Quickstart — govern your agents

This is the boundary where CHP is real today. It hooks your agent CLI and records every tool call — no application code changes.

Install the hooks

pip install chp-core
chp hooks install

That registers hooks for Claude Code (and Codex / Gemini CLI). From then on, every tool call — Bash, Read, Edit, Write, WebFetch — is intercepted and written to a local, append-only evidence store at ~/.chp/evidence.sqlite.

Inspect a session

# List recent agent sessions
chp session list

# Walk the full event tree across parent and child agents
chp session tree <session_id>

# An approvals / denials / budget summary
chp session autonomy-report <session_id>

A session tree looks like this:

chp session tree sess_abc123
├── agent_session_started  (model: claude-opus-4-8, intent: "fix the bug")
├── claude_code.read       input: src/host.py
├── claude_code.bash       input: python -m pytest tests/
├── claude_code.edit       input: src/host.py
└── agent_session_completed  outcome: success, tools: 3

Export to your existing tooling

Evidence is yours and stays local. When you want it elsewhere, export any session to an OTLP collector:

chp session otel sess_abc123 --endpoint http://localhost:4318

What you just proved

• Every tool call is a typed, SHA256 hash-chained evidence event.
• A command blocked by policy is recorded as execution_denied, not swallowed.
• The whole session is replayable by id — the record a security review can trust.

Next

• Core concepts — the vocabulary behind the trace.
• The spec — how narrow the contract really is.