJSON · Signed PDF

RETENTIONConfigurable, default 7y

INTEGRITYed25519 envelope + Merkle root

EU AI ACT · ARTICLE 12· DESIGNED TO SUPPORT, NOT LEGAL ADVICE

OPEN FULL BUNDLE

Sill

AGENT GOVERNANCE INFRASTRUCTURE

DOCUMENT ID
SB-20260510-PM_8A3F9C12

ISSUED
5/10/2026, 8:33 PM

MANDATE AUDIT BUNDLE

An evidentiary record of one agentic transaction.

Captures the cryptographic identity, policy decisions, and on-chain anchor for mandate pm_8a3f9c12. For internal compliance, external auditors, and regulators.

✓

Mandate verified and anchored.

All policy checks passed. Cryptographic anchor recorded on-chain.

01Mandate parties

MANDATE ID	pm_8a3f9c12
ISSUING AGENT	ChatGPT
END USER	eleanor@gmail.com
USER INTENT	Buy 2× Espresso Roast under $50
AMOUNT CAP	$47.20 USD
SIG ALGORITHM	ECDSA-P256

+ 4 MORE SECTIONS · DECISION TRACE · MAPPINGS · ANCHOR · ATTESTATION

03 — THE PROBLEM, IN THREE FRAMES

01IDENTITY

Every request to the merchant carries a signed agent card naming who the visitor is, who deployed them, and what their public key proves. Unsigned traffic gets handled by your existing fraud rules. Signed traffic enters a different flow.

02INTENT

Before money moves, the agent presents a mandate: the SKU, the cap, the merchant, the expiry, the signature. Sill validates against the merchant policy. A mandate that fails any rule never reaches the payment processor.

03PROOF

Every approved mandate writes an immutable audit entry. Compressed, signed, queryable. Disputes do not become forensic projects. Compliance does not become a slide deck.

04 — GUARDRAILSCATEGORIES · NOT THE RULE LIBRARY

What Sill enforces, before money moves.

Each mandate is evaluated against six categories of policy. The categories are public; the specific rules and thresholds for your site live behind authentication, where attackers cannot probe them.

Defaults ship safe. Customization is opt-in. The DSL is documented, versioned, and testable.

IDENTITY

Who is the visitor

Signature validity, agent card freshness, organizational provenance, key rotation. Unverified agents are denied at the threshold.

RATE & VOLUME

How often, how fast

Per-agent, per-merchant, per-time-window limits. Burst windows. Anomalous concurrency. Tunable per skill.

TRANSACTIONAL

What and how much

Amount caps, SKU allowlists, currency restrictions, geographic and shipping rules, bundle constraints.

BEHAVIORAL

Pattern over time

Sequence analysis, velocity changes, suspicious ordering, reputation signals from the broader Sill network.

CUSTOM POLICY

Your rules, your code

Merchant-defined policy expressions in a constrained DSL. Versioned, testable, deployable from the dashboard or via API.

AUDIT

Proof and retention

Every decision is logged, signed, and retained. Configurable retention class. Exportable in audit-grade formats.

RED TEAM SIMULATORATTACK YOUR OWN POLICY BEFORE SOMEONE ELSE DOES

Press a button. Fire 28 attacks at your active policy.

Sill ships a catalog of documented adversarial scenarios from MITRE ATLAS, OWASP LLM Top 10, AP2, and dark-pattern frameworks. Each one is bound to a specific rule. Run them on demand or on a schedule.

You see exactly which scenarios your policy catches and which slip through — before they become an incident.

SCENARIOS28 across 6 categories

SOURCESMITRE ATLAS · OWASP · AP2 · CMA

SCOPEDRun globally or per rule

RECORDEDOutcome logged with policy version

SECURITY TEAMS LOVE THIS PART· ALSO YOUR INSURER

RED-TEAM IN PROGRESS

0 CAUGHT0 MISSED0/6

AWAITING…

CATALOG v2026.05 · 28 SCENARIOS · 6 CATEGORIESPAUSED

05 — WHERE SILL SITS

One script tag, between the agent and your stack.

Sill runs at the edge, in front of your existing commerce backends. Agents arrive with HTTP requests and signatures; Sill evaluates each mandate against your policy and forwards approved actions to Stripe, Shopify, WooCommerce, or your custom backend.

INSTALL TIMEone script tag

DATA RESIDENCYmerchant-controlled

AUDIT FORMATsigned JSON, queryable

06 — STANDARDS

FRAMEWORK MAPPINGS · NOT CERTIFICATIONS

Sill maintains public mappings between its controls and the frameworks below. Mapping is not certification. Conformity assessment requires an accredited audit.

