Agents don’t fail like APIs. They fail like employees.
So the infrastructure for agents should not look like an API gateway. It should look like governance.
Eighteen months ago agents were demos. Now they’re in production.
The chatbot became an agent. The agent got tools. The tools got access to Stripe, Salesforce, Jira, and customer data. The question companies are asking changed from will this work? to what could go wrong?
An agent is not a deterministic API client. It’s a software employee. It makes judgment calls in real time, with access to the company’s credit card and keyboard. A good employee on a bad day can do real damage. A compromised one is a liability.
The tools we built for APIs were designed for human operators, not autonomous ones. Rate limits, allowlists, log aggregation. They handle volume, not judgment. The tools we built for model safety operate at the wrong layer. There’s a gap, and the companies shipping agents into production are the ones feeling it first.
The rails don’t exist.
Prompt guardrails are probabilistic.
You can instruct the model. You can fine-tune it. You can evaluate it. You can’t guarantee that it won’t call a function it was told not to call. At scale, probability becomes an incident rate.
LLM observability is read-only.
Tracing every prompt through an observability tool tells you what already happened. It doesn’t stop what’s about to happen. When an agent drifts, an observability tool gives you a record of the drift. It doesn’t give you brakes.
Model vendors sit too deep in the stack.
Anthropic and OpenAI control the model. They don’t control the function call your agent makes to a third-party API three hops later. They can’t enforce governance for you, and they shouldn’t have to.
Four bets that shape every decision.
Enforcement belongs at the network layer.
Deterministic beats probabilistic. Block the call; don't hope the prompt dissuades it. Every rule worth caring about can be evaluated with certainty as policy on an HTTP request.
Governance shouldn't require a new data processor.
The moment a governance tool stores your prompts, it becomes a compliance surface of its own. Prompts, completions, and bodies cannot leave your process, by structure, not by scrubbing.
Security-critical code should be open source.
The WASM proxy, the SDK, the cryptographic primitives: read them yourself. Vendor-review conversations end in minutes, not months. Regulated buyers get the same source as the public.
Regulated industries deserve first-class tools.
Fintech and healthtech are the hardest places to deploy agents, and the highest-value. Air-gap deployment, signed telemetry, org-wide guardrails a single team can't remove. From day one.
What good looks like.
A developer installs the SDK in an afternoon. A platform engineer writes a YAML policy. The security lead reads one page and approves. The agent ships.
Something goes wrong. A switch is flipped, and the agent stops in under a second. The post-mortem takes twenty minutes because every call is timestamped, queryable, and tied to a signed batch.
The compliance team joins the next sprint, not the next quarter.
A solo founder, on purpose.
Founder, engineer, on the keyboard. I’ve spent the last few years building infrastructure for teams whose agents are now in production and whose CISOs are now asking what those agents called last Tuesday at 3am.
Checkrd is the answer I wanted on those calls. The WASM core, the SDKs, the policy engine, the cryptographic audit trail: all open source so you can read every line before you ship it inside your application. I’m building this on purpose as a small team for now: every design partner gets weekly cycles directly with me.
Want to talk? admin@checkrd.io
Building the rails for the next decade of agents.
If you care about cryptography, distributed systems, or developer-tools UX, drop a line and tell me what you’d build first. We hire selectively as the company grows.
Pick whichever pace suits you.
Read the code
The WASM core, the SDK, the test vectors: all open source. Audit what runs inside your process before you ship.
Open on GitHub work with us directlyWork with us directly
We are actively looking for teams deploying agents into regulated environments. Partners get weekly cycles with the founders.
support@checkrd.io ship todayShip today
The proxy, the policy engine, and the cloud control plane are all available in public preview. Install in an afternoon.
Read the quickstart