Proxy (OpenAI / Anthropic Compatible)
Drop-in proxies that wrap OpenAI Chat Completions, OpenAI Responses, and Anthropic Messages. Point your existing SDK at Trinitite and every call is governed by a Guardian, identified to an NHI, hash-chained to the audit ledger, and counted against economic session limits — without changing application code.
For a Trinitite-native call where the platform runs both inference and governance internally, see Chat (Guardian Mode).
Endpoints
| Method | Path | Purpose |
|---|---|---|
POST | /v1/proxy/chat/completions | OpenAI Chat Completions proxy |
POST | /v1/proxy/responses | OpenAI Responses API proxy |
POST | /v1/proxy/anthropic/messages | Anthropic Messages API proxy |
GET | /v1/proxy/logs | List proxy call logs |
GET | /v1/proxy/logs/{log_id} | Get one proxy call log |
For credential vaulting, see Provider Credentials. For the NHI lifecycle the proxy enforces, see Identities.
SDK redirect
The OpenAI and Anthropic SDKs honour an environment variable for the base URL — that's the entire client-side change.
# OpenAI Python / Node SDK
export OPENAI_BASE_URL=https://api.trinitite.ai/v1/proxy
export OPENAI_API_KEY=$TRINITITE_API_KEY
# Anthropic SDK
export ANTHROPIC_BASE_URL=https://api.trinitite.ai/v1/proxy/anthropic
export ANTHROPIC_API_KEY=$TRINITITE_API_KEY
The same OPENAI_BASE_URL works for both client.chat.completions.create(...) and client.responses.create(...) — the SDK chooses the path.
Authentication & headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <api_key> — proxy endpoints are API-key only (sessions are not accepted) |
X-Trinitite-Credential-Id | Yes | The vaulted upstream provider credential to use |
X-Trinitite-Nhi-Id | Conditional | NHI principal making the call |
X-Trinitite-Nhi-Token | Conditional | JIT token from POST /v1/proxy/nhi/tokens |
X-Trinitite-Workload-Origin | Conditional | Required alongside any NHI header |
Either X-Trinitite-Nhi-Id or X-Trinitite-Nhi-Token may be omitted for non-NHI callers; both may be present for high-assurance calls.
The API key's scope must include the requested Guardian (or *:*).
The Trinitite envelope
All proxy endpoints accept an optional trinitite key on the request body. It carries Guardian and NHI directives and is stripped before the request is forwarded to the upstream provider:
{
"model": "gpt-4o",
"messages": [
{ "role": "user", "content": "Summarise yesterday's incidents." }
],
"trinitite": {
"guardian": {
"name": "PII-Redactor",
"instructions": "Redact any PII before returning."
},
"nhi": { "id": "nhi_01JF8RNHI1A2B3C4D5E6F7G8H9" }
}
}
If trinitite.guardian is omitted but X-Trinitite-Nhi-Id is set, the proxy auto-resolves the NHI's highest-priority active Guardian assignment (in output or bidirectional mode). See Identities → Guardian binding for the assignment surface.
POST /v1/proxy/chat/completions
OpenAI Chat Completions proxy. Drop-in replacement for https://api.openai.com/v1/chat/completions. Streaming and non-streaming both supported ("stream": true returns text/event-stream).
Multi-turn tool-use conventions (assistant turns with content: null + tool_calls, followed by role: "tool" results) are round-tripped unchanged to preserve compatibility with OpenAI Agents SDK, LangGraph, AutoGen, and CrewAI.
- Python (OpenAI SDK)
- JavaScript (OpenAI SDK)
import os
from openai import OpenAI
client = OpenAI(
base_url="https://api.trinitite.ai/v1/proxy",
api_key=os.environ["TRINITITE_API_KEY"],
default_headers={
"X-Trinitite-Credential-Id": "cred_01JF8RCRD1A2B3C4D5E6F7G8H9I",
"X-Trinitite-Nhi-Id": "nhi_01JF8RNHI1A2B3C4D5E6F7G8H9",
"X-Trinitite-Workload-Origin": "k8s://prod/agent-pool/inference-bot",
},
)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Summarise yesterday's incidents."}],
extra_body={"trinitite": {"guardian": {"name": "PII-Redactor"}}},
)
import OpenAI from 'openai';
const client = new OpenAI({
baseURL: 'https://api.trinitite.ai/v1/proxy',
apiKey: process.env.TRINITITE_API_KEY,
defaultHeaders: {
'X-Trinitite-Credential-Id': 'cred_01JF8RCRD1A2B3C4D5E6F7G8H9I',
'X-Trinitite-Nhi-Id': 'nhi_01JF8RNHI1A2B3C4D5E6F7G8H9',
'X-Trinitite-Workload-Origin': 'k8s://prod/agent-pool/inference-bot',
},
});
const response = await client.chat.completions.create({
model: 'gpt-4o',
messages: [{ role: 'user', content: "Summarise yesterday's incidents." }],
// OpenAI SDK passes unknown fields straight through:
trinitite: { guardian: { name: 'PII-Redactor' } },
});
POST /v1/proxy/responses
OpenAI Responses API proxy. Drop-in replacement for https://api.openai.com/v1/responses.
Supports the full Responses API surface:
input— string or response-item array (message,function_call,function_call_output,reasoning,mcp_list_tools,mcp_call)instructions— system-style prompttools— function tools and hosted built-ins (web_search,file_search,code_interpreter,image_generation,computer_use, hostedmcp)tool_choice,parallel_tool_calls,previous_response_id,store,metadata,include,truncation,safety_identifierreasoning: { effort, summary, encrypted_content }for reasoning models (o-series, GPT-5)max_output_tokens- Streaming (
"stream": true)
Governance parity with Chat Completions: the proxy normalises output[] into a neutral internal form for evaluation, then round-trips corrections back into the canonical output[] shape.