OWASP LLM Top 102025

Sill's guardrail engine maps to LLM01 (Prompt Injection), LLM06 (Sensitive Information Disclosure), and LLM10 (Unbounded Consumption).

MITRE ATLASv4.7.0

Mandate validation covers tactics around evasion, exfiltration, and impact as they apply to agent-driven commerce.

NIST AI RMF1.0 · 2023

Audit envelope and mandate exports support the Measure and Manage functions for AI system accountability.

Sill creates tamper-evident audit records and maintains public mappings to the frameworks above. These mappings are implementation guidance, not certifications or attestations. Merchants remain responsible for legal compliance, payment obligations, and any accredited audit required by their regulators.

07 — PRICING

DISCOVERY IS LIVE · OTHER TIERS PHASE 2 PREVIEW

WHAT IS A MANDATE?

A mandate is a signed agent request to perform a sensitive action — a checkout, refund, order lookup, or shipment update. Each mandate is evaluated against your policy and produces one audit record. Pricing below is per mandate, not per agent visit.

DISCOVERY

$0forever

LIVE IN PHASE 1

Unlimited sites

Agent identity logging

Skill manifest discovery

No payment authorization

Add website

PHASE 2 PREVIEW

STARTER

$299per month

SINGLE SITE · WORDPRESS / WOO

Up to 2,000 signed mandates/mo

WordPress + WooCommerce

Standard guardrail rules

1-year audit retention

Email support

Notify me at launch

PHASE 2 PREVIEW

CONTROL

$1,500base + usage

10,000 MANDATES INCLUDED

ESTIMATE BY VOLUME

10kMANDATES / MO

EST. MONTHLY$1.5k

WITHIN INCLUDED VOLUME

Multi-site, all integrations

Custom guardrail rules

Stripe Connect, Shopify, Woo

Human-in-the-loop escalation

EU AI Act audit exports

Notify me at launch

PHASE 2 PREVIEW

ENTERPRISE

CustomANNUAL · FROM $120k

For commerce platforms, marketplaces, and large merchants with their own audit envelopes.

Everything in Control

Per-region data residency

Private deployment

SOC 2 + named SLAs

Custom retention + KMS

SSO, SCIM, custom roles

Talk to a founder

PRICING NOTESMandate price covers signing, guardrail evaluation, edge compute, and audit retention (1 year on Starter, 7 years on Control + Enterprise). LLM-evaluated rules are billed at the listed rate; pure rule-based mandates are not metered separately.

08 — FAQ

OBJECTIONS · ANSWERED

The questions we get most often, answered as plainly as we can.

Does Sill process payments?

No. Sill evaluates and signs mandates; payment authorization stays with your existing processor (Stripe, your PSP, or a future agent-payment rail). We never touch funds.

Does this replace Stripe, Shopify, or WooCommerce?

No. Sill sits in front of your existing commerce stack. Approved actions are forwarded to your checkout, refund, or order systems unchanged. You keep the same processor, the same platform, and the same data ownership.

Can agents complete checkout automatically without my approval?

Only if you allow it. Each merchant defines what agents can do unattended (typically small repeat purchases) and what requires human review (high-value, refunds, account changes). The default policy ships conservative.

What can I do with the free Discovery plan?

Identify agent traffic in your logs, publish a read-only skill manifest so well-behaved agents discover your endpoints, and see which actions agents would request. No payment authorization, no transactional authority — useful immediately for visibility.

Do I need to support AP2, ACP, or x402 myself?

No. Sill normalizes inbound mandates from emerging protocols and presents them to your backend in a single format. As new protocols stabilize, we add them; your integration stays the same.

Can I block unknown or unverified agents?

Yes. The default policy declines mandates from unsigned or unverified agents. You can allowlist specific agent identities, require minimum verification levels, and rate-limit by principal.

Does Sill expose my private rules?

No. The rule categories are public so visitors and auditors understand what Sill enforces. The specific thresholds, allowlists, and policy logic for your site live behind authentication and are never returned in error responses or visible to agents.

Will this work with Shopify, WooCommerce, or a custom store?

Yes. We ship a WordPress/WooCommerce plugin, a one-line script tag for custom sites, and a CNAME-based edge install. A Shopify app is in development. The underlying API works with any backend that can verify a signed mandate.

Different question? Email hello@sill.so and we'll answer it directly.

08 — START

Add your first website. Discovery mode is free and unlimited.

Add website