AI Agent
Makes API calls
Chox Proxy
Log, classify, inspect
External APIs
Stripe, Slack, SendGrid…
AI agents are executing real API calls across your systems. Chox adds security, observability, and policy enforcement to every request.
Free during early access
Real-time request interception
See, inspect, and control every API call your AI agents make before it leaves your infrastructure.
The problem
Agents post to Slack, send emails, make payments, run SQL. You find out after something breaks.
API keys, PII, and credentials accidentally sent in outbound requests by hallucinating models.
A misconfigured agent racks up charges, deletes records, or triggers actions you never intended.
One URL change, or two lines of code. Either way, every API call your agent makes is logged, classified, and shadow-evaluated.
Two integration paths
from chox import ChoxGuard guard = ChoxGuard(base_url="https://chox.ai", token="chox_token_...") charge = guard.wrap("stripe.create_charge", stripe.Charge.create) # Every call to charge() is now evaluated and logged result = charge(amount=50000, currency="usd")
Use the proxy when
Use the SDK when
Use both when
Makes API calls
Log, classify, inspect
Stripe, Slack, SendGrid…
Capabilities
Every request and response captured. Headers, bodies, latency, and status codes - all searchable and filterable.
Complete request/response capture including headers, bodies, latency, and HTTP status. Filter by integration, action type, caller identity, and time range. Full-text search across all logged data with instant results.
Every API call automatically classified as read, write, delete, or financial with risk scoring.
Automatic detection of bulk operations, SQL mutations, payment amounts, and destructive patterns. Each request gets a risk score based on action type, amount, and historical patterns. Zero configuration required.
Pluggable gate pipeline scans outbound request bodies for secrets, PII, and policy violations.
Four built-in gates: secret detection (API keys, tokens), PII scanning (emails, SSNs, credit cards), keyword deny lists, and URL policy enforcement. Fully configurable per-project with custom rules.
Start in observe mode. See what would be blocked without disrupting production traffic.
Every flagged request is annotated with a shadow verdict showing what would have been blocked. Tune your policies using real production data before switching to enforcement mode. Zero risk deployment.
Per-project spending limits configurable to the cent. Payments exceeding limits are flagged instantly.
Set custom financial thresholds per project. Any payment or charge detected above your limit triggers an immediate flag. Works across Stripe, payment APIs, and any integration handling monetary transactions.
One-click false positive reports that create smart allowlist entries for similar future requests.
Submit disputes on any flagged request. Approved disputes generate fingerprint-based allowlist entries that automatically suppress the same rule for structurally similar requests. Expiration and manual override supported.
Works with
Frameworks & runtimes - where Chox plugs in
APIs & services - what your agents can call
Start logging every outbound API call your agents make. Self-hosted, zero vendor lock-in.
Open Dashboard