TUI-first Rust coding agent

Repository work,
inside one terminal.

Sigil brings bounded repository context, image input, durable tasks, approvals, diffs, verification, attention signals, and session recovery into a terminal product built for real coding sessions.

v0.0.1-alpha.4 preview Core TUI workflows are usable today. Config, plugin APIs, advanced sandbox coverage, and automation surfaces may still change. The site tracks main, which can be newer than the package. Review Unreleased.
sigil
/task audit the release docs
  1. planner Wrote durable steps for the release audit complete
  2. worker Ran a read-only documentation review complete
  3. tool Prepared the edit_file preview for approval ready
  4. verify Ran Pages checks and link validation passed
  5. status Published the alpha release live
session durable approval gated verification passed
Durable sessions Approval previews Child agents MCP tools Code intelligence Image input Attention signals Verification Recovery

Quickstart

Install the preview release and launch from a workspace.

Recommended

npm alpha

npm install -g @sigil-ai/sigil@alpha
macOS

Homebrew tap

brew install JimmyDaddy/sigil/sigil-ai
Source

Cargo git tag

cargo install --git https://github.com/JimmyDaddy/sigil --tag v0.0.1-alpha.4 --locked sigil
1

Start

cd /path/to/your/project
sigil
2

Set up

Quick Setup opens when Sigil cannot find a usable config. Confirm the workspace, choose a provider/model, and enter authentication. v0.0.1-alpha.4 is an early preview.

Visual tour

The main surfaces are inspectable before you install.

Workflow

Designed for auditable coding sessions.

Workspace TUI

Use the composer for ordinary coding work, inspect streamed output, and keep sessions, usage, permissions, agents, LSP, and controls visible.

Durable tasks and agents

Use /task for multi-step work, /plan for read-only planning, and child agents for scoped delegated work.

Approval and verification

Review structured previews and receipts, then focus the Verification card with Alt-V to run checks or inspect completion evidence.

Web data with boundaries

Search through provider-hosted, configured MCP, or bundled routes, then fetch only exact session-observed URLs under disclosure, SSRF, and budget controls.

TUI-first automation

Keep daily work in the TUI, use stable JSON or JSONL output for scripts, and connect trusted local clients through the authenticated loopback-only service.

Sessions and relevant context

Keep session lifecycle explicit while bounded Rust, Python, JavaScript/TypeScript, and Go context follows ignore, secret, size, and budget limits.

Image-aware composer

Paste bounded PNG, JPEG, or WebP input, review metadata chips, and send image-only or text-plus-image turns to explicitly supported OpenAI Responses, Anthropic, and Gemini models.

Attention without prompt leakage

Opt in to terminal signals for completed long work, approvals, failures, or MCP input requests; fixed notification text never includes prompts, paths, tool details, or session identifiers.

Native shell, visible boundary

Use PowerShell on Windows and POSIX shell elsewhere, with the resolved dialect and unconfined local-backend boundary visible in diagnostics and tool receipts.

Safety model

Auditable control before risky actions.

  • Permission decisions for write, execute, network, MCP, LSP edit, and external-directory access.
  • Bounded previews, diffs, and verification evidence before risky work is treated as complete.
  • Provider-specific behavior stays in provider crates, not in the generic kernel.
  • Tool, task, agent, approval, and execution lifecycle events are durable control records.
  • Interrupted tools restore as interrupted results, not hidden retries.
  • MCP servers, plugins, workspace agents, and external data run under explicit trust policy.
  • /feedback previews its privacy boundary, exports locally, and lets you review the JSON or open the bug form; nothing is uploaded automatically.

Documentation

Read the focused guide for the job at hand.