SynOI

Product · @synoi/sdk

Testing

One line of HITL governance
for any AI agent.

The Gateway is for teams who can change a base URL. The SDK is for teams who need finer control: wrap an individual tool call, mint a receipt from your own code, integrate the policy engine into a runtime SynOI doesn't proxy. Vendor-agnostic. Works with Anthropic SDK, OpenAI SDK, MCP, LangChain, custom function-call formats - anywhere an agent dispatches a tool.

Install instructionsGitHub →API reference

Quick start

Install. Wrap a call. Done.

The SDK exposes one primary function: governedCall(action, exec). You describe the action with a small intent object. SynOI evaluates risk policy, optionally routes HITL, and either executes exec() or refuses. The return value carries the receipt.

TypeScript / Node

import { SynOI } from '@synoi/sdk'

const synoi = new SynOI({
  tenantId: 'acme-prod',
  licenseToken: process.env.SYNOI_LICENSE,
})

// Wrap any dangerous action:
const result = await synoi.governedCall(
  {
    action_class: 'tool.deploy',
    action_desc:  'terraform apply prod',
    risk_level:   'high',
    blast_radius: 'production-infra',
  },
  async () => {
    // The actual action — runs only on approve.
    return await terraform.apply()
  }
)

console.log(result.receiptUrl)
// → https://verify.synoi.systems/rcpt_8b3c9f...

Python

from synoi import SynOI

synoi = SynOI(
    tenant_id='acme-prod',
    license_token=os.environ['SYNOI_LICENSE'],
)

# Wrap any dangerous action:
@synoi.governed(
    action_class='tool.deploy',
    action_desc='terraform apply prod',
    risk_level='high',
    blast_radius='production-infra',
)
def deploy():
    return terraform.apply()

result = deploy()
print(result.receipt_url)
# → https://verify.synoi.systems/rcpt_8b3c9f...

Supported runtimes

Anywhere an agent dispatches a tool.

Any HTTP-based tool call

If your tool layer is HTTP, you can wrap the dispatch with governedCall(). Receipts mint client-side; HITL routes through SynOI's push surface; the actual HTTP call runs only on approve.

Model Context Protocol (MCP)

Drop-in MCP proxy at /mcp/proxy on the gateway. Every tools/call decision (allow, deny, require_approval, and the eventual HITL outcome) produces a signed Decision Receipt returned via the X-SynOI-Receipt-Id response header and the JSON-RPC error data.receipt_id field. Agents do not bypass the audit trail.

Anthropic SDK · OpenAI SDK · LangChain

Helper wrappers for the three popular agent SDKs. They identify tool calls automatically and wrap them. You override per-tool with custom action classes when you want finer policy.

Custom function-call formats

No SDK assumes a specific protocol. If your agent returns a JSON blob describing what it wants to do, you can wrap the dispatcher in governedCall() and get the same governance, the same receipts, the same HITL.

CLI / shell scripts

The synoi CLI exposes the same governance surface to shell pipelines. synoi-exec wraps any command, evaluates risk against the configured policy, and signs the result. Drop-in for CI/CD.

On-prem / air-gapped

SDK works without phoning home for inference. License heartbeat is the only external call and is configurable for air-gapped deployments. Receipt minting is local.

Language coverage

Two SDKs available today. Three more in flight.

TypeScript / Node

@synoi/sdk

Available

Primary surface. MCP middleware + Anthropic/OpenAI helpers built in.

Python

synoi

Available

Decorator and context-manager forms. PEP 8-compliant; types via .pyi.

Go

github.com/synoi/sdk-go

Beta

Functional API; receipts mint local. CLI wrapper in same module.

Rust

synoi-sdk

Roadmap

Targeting Q3 2026. Native COSE / Ed25519 via ed25519-dalek.

Java / Kotlin

systems.synoi.sdk

Roadmap

Spring Boot + plain JDK adapters.

SDK or Gateway?

Two ways into the same governance surface.

Use the Gateway

  • You can change a base URL in your AI tool
  • Coverage of all inference traffic, no code changes
  • Centralized policy + retention via SynOI hosting
  • Free tier covers small teams
Learn more →

Use the SDK

  • You need to govern a specific tool call, not all traffic
  • Your runtime isn't LLM-shaped (CI/CD, custom dispatcher)
  • You want local-only deployment, no SynOI server in path
  • You need finer per-action control than URL routing

The two compose: many teams point their tools at the Gateway and use the SDK for specific runtimes that don't fit the proxy model. Same receipts, same risk policy, same audit trail.

One function. Any agent. Signed receipts.

The SDK is free to install. License-gated features are documented; the core governance surface works under the free tier.

Install instructionsAPI reference