# Signpath ```json { "name": "Signpath", "slug": "signpath", "url": "https://composio.dev/toolkits/signpath", "markdown_url": "https://composio.dev/toolkits/signpath.md", "logo_url": "https://logos.composio.dev/api/signpath", "categories": [ "developer tools & devops" ], "is_composio_managed": false, "updated_at": "2026-05-12T10:26:12.005Z" } ``` ![Signpath logo](https://logos.composio.dev/api/signpath) ## Description Securely connect your AI agents and chatbots (Claude, ChatGPT, Cursor, etc) with Signpath MCP or direct API to sign software artifacts, verify signed files, check project signing status, and automate release approvals through natural language. ## Summary Signpath is a code signing service that automates the secure signing of your software artifacts. It ensures authenticity and integrity for every release, right from your CI/CD pipeline. ## Categories - developer tools & devops ## Toolkit Details - Tools: 5 ## Images - Logo: https://logos.composio.dev/api/signpath ## Authentication - **Api Key** - Type: `api_key` - Description: Api Key authentication for Signpath. - Setup: - Configure Api Key credentials for Signpath. - Use the credentials when creating an auth config in Composio. ## Suggested Prompts - List all available code signing certificates - Show all projects for my organization - Get details of current signing policies - Retrieve latest Signpath system information ## Supported Tools | Tool slug | Name | Description | |---|---|---| | `SIGNPATH_GET_HEALTH_CHECK` | Get Health Check | Tool to check if the SignPath API is healthy and operational. Use this to verify API availability before performing other operations. | | `SIGNPATH_LIST_CERTIFICATES` | List Certificates | Retrieve all certificates available in a SignPath organization. Use this to discover certificate IDs needed for signing operations. Requires a valid organization_id which can be obtained from your SignPath account settings. | | `SIGNPATH_LIST_PROJECTS` | List Projects | Tool to list all projects for an organization. Use after confirming the organization ID to retrieve and paginate project records. | | `SIGNPATH_RETRIEVE_SIGNING_POLICY_DETAILS` | Retrieve Signing Policy Details | Retrieve signing policy details for code signing operations. Returns certificate info, RSA key parameters, and policy metadata for the authenticated user's accessible signing policies. Without filters, returns all policies where the user is assigned as Submitter. | | `SIGNPATH_RETRIEVE_SYSTEM_INFO` | Retrieve System Info | Retrieves SignPath system information including the application version and the web UI base URL. Use this tool to verify the SignPath installation version or to obtain the web interface URL. | ## Supported Triggers None listed. ## Installation and MCP Setup ### Path 1: SDK Installation #### Path 1, Step 1: Install Composio Install the Composio SDK ```python pip install composio_openai ``` ```typescript npm install @composio/openai ``` #### Path 1, Step 2: Initialize Composio and Create Tool Router Session Import and initialize Composio client, then create a Tool Router session ```python from openai import OpenAI from composio import Composio from composio_openai import OpenAIResponsesProvider composio = Composio(provider=OpenAIResponsesProvider()) openai = OpenAI() session = composio.create(user_id='your-user-id') ``` ```typescript import OpenAI from 'openai'; import { Composio } from '@composio/core'; import { OpenAIResponsesProvider } from '@composio/openai'; const composio = new Composio({ provider: new OpenAIResponsesProvider(), }); const openai = new OpenAI({}); const session = await composio.create('your-user-id'); ``` #### Path 1, Step 3: Execute Signpath Tools via Tool Router with Your Agent Get tools from Tool Router session and execute Signpath actions with your Agent ```python tools = session.tools response = openai.responses.create( model='gpt-4.1', tools=tools, input=[{ 'role': 'user', 'content': 'List all certificates for my organization' }] ) result = composio.provider.handle_tool_calls( response=response, user_id='your-user-id' ) print(result) ``` ```typescript const tools = session.tools; const response = await openai.responses.create({ model: 'gpt-4.1', tools: tools, input: [{ role: 'user', content: 'List all certificates for my organization' }], }); const result = await composio.provider.handleToolCalls( 'your-user-id', response.output ); console.log(result); ``` ### Path 2: MCP Server Setup #### Path 2, Step 1: Install Composio Install the Composio SDK and Claude Agent SDK ```python pip install composio claude-agent-sdk ``` ```typescript npm install @composio/core ai @ai-sdk/openai @ai-sdk/mcp ``` #### Path 2, Step 2: Create Tool Router Session Initialize the Composio client and create a Tool