Signing CLI for AI agents and ops people who want a verifiable audit trail. Runs fully offline with a built-in PAdES signer (no signup, no third-party provider) — or routes through Dropbox Sign / DocuSign / SignWell. Per-signer tokens, declarative policie
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Signing CLI for AI agents and ops people who want a verifiable audit trail. Runs fully offline with a built-in PAdES signer (no signup, no third-party provider) — or routes through Dropbox Sign / DocuSign / SignWell. Per-signer tokens, declarative policie