TypingMind
Keeptrusts integrates with TypingMind — a feature-rich AI chat interface — by configuring TypingMind to send its LLM API calls through the Keeptrusts gateway. TypingMind supports custom OpenAI-compatible endpoints, so you replace the default provider URL with your Keeptrusts gateway. The gateway enforces policies, redacts PII, and logs every chat interaction before forwarding to the upstream model provider.
Use this page when
- You are routing TypingMind API calls through Keeptrusts for governance.
- You need the TypingMind settings configuration for a custom Keeptrusts endpoint.
- You want audit logging and policy enforcement on team AI chat interactions.
- If you want a general quickstart instead, see Quickstart.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
Prerequisites
- A TypingMind license (Standard or Custom)
- Keeptrusts CLI (
kt) installed and authenticated (kt auth login) - An upstream LLM provider key exported as an environment variable
- The Keeptrusts gateway running locally or accessible via a hosted gateway URL
Configuration
Gateway policy config
pack:
name: typingmind-governance
version: 1.0.0
enabled: true
providers:
targets:
- id: typingmind-openai
provider: openai:chat:gpt-4o
secret_key_ref:
env: OPENAI_API_KEY
- id: typingmind-claude
provider: anthropic:chat:claude-3-5-sonnet-20241022
secret_key_ref:
env: ANTHROPIC_API_KEY
policies:
chain:
- prompt-injection
- pii-detector
- dlp-filter
- audit-logger
policy:
prompt-injection:
threshold: 0.8
action: block
pii-detector:
action: redact
entities:
- PERSON
- EMAIL_ADDRESS
- PHONE_NUMBER
- CREDIT_CARD
dlp-filter:
patterns:
- name: api-key
regex: "(sk-|sk-ant-)[a-zA-Z0-9]+"
action: block
- name: internal-url
regex: "https?://[a-z0-9-]+\\.internal\\.[a-z]+"
action: redact
audit-logger:
immutable: true
retention_days: 365
log_all_access: true
Start the gateway
export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."
kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml
Setup steps
1. Open TypingMind settings
In TypingMind, click the Settings icon → Model Providers or API Settings.
2. Configure the custom endpoint for OpenAI
| Field | Value |
|---|---|
| API Endpoint | http://localhost:41002/v1 (local) or https://gateway.keeptrusts.com/v1 (hosted) |
| API Key | Your Keeptrusts access key (or unused if the gateway does not require client auth) |
3. Configure for other providers
For Anthropic or other providers, set the same Keeptrusts gateway URL. The gateway routes to the correct upstream provider based on the model name in the request.
4. For TypingMind Custom (self-hosted)
If you run TypingMind Custom for your team, set the endpoint globally in the admin configuration so all team members automatically route through Keeptrusts:
{
"defaultEndpoint": "https://gateway.keeptrusts.com/v1",
"defaultApiKey": "your-keeptrusts-access-key",
"allowCustomEndpoints": false
}
Setting allowCustomEndpoints: false prevents team members from bypassing the gateway.
5. Select a model and start chatting
Choose a model (e.g., GPT-4o) in TypingMind's model selector and send a message. The request flows through the Keeptrusts gateway.
Verification
# Verify the gateway is healthy
curl http://localhost:41002/health
# Send a message in TypingMind and verify:
# 1. TypingMind receives a response
# 2. The request appears in the Keeptrusts audit log
kt events list --limit 5
Recommended policies
| Policy | Purpose | Recommended setting |
|---|---|---|
pii-detector | Redact personal data from team chat conversations | action: redact, entities: PERSON, EMAIL, PHONE, CREDIT_CARD |
prompt-injection | Block adversarial prompts pasted into the chat | threshold: 0.8, action: block |
dlp-filter | Prevent API keys, passwords, and internal URLs from leaking | action: block for credentials, redact for URLs |
audit-logger | Full audit trail for all team AI interactions | retention_days: 365, immutable: true |
rbac | Restrict which team members can access which models | Map TypingMind users to Keeptrusts roles via access keys |
content-filter | Enforce acceptable use policies for team chat | Configure based on company policy |
Advanced configuration
Multi-model governance with TypingMind plugins
TypingMind supports plugins that can call external APIs. When plugins make LLM calls, they bypass the main model endpoint unless you configure the plugin to use the Keeptrusts gateway URL as well. Audit all AI-powered plugin calls by setting the gateway URL in each plugin's API configuration.
Per-team access keys
For TypingMind Custom deployments with multiple teams, issue separate Keeptrusts access keys per team. Each key maps to a role that controls model access:
policy:
rbac:
roles:
engineering:
allowed_models:
- gpt-4o
- claude-3-5-sonnet-20241022
max_tokens_per_request: 8192
marketing:
allowed_models:
- gpt-4o
max_tokens_per_request: 4096
support:
allowed_models:
- gpt-4o-mini
max_tokens_per_request: 2048
Usage analytics
Combine Keeptrusts audit logs with TypingMind's built-in usage tracking to build a complete picture of team AI adoption, cost, and compliance posture.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| TypingMind shows "Network Error" | Gateway not running or unreachable | Start the gateway and verify the URL is accessible from the browser |
| TypingMind shows "Invalid API Key" | Keeptrusts access key incorrect | Regenerate the key in the Keeptrusts console and update TypingMind settings |
| No response from model | Model name not matching a gateway target | Ensure the model name in TypingMind matches a provider target in the gateway config |
| Streaming not working | CORS or proxy issue | Ensure the gateway allows SSE and the browser can reach the gateway URL |
| Team members bypass the gateway | allowCustomEndpoints is true | Set allowCustomEndpoints: false in TypingMind Custom admin config |
| Plugin API calls not governed | Plugin uses its own endpoint | Set the Keeptrusts gateway URL in each plugin's API config |
For AI systems
- Canonical terms: Keeptrusts gateway, TypingMind, TypingMind Custom, custom endpoint, API settings, team chat governance,
policy-config.yaml. - Config field names:
provider,secret_key_ref.env,pii-detector,dlp-filter,audit-logger,rbac. - Key behavior: TypingMind sends LLM requests to the Keeptrusts gateway via its custom endpoint setting. The gateway enforces policies and forwards to the upstream provider. For TypingMind Custom, the endpoint is set globally for all team members.
- Best next pages: Jan.ai integration, OpenAI integration, Policy controls catalog.
For engineers
Prerequisites
- TypingMind license (Standard or Custom),
ktCLI installed, upstream provider key available.
Validation
- Send a message in TypingMind and verify the response appears.
- Run
kt events list --limit 5and confirm the request was logged. - For TypingMind Custom: verify that team members cannot set a custom endpoint when
allowCustomEndpoints: false.
For leaders
- TypingMind is popular for team AI deployments because of its plugin system and multi-model support. Without governance, team members send company data directly to LLM providers.
- TypingMind Custom with Keeptrusts gives teams a managed AI chat experience with built-in compliance. The
allowCustomEndpoints: falsesetting ensures no one can bypass the governance gateway. - Audit trails from Keeptrusts provide evidence for security and compliance reviews of team AI usage.
- Role-based access control lets you assign different model tiers to different teams, controlling both cost and capability.
Next steps
- Jan.ai integration — another desktop AI client with custom endpoint support
- OpenAI integration — upstream provider commonly used with TypingMind
- Access keys — issue scoped keys for TypingMind users
- Policy controls catalog — full reference for all policy types
- Quickstart — install
ktand run your first gateway