Skip to main content
Browse docs
By Audience
Getting Started
IntroductionConfig-First WorkflowQuickstartDeclarative Config ReferenceInstall the GatewayArchitectureOnboarding TeamsOnboarding FlowsCustomer JourneysUsing the Console
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Customer Journeys

These journeys show how customers move through Keeptrusts once access is available. Use them when you want a task-oriented view instead of a page-by-page product tour.

Use this page when

  • You need a task-oriented map of how customers move through Keeptrusts by lifecycle phase.
  • You want to identify the right starting page for a specific outcome — evaluation, operations, governance, or administration.
  • You are onboarding a new team and want to scope which journeys apply to their deployment maturity.

Journeys are grouped by lifecycle phase. Start with Getting Live, move into Operate and Investigate for daily work, then use Govern and Scale and Administer as your deployment matures.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Journey map

Getting Live

JourneyPrimary userStarts hereSuccess signal
Evaluate with the hosted gatewayDeveloper or platform ownerQuickstart + hosted gateway guideFirst governed request appears in Events
Bring up a hosted gatewayOperatorGateway setup + CLI installHosted gateway shows as connected
Start in chat and reach the first governed answerEnd user or pilot teamChat workspace URLRedirect returns to chat after sign-in and the first prompt completes
Set up team-based access and RBACOrg adminMembers & TeamsEvery team member has the right role and scope

Operate and Investigate

JourneyPrimary userStarts hereSuccess signal
Roll out the first policy changePlatform ownerConfigurations + TemplatesNew version deployed and visible in runtime views
Investigate a blocked requestSecurity or compliance reviewerEventsRoot cause and policy path are clear
Export evidence for an audit or incidentReviewer, auditor, incident leadExportsEvidence packet is ready for handoff
Recover from low balance or a cost ticketFinance owner, admin, or end userWallets + chatCredits restored and the request can be retried
Review and resolve an escalationReviewer or team leadEscalationsEscalation claimed, investigated, and resolved with audit trail

Govern and Scale

JourneyPrimary userStarts hereSuccess signal
Ground agents with knowledge base assetsKnowledge owner or platform adminKnowledge BaseActive asset bound to agent and recalled at runtime
Connect Google Drive through connectorsIntegration lead or adminConnectorsConnector active, capabilities discovered, and bound to agent
Manage versioned configurationsPlatform engineerConfigurationsApproved YAML changes are versioned and rolled out safely
Learn from conversation historyKnowledge owner or analystHistoryValuable session condensed into a reusable knowledge asset
Control AI spend across teamsFinance owner or org adminWallets + Cost CenterTeam wallets allocated, budgets enforced, spend visible

Administer

JourneyPrimary userStarts hereSuccess signal
Platform admin — manage plans, billing, and orgsPlatform adminAdmin consolePlans configured, orgs provisioned, billing active

Journey 1: Evaluate with the hosted gateway

Choose this path when you want the fastest route from account creation to the first governed request.

  1. Finish Quickstart.
  2. Create an Access Key.
  3. Point your client at the hosted gateway URL.
  4. Send a test request.
  5. Open Events, Usage, and Gateways to confirm the request was governed.

Use this journey for evaluations, prototypes, and teams that do not want to operate gateway infrastructure yet.

Journey 2: Bring up a hosted gateway

Choose this path when your organization needs the runtime inside its own infrastructure perimeter.

  1. Create or select a configuration.
  2. Create a Gateway Key.
  3. Install kt using the CLI installation guide.
  4. Run kt gateway run with the configuration and runtime credentials.
  5. Confirm the hosted gateway appears in Gateways and Actions.
  6. Send a governed request through the hosted endpoint.

Use this journey when you need private networking, custom egress controls, or tighter runtime ownership.

Journey 3: Start in chat and reach the first governed answer

Choose this path when a user begins with the chat workbench rather than with the console or API.

  1. Open chat and type a draft prompt.
  2. If you are signed out, Keeptrusts redirects you to the console sign-in flow.
  3. After successful sign-in, Keeptrusts returns you to chat.
  4. If no deployment exists yet:
  • First org admins or sole active users land in the chat workspace immediately while the first provider deployment or gateway setup is completed.
  • Non-admins request setup from an admin.
  1. Send the first governed prompt.
  2. Confirm the conversation appears in history and the related event appears in the console.

