Docs

For developers

Iqrar gives you free production-grade observability, automatic compliance posture, and a cryptographic audit trail in three lines of code — without writing a custom OTel pipeline, governance code, or audit log.

What you get on day one

You add three lines to your agent:

import { Iqrar } from "@iqrar/agent";

const iqrar = Iqrar({ org: "acme", jurisdiction: "EU", capabilities: ["consumer_chatbot"] });
export const myAgent = iqrar.wrap(existingAgent);

In return you get every benefit on this page. None of them require you to write extra code, change your call sites, swap your model, or restructure your agent.

1. Free, structured observability

iqrar.wrap(...) produces a transparent proxy that emits canonical telemetry events around every callable on the wrapped target — start, end, error, with duration, model, tools, and token usage when the underlying SDK exposes it. You also get:

  • agent.invocation.start / .end / .error for each call
  • agent.tool.start / .end / .error when frameworks expose tools
  • agent.step for per-step events from CrewAI, LangChain agent actions, etc.
  • agent.handoff for multi-agent handoffs
  • agent.classified with your tier and the obligations that apply

All batched, debounced, durable, and non-blocking. Telemetry never breaks the host — failed flushes are dropped silently.

This is what you'd build with OpenTelemetry + a collector + a backend, except you don't write any of it. If you already use OTel, the upcoming @iqrar/otel-exporter lets you keep your tracer and add Iqrar by changing one config line.

2. Compliance posture without writing compliance code

Compliance is normally a pile of bespoke conditionals: "if EU and high-risk, log full input; if UAE and chatbot, show disclosure; if any tier 3, retain X for Y years". Iqrar moves that out of your code:

  • Tier classification is computed from your declared capabilities against the jurisdiction's published tier_classifiers. You don't write if capability === "credit_decision" branches.
  • Obligations filter to your tier automatically — iqrar.obligations() returns exactly the rules you have to comply with right now.
  • Disclosure strings are generated from the active ruleset's authority, jurisdiction_name, and versioniqrar.disclose() returns a regulator-quality sentence without you authoring the legal copy.
  • Payload retention auto-summarises below Tier 3 and retains full input/output at Tier 3+, per the active ruleset's required_logs. You call iqrar.decision({...}) once; the SDK chooses the right retention.

When the regulator updates the ruleset, your agent picks up the change on the next 30-second sync. No redeploy.

3. Cross-jurisdiction with zero branching logic

Configure additional jurisdictions and the SDK fetches, verifies, and merges every supervisory ruleset using a strictest-wins N-way merge.

const iqrar = Iqrar({
  org: "acme",
  jurisdiction: "EU",
  jurisdictions: ["EU", "AE-DIFC"],
  capabilities: ["credit_decision"],
});

Your code stays single-jurisdiction; the SDK supervises against the union. If any one bundle fails to verify, the SDK keeps the prior good cache rather than activating a partial set — patent §6.2.

4. Hot rule changes without redeploying

A regulator can issue a signed runtime directive — verbosity elevation, sample-rate change, capability pause — and the SDK applies it on the next sync without redeployment. The directive's lifecycle (directive.received / .applied / .skipped / .rejected) is recorded in your agent's audit chain so the SDK-side enforcement decision is itself auditable.

For your team this means: a supervisory inquiry doesn't require an emergency release. The regulator turns the dial; your agents respond within 60 seconds.

5. Cryptographic audit trail by default

Every event the worker accepts is appended to a per-agent tamper-evident hash chain. A cron job builds an RFC 6962 Merkle tree over those entries every minute, signs the root with a foundation key, and submits the signed tree head to Sigstore Rekor — a public transparency log Iqrar does not control.

For you that means: when a regulator asks "did you log this?", the answer is structurally "yes, here's the inclusion proof, verify it against Rekor yourself." You don't have to build that. You don't even have to think about it. See for the full chain.

6. Drop-in across every framework

The same wrapper works across:

  • TypeScript — OpenAI, Anthropic, Vercel AI SDK, Mastra, LangChain.js / LangGraph.js (5 first-class adapters)
  • Python — CrewAI, LangChain / LangGraph, OpenAI Agents SDK, AutoGen v0.4 (4 adapters)
  • Anything elseiqrar.wrap(target) proxies any callable or class instance, or hit the directly

See for the full list. Your call sites stay unchanged regardless of which adapter you use.

7. Local dev story that doesn't get in your way

  • Tarball install for early-access integration without npm/PyPI publishing.
  • In-process mocks — the test suite shows how to spin a fake Worker via httpx.MockTransport (Python) or a custom fetch (TS) so unit tests don't need a deployed Worker.
  • auto_sync: false by default — safe for serverless / Lambda / Cloudflare Workers; long-lived hosts opt in.
  • waitUntil integration for Cloudflare Workers so queued telemetry survives the isolate's last 500 ms.
  • unref() on timers so the SDK never keeps a Node/Bun process alive past its natural shutdown.

8. LLM- and AI-coding-agent-friendly

  • apps/web/public/llms-full.txt is the canonical architecture document for an LLM to load before integrating.
  • packages/agent/AGENTS.md is auto-merged into your CLAUDE.md via vibe-rules so a coding agent integrating Iqrar follows the right conventions.
  • /sdk's "For Coding Agents" button copies the integration skill straight into your AGENTS.md / Cursor rules / Claude Code skill.

Coding agents — Claude Code, Cursor, Aider, Goose — integrate Iqrar correctly the first time. You don't burn cycles fixing wrong imports or hand-holding patterns.

9. Type-safe, narrow public surface

The TS types describe exactly the public API — Iqrar, IqrarConfig, DecisionRecord, HumanReviewRecord, InvocationContext, RuleSet, Obligation, RiskTier, Verbosity. The Python types mirror them with the same names (snake_case). No leaky internals — the SDK protects your build from refactors on our side.

10. Nothing about the SDK is permanent

  • Open SDK, MIT-licensed — fork it, audit it, vendor it.
  • Documented HTTP wire format — three endpoints cover 90% of integrations. If we disappeared tomorrow you could keep the worker running.
  • Foundation-governed rules — the ruleset itself is signed by an authority registry pinned on first boot. Your trust is in cryptography, not in our continued goodwill.

What's next

  • Walk through the guide
  • Pick your stack on the
  • Read the for the cryptographic primitives
  • See what regulators see in
  • See what your CTO sees in
© 2026 Cortex Innovations (Pty) Ltd. Iqrar is a working name pending trademark clearance.Powered by Stratafy