Plugin: Signet
Cryptographic action receipts for Dify agent workflows. Ed25519 signing, hash-chained audit trail, offline verification.
Key difference from existing signing plugins: No API key, no SaaS, no network dependency. Signing keys and audit logs stay on your infrastructure.
Tools
| Tool |
Description |
| Sign Action |
Ed25519 sign any tool call, append to hash-chained audit log |
| Verify Receipt |
Offline signature verification — no network needed |
| Audit Query |
Query local audit trail by time range or tool name |
Setup
- Install plugin
- Optionally set a Key Name (default:
dify-agent)
- No API keys, no accounts — auto-creates Ed25519 identity on first use
Why local-first matters
|
Signet |
SaaS signing |
| API key required |
No |
Yes |
| Data leaves infrastructure |
No |
Yes |
| Offline verification |
Yes |
No |
| Key custody |
You |
Provider |
Compliance
Signed audit trails support SOC 2 (CC7.2, CC7.3), ISO 27001 (A.8.15), EU AI Act Article 12, and DORA. See full compliance mapping.
Source
Happy to submit a PR if there's interest.
Plugin: Signet
Cryptographic action receipts for Dify agent workflows. Ed25519 signing, hash-chained audit trail, offline verification.
Key difference from existing signing plugins: No API key, no SaaS, no network dependency. Signing keys and audit logs stay on your infrastructure.
Tools
Setup
dify-agent)Why local-first matters
Compliance
Signed audit trails support SOC 2 (CC7.2, CC7.3), ISO 27001 (A.8.15), EU AI Act Article 12, and DORA. See full compliance mapping.
Source
Happy to submit a PR if there's interest.