v0.3.0 — February 2026
Box9 Product Specifications
Box9 is an observability and coordination platform for AI agents. It combines a lightweight telemetry SDK with a receipts protocol that turns passive logs into sealed, shareable, verifiable proofs of agent actions.
Platform Overview
Box9 consists of three layers that work independently or together:
01
SDK Layer
Drop-in Python client that wraps OpenAI. Intercepts every completion call transparently. Zero code changes beyond initialization.
02
Telemetry API
RESTful ingestion and query endpoints. Receives events, provides aggregated summaries, supports filtering by model, status, type, and funnel stage.
03
Receipts Protocol
Agents seal proofs of completed actions, query for cached results, verify seal integrity, and trace provenance chains.
SDK Specifications
| Property | Value |
|---|---|
| Language | Python 3.8+ |
| Package | lakin-telemetry |
| Version | 0.3.0 |
| Dependencies | None (stdlib only: hashlib, sqlite3, threading, urllib) |
| Initialization | tracker = box9.init(endpoint='https://box9.ai', api_key='...') |
| Client Wrapping | client = tracker.wrap(OpenAI()) |
| Overhead | <2ms per call (async batching) |
| Local Storage | SQLite database for offline/local mode |
| Cloud Transport | HTTPS POST to /api/ingest, batched, background thread |
| Auto-Receipt Sealing | Every successful OpenAI call automatically seals a receipt |
Telemetry Event Schema
Every intercepted call produces a TelemetryEvent with the following fields. Events are ingested via the /api/ingest endpoint and queryable via /api/events and /api/summary.
| Field | Type | Description |
|---|---|---|
| event_id | string | Unique identifier (UUID v4) |
| timestamp | float | Unix epoch seconds |
| model | string | Model identifier (gpt-4o, gpt-4o-mini, etc.) |
| event_type | string | call_start, call_end, error, tool_call |
| funnel_stage | string | initiation, reasoning, tool_call, evaluation, completion |
| status | string | success, error, timeout |
| prompt_tokens | int | Input token count |
| completion_tokens | int | Output token count |
| latency_ms | float | Wall-clock time for the call |
| cost_usd | float | Calculated cost based on model pricing |
| has_tool_calls | bool | Whether the response included tool calls |
| tool_names | string[] | List of tools invoked |
| session_id | string? | Groups related calls into sessions |
| agent_profile | object? | Agent name, version, and tags |
Receipts Protocol
The receipts protocol is the defining innovation of Box9. A receipt is a sealed, immutable proof of what an agent actually did — not a log line, not a promise. A cryptographically sealed fact.
Receipt Schema
| Field | Type | Description |
|---|---|---|
| receipt_id | string | Unique ID: rct_<hash_prefix_16chars> |
| seal | string | SHA-256 hash of the receipt body |
| sealed_at | number | Unix timestamp when sealed |
| agent_id | string | Which agent produced this receipt |
| model | string | Which LLM model was running |
| action | string | tool_call | llm_response | decision |
| tool_name | string? | Which tool was invoked (if tool_call) |
| input_hash | string | SHA-256 of input (privacy-safe, no raw data) |
| output_hash | string | SHA-256 of output |
| output_summary | string? | Human-readable result summary |
| tokens_used | number | Token consumption for this action |
| cost_usd | number | Dollar cost of this action |
| latency_ms | number | Wall-clock time in milliseconds |
| status | enum | sealed | failed | expired |
| success | boolean | Whether the action succeeded |
| parent_receipt_ids | string[] | Provenance chain — receipts that fed into this one |
| trace_id | string | Links receipt to telemetry trace |
| ttl_seconds | number | Time-to-live (default: 300s / 5min) |
| expires_at | number | sealed_at + ttl_seconds |
| tags | object | Key-value pairs for query filtering |
Operations
SEAL
Create and store a receipt. The agent says: "I did this. Here's the proof." Server computes SHA-256 hash, assigns receipt_id, stores with four indexes (ID, tool_name, input_hash, timestamp).
QUERY
Search for existing receipts. Fast path: when input_hash is provided, uses input index for O(1) lookup. This is the cache-hit path — skip duplicate API calls.
VERIFY
Check if a receipt's seal is intact and still fresh. Returns: valid, seal_matches, expired, age_seconds. Agents should verify before trusting received receipts.
CHAIN
Trace provenance of a receipt back to its roots. Returns the full ancestor chain with aggregate cost, token, and latency totals.
API Reference
Telemetry Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/ingest | Ingest telemetry events (single, array, or batch) |
| GET | /api/events | Query stored events with filters |
| GET | /api/summary | Aggregated telemetry summary |
| POST | /api/seed | Generate demo data (?sessions=N&clear=bool) |
Receipts Endpoint
All receipts operations go through a single unified endpoint: /api/receipts. This ensures all operations share the same serverless function instance for memory consistency.
| Method | Action | Description |
|---|---|---|
| POST | seal | Create and store a sealed receipt |
| POST/GET | query | Search receipts by tool, agent, input_hash, tags |
| POST/GET | verify | Verify seal integrity and freshness |
| POST/GET | chain | Trace provenance chain to root |
| GET | stats | Aggregate receipt statistics |
| POST | clear | Clear all receipts (admin) |
Authentication
Write operations (POST) require authentication via the x-box9-key header or Authorization: Bearer <key>. Read operations (GET) are open for dashboard consumption.
Security & Privacy
■
No raw data in receipts: input_hash and output_hash store SHA-256 hashes, never raw prompts or responses.
■
API key authentication: All write operations require a valid API key validated server-side.
■
Tamper-evident seals: Any modification to a receipt's content invalidates its seal. Verification is constant-time.
■
TTL-based trust decay: Receipts expire. Stale data is marked, not silently served. Custom TTLs per receipt.
■
CORS configurable: Cross-origin access enabled for dashboard/SDK communication. Configurable per deployment.
Roadmap
| Timeline | Feature | Details |
|---|---|---|
| Q1 2026 | Persistent Storage | PostgreSQL/Redis for production durability |
| Q1 2026 | Anthropic SDK Support | Transparent interception for Claude API calls |
| Q2 2026 | LangChain Integration | Native callback handler for chain-level telemetry |
| Q2 2026 | Receipt Marketplace | Agents publish receipts for monetization |
| Q3 2026 | Multi-Tenant Isolation | Workspace-scoped receipts with access control |
| Q3 2026 | Alerting & Thresholds | Cost alerts, error spikes, anomaly detection |
| Q4 2026 | On-Premise Deployment | Docker-based self-hosted for enterprise |
Want to build on this?
Box9 is in private beta. Get early access to the SDK, API, and hosted dashboard.