Maximum Awareness, Minimum Time
This document outlines the go-to-market plan for SIGIL (sigil-protocol) β an open
Rust protocol for securing AI agent-to-tool interactions.
| Asset | URL |
|---|---|
| GitHub | github.com/sigil-eu/sigil |
| crates.io | crates.io/crates/sigil-protocol |
| docs.rs | docs.rs/sigil-protocol |
| Website | sigil-protocol.org |
| License | EUPL-1.2 (OSI-approved) |
Highest Priority
Show HN: SIGIL β The missing security layer for MCP agent-to-tool interactions
MCP (Model Context Protocol) lets AI agents call tools, but has zero security: no identity verification, no content scanning, no audit trail, no permission gating. SIGIL is an open Rust protocol that fills this gap. 5 traits you implement with your own backends: - IdentityProvider β bind users to trust levels (eIDAS, OIDC, SSI) - SensitivityScanner β detect secrets before they reach the LLM - VaultProvider β encrypt intercepted content - AuditLogger β tamper-evident event logging - SecurityPolicy β risk gating + rate limiting Plus a reference MCP server that wraps any tool set with all five layers. cargo add sigil-protocol GitHub: https://github.com/sigil-eu/sigil Docs: https://docs.rs/sigil-protocol Site: https://sigil-protocol.org License: EUPL-1.2 (OSI-approved, works as library in any project)
Best time to post: TuesdayβThursday, 9-10 AM US Eastern (2-3 PM CET).
Title: "sigil-protocol: securing MCP agent-to-tool interactions with identity, scanning, and audit traits"
Emphasize: trait design, test coverage (29 tests), EUPL choice, spec docs.
Title: "Open protocol for securing AI agent tool calls β identity gating, secret scanning, audit trails"
Emphasize: Ollama/vLLM compatibility, local-first, no cloud dependency.
π§΅ We just published SIGIL β the missing security layer for AI agents. MCP lets agents call tools. But MCP has: β No identity verification β No content scanning β No audit trail β No permission gating SIGIL fixes all four. Here's how β 1/ Identity β IdentityProvider trait binds users to trust levels. eIDAS, OIDC, SSI β you pick the backend. 2/ Scanning β SensitivityScanner catches secrets BEFORE they reach the LLM. API keys, IBANs, PII β domain-specific patterns. 3/ Audit β AuditLogger creates tamper-evident logs of every action. 4/ SigilMcpServer wraps ANY tool set. 4 lines of Rust. cargo add sigil-protocol GitHub: github.com/sigil-eu/sigil Built in Europe πͺπΊ
Tag: @alexalbert__ (MCP lead at Anthropic), relevant Rust/AI accounts.
Post on users.rust-lang.org in the "announcements" category.
Email twir@rust-lang.org β reaches ~30K Rust developers weekly.
Target EU tech/policy audience. Emphasize: EUPL-1.2, eIDAS identity, AI Act compliance, "Built in Europe" narrative.
Open friendly, helpful issues that create permanent backlinks:
| Project | Issue Title | Angle |
|---|---|---|
modelcontextprotocol/specification |
"RFC: Security extension for tool call identity + audit" | Propose _sigil as standard extension |
anthropics/anthropic-cookbook |
"Example: Adding security to MCP tool calls" | Offer to contribute a cookbook recipe |
ollama/ollama |
"Feature: Audit trail for tool-use interactions" | Reference Sigil as ready solution |
Title: "MCP Has No Security Layer. We Built One."
Publish on: Dev.to (instant distribution), Medium (SEO), personal blog (linked from sigil-protocol.org).
Structure: The problem (2 paragraphs) β What we built (diagram) β Code example (4 lines) β Why EUPL (1 paragraph) β Call to action.
Apply to NLnet.nl under NGI Zero. They fund EU open source security projects. Gives you: funding (β¬5-50K), credibility ("NGI-funded"), EU network.
| Conference | When | Why |
|---|---|---|
| EuroRust | Oct 2026 | Rust + EU audience |
| FOSDEM | Feb 2027 | Biggest EU open source conf |
| RustConf | Sep 2026 | Global Rust community |
β‘ The first 48 hours matter most on HN and Reddit. Post during peak hours and be ready to answer comments immediately.