Live demo · No signup

See Haldir govern an agent
in your browser.

Watch a 30-second walk-through, then run the same flow yourself against the live API. Every button below mints real Haldir state in a sandbox tenant — your own scoped session, your own audit chain, isolated from every other visitor.

Animated terminal showing the Haldir SDK flow: install, create a scoped session with a spend cap, check permission, log to the hash-chained audit trail.

Try it live

Four buttons. Four real API calls. By the end you'll have minted a sandbox API key, opened a governed session, checked one permission, and written one tamper-evident audit entry — every one verifiable against the live OpenAPI spec.

STEP 01
Mint a sandbox API key
Each visitor gets their own throwaway tenant. No email, no billing, no rate-limit hostility. The key works for the rest of this page.
POST /v1/demo/key
Response
Click "Mint key" to see the JSON response.
STEP 02
Open a governed session
Create a session for the agent "my-agent" with a $5 spend cap and read+execute scopes. The session is the unit of governance — every later call references it.
POST /v1/sessions {"agent_id": "my-agent", "scopes": ["read", "execute"], "spend_limit": 5.00}
Response
Mint a key first.
STEP 03
Check a permission
Ask Haldir whether the agent is allowed to execute a tool right now. Returns allowed: true plus the remaining budget — your wrapper code can early-exit on a denial.
POST /v1/sessions/:id/check {"scope": "execute"}
Response
Open a session first.
STEP 04
Log to the audit chain
Write an audit entry for a hypothetical $0.50 Stripe charge. Haldir computes a SHA-256 hash binding this entry to the one before it — once chained, no one can rewrite history without breaking the verifier.
POST /v1/audit {"session_id": "ses_...", "tool": "stripe", "action": "charge", "cost_usd": 0.50}
Response
Check a permission first.

What just happened

01 · GATE
The agent has an identity now.
Without Haldir, "my-agent" is whatever string the LLM hallucinated last. With Haldir, it's a session ID with declared scopes, a spend ceiling, and a TTL. Every later call has to point back at it.
02 · POLICY
Permission checks happen pre-call.
The wrapper asks before the agent fires. A denial returns instantly — no upstream API consumed, no money moved, no cleanup later. The model never has to reason about whether it should have done something.
03 · WATCH
The audit trail is tamper-evident.
Each entry's hash is computed over the entry's contents plus the previous entry's hash. Edit any historical entry and every later hash stops verifying. This is what compliance auditors want to see.

Ship it for real?

Same API, your own key, your own data. SDKs for LangChain, CrewAI, AutoGen, and Vercel AI SDK. MIT-licensed and self-hostable.

Get an API key Star on GitHub Become a design partner