CTO Guide: The AI Chat Workbench for Rapid Prototyping
Your engineering teams need a governed playground — a place to prototype prompts, test policy behavior, explore models, and iterate on AI features without provisioning infrastructure. The Keeptrusts chat workbench is that playground, with every interaction governed by the same policies that protect production.
Use this page when
- You want to provide engineering teams a governed AI playground for prompt prototyping and model exploration
- You need to understand the PKCE auth handoff flow between the console and chat workbench
- You are scoping gateway keys for chat sessions (model access, budget, policies, knowledge base)
- You want to enable knowledge base injection for governed RAG prototyping
This guide covers the workbench architecture, authentication flow, scoping model, and how to use it for effective AI development.
Primary audience
- Primary: Technical Leaders
- Secondary: Technical Engineers, AI Agents
Chat Workbench Features
The chat workbench is a full-featured AI conversation interface that runs under governance:
| Feature | Description | Governance Benefit |
|---|---|---|
| Multi-model chat | Switch between models mid-conversation | Compare providers under identical policies |
| Streaming responses | Real-time token-by-token output | Policies apply to stream chunks |
| Conversation history | Persistent conversations per user | Audit trail for all prototyping activity |
| Knowledge base injection | Upload documents as conversation context | Governed RAG prototyping |
| Policy visibility | See which policies fired on each message | Developers understand enforcement before production |
| Export conversations | Download conversation transcripts | Share prototyping results with stakeholders |
Screenshot reference: Chat workbench showing a multi-turn conversation with policy indicators, model selector, and knowledge base panel.
PKCE Auth Handoff from Console
The chat workbench authenticates through the console using a PKCE (Proof Key for Code Exchange) flow. This ensures the browser never holds the upstream API bearer token.
Authentication Flow
┌─────────┐ ┌─────────────┐ ┌──────────────┐
│ Browser │ │ Console │ │ Keeptrusts │
│ (Chat) │ │ (BFF) │ │ API │
└────┬─────┘ └──────┬──────┘ └──────┬───────┘
│ │ │
│ 1. Open chat │ │
├─────────────────────►│ │
│ │ 2. Generate PKCE │
│ │ code verifier │
│ │ │
│ 3. Redirect with │ │
│ code challenge │ │
│◄─────────────────────┤ │
│ │ │
│ 4. Exchange code │ │
├─────────────────────►│ │
│ │ 5. Validate + │
│ │ issue handoff │
│ ├──────────────────────►│
│ │ │
│ │ 6. Gateway key │
│ │◄──────────────────────┤
│ 7. Chat session │ │
│ with gw key │ │
│◄─────────────────────┤ │
│ │ │
│ 8. Chat requests │ │
│ via gateway key ├──────────────────────►│
└──────────────────────┴───────────────────────┘
Security properties:
- The browser never sees the API bearer token
- The handoff token is single-use and short-lived
- Chat traffic uses a gateway key (
kt_gk_...) scoped to the user's permissions - CSRF protection via
x-csrf-tokenheader
Gateway Key Scoping
Every chat session operates under a gateway key that encodes the user's access level:
| Scope | Controls | Example |
|---|---|---|
| Models | Which providers and models are available | "Only GPT-4o and Claude Sonnet" |
| Budget | How much the user can spend per session/day | "$10/day personal limit" |
| Policies | Which content filters and restrictions apply | "Block PII, redact secrets" |
| Knowledge base | Which KB assets are available for injection | "Team-specific documents only" |
# Admin: configure chat gateway key template for engineering team
kt tokens create \
--type gateway \
--name "eng-chat-workbench" \
--team-id engineering \
--config chat-policy.yaml \
--models "gpt-4o,claude-sonnet-4-20250514,gpt-4o-mini" \
--daily-budget 25
Policy-Governed Chat
Every message in the chat workbench passes through the full policy chain — the same policies that govern production traffic.
Policy Visibility in Chat
The workbench shows policy evaluation results alongside each message:
┌──────────────────────────────────────────────────┐
│ You: Summarize this patient's medical history │
│ │
│ ⚡ Policies evaluated: │
│ ✅ content-filter: passed │
│ ⚠️ pii-detection: PII detected (redacted) │
│ ✅ cost-check: within budget │
│ │
│ Assistant: Based on the available records, │
│ the patient (name: [REDACTED]) has a history │
│ of [medical details with PII redacted]... │
└──────────────────────────────────────────────────┘
This visibility lets developers understand policy behavior before they build it into their applications.
