checkrd
how it works

How Checkrd works.

Install the SDK in Python or TypeScript. Write a policy in YAML. Every outbound API call your agents make is evaluated against that policy in your application before it reaches the network.

step 1

Install the SDK.

The Python and JavaScript SDKs read the same policy file. Pick the language your agents are written in.

policy.yamlshared by both languages
# policy.yaml - the same rules in both languages
default: deny
mode: enforce            # enforce | dry_run

rules:
  - name: allow_openai_chat
    allow:
      method: [POST]
      url: "api.openai.com/v1/chat/completions"
      body:
        - jsonpath: "$.model"
          in: [gpt-4o, gpt-4o-mini]

  - name: rate_limit_per_model
    limit:
      per: body_field
      field: "$.model"
      calls_per_minute: 100
app.pyPython
import checkrd
from openai import OpenAI

checkrd.init(agent_id="checkout-agent", policy="policy.yaml")
checkrd.instrument()  # patches openai, anthropic, cohere, ...

client = OpenAI()

# every outbound call is now policy-enforced and signed.
client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "..."}],
)
app.tsJavaScript
import { init, instrumentOpenAI } from 'checkrd';
import OpenAI from 'openai';

await init({ agentId: 'checkout-agent', policy: 'policy.yaml' });
instrumentOpenAI(); // also: anthropic, cohere, ...

const client = new OpenAI();

// every outbound call is now policy-enforced and signed.
await client.chat.completions.create({
  model: 'gpt-4o',
  messages: [{ role: 'user', content: '...' }],
});

The same policy file is used by both SDKs and by the hosted dashboard.

step 2

The engine runs in your process.

The Checkrd engine is a WebAssembly module that loads into your application. It evaluates each request, applies rate limits, and signs the telemetry batch before the call reaches the network. The control plane only ever sees operational metadata.

  • WASM core targets wasm32-wasip1 and runs sandboxed by your runtime.
  • The core has no I/O. The SDK handles the network; the core handles decisions.
  • PII allowlist tested at compile time. New telemetry fields fail CI without sign-off.
  • Self-host the control plane in your VPC, or run air-gapped with no network calls.
Your application
agent code · openai · anthropic · httpx
Checkrd engine, in your process
policy · rate limit · kill switch · sign
External API
OpenAI · Anthropic · Stripe · anywhere
signed metadata only → control plane

host · method · status · latency · signature

step 3

What lands in your audit log.

Each policy decision produces a structured event. Telemetry batches are Ed25519-signed using RFC 9421 and verified at ingestion. The schema has no fields for request bodies, completions, headers, or auth tokens.

  • Telemetry batches signed before they leave the SDK. Unsigned batches are rejected on ingestion.
  • Audit log of control-plane mutations is queryable by actor, action, resource, or time.
  • Org-level deny rules cannot be overridden by individual teams.
telemetry eventschema fields
{
  "request_id": "evt_01JC8X3K2M4N5P7QRS",
  "agent_id": "checkout-agent",
  "policy_result": "allow",
  "matched_rule": "allow_openai_chat",
  "url_host": "api.openai.com",
  "method": "POST",
  "url_path": "/v1/chat/completions",
  "status_code": 200,
  "latency_ms": 412,
  "timestamp": "2026-03-14T02:14:37.512Z",
  "trace_id": "0af7651916cd43dd8448eb211c80319c",
  "span_id": "b7ad6b7169203331",
  "span_name": "POST api.openai.com"
}

Ready to install?

The quickstart covers installing the SDK, writing your first policy, and connecting the dashboard. The docs go deeper into self-hosting, policy syntax, and the per-vendor integrations.

Quickstart Browse the docs