Use this journey for pilots, internal assistants, and teams adopting the chat workbench as the first experience of the platform.

Journey 4: Set up team-based access and RBAC

Choose this path when your organization needs structured access control before opening the platform to multiple teams.

  1. Open Members, Teams and Roles in the console.
  2. Create teams that match your organizational structure.
  3. Invite members and assign roles — owner, admin, member, or viewer.
  4. Configure SSO (OIDC or SAML) if your organization uses an identity provider.
  5. Enable MFA or passkeys in Security Settings for additional protection.
  6. Verify each team member can access only the resources and pages their role permits.
  7. Set up wallet allocations per team if cost control is needed.

Use this journey when moving from a single-admin pilot to a multi-team production deployment.

Journey 5: Roll out the first policy change

Choose this path when a working runtime already exists and the next step is safe rollout.

  1. Start from a template or an existing configuration.
  2. Review the declarative config with the Declarative Config Reference.
  3. Validate the change.
  4. Roll it out to the target gateway.
  5. Confirm the running config from Configurations and Gateways.
  6. Watch Events and Escalations for the first traffic after rollout.

Use this journey when your team is shifting from evaluation into governed production changes.

Journey 6: Investigate a blocked request

Choose this path when a user, operator, or reviewer needs to understand why traffic was blocked or escalated.

  1. Open the affected request in Events.
  2. Inspect the verdict, matched policy, and request metadata.
  3. Follow the related conversation, session, or escalation if present.
  4. Compare the event to the current configuration version.
  5. Decide whether the result reflects policy intent, a misconfiguration, or a true incident.

Use this journey for day-to-day review work, incident triage, and policy tuning.

Journey 7: Export evidence for an audit or incident

Choose this path when a decision, escalation, or incident must be handed off outside the console.

  1. Define the review window and scope.
  2. Generate the export in JSON or CSV.
  3. Validate the file contents.
  4. Pair the file with the relevant request IDs, escalation IDs, or incident references.
  5. Hand off the evidence packet.

Use this journey for audits, compliance reviews, customer investigations, and internal incident response.

Journey 8: Recover from low balance or a cost ticket

Choose this path when wallet controls are enabled and a request cannot proceed because the balance is too low.

  1. Open the wallet balance view in chat or the Wallets page.
  2. Review which scope ran out of headroom: user, team, or organization.
  3. Top up or reallocate credits — use PayPal self-service from chat or the Cost Center, or ask an admin to allocate from the org wallet.
  4. Retry the request if a cost ticket was issued.
  5. Confirm the request now settles successfully and the wallet ledger reflects the spend.

Use this journey when your team operates prepaid credits or wants predictable governance around AI spend.

Journey 9: Review and resolve an escalation

Choose this path when a gateway decision has been flagged for human review.

  1. Open Escalations and filter to queued items in the relevant time range.
  2. Confirm your reviewer identity displayed in the console.
  3. Open the escalation detail drawer — inspect the request ID, reason code, config version, and related event.
  4. Cross-check the related event behavior in Events if context is unclear.
  5. Claim the escalation when you are taking ownership.
  6. Record a resolution note and choose the appropriate outcome (allow, block, policy tuning).
  7. Confirm the irreversible resolve action in the dialog.

Use this journey for daily review queues, incident triage, and compliance sign-off.

Journey 10: Ground agents with knowledge base assets

Choose this path when you want agents to use curated context — policies, FAQs, product docs, or learned insights — at runtime.

  1. Navigate to Knowledge Base and click Create asset.
  2. Choose the asset kind: Static (markdown), Upload (file), or Git Sync (repository-backed).
  3. Author or upload the content. Each save creates an immutable version.
  4. Promote the asset through the lifecycle: draftin_review (enterprise) → active.
  5. Go to the Bindings tab and bind the asset to the target agent.
  6. Send a governed request through that agent and confirm the knowledge was recalled — check the citation record in the event detail.

Use this journey when you need agents to draw on curated, versioned, and auditable context instead of relying solely on the model's training data.

Learn more: Knowledge Base · Knowledge Lifecycle · kt knowledge-base CLI

Journey 11: Connect Google Drive through connectors

Choose this path when you want agents to access Google Drive through governed read-only integrations.

