Skip to main content

AI Gateway

The AI Gateway is KnoxCall’s AI-native proxy layer. It sits between your applications and upstream AI providers (Anthropic and OpenAI are the configurable providers; Bedrock is supported only as a shape-translation target), providing:
  • Phantom tokens — short-lived DPoP-bound capability tokens; your application never holds a raw provider API key.
  • Streaming PII redaction — Aho-Corasick + Presidio detector stack with a configurable hold-back buffer.
  • Prompt injection firewall — built-in heuristic patterns + tenant-supplied regex/keyword rules; optional canary token injection detects system-prompt extraction.
  • Budget enforcement — per-agent daily/monthly USD caps with configurable overage actions.
  • Shape translation — automatic Anthropic ↔ OpenAI request/response translation when routes target a different provider format.
  • Compliance packs — HIPAA Safe Harbor, GDPR, PCI-DSS, and SOC 2 packs install recognizers and audit-log alert rules in one operation.

Authentication

All AI Gateway proxy endpoints authenticate via phantom tokens — capability tokens minted for a specific agent. Send the token via any of the three accepted header schemes:
For DPoP-bound tokens, you must additionally include a valid DPoP header on every request. Admin endpoints (gateway/agent CRUD, token minting) are part of the dashboard/control plane on the admin host. They require a session-authenticated request (session JWT) with the X-Tenant-ID header and an owner/admin role — not a tk_live_... API key.

Execute AI request

The execute (data-plane) endpoint is served on your tenant’s proxy subdomain — https://{slug}.knoxcall.com (sandbox: https://sandbox-{slug}.knoxcall.com), not api.knoxcall.com. Use the agent_url returned when the agent was created as the base URL. Forwards the request to the agent’s configured primary route. The request body must be a valid JSON body for the upstream provider (Anthropic Messages API, OpenAI Chat Completions API, etc.). If the agent has streaming_enabled and the request includes Accept: text/event-stream or "stream": true in the body, the response is streamed as SSE.

Request headers

Response headers

Firewall responses

When the prompt injection firewall blocks a request:
HTTP 400. The firewall always runs regardless of whether a policy is attached (built-in heuristics cannot be disabled).

Shape translation

When the caller’s provider format differs from the route’s target provider format, the AI Gateway translates automatically: Format is detected from the route’s target_base_url (e.g. api.anthropic.com → Anthropic format). Response shapes are translated back to match the caller’s expected format on the buffered path.

Canary token injection

When a firewall policy has canary_enabled: true, the gateway injects a kc_canary_<16hex> token into every system prompt before forwarding upstream. If the model echoes the token verbatim in its response (a sign of system-prompt extraction via prompt injection), the gateway:
  1. Emits an ai_gateway.canary_leak audit log entry at critical severity.
  2. Sets firewall_outcome = "warn" on the usage record.
  3. Fires any compliance-pack alert rules listening on audit_action = 'ai_gateway.canary_leak'.

Compliance packs

Install compliance packs via the Packs API or from the Admin UI. Each pack installs:
  1. PII recognizers — entity-type patterns for the detector stack.
  2. Alert rulesai_gateway_event alerts that fire when specific audit actions appear.
Currently available packs: hipaa-safe-harbor, gdpr, pci-dss, soc2.

OpenTelemetry export

Set OTEL_EXPORTER_OTLP_ENDPOINT to enable per-request span export with GenAI semantic conventions: