Internal Anthropic Claude API
One proxy. Many Guardians. One audit trail.
What it does
- Engineering, support, marketing, and finance all get programmatic access to Claude.
- Each business unit has its own Guardian (different rubric, different scopes, different retention).
- All calls share a single forensic ledger and a single rate-limit pool.
Where Trinitite plugs in
| Surface | What governs it |
|---|---|
| The OpenAI / Anthropic SDK in any team's app | The Trinitite proxy endpoint. |
| The vaulted upstream credential | A single tenant-level Anthropic key, vaulted in Provider Credentials. |
| Per-team Guardian routing | The X-Trinitite-Guardian header, set by per-team API keys. |
| Fleet-wide spend ceiling | L1 org-wide ceiling. |
| Per-team spend ceiling | L3 economic session breaker per team. |
| Audit | Single Glass Box Ledger partition for the whole company. |
Why this matters
- One contract with Anthropic, not seven.
- One audit trail that shows every internal Claude call across every team.
- Per-team policy — the support team's Guardian doesn't enforce engineering's coding-guideline clause.
- Drop-in cutover — every team's existing OpenAI / Anthropic SDK keeps working; only the env var changes.
What's next
→ Cookbook: OpenAI redirect — the per-team setup.
→ Cookbook: Multi-tenant fleet — the platform-team setup.