The core problem
Most teams deploying AI at scale stitch together a gateway + observability tool + guardrail service + FinOps tool + productivity tool. Each sits outside the request path, producing dashboards that lag reality, and none of them enforces anything. Wardin sits in the request path — between your code and every LLM provider. That means:- Budgets are enforced before a token is spent, not discovered in a report
- PII is redacted before it leaves your network
- Policies (model allowlist, injection detection) block non-compliant calls at the source
- Every request is attributed to a team, user, and session for ROI tracking
How it works
You point your existing SDK athttps://gw.wardin.ai instead of https://api.anthropic.com. No client code changes.
Key concepts
Virtual Keys
Scoped API keys that proxy to your real provider credentials — with per-key budgets, rate limits, and policies.
Budgets
Hard spending limits enforced via Redis atomic counters before a request is forwarded.
Policies
Model allowlists, prompt injection detection, PII redaction — enforced in-path.
Caching
L1 exact-match and L2 semantic caching reduce spend without changing your prompts.
Sessions
Requests grouped into sessions so cost-per-task is a real metric — built for agentic clients.
Signed Receipts
Every request emits an ED25519-signed, hash-chained receipt — tamper-evident audit evidence.