Sphyr

A firewall for outbound agent requests.

Agents act. You hold the receipts.

Every block returns a signed denial receipt. Every allowed call carries a verifiable safety signature.

View Docs 
# One-line setup for Python or Node agents:
from sphyr_sdk import auto_instrument
auto_instrument(
    credential=os.environ["SPHYR_CREDENTIAL"],
)

# → Every fetch(), requests.get(), httpx call now flows through Sphyr

Built on real infrastructure

npm @sphyr/sdk PyPI sphyr-sdk GitHub Sphyr/agent-guard License FSL-1.1-ALv2 · Apache-2.0 in 2028 Built on Cloudflare Billing by Stripe 32 documented error codes
What Sphyr enforces

Security you can show your auditor.

Four capabilities that move agent security from promise to receipt.

Receipts on every block, not just every success.

Each block carries an Ed25519-signed denial_proof — block reason, request ID, session, and timestamp. Verify it offline using the public key embedded directly in the receipt — no fetch, no caching, no "trust the gateway." Successful responses carry an HMAC-SHA256 safety_sig — a session-scoped integrity receipt.

Stop SSRF-class attacks

Agents reach for the unexpected: metadata endpoints, private IPs, payment APIs. Sphyr enforces network, DNS, and domain policy before the request leaves.

Budget guardrails, per key

Set a per-key credit cap (lifetime or hourly) and Sphyr enforces it atomically at the gateway on every call routed through sphyr_net. When the cap is hit, subsequent calls are rejected immediately. Blocked calls cost zero credits.

Stop credential exposure before your keys hit a hostile endpoint.

Entropy detection scans every outbound request for high-entropy strings — keys, tokens, secrets — and blocks the call before sensitive material reaches an unintended destination.

What Sphyr is

A transport-layer firewall. Not a platform.

Sphyr enforces policy on every outbound HTTPS call your agent makes. Here is exactly what that means — and what it does not.

Sphyr is

  • An egress firewall for outbound HTTPS calls made by autonomous AI agents
  • A transport-layer policy enforcement point running inline at the Cloudflare edge
  • A cryptographic receipt system — every block returns an Ed25519 denial proof that's self-contained: the signing public key travels with the receipt, so verification works even if Sphyr is offline.
  • An MCP gateway that intercepts tool calls from any MCP-compliant client
  • Source-available under FSL-1.1-ALv2, converting to Apache-2.0 on 2028-04-01

Sphyr is not

  • An LLM router or model-routing gateway (not a substitute for Portkey, Kong AI Gateway, or similar)
  • An observability or log analytics platform — Sphyr stores only hashed, anonymized request metadata (not plaintext logs or content), and does not provide log analytics or search
  • An identity provider, SSO, or SCIM platform — Sphyr consumes API keys; it does not federate user identity
  • A SaaS tool catalog — Sphyr enforces policy on whatever URL your agent calls, not a curated tool list
Zero-config setup

One import. Every call guarded.

No per-call wrapping. No middleware to configure. Import auto_instrument and every outbound request your agent makes flows through Sphyr's 12-stage pipeline automatically — Python: requests, httpx — Node.js: fetch, axios. Coverage applies to standard HTTP libraries; custom socket transports and libraries that bypass the patched layer require manual wrapping. See the full compatibility matrix. Sphyr's own gateway host and RFC1918 / loopback addresses are auto-excluded.

Read the quickstart → 
# Python
from sphyr_sdk import auto_instrument
auto_instrument(
    credential=os.environ["SPHYR_CREDENTIAL"],
)

// TypeScript
import { autoInstrument } from "@sphyr/sdk";
autoInstrument({ credential: process.env.SPHYR_CREDENTIAL });

# → Every outbound call now carries an HMAC-SHA256 safety_sig
Sphyr Trace

See why, not just what.

Every session is a security receipt. See which requests were blocked, what triggered each block, and how risky each session was — directly in the console, without digging through raw logs.

View Trace docs → 
# session · a3f8b2c1… · 12 requests · 3 blocked · risk 71

GET  https://api.openai.com/v1/chat/completions  ALLOWED  risk 4
GET  https://api.stripe.com/v1/charges           ALLOWED  risk 11
POST https://api.example.com/upload              BLOCKED  risk 71
  ↳ Entropy threshold exceeded — Shannon entropy 6.42 bits/char on URL parameter value; pattern matches API key format.

# session · c92a1f3d… · 8 requests · 0 blocked · risk 12
How it works

From install to signed receipts in three steps.

Drop the SDK in, wrap your agent's calls, and every request flows through Sphyr's 12-stage security pipeline automatically.

01

Add one import

One line wraps every outbound call — requests, httpx, fetch, axios — automatically. No per-call wrapping required.

from sphyr_sdk import auto_instrument
auto_instrument(
    credential=os.environ["SPHYR_CREDENTIAL"],
)

# → requests.get(), httpx.get() all flow through Sphyr automatically
02

Sphyr signs every call

The MCP proxy intercepts every outbound HTTPS request your agent routes through sphyr_net — no SDK code to write. Sphyr runs the 12-stage pipeline — HMAC, SSRF, entropy, credits — before the request leaves.

# Your agent's tool call (handled automatically):
sphyr_net({
  url:  "https://api.example.com/data",
  mthd: "GET",
  cat:  "api-call",
})
03

Audit every call

Every request emits structured telemetry with the outcome code and request_id. Blocked calls return an Ed25519 denial_proof — independently verifiable by any third party using the public_key embedded in the receipt; use the key_url embedded in the receipt to retrieve the verification key for higher-assurance cross-check. Allowed calls return an HMAC-SHA256 safety_sig — a session-scoped integrity receipt attesting to the inbound safety scan result, confirming the response was analyzed for injection patterns and secret leakage. Filter the full trail from the admin console.

# Open the admin console
open https://console.sphyr.io

# Allowed: request_id + outcome + HMAC-SHA256 safety_sig (session-scoped integrity receipt).
# Blocked: request_id + outcome + Ed25519 denial_proof (self-contained: public key embedded in receipt).
# denial_proof verifies offline using the public_key embedded directly in the receipt — no dependency on Sphyr's infrastructure.
Pricing

One price. Every request.

No tiers, no subscriptions. Every account starts with 1,000 complimentary credits — no card required. Top up with $5 packs when you need more.

$0.20 / 1,000 requests
$0.0002 per request, all-inclusive — signing, scanning, logging, and cryptographic enforcement. No per-seat fees, no body-size surcharges.
  • 1,000 complimentary credits on signup — no card required
  • $5 top-up = 25,000 more requests
  • Credits valid 12 months from issue date
  • HMAC signing + SSRF + entropy scanning
  • Preflight mode — test without consuming credits
  • Console dashboard + request log

Ship agents with receipts, not hope.

1,000 complimentary credits. No credit card. Policy checks run inline at the Cloudflare edge, close to the agent. Sign up, wire the SDK, and ship.