Skip to main content

Documentation

Keeptrusts Docs

Keeptrusts helps teams route, govern, and review AI traffic without rebuilding every application. Define runtime behavior in config, run traffic through the gateway, and use the product surfaces to verify what changed.


A reliable first session

Use the docs in the same order that traffic moves through the product:

  1. Install the CLI and gateway and confirm the process is healthy.
  2. Create and validate a policy config before starting the gateway with that file.
  3. Send an authenticated request through a supported request family.
  4. Confirm both the client response and the applicable runtime evidence. Use kt events tail for delivered request outcomes, History only for capture-enabled session context, Trail for audit chronology, and Inbox for human-review work.

/healthz proves that the gateway process is running. It does not prove that a client token is authorized, a model is available, or a provider credential is valid. Use an authenticated model request for that end-to-end check.

Keep the credentials separate

CredentialUsed byPurpose
Gateway runtime API tokenkt gateway run --agent ...Connects the gateway runtime to the Keeptrusts control plane
Client API tokenApplication, SDK, or IDEAuthorizes a request sent to the gateway
Upstream provider credentialGateway provider targetAuthorizes the gateway with the selected model provider

Do not reuse the gateway runtime token as the client or provider credential. The setup and rotation workflows are different for each boundary.

Documentation

Use the rest of the site by job:

Next steps