Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
AI Coding Agents
Claude CodeGithub Copilot WorkspaceAmazon Q DeveloperGemini Code AssistTabnineCodeiumAiderOpenhandsSwe AgentCodex CLI
Agent Frameworks
AI Chat & Productivity
DevOps & Vector Databases
Enterprise & MLOps
Salesforce EinsteinSnowflake CortexPalantir AipWandbMlflowLangsmithGuardrails AILitellmJan AITypingmind
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Jan.ai

Keeptrusts integrates with Jan.ai — an open-source desktop AI application — by configuring Jan to send its LLM API calls through the Keeptrusts gateway. Jan supports custom OpenAI-compatible endpoints, so you point Jan's API settings at your Keeptrusts gateway instead of directly at a provider. The gateway enforces policies, redacts PII, and logs every conversation before forwarding to the upstream LLM.

Use this page when

  • You are routing Jan.ai desktop app LLM calls through Keeptrusts for governance.
  • You need the Jan settings configuration for a custom Keeptrusts gateway endpoint.
  • You want audit logging and policy enforcement on desktop AI interactions.
  • If you want a general quickstart instead, see Quickstart.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Prerequisites

  • Jan.ai desktop app installed (macOS, Windows, or Linux)
  • Keeptrusts CLI (kt) installed and authenticated (kt auth login)
  • An upstream LLM provider key exported as an environment variable
  • The Keeptrusts gateway running locally or accessible via a hosted gateway URL

Configuration

Gateway policy config

pack:
  name: jan-desktop-governance
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: jan-openai
    provider: openai:chat:gpt-4o
    secret_key_ref:
      env: OPENAI_API_KEY
  - id: jan-anthropic
    provider: anthropic:chat:claude-3-5-sonnet-20241022
    secret_key_ref:
      env: ANTHROPIC_API_KEY
policies:
  chain:
  - prompt-injection
  - pii-detector
  - dlp-filter
  - audit-logger
policy:
  prompt-injection:
    threshold: 0.8
    action: block
  pii-detector:
    action: redact
    entities:
    - PERSON
    - EMAIL_ADDRESS
    - PHONE_NUMBER
    - CREDIT_CARD
  dlp-filter:
    patterns:
    - name: api-key
      regex: "(sk-|sk-ant-)[a-zA-Z0-9]+"
      action: block
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Start the gateway

export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."
kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml

Setup steps

1. Open Jan settings

Launch Jan and navigate to Settings (gear icon) → Model Provider or OpenAI.

2. Configure the custom endpoint

Set the following fields in Jan's OpenAI-compatible provider settings:

FieldValue
API Base URLhttp://localhost:41002/v1 (local) or https://gateway.keeptrusts.com/v1 (hosted)
API KeyYour Keeptrusts access key (or unused if the gateway does not require client auth)

3. Select a model

In Jan's model selector, choose the model name that matches your Keeptrusts gateway provider target (e.g., gpt-4o or claude-3-5-sonnet-20241022).

4. Start chatting

Send a message in Jan. The request flows through the Keeptrusts gateway, which enforces policies and logs the interaction before forwarding to the upstream provider.

Verification

# Verify the gateway is healthy
curl http://localhost:41002/health

# Send a message in Jan and verify:
# 1. Jan receives a response
# 2. The request appears in the Keeptrusts audit log

kt events list --limit 5
PolicyPurposeRecommended setting
pii-detectorRedact personal data from desktop chat conversationsaction: redact, entities: PERSON, EMAIL, PHONE
prompt-injectionBlock adversarial prompts pasted into the chatthreshold: 0.8, action: block
dlp-filterPrevent API keys or passwords from being sent to the LLMaction: block for key patterns
audit-loggerFull audit trail for all desktop AI interactionsretention_days: 365, immutable: true
content-filterBlock inappropriate or off-topic contentConfigure based on acceptable use policy

Advanced configuration

Using Jan with local models and governed cloud fallback

Jan supports both local models (via llama.cpp) and remote API endpoints. You can configure Jan to use a local model for low-risk tasks and route through the Keeptrusts gateway only for cloud model requests:

  1. Keep local models configured in Jan for offline or non-sensitive work.
  2. Add the Keeptrusts gateway as a separate OpenAI-compatible endpoint for governed cloud access.
  3. Users select the appropriate model based on sensitivity — local for drafts, governed for production content.

Issuing per-user access keys

For teams deploying Jan across multiple desktops, issue a unique Keeptrusts access key per user. This enables per-user audit trails and role-based model access:

# In the Keeptrusts console, create a scoped access key per user
# Each user configures their Jan instance with their personal key

Map each access key to a Keeptrusts role to control which models each user can access through Jan.

CORS configuration for hosted gateway

If Jan connects to a remote Keeptrusts hosted gateway, ensure CORS is configured to allow requests from the Jan desktop app. The gateway's KEEPTRUSTS_CORS_ALLOWED_ORIGINS should include the Jan app origin.

Troubleshooting

SymptomCauseFix
Jan shows "Connection refused"Gateway not runningStart the gateway: kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml
Jan shows "Unauthorized"API key incorrectSet the correct Keeptrusts access key in Jan settings
No response from JanModel name mismatchEnsure the model name in Jan matches a provider target in the gateway config
Slow responsesGateway adds network hopExpected for local gateway; deploy closer to the user for remote setups
Messages appear in Jan but not in Keeptrusts logJan using a local model instead of the APIVerify Jan is configured to use the remote OpenAI-compatible endpoint, not a local model
Streaming responses cut offTimeout too shortIncrease timeout_seconds in the gateway provider config

For AI systems

  • Canonical terms: Keeptrusts gateway, Jan.ai, Jan desktop, custom endpoint, OpenAI-compatible, API base URL, policy-config.yaml.
  • Config field names: provider, secret_key_ref.env, pii-detector, dlp-filter, audit-logger.
  • Key behavior: Jan sends LLM requests to the Keeptrusts gateway via its custom endpoint setting. The gateway enforces policies and forwards to the upstream provider. No Jan source code changes required.
  • Best next pages: TypingMind integration, OpenAI integration, Policy controls catalog.

For engineers

Prerequisites

  • Jan.ai desktop app installed, kt CLI installed, upstream provider key available.

Validation

  • Send a message in Jan and verify the response appears.
  • Run kt events list --limit 5 and confirm the request was logged.
  • Send a message with PII (e.g., a fake email) and verify it appears redacted in Keeptrusts audit logs.

For leaders

  • Desktop AI applications like Jan are increasingly popular with knowledge workers. Without governance, these tools send company data directly to LLM providers with no audit trail or policy enforcement.
  • Routing Jan through Keeptrusts gives IT and compliance teams visibility into what desktop AI users are asking, without blocking productivity.
  • The audit trail satisfies acceptable-use policy requirements and provides evidence for security audits.
  • No changes to Jan's source code are required — this is a configuration-only deployment.

Next steps