SDKs

Keel’s first-class runtime SDKs are Python and TypeScript. They provide provider-shaped wrappers for governed execution and typed clients for the public runtime API.

Go is published separately as an official generated/reference client for teams that want OpenAPI-derived bindings. It is not a first-class runtime wrapper SDK.

Install

pip install keel-sdk

npm install keel-sdk

go get github.com/keelapi/keel-go

Runtime wrapper migration

For Python and TypeScript, Keel keeps the provider-shaped calling pattern you already use. Change the import, set Keel environment variables, and the request goes through Keel’s governed execution path.

# Before
from openai import OpenAI
 
# After
from keel_sdk.providers.openai import OpenAI

// Before
import OpenAI from "openai";
 
// After
import { OpenAI } from "keel-sdk/providers/openai";

Governance runs before provider dispatch. If Keel denies the request, the wrapper raises an explicit SDK error and no provider call is made.

Configure

export KEEL_BASE_URL="https://api.keelapi.com"
export KEEL_API_KEY="keel_sk_your_project_key"
export KEEL_PROJECT_ID="your-project-uuid"

Provider API keys are stored in your Keel project. Python and TypeScript wrappers do not need raw OpenAI, Anthropic, Google, xAI, or Meta keys on governed execution paths.

Working examples

from keel_sdk.providers.openai import OpenAI
 
client = OpenAI()
 
response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello!"}],
    max_tokens=128,
)
 
print(response["choices"][0]["message"]["content"])

import { OpenAI } from "keel-sdk/providers/openai";
 
const client = new OpenAI();
 
const response = await client.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: "Hello!" }],
  max_tokens: 128,
});
 
console.log(response.choices[0].message.content);

Provider wrappers

Python and TypeScript expose wrappers for OpenAI, Anthropic, Google Gemini, xAI, and Meta. Use Provider Support and the Capability Matrix for the current provider and operation surface.

Advanced operations such as image generation, audio, embeddings, governed tool runs, and search evidence are route-dependent. Use /v1/executions, /v1/execute, or the direct SDK client when the wrapper surface is not the right fit.

Direct client access

Use the direct client when you need precise control over permits, executions, proxy calls, jobs, compliance exports, governance events, integrity endpoints, MCP evidence, metrics, status, or webhooks.

TypeScript

import { KeelClient } from "keel-sdk";
 
const client = new KeelClient({
  baseUrl: process.env.KEEL_BASE_URL!,
  apiKey: process.env.KEEL_API_KEY!,
});
 
const permit = await client.permits.create({
  project_id: process.env.KEEL_PROJECT_ID!,
  idempotency_key: "permit-only-001",
  subject: { type: "user", id: "usr_123" },
  action: { name: "ai.generate.summary" },
  resource: {
    type: "request",
    id: "req_123",
    attributes: {
      provider: "openai",
      model: "gpt-4o-mini",
      operation: "generate.text",
      estimated_input_tokens: 120,
      estimated_output_tokens: 80,
      max_output_tokens_requested: 120
    }
  }
});

Python

from keel_sdk import KeelClient
 
client = KeelClient(
    base_url="https://api.keelapi.com",
    api_key="keel_sk_...",
)
 
permit = client.permits.create({
    "project_id": "your-project-uuid",
    "idempotency_key": "permit-only-001",
    "subject": {"type": "user", "id": "usr_123"},
    "action": {"name": "ai.generate.summary"},
    "resource": {
        "type": "request",
        "id": "req_123",
        "attributes": {
            "provider": "openai",
            "model": "gpt-4o-mini",
            "operation": "generate.text",
            "estimated_input_tokens": 120,
            "estimated_output_tokens": 80,
        },
    },
})

Go reference client

The Go package is an official generated/reference client. It does not maintain provider-specific wrappers, streaming helpers, custom retry policy, or custom error types.

import keelclient "github.com/keelapi/keel-go/pkg/keelclient"

Runtime API calls should use pkg/keelclient. The repository root package is documentation-only.

client, err := keelclient.NewKeelHTTPClient(
    os.Getenv("KEEL_BASE_URL"),
    keelclient.WithRequestEditorFn(func(ctx context.Context, req *http.Request) error {
        req.Header.Set("Authorization", "Bearer "+os.Getenv("KEEL_API_KEY"))
        return nil
    }),
)
if err != nil {
    log.Fatal(err)
}

Generated Go clients return standard *http.Response values. Callers own status handling, decoding, retry policy, and transport configuration.

Error handling

When governance blocks a wrapper request, Python and TypeScript raise KeelError before any provider call is made.

import { KeelError } from "keel-sdk";
 
try {
  await client.chat.completions.create({
    model: "gpt-4o",
    messages: [{ role: "user", content: "Hello!" }],
  });
} catch (err) {
  if (err instanceof KeelError) {
    console.error(`Keel error ${err.status}: [${err.code}] ${err.message}`);
  }
}

Common cases:

• permit_denied when project policy blocks the request.
• budget.rate_limit_throttled when budget or rate-limit controls throttle.
• upstream provider failures after an allow decision, surfaced through the wrapper or proxy response.

Where to go next

• Python — Python runtime SDK
• TypeScript — TypeScript runtime SDK
• Go — generated/reference client
• SDK Support Surfaces — official support posture
• Provider Support — provider caveats
• Capability Matrix — operation coverage
• Terraform — infrastructure management