A SHA-256 audit chain for every signature. On every page. Forever.

DocuSign and Adobe Sign route paper. Sigi reads it too. Four AI features run on every document: risk detection on clauses, gap analysis on missing clauses, language suggestions while drafting, and behavior analysis on signers. On top of that, Sigi lives inside the WorksBuddy suite — Lio deals push contracts in, Taro picks up follow-up tasks on stalled docs, Inzo invoices on completion. You get the e-sign primitive plus the AI plus the native automation, in one product.

Six. Sequential signing for ordered chains (legal → manager → CEO). Parallel signing for panels (NDA sent to many at once). Self-sign for one-person docs (no email step). Approval workflows for pre-signature sign-off (approve or decline with reason, no signature placement). Acknowledgement workflows for policy distribution (attested view, no signature). Sign-form workflows for form-style data collection with assignable fields. Plus scheduled send across all of them — prepare the doc, lock the flow, and a cron job fires the emails at the right minute.

The hourly risk-scan cron job sends new documents to either Groq or Ollama (configurable per feature) for analysis. The model scans for one-sided clauses, missing liability caps, unusual penalties, and other risk language, returning severity-rated flags that land in the document_risk_flags table. High and critical flags fire realtime Ably notifications to the owner. Flags auto-resolve when a document is completed or expires. Missing Clause Detection runs the same way, identifying gaps a contract of that type should contain but doesn't — termination, jurisdiction, force majeure.

Yes. Every state-changing action — upload, send, view, sign, decline, expire — writes an immutable audit_logs row that captures a SHA-256 hash of the file at that moment, the IP address, the user agent, and (for signers) geolocation. The completion certificate, generated by Puppeteer at sign-off, embeds the full chain. If a file were altered between events, the hashes would diverge. Standard retention is 90 days with automatic 2am cleanup; longer retention is available for regulated industries.

Bidirectional with Lio: deals push contracts into Sigi via API-key-protected endpoint; Sigi pushes signing status back into the Lio deal stage (including "risk" status on deals that have been unsigned 7+ days). Outbound to Taro: at the 3-day and 7-day stalled thresholds, Sigi auto-creates follow-up tasks, idempotently tracked by document and threshold. Outbound to Inzo: on completion of a deal contract, Sigi triggers invoice creation. Revo's automation engine can also drive Sigi via a separate JWT-authenticated API surface for headless workflows.

Signers don't need accounts. They receive an email with a public /sign/:token link, open the document in the browser, fill the assigned fields (signature, initials, date, text, checkbox), and submit. Approvers use /approvals/:token. Acknowledgers use /documents/acknowledge/:token. None of these require login. Every public action still writes the full audit row with IP, UA, geolocation, and file hash — so the trail is identical whether the signer is internal or external.