Proxy layer for AI agent API calls. Policy enforcement, credential vaulting, kill switch, and observability.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for akshayaravindan from gravatar.com akshayaravindan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Checkrd
  • Tags agents , ai , observability , policy , proxy , security
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

checkrd

Proxy layer for AI agent API calls. Policy enforcement, credential vaulting, kill switch, and observability -- with one line of code.

62μs median overhead per request. Policy evaluation runs in a WebAssembly sandbox via a Rust core compiled to WASM.

Install

pip install checkrd

Quick Start

from checkrd import wrap
import httpx

client = wrap(
    httpx.Client(),
    agent_id="sales-agent",
    policy="policy.yaml",
    credentials={"api.stripe.com": [["Authorization", "Bearer sk_live_xxx"]]},
)

response = client.get("https://api.stripe.com/v1/charges")

Policy Format

Policies are YAML files that define what your agent is allowed to do:

agent: sales-agent
default: deny

rules:
  - name: read-contacts
    allow:
      method: [GET]
      url: "api.salesforce.com/*/sobjects/Contact/*"

  - name: create-small-charges
    allow:
      method: [POST]
      url: "api.stripe.com/v1/charges"
    body:
      jsonpath: "$.amount"
      max: 50000

  - name: block-all-deletes
    deny:
      method: [DELETE]
      url: "*"

  - name: rate-limit
    limit:
      calls_per_minute: 60
      per: endpoint

  - name: business-hours-only
    deny:
      time_outside: "09:00-17:00"
      timezone: "UTC"

Configuration

# From a YAML file
client = wrap(httpx.Client(), agent_id="agent", policy="./policy.yaml")

# From a dict
client = wrap(httpx.Client(), agent_id="agent", policy={
    "agent": "my-agent",
    "default": "deny",
    "rules": [{"name": "allow-all-get", "allow": {"method": ["GET"], "url": "*"}}],
})

# From default location (~/.checkrd/policy.yaml)
client = wrap(httpx.Client(), agent_id="agent")

# Override config directory via environment variable
# CHECKRD_CONFIG_DIR=/app/config

Credential Injection

Credentials are injected into allowed requests automatically. The agent never sees the real API keys:

client = wrap(
    httpx.Client(),
    agent_id="agent",
    policy=policy,
    credentials={
        "api.stripe.com": [["Authorization", "Bearer sk_live_xxx"]],
        "api.salesforce.com": [["Authorization", "Bearer sf_token"]],
    },
)

# The Authorization header is injected by the engine, not by your code
response = client.get("https://api.stripe.com/v1/charges")

Credentials can also be loaded from ~/.checkrd/credentials.json.

Error Handling

Denied requests raise CheckrdPolicyDenied:

from checkrd import wrap, CheckrdPolicyDenied

client = wrap(httpx.Client(), agent_id="agent", policy=policy)

try:
    client.delete("https://api.stripe.com/v1/charges/ch_xxx")
except CheckrdPolicyDenied as e:
    print(e.reason)      # "denied by rule 'block-all-deletes'"
    print(e.request_id)  # UUID for correlation with telemetry

Async Support

from checkrd import wrap_async
import httpx

client = wrap_async(httpx.AsyncClient(), agent_id="agent", policy=policy)
response = await client.get("https://api.stripe.com/v1/charges")

Dry-Run Mode

Observe policy decisions without blocking requests. Use this to roll out Checkrd safely:

client = wrap(httpx.Client(), agent_id="agent", policy=policy, enforce=False)

# Denied requests are logged as warnings but still forwarded
response = client.delete("https://api.stripe.com/v1/charges/ch_xxx")
# WARNING: checkrd: req-xxx would be denied (dry-run): denied by rule 'block-all-deletes'

Disabling

Bypass all policy evaluation without code changes:

CHECKRD_DISABLED=1 python my_agent.py

Logging

Checkrd logs to the checkrd Python logger:

import logging

# See all policy decisions
logging.getLogger("checkrd").setLevel(logging.INFO)

# See evaluation timing (microseconds per request)
logging.getLogger("checkrd").setLevel(logging.DEBUG)

Log levels:

  • DEBUG -- evaluation timing per request
  • INFO -- allowed requests with status code and latency
  • WARNING -- denied requests, dry-run denials

Security

  • The WASM core runs in a sandbox with no filesystem, network, or system call access
  • Credentials are stored locally. For production, use a secrets manager and inject via environment variables
  • Request/response bodies are never stored or transmitted in telemetry
  • See SECURITY.md for vulnerability reporting

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for akshayaravindan from gravatar.com akshayaravindan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Checkrd
  • Tags agents , ai , observability , policy , proxy , security
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

checkrd-0.1.0.tar.gz (110.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

checkrd-0.1.0-py3-none-any.whl (106.3 kB view details)

Uploaded Python 3

File details

Details for the file checkrd-0.1.0.tar.gz.

File metadata

  • Download URL: checkrd-0.1.0.tar.gz
  • Upload date:
  • Size: 110.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for checkrd-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d579529c0654c01be2e2677c291054054a353545fcac3e0394e4c9a92d659d98
MD5 3beb1c32541a8d238da8a899256a3419
BLAKE2b-256 de3af060389091f5273ceaaea6338f79a84e61099de9f2ff17069d07cac27794

See more details on using hashes here.

Provenance

The following attestation bundles were made for checkrd-0.1.0.tar.gz:

Publisher: publish-python.yml on akshayaravindan/checkrd

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file checkrd-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: checkrd-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 106.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for checkrd-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 df3792a454b62c7d1aa5df04a95a171c2f499eeb40a92eefafbf58ea6e0e08a9
MD5 5888271264f6845b8fcc5f131c9c35a4
BLAKE2b-256 d89816f57c2909d36980142da4406ccaaa775a34980efce759290d806923840f

See more details on using hashes here.

Provenance

The following attestation bundles were made for checkrd-0.1.0-py3-none-any.whl:

Publisher: publish-python.yml on akshayaravindan/checkrd

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page