  1. Navigate to Connectors and click Add connector.
  2. Choose Google Drive.
  3. Complete the Google OAuth authorization flow.
  4. Click Refresh capabilities to discover available tools and resources.
  5. Add a binding to the target agent, task, or runner.
  6. Send a governed request and confirm the connector's capabilities are available at runtime.

Use this journey when agents need to read from Google Drive without exposing write access or uncontrolled API calls.

Learn more: Connectors

Journey 12: Manage versioned configurations

Choose this path when your team reviews policy YAML outside Keeptrusts and then needs to validate, version, and deploy the approved change through the console.

  1. Open Configurations.
  2. Create a new configuration or open an existing one.
  3. Import or paste the approved YAML into the Monaco editor.
  4. Run validation and save a new version.
  5. Deploy the approved version to the target gateways.
  6. Verify the gateway is running the updated config from Gateways and Actions.

Use this journey when your team manages policy-as-code in Git but wants rollout, validation, and audit evidence to happen inside Keeptrusts.

Learn more: Configurations · Create Configuration

Journey 13: Learn from conversation history

Choose this path when a valuable conversation should be condensed into reusable knowledge for future agent sessions.

  1. Open History and browse captured sessions.
  2. Find a session with valuable insights — product decisions, resolved issues, or expert answers.
  3. Click Create learned knowledge in the session action bar.
  4. The system synthesizes a knowledge asset from the session content.
  5. Review the generated content on the new asset's detail page.
  6. Promote the asset to active and bind it to the relevant agent.
  7. Confirm future requests recall the learned context.

Use this journey when you want agents to continuously improve by learning from real conversations.

Learn more: History and Sessions · Knowledge Base

Journey 14: Control AI spend across teams

Choose this path when your organization needs budget governance — prepaid credits, team allocations, and spend visibility.

  1. Review organization spend in Usage and confirm the available wallet balance through the current wallet funding workflow.
  2. Allocate credits to teams using the allocation API or console.
  3. Set alert thresholds so you receive notifications before balances run low.
  4. Configure PayPal top-up settings if self-service funding is enabled.
  5. Review model pricing records to ensure cost estimates are accurate.
  6. Monitor spend from Cost and Spend and My Usage.
  7. Export spend data for finance review if needed.

Use this journey when your organization needs predictable AI budgets with per-team accountability.

Learn more: Wallets · Cost and Spend

Journey 15: Platform admin — manage plans, billing, and orgs

Choose this path when you are a platform administrator managing the Keeptrusts deployment for multiple organizations.

  1. Sign in to the admin console.
  2. Review and configure available plans and storage quotas.
  3. Provision new organizations and assign owners.
  4. Configure payment settings and PayPal integration.
  5. Seed model pricing records for accurate cost tracking.
  6. Monitor organization health, resource usage, and billing status.
  7. Manage platform-wide security settings and feature flags.

Use this journey when operating Keeptrusts as a managed service or internal platform.

For AI systems

  • Canonical terms: Keeptrusts, Customer Journeys, lifecycle phases, Getting Live, Operate and Investigate, Govern and Scale, Administer.
  • Feature and page names referenced: Quickstart, Access Keys, Gateway Keys, Gateways and Actions, Events, Escalations, Exports, Configurations, Knowledge Base, Connectors, History, Wallets, Cost Center, Members Teams and Roles, Security Settings.
  • This page is a navigation index — route to the specific journey section or the linked feature page for implementation detail.

For engineers

  • Each journey lists a Success signal — use it as the validation checkpoint for that workflow.
  • Start with Journey 1 or Journey 2 to confirm your gateway runtime is healthy before attempting policy changes (Journey 5).
  • If an investigation journey (6, 7, 9) does not resolve, cross-reference the Troubleshooting page for common failure modes.

For leaders

  • Use the journey map to scope rollout phases — most organizations start with Getting Live, then move into Operate and Investigate within the first week.
  • Journey 4 (RBAC) and Journey 14 (spend control) are the key governance checkpoints before scaling to multiple teams.
  • Journey 15 (platform admin) applies only if you operate Keeptrusts as a managed service for multiple organizations.

Next steps