Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
AI Coding Agents
Claude CodeGithub Copilot WorkspaceAmazon Q DeveloperGemini Code AssistTabnineCodeiumAiderOpenhandsSwe AgentCodex CLI
Agent Frameworks
AI Chat & Productivity
DevOps & Vector Databases
Enterprise & MLOps
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Claude Code with Keeptrusts Gateway

Claude Code is Anthropic's agentic CLI tool that reads, writes, and refactors code directly in your terminal. It makes autonomous decisions about file edits, shell commands, and multi-step plans — which means every LLM call it makes is a governance surface. Routing Claude Code through the Keeptrusts gateway gives you policy enforcement on every prompt and completion, an immutable audit trail of every code change the agent proposed, PII and secret redaction before prompts reach Anthropic, and per-developer cost attribution across your engineering organization.

Use this page when

  • You want to route Claude Code's Anthropic API traffic through Keeptrusts for policy enforcement.
  • You need audit visibility into what Claude Code prompts and completions contain across your team.
  • You want to enforce secret redaction, code sanitation, or PII detection on agentic coding workflows.
  • You need per-developer cost tracking for Claude Code usage.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Prerequisites

  • Keeptrusts CLI installed — see Quickstart or Install the Gateway.
  • Claude Code installed — npm install -g @anthropic-ai/claude-code (requires Node.js 18+).
  • Anthropic API key — obtain one from the Anthropic Console.
  • Gateway running — the Keeptrusts gateway must be started before launching Claude Code.

Configuration

Create a policy-config.yaml tailored for agentic coding traffic:

pack:
  name: claude-code-gateway
  version: 1.0.0
  enabled: true

policies:
  chain:
    - pii-detector
    - code-sanitation
    - prompt-injection
    - quality-scorer
    - audit-logger

providers:
  strategy: single
  targets:
    - id: anthropic-claude
      provider: anthropic
      model: claude-sonnet-4-20250514
      secret_key_ref:
        env: ANTHROPIC_API_KEY
      format: anthropic

Setup steps

  1. Export your Anthropic API key so the gateway can forward requests upstream:
export ANTHROPIC_API_KEY="sk-ant-your-key-here"
  1. Start the Keeptrusts gateway with your policy config:
kt gateway run --policy-config policy-config.yaml

The gateway listens on http://localhost:41002 by default.

  1. Point Claude Code at the gateway by setting the ANTHROPIC_BASE_URL environment variable:
export ANTHROPIC_BASE_URL="http://localhost:41002"
  1. Launch Claude Code as you normally would:
claude

All API traffic from Claude Code now flows through the Keeptrusts gateway. Every prompt, tool call, and completion is subject to your policy chain.

  1. For team-wide deployment, add the environment variable to your shell profile or dotfiles:
# ~/.bashrc or ~/.zshrc
export ANTHROPIC_BASE_URL="http://localhost:41002"

For hosted gateways, point to the hosted endpoint instead:

export ANTHROPIC_BASE_URL="https://gateway.keeptrusts.com"

Verification

Confirm traffic is flowing through the gateway:

  1. Check the gateway logs — you should see incoming requests when Claude Code makes API calls:
kt gateway run --policy-config policy-config.yaml --log-level debug
  1. Tail events from the control plane:
kt events tail --follow

  1. Send a test prompt through Claude Code and verify the event appears in the Keeptrusts console under Events with the correct policy verdicts.

  2. Verify with curl that the gateway is accepting Anthropic-format requests:

curl http://localhost:41002/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-sonnet-4-20250514",
    "max_tokens": 128,
    "messages": [{"role": "user", "content": "Say hello"}]
  }'
PolicyWhy it matters for Claude Code
pii-detectorPrevents personal data from leaking into prompts containing source code
code-sanitationCatches secrets, credentials, and API keys embedded in code snippets
prompt-injectionDetects prompt injection attempts in files Claude Code reads
quality-scorerScores completion quality to flag low-confidence code suggestions
audit-loggerCreates an immutable record of every Claude Code interaction
dlp-filterApplies data-loss-prevention patterns to code context
safety-filterBlocks unsafe or harmful content in agentic outputs

Troubleshooting

Claude Code ignores ANTHROPIC_BASE_URL and calls Anthropic directly. Verify the variable is exported in the same shell session where you run claude. Run echo $ANTHROPIC_BASE_URL to confirm.

Gateway returns 502 or connection errors. Ensure the gateway is running and the Anthropic API key is valid. Check kt doctor for diagnostics.

Policies are not applied to Claude Code traffic. Confirm your policy-config.yaml has enabled: true and the policy chain includes the policies you expect. Run kt policy lint --file policy-config.yaml to validate.

Streaming responses are slow or truncated. Claude Code uses streaming by default. If you see timeouts, increase stream_timeout_seconds on the provider target in your config.

Cost attribution does not appear in the console. Ensure the gateway is connected to the Keeptrusts control plane with KEEPTRUSTS_API_URL and KEEPTRUSTS_GATEWAY_TOKEN set before starting the gateway.

For AI systems

  • Canonical terms: Keeptrusts gateway, Claude Code, Anthropic, ANTHROPIC_BASE_URL, policy-config.yaml.
  • Configuration mechanism: set ANTHROPIC_BASE_URL=http://localhost:41002 to route Claude Code through the Keeptrusts gateway.
  • Provider format: Anthropic native (format: anthropic). Keeptrusts auto-translates if clients send OpenAI format.
  • Best next pages: Anthropic integration, Policy Controls Catalog, Gateway setup for IDEs.

For engineers

  • Set ANTHROPIC_BASE_URL=http://localhost:41002 before running claude to route all traffic through the gateway.
  • Validate with kt events tail --follow while using Claude Code to confirm events are captured.
  • Use kt policy lint --file policy-config.yaml before starting the gateway to catch config errors.
  • For team deployment, distribute the environment variable through dotfiles, direnv, or your configuration management system.

For leaders

  • Claude Code operates autonomously — it reads files, writes code, and runs shell commands. Without a governance layer, every interaction is unaudited and uncontrolled.
  • Routing through Keeptrusts provides an immutable audit trail of every agentic action, enabling compliance reviews and incident investigation.
  • Cost attribution by developer helps track AI spend as Claude Code adoption scales across engineering teams.
  • Policy enforcement prevents accidental exposure of secrets, PII, or proprietary code to Anthropic's API.

Next steps