Trusted Endpoints define exactly which URLs an agent is allowed to contact. With this registry in place, any attempt to reach an unapproved destination is blocked before the request leaves the Python process.
The registry acts as a database-backed, real-time allow-list for outbound network traffic:
All database operations in the SDK are asynchronous. Register a trusted destination during your application’s setup or bootstrap phase:
from sourcerykit import insert_trusted_endpoint
# Register an allowed endpoint in the database
await insert_trusted_endpoint(url="https://api.example.com/v1/data")
Trusted endpoints can be managed via the CLI or programmatically through the async API.
sourcerykit endpoints add <url> [--label <label>]
sourcerykit endpoints list
sourcerykit endpoints remove <url>The SDK exposes the following asynchronous functions to manage and query policies:
await sourcerykit.trusted_endpoints.is_endpoint_trusted(url: str) -> boolEvaluates whether a given URL is active within the registry. This is called internally by the HTTP Interceptor before every outbound request.
await sourcerykit.trusted_endpoints.insert_trusted_endpoint(url: str, display_label: str | None = None) -> NoneInserts a new endpoint into the database. If the URL is already registered, this operation acts as a no-op.
await sourcerykit.trusted_endpoints.list_all_trusted_endpoints() -> list[str]Returns a list of all active, registered endpoint URLs.
await sourcerykit.trusted_endpoints.remove_trusted_endpoint(url: str) -> NoneRemoves a previously registered endpoint from the registry. If the URL is not found, this operation acts as a no-op.
await sourcerykit.trusted_endpoints.verify_claim_endpoints(payload: HandoffPayload) -> NoneScans a handoff payload and verifies that every external URL referenced within it is present in the trusted registry. Raises an exception if an untrusted URL is detected.
For details on how the Interceptor blocks these calls, see Interceptor. To see how database tables fit into the wider architecture, see Architecture.