Sphyr
Start for free

A firewall for outbound agent requests.

Intercepts, validates, and enforces policy on every API call — before it leaves your agent.

Signed requests. Cryptographic receipts on every call. Inline at the edge of Cloudflare's network.

Get Started Free View Docs 
// npm install @sphyr/sdk
import { SphyrClient } from '@sphyr/sdk';

const guard = new SphyrClient({
  apiKey: process.env.SPHYR_API_KEY,
  hmacSecret: process.env.SPHYR_HMAC_SECRET,
});

const result = await guard.agentGuard.call({
  url:  'https://api.example.com/data',
  mthd: 'GET',
  cat:  'api-call',
});

Built on real infrastructure

npm @sphyr/sdk PyPI sphyr-sdk GitHub calahansphyr/Sphyr Built on Cloudflare Keys by Unkey Billing by Stripe 32 documented error codes
What Sphyr enforces

Security you can show your auditor.

Four capabilities that move agent security from promise to receipt.

Prove what was blocked

Every call returns a structured outcome with the policy code, request_id, and docs URL. Successful responses also carry a cryptographic safety signature your auditor can verify.

Stop SSRF-class attacks

Agents reach for the unexpected: metadata endpoints, private IPs, payment APIs. Sphyr enforces network, DNS, and domain policy before the request leaves.

Budget guardrails, per-agent

Spend, rate, and call-count limits enforced at the gateway — not inferred from logs. Agents hit their cap and stop. No surprise bills, ever.

Stop credential exposure before your keys hit a hostile endpoint.

Entropy detection scans every outbound request for high-entropy strings — keys, tokens, secrets — and blocks the call before sensitive material reaches an unintended destination.

How it works

From npm install to signed receipts in three steps.

Sphyr ships as an SDK and a gateway. Install, route, audit — no infrastructure to run.

01

Install the SDK

Add @sphyr/sdk to your Node or Python app. Point it at your API key and HMAC secret.

# Node.js
npm install @sphyr/sdk

# Python
pip install sphyr-sdk
02

Route outbound requests

Wrap any outbound call in agentGuard.call. Sphyr runs the 12-phase pipeline — HMAC, SSRF, entropy, credits — before the request leaves.

const result = await guard.agentGuard.call({
  url:  "https://api.example.com/data",
  mthd: "GET",
  cat:  "api-call",
});
03

Audit every call

Every request emits structured telemetry with the outcome, policy code, and request_id. Successful responses also carry a cryptographic safety signature. Filter the full trail from the admin console.

# Open the admin console
open https://console.sphyr.io

# Or query the usage summary
guard.usageSummary({ window: "7d" });
Pricing

Start free. Scale when you see traffic.

No credit card to start. Pay-as-you-go with prepaid credits — no recurring fees, no surprise overage.

Free Trial
$0 no card required
For trying Sphyr on a side project or proof of concept. Free grant valid for 12 months from signup.
  • 1,000 free requests (one-time signup grant)
  • HMAC signature verification
  • SSRF protection
  • Basic entropy scanning
  • Community support
Start for free
Prepaid Credits
$5 / pack
Prepaid top-up. No recurring fees. Credits burn oldest-first with 12-month validity.
  • $0.0001 per request
  • Everything in Free Trial
  • Credits valid for 12 months
  • Preflight / dry-run mode
  • Admin dashboard access
  • Priority support
Top up credits

Ship agents with receipts, not hope.

1,000 free requests. No credit card. Near-zero latency overhead on Cloudflare's global network. Sign up, wire the SDK, and ship.

Start for free