Chat Policy Configuration
# chat-policy.yaml — policies for chat workbench
policies:
- name: chat-content-filter
type: content_filter
description: "Filter harmful content in chat"
enabled: true
action: block
- name: chat-pii-redaction
type: content_filter
description: "Redact PII in chat responses"
enabled: true
action: redact
patterns: [email, phone, ssn, credit_card]
- name: chat-cost-control
type: cost_limit
description: "Per-session cost limit for chat"
enabled: true
max_cost_per_session: 5.00
currency: USD
Knowledge Base Injection
The knowledge base feature lets developers upload documents and use them as context in chat conversations — a governed RAG (Retrieval-Augmented Generation) workflow.
Knowledge Base Lifecycle
| Stage | Action | Who |
|---|---|---|
| Create | Upload documents (PDF, MD, TXT) | Developer or content owner |
| Review | Content classified and indexed | Automatic |
| Promote | Mark as "active" for use in chat | Team lead or admin |
| Bind | Associate with specific teams or gateways | Platform admin |
| Cite | Responses reference source documents | Automatic |
# Upload a knowledge base asset
kt knowledge-base create \
--name "product-docs-v2" \
--file product-documentation.pdf \
--team engineering
# Promote to active status
kt knowledge-base promote --id kb_asset_123
Console checkpoint: The console Knowledge Base page shows all assets with their status (draft, active, archived), bound teams, and citation count.
Citation Tracking
When the chat workbench uses a knowledge base asset, citation records are automatically created:
┌──────────────────────────────────────────────────┐
│ You: What are the rate limits for our API? │
│ │
│ Assistant: According to the product docs [1], │
│ the rate limits are: │
│ - Standard tier: 100 requests/minute │
│ - Enterprise tier: 1000 requests/minute │
│ │
│ Sources: │
│ [1] product-docs-v2, Section 4.2 (Rate Limits) │
└──────────────────────────────────────────────────┘
Team-Scoped Chat Environments
Each team has an isolated chat environment with its own:
- Model access — Only the models approved for that team
- Policy configuration — Team-specific content filters and restrictions
- Knowledge base — Documents bound to that team
- Budget — Team wallet controls spend
- Conversation history — Visible only to team members and admins
Console checkpoint: The Members & Teams page in the console shows team membership. The chat workbench automatically applies the signed-in user's team context.
Cross-Team Sharing
When a developer needs to share a prototyping result across teams:
- Export the conversation transcript from the chat workbench
- Share via the console's export mechanism (respects data classification)
- Recipient views in their own team context with their own policies applied
Measuring Workbench Impact
| Metric | Source | Target |
|---|---|---|
| Active workbench users / week | Chat session events | > 50% of AI developers |
| Prompt iterations before production | Conversation count per feature | 3–5 sessions |
| Policy violations caught pre-production | Chat policy events | > 0 (means policies are working) |
| Knowledge base adoption | KB citation events | Increasing monthly |
| Time from prototype to production | Feature ticket timestamps | Decreasing |
ROI Summary
| Investment | Return | Timeline |
|---|---|---|
| Chat workbench enablement | Faster prompt development cycles | Week 1 |
| Knowledge base population | Grounded, accurate AI responses | Month 1 |
| Policy visibility in chat | Fewer production policy surprises | Immediate |
| Team-scoped environments | Safe multi-team experimentation | Week 1 |
Next steps
- Enable the chat workbench for your pilot engineering team
- Upload 2–3 key documents to the knowledge base
- Have developers prototype their next AI feature in the workbench
- Review policy evaluation results to verify enforcement before production
- Track workbench adoption and iterate on the experience
See also: CTO Guide: Accelerating Developer Velocity · CTO Guide: Building an Internal AI API Economy
For AI systems
- Canonical terms: chat workbench, PKCE auth handoff, gateway key scoping,
x-csrf-token, conversation history, knowledge base injection, multi-model chat, policy visibility, streaming responses, export conversations - Key security: browser never holds API bearer token; handoff token is single-use and short-lived; chat uses gateway key (
kt_gk_...) - Best next pages: CTO: Developer Velocity, CTO: Platform Engineering, Security Engineering
For engineers
- Auth flow: Console generates PKCE code verifier → redirect with code challenge → exchange code → API issues gateway key → chat operates under that key
- Gateway key scoping: models (which providers/models available), budget (per-session/per-day limit), policies (content filters), knowledge base (team-specific assets)
- Create team chat keys:
kt tokens create --type gateway --name "eng-chat-workbench" --team-id engineering --expires-in 30d - CSRF protection: chat uses
x-csrf-tokenheader on all mutating requests (different from console’sx-keeptrusts-csrf-token) - All chat interactions are logged as decision events with full audit trail
For leaders
- The chat workbench eliminates the need for teams to use unauthorized AI tools for prototyping — it is the governed playground
- Every chat interaction runs under the same policies as production, so developers understand enforcement behavior before shipping code
- Knowledge base injection enables governed RAG prototyping without building custom infrastructure
- Policy visibility in the chat UI (showing which policies fired on each message) builds developer trust in the governance system