Router session ```python from composio import Composio from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions composio = Composio(api_key='your-composio-api-key') session = composio.create(user_id='your-user-id') url = session.mcp.url ``` ```typescript import { Composio } from '@composio/core'; const composio = new Composio({ apiKey: 'your-api-key' }); console.log("Creating Tool Router session..."); const { mcp } = await composio.create('your-user-id'); console.log(`Tool Router session created: ${mcp.url}`); ``` #### Path 2, Step 3: Connect to AI Agent Use the MCP server with your AI agent ```python import asyncio options = ClaudeAgentOptions( permission_mode='bypassPermissions', mcp_servers={ 'tool_router': { 'type': 'http', 'url': url, 'headers': { 'x-api-key': 'your-composio-api-key' } } }, system_prompt='You are a helpful assistant with access to Signpath tools.', max_turns=10 ) async def main(): async with ClaudeSDKClient(options=options) as client: await client.query('List all projects for my organization in Signpath') async for message in client.receive_response(): if hasattr(message, 'content'): for block in message.content: if hasattr(block, 'text'): print(block.text) asyncio.run(main()) ``` ```typescript import { openai } from '@ai-sdk/openai'; import { experimental_createMCPClient as createMCPClient } from '@ai-sdk/mcp'; import { generateText, stepCountIs } from 'ai'; const client = await createMCPClient({ transport: { type: 'http', url: mcp.url, headers: { 'x-api-key': 'your-composio-api-key' } } }); const tools = await client.tools(); const { text } = await generateText({ model: openai('gpt-4o'), tools, messages: [{ role: 'user', content: 'List all projects for my organization in Signpath' }], stopWhen: stepCountIs( 5 ) }); console.log(`Agent: ${text}`); ``` ## Why Use Composio? ### 1. AI Native Signpath Integration - Supports both Signpath MCP and direct API based integrations - Structured, LLM-friendly schemas for reliable tool execution - Rich coverage for submitting signing jobs, checking signing status, and retrieving results ### 2. Managed Auth - Built-in API key management—no more exposing secrets - Central place to manage and revoke Signpath keys - Per user and per environment credentials, not hard-coded into your app ### 3. Agent Optimized Design - Tools are tuned using real error and success rates to improve reliability over time - Comprehensive execution logs so you always know what ran, when, and on whose behalf ### 4. Enterprise Grade Security - Fine-grained RBAC so you control which agents and users can access Signpath - Scoped, least privilege access to Signpath signing projects - Full audit trail of agent actions to support review and compliance ## Use Signpath with any AI Agent Framework Choose a framework you want to connect Signpath with: - [OpenAI Agents SDK](https://composio.dev/toolkits/signpath/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/signpath/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/signpath/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/signpath/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/signpath/framework/codex) - [OpenClaw](https://composio.dev/toolkits/signpath/framework/openclaw) - [Hermes](https://composio.dev/toolkits/signpath/framework/hermes-agent) - [Google ADK](https://composio.dev/toolkits/signpath/framework/google-adk) - [LangChain](https://composio.dev/toolkits/signpath/framework/langchain) - [Vercel AI SDK](https://composio.dev/toolkits/signpath/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/signpath/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/signpath/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/signpath/framework/crew-ai) - [Pydantic AI](https://composio.dev/toolkits/signpath/framework/pydantic-ai) - [AutoGen](https://composio.dev/toolkits/signpath/framework/autogen) ## Related Toolkits - [Supabase](https://composio.dev/toolkits/supabase) - Supabase is an open-source backend platform offering scalable Postgres databases, authentication, storage, and real-time APIs. It lets developers build modern apps without managing infrastructure. - [Codeinterpreter](https://composio.dev/toolkits/codeinterpreter) - Codeinterpreter is a Python-based coding environment with built-in data analysis and visualization. It lets you instantly run scripts, plot results, and prototype solutions inside supported platforms. - [GitHub](https://composio.dev/toolkits/github) - GitHub is a code hosting platform for version control and collaborative software development. It streamlines project management, code review, and team workflows in one place. - [Ably](https://composio.dev/toolkits/ably) - Ably is a real-time messaging platform for live chat and data sync in modern apps. It offers