MakerChecker for developers

What it is

MakerChecker is a self-hosted server your agents call before they do anything they cannot take back. It does three things, and it does them in code rather than in a policy document:

• Authorizes every actionagainst the agent's role and its explicit, versioned grants. Anything not granted is denied.
• Requires a named human to sign the decisions that matter, and never the agent that proposed them.
• Records every check, run, and approval in a hash-chained, signed audit trail an inspector can verify without trusting you or us.

It runs on your own infrastructure, fully disconnected from the internet if you need it, and the audit format is open and specified.

The mental model

Model an agent the way a regulated company models an employee: an identity that holds one role, a key ring of granted skills, and limits on its authority. When the agent wants to act:

1. It proposes a skill, addressed by name and version (for example txn-match@1).
2. MakerChecker checks the proposal: is the agent active, is the skill granted to its role, would acting break segregation of duties, is it within the role's limits, and what is its risk tier?
3. Low and medium-risk actions that pass run immediately, and the outcome is recorded.
4. High-risk actions stop. In a flow they wait at an approval gate for a quorum of named humans; through the proxy they are denied outright.
5. Every one of those steps is appended to the audit chain.

Two ways to integrate

There are two paths. Pick one per workflow.

• Proxy sessions. Wrap the tools your existing agent already calls. MakerChecker checks each call and records it; a high-risk call is denied. No re-platforming. This is the fastest path, and where most teams start.
• Flows. Define the workflow inside MakerChecker, with approval gates where a high-risk step waits for human sign-off. Use this when the human-in-the-loop step should be a first-class, audited part of the process.

The proxy path is a few lines around a tool you already have. The same shape works from TypeScript or Python:

import { createClient } from "@makerchecker/sdk";
import { governLangChainTool } from "@makerchecker/connector-langchain";

// Point at your own self-hosted MakerChecker.
const mc = createClient({ baseUrl: process.env.MAKERCHECKER_URL });
const { session } = await mc.proxy.openSession({ label: "recon-run" });

// Wrap a tool your agent already has. Its name and schema do not change.
const matchTxns = governLangChainTool(
  mc,
  { sessionId: session.id, agentName: "recon-preparer", skillRef: "txn-match@1" },
  rawMatchTxns,
);

// The agent calls it normally. A denied action throws before the tool
// runs, and every call is signed into the audit trail.
await matchTxns.invoke({ statement });

Architecture

Three layers, with a clean line between what you run and what you build against:

Execution is deterministic and air-gapped by default. Setting an Anthropic or Gemini key switches agent steps to a live model; with no key, steps run in a scripted, fully offline mode.

Where to go next

• Quickstart: run the control plane, wrap a tool, watch it get blocked, verify the audit.
• Concepts and model: agents, roles, skills, grants, risk tiers, segregation of duties, gates, limits.
• Wrap your agent: LangChain, the Claude Agent SDK, the generic wrapper, and Python.
• The audit trail: how the chain is built and how an inspector verifies it offline.
• Self-hosting: deploy on your own infrastructure, hardened and air-gapped.