> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wardin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Claude Code

> Route all Claude Code traffic through Wardin for team cost tracking and policy enforcement.

Claude Code reads `ANTHROPIC_AUTH_TOKEN` and `ANTHROPIC_BASE_URL` from the environment. Point those at Wardin and every Claude Code session is automatically tracked, budgeted, and policy-enforced — no changes to how your team uses Claude Code.

## Setup

```bash theme={null}
export ANTHROPIC_AUTH_TOKEN=wardin_sk_YOUR_KEY
export ANTHROPIC_BASE_URL=https://gw.wardin.ai
```

<Note>
  `ANTHROPIC_API_KEY` works too — the gateway accepts both the `Authorization: Bearer`
  and `x-api-key` auth headers. `ANTHROPIC_AUTH_TOKEN` is preferred for gateways
  because Claude Code treats it as a proxy credential and won't prompt about a
  custom API key.
</Note>

Add these to your shell profile (`~/.zshrc`, `~/.bashrc`) or your team's shared environment setup.

You can also set them per-project using a `.env` file (never commit it) or your shell's `direnv` setup.

## What gets tracked

Once routed through Wardin, every Claude Code request appears in the dashboard with:

* **Token usage** — input, output, cache creation, cache read (split correctly for Claude Code's prompt-caching-heavy workload)
* **Cost** — broken down by token type
* **Session grouping** — Claude Code requests are grouped into sessions automatically using idle-timeout bucketing (30-minute sliding window). One coding task = one session.
* **Model** — which Claude model was used for each request

## Issuing team keys

Create one virtual key per developer:

```bash theme={null}
# Create a key for each developer
curl -X POST https://api.wardin.ai/v1/keys \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "alice-claude-code",
    "monthlyBudgetUsd": 100,
    "ownerId": "user_alice_id"
  }'
```

Send each developer their `wardin_sk_` key. They set `ANTHROPIC_AUTH_TOKEN=wardin_sk_...` and nothing else changes. (Keys can also be created in the dashboard: **Console → Keys & Limits**.)

## CI / headless usage

For CI pipelines, create a separate key with its own budget pool:

```bash theme={null}
curl -X POST https://api.wardin.ai/v1/keys \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ci-claude-code",
    "monthlyBudgetUsd": 200,
    "rpmLimit": 20
  }'
```

CI keys return structured JSON errors on `429`/`403` — no HTML, no human-readable pages.

## Model allowlist for Claude Code

If you want to restrict Claude Code to specific models (e.g., block Opus for cost control):

```bash theme={null}
curl -X POST https://api.wardin.ai/v1/policies \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "claude-code-models",
    "type": "model_allowlist",
    "config": {
      "models": ["claude-sonnet-4-6", "claude-haiku-4-5"]
    }
  }'
```

Claude Code will receive a `403` with a clear error message if it attempts to use a blocked model.

## Session attribution in the dashboard

Claude Code doesn't send a session ID by default. Wardin groups consecutive requests (\< 30 minutes apart) into sessions automatically. You can also set a session ID explicitly via Claude Code's custom-headers variable:

```bash theme={null}
export ANTHROPIC_CUSTOM_HEADERS="X-Wardin-Session-Id: my-task-$(date +%s)"
```

<Note>
  `ANTHROPIC_CUSTOM_HEADERS` is a Claude Code convention that attaches extra headers
  to every API request. Wardin trusts an explicit `X-Wardin-Session-Id` as-is;
  without it, the idle-timeout bucketing applies.
</Note>