global scale and rock-solid reliability for seamless, instant experiences. - [Abuselpdb](https://composio.dev/toolkits/abuselpdb) - Abuselpdb is a central database for reporting and checking IPs linked to malicious online activity. Use it to quickly identify and report suspicious or abusive IP addresses. - [Alchemy](https://composio.dev/toolkits/alchemy) - Alchemy is a blockchain development platform offering APIs and tools for Ethereum apps. It simplifies building and scaling Web3 projects with robust infrastructure. - [Algolia](https://composio.dev/toolkits/algolia) - Algolia is a hosted search API that powers lightning-fast, relevant search experiences for web and mobile apps. It helps developers deliver instant, typo-tolerant, and scalable search without complex infrastructure. - [Anchor browser](https://composio.dev/toolkits/anchor_browser) - Anchor browser is a developer platform for AI-powered web automation. It transforms complex browser actions into easy API endpoints for streamlined web interaction. - [Apiflash](https://composio.dev/toolkits/apiflash) - Apiflash is a website screenshot API for programmatically capturing web pages. It delivers high-quality screenshots on demand for automation, monitoring, or reporting. - [Apiverve](https://composio.dev/toolkits/apiverve) - Apiverve delivers a suite of powerful APIs that simplify integration for developers. It's designed for reliability and scalability so you can build faster, smarter applications without the integration headache. - [Appcircle](https://composio.dev/toolkits/appcircle) - Appcircle is an enterprise-grade mobile CI/CD platform for building, testing, and publishing mobile apps. It streamlines mobile DevOps so teams ship faster and with more confidence. - [Appdrag](https://composio.dev/toolkits/appdrag) - Appdrag is a cloud platform for building websites, APIs, and databases with drag-and-drop tools and code editing. It accelerates development and iteration by combining hosting, database management, and low-code features in one place. - [Appveyor](https://composio.dev/toolkits/appveyor) - AppVeyor is a cloud-based continuous integration service for building, testing, and deploying applications. It helps developers automate and streamline their software delivery pipelines. - [Backendless](https://composio.dev/toolkits/backendless) - Backendless is a backend-as-a-service platform for mobile and web apps, offering database, file storage, user authentication, and APIs. It helps developers ship scalable applications faster without managing server infrastructure. - [Baserow](https://composio.dev/toolkits/baserow) - Baserow is an open-source no-code database platform for building collaborative data apps. It makes it easy for teams to organize data and automate workflows without writing code. - [Bench](https://composio.dev/toolkits/bench) - Bench is a benchmarking tool for automated performance measurement and analysis. It helps you quickly evaluate, compare, and track your systems or workflows. - [Better stack](https://composio.dev/toolkits/better_stack) - Better Stack is a monitoring, logging, and incident management solution for apps and services. It helps teams ensure application reliability and performance with real-time insights. - [Bitbucket](https://composio.dev/toolkits/bitbucket) - Bitbucket is a Git-based code hosting and collaboration platform for teams. It enables secure repository management and streamlined code reviews. - [Blazemeter](https://composio.dev/toolkits/blazemeter) - Blazemeter is a continuous testing platform for web and mobile app performance. It empowers teams to automate and analyze large-scale tests with ease. - [Blocknative](https://composio.dev/toolkits/blocknative) - Blocknative delivers real-time mempool monitoring and transaction management for public blockchains. Instantly track pending transactions and optimize blockchain interactions with live data. ## Frequently Asked Questions ### Do I need my own developer credentials to use Signpath with Composio? Yes, Signpath requires you to configure your own API key credentials. Once set up, Composio handles secure credential storage and API request handling for you. ### Can I use multiple toolkits together? Yes! Composio's Tool Router enables agents to use multiple toolkits. [Learn more](https://docs.composio.dev/tool-router/overview). ### Is Composio secure? Composio is SOC 2 and ISO 27001 compliant with all data encrypted in transit and at rest. [Learn more](https://trust.composio.dev). ### What if the API changes? Composio maintains and updates all toolkit integrations automatically, so your agents always work with the latest API versions. --- [See all toolkits](https://composio.dev/toolkits) · [Composio docs](https://docs.composio.dev/llms.txt)