POST /v1/proxy/anthropic/messages
Anthropic Messages API proxy. Drop-in replacement for https://api.anthropic.com/v1/messages. Supports Claude-specific fields including thinking, anthropic_betas, and Anthropic-format tool definitions (auto-converted from input_schema to parameters).
Hosted MCP via mcp_servers (automatic beta injection)
The proxy detects both shapes and injects the matching beta header — clients never set it manually:
| Client sends | Proxy injects |
|---|---|
mcp_servers: [...] (legacy top-level) | anthropic-beta: mcp-client-2025-04-04 |
tools: [{ "type": "mcp_toolset", ... }] (current) | anthropic-beta: mcp-client-2025-11-20 |
If the client also supplies anthropic_betas, those values are merged with the auto-injected ones (client values always pass through).
Streaming
All three proxy endpoints support "stream": true. The proxy preserves SSE chunk format and emits final governance summary fields (when applicable) at stream close. Streaming requests are still logged, hash-chained, and counted against NHI economic sessions.
Hosted MCP vs Trinitite's MCP Gateway
| Surface | What it is |
|---|---|
| Hosted MCP (provider-native) | A feature of the upstream LLM provider (OpenAI Responses tools: [{ "type": "mcp" }], Anthropic mcp_servers). The proxy forwards calls, captures mcp_list_tools / mcp_call events, and writes them into proxy logs. |
| Trinitite MCP Gateway | A governed aggregator for your own upstream MCP servers, with pre/post-call governance, per-tool certification, and deterministic receipts. See MCP Gateway. |
Both can be used in the same deployment.
Proxy logs
GET /v1/proxy/logs
List proxy call logs with cursor pagination.
| Query | Type | Description |
|---|---|---|
provider | string | openai, anthropic, azure_openai, custom |
model | string | Filter by model name |
governance_status | string | passed, corrected, blocked, direct |
start_timestamp / end_timestamp | RFC 3339 | Time window |
limit | integer | Default 50, max 500 |
cursor | string | Opaque cursor |
{
"data": [
{
"log_id": "log_01JF8RPL1A2B3C4D5E6F7G8H9I",
"timestamp": "2026-05-01T15:42:00Z",
"provider": "openai",
"model": "gpt-4o",
"governance_status": "corrected",
"governance_action": "Removed PII from response",
"correction_count": 1,
"block_reason": null,
"guardian_id": "gov_01JF8R3M3X4N5Q6T7V8W9Y0Z1A",
"prompt_tokens": 240,
"completion_tokens": 84,
"total_tokens": 324,
"reasoning_tokens": 0,
"provider_latency_ms": 612,
"total_latency_ms": 718,
"has_tool_calls": false,
"has_thinking": false,
"stop_reason": "stop",
"user_id": null,
"nhi_id": "nhi_01JF8RNHI1A2B3C4D5E6F7G8H9",
"api_key_id": "key_01JF8RKE1A2B3C4D5E6F7G8H9I",
"ip_address": "203.0.113.42",
"correlation_id": "req_01JF8RRQ1Z2Y3X4W5V6U7T8S9R",
"tuple_hash": "sha256:e3b0c4...",
"chain_hash": "sha256:def987...",
"prev_hash": "sha256:abc123...",
"payload_salt_id": "salt_01JF...",
"payload_hmac": "hmac:...",
"payload_shredded": false
}
],
"page": { "limit": 50, "next_cursor": null, "has_more": false }
}
GET /v1/proxy/logs/{log_id}
Returns the single log object plus parsed corrections[] and violations[] arrays.
Hash chain & crypto-shredding
| Field | Description |
|---|---|
tuple_hash | SHA-256 of the request + governance decision tuple |
chain_hash | SHA-256(prev_hash + tuple_hash); links rows |
prev_hash | Previous row's chain hash; null for the first entry |
payload_salt_id | KMS-managed salt used to compute payload_hmac |
payload_hmac | HMAC of the sensitive payloads |
payload_shredded | true after a DSR shred run destroyed the salt |
When a DSR runs, the per-row salt is destroyed. The payload HMAC becomes unverifiable and the original payloads are cryptographically unrecoverable, but the chain remains intact for audit.
Errors
The proxy preserves upstream provider error semantics — 400 from OpenAI is returned as 400 from Trinitite. Trinitite-specific errors use the platform error envelope.
| HTTP | error.code | Cause |
|---|---|---|
400 | validation_error | Body or headers failed schema validation |
401 | unauthenticated | Missing or invalid API key |
403 | forbidden | API key scope lacks the requested Guardian |
403 | governance_blocked | Guardian blocked the response. Verdict in body |
403 | nhi_token_invalid | NHI JIT token rejected |
404 | credential_not_found | X-Trinitite-Credential-Id is unknown / revoked |
409 | economic_session_limit_exceeded | NHI economic session breaker tripped |
422 | model_not_allowed | Credential's allowed_models excludes the requested model |
502 | upstream_error | Provider returned a non-recoverable error |
504 | upstream_timeout | Provider timed out |
Next steps
- Vault upstream provider keys → Provider Credentials
- Identify autonomous workloads to the proxy → Identities
- Govern every MCP tool call → MCP Gateway
- Inspect a verdict end-to-end → Logs API