Skip to main content

5-Minute Quickstart

One API key. One endpoint. Three outcomes.

This guide gets you from a fresh Trinitite account to a working Passed / Corrected / Blocked decision in under five minutes. We'll skip the architecture deep-dive — see What is Trinitite and Architecture for that.

Prerequisites

A Trinitite account. If you don't have one yet, request a demo and we'll provision a sandbox tenant.

1 — Get your API key

export TRINITITE_API_KEY="tk_test_••••••"
export TRINITITE_BASE="https://api.trinitite.ai"

Trinitite uses long-lived bearer tokens. Sandbox keys are prefixed tk_test_; production keys are tk_live_. Rotate keys at any time from the dashboard — see the Authentication API.

2 — Pick a starter Guardian

Every Trinitite tenant ships with a baseline set of Guardians you can use immediately:

GuardianWhat it enforces
pii-redactorSurgical PII removal (SSN, card, address, DOB, email)
sql-safeCollapses destructive SQL to read-only queries
secret-scrubberCatches API keys, bearer tokens, and live credentials in outputs
customer-supportFriendly tone + bounded scope for support agents

You can list everything available to your tenant with GET /v1/guardians — see the Guardians endpoint.

3 — Send your first governed call

curl "$TRINITITE_BASE/v1/chat" \
  -H "Authorization: Bearer $TRINITITE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "guardian": "pii-redactor",
    "input": [{
      "role": "assistant",
      "content": "Customer SSN on file is 123-45-6789."
    }]
  }'

You should get back a corrected response with a single RFC 6902 JSON Patch operation:

{
  "outcome": "corrected",
  "corrections": [
    {
      "op": "replace",
      "path": "/0/content",
      "value": "Customer SSN on file is [SSN-REDACTED]."
    }
  ],
  "ledger_id": "lg_01HXY8K9N3...",
  "latency_ms": 138,
  "policy_hash": "0xa83f...",
  "guardian_version": "pii-redactor@1.4.0"
}

4 — Interpret the verdict

The outcome field is the entire contract. Three possible values:

OutcomeWhat happenedRecommended client behavior
passedOutput is fully compliant.Use the original output unchanged.
correctedViolation detected, autocorrected.Apply the corrections patches to the original input.
blockedCritical violation that cannot be safely corrected.Surface the 403-style error to the caller. Do not retry.

Apply corrections deterministically with any RFC-6902-compliant library (e.g. fast-json-patch for Node, jsonpatch for Python).

5 — (Optional) Drop in as an OpenAI proxy

If you'd rather not change your application code, point your existing OpenAI SDK at the Trinitite proxy:

# Before
OPENAI_BASE_URL=https://api.openai.com/v1

# After
OPENAI_BASE_URL=https://api.trinitite.ai/v1/proxy
OPENAI_API_KEY=$TRINITITE_API_KEY     # Trinitite key forwards your provider key from a vaulted credential

Every call then routes through a Guardian, returns corrected outputs as already-applied patches, and writes a Glass Box Ledger receipt for every decision. See the Proxy endpoint for credential vaulting and provider routing.

What's next

Architecture — the full picture of how a Guardian works.

Cookbook — task-oriented recipes (LangChain, Claude Code, MCP, SIEM export, …).

Verdict Playground — paste any output and watch the Guardian decide live.

Compliance Matrix — how Trinitite maps to HIPAA / SOC 2 / GDPR / EU AI Act / NIST AI RMF.

Last updated on