Govern · Agents
See exactly what your agents did.
This is the boundary where CHP is already real. One command hooks your agent CLI and records every tool call as replayable, tamper-evident evidence — no application code changes, no backend.
When a security review asks “how do you know what the agent did, and that it was allowed to?” — this is the answer you can run today.
# One command — no application code changes required
chp hooks install
# → Hooks registered for Claude Code
# → Every tool call intercepted: Bash, Read, Edit, Write, WebFetch...
# → Evidence stored to ~/.chp/evidence.sqlite automatically
# Then inspect any session:
chp session list
chp session tree <session_id>
chp session autonomy-report <session_id>
chp session otel <session_id> --endpoint http://localhost:4318# Full session tree across parent + child agents
chp session tree sess_abc123
# ├── agent_session_started (model: claude-opus-4-8, intent: "fix the bug")
# ├── claude_code.read input: src/host.py
# ├── claude_code.bash input: python -m pytest tests/
# ├── claude_code.edit input: src/host.py
# └── agent_session_completed outcome: success, tools: 3
# Export the full trace to any OTLP collector
chp session otel sess_abc123 --endpoint http://localhost:4318What you get
Observability that is also evidence.
Every tool call, captured
Bash, Read, Edit, Write, WebFetch — each agent action becomes a typed evidence event, automatically.
Replay by session
Walk the full event tree across parent and child agents, in order, after the fact.
Denials are first-class
A command blocked by policy is recorded as execution_denied — not swallowed as an exception.
Tamper-evident
Events are SHA256 hash-chained, so a missing or altered record is detectable.
Export anywhere
Emit any session to an OTLP collector with chp session otel — your existing observability still works.
Local, no backend
Evidence is stored in SQLite under ~/.chp. Nothing leaves the machine unless you send it.
Same protocol, every other layer.
A human approval, a product API call, and an agent's bash command are the same kind of governed, provable event. Agents are where it is easiest to start — bring a regulated workflow and we will build the rest with you.