Zero-Trust AI Gateway
for Teams That Can't Compromise

Corveil sits between your users and AI providers, giving you complete control over every request — with virtual API keys, spend tracking, guardrails, and full audit logging.

Book a Demo →

Built For

Your World, Your Requirements

Secure AI for Government Environments

  • Zero-trust architecture — every request authenticated, every response logged
  • FIPS 140-2 compliant security headers and encryption standards
  • AWS GovCloud ready — deploy within your authorization boundary
  • Full audit logging — complete request/response capture for compliance
  • CUI-approved model routing — control which models handle sensitive data
  • Virtual API keys — provider credentials never exposed to end users

AI Guardrails Your Security Team Controls

  • Guardrails pipeline — pre/post-call content filtering on every request
  • PII filtering — detect and redact sensitive data before it reaches providers
  • Jailbreak detection — block prompt injection and adversarial inputs
  • Content moderation — enforce acceptable use policies automatically
  • Budget enforcement — per-user and per-team spend limits with alerts
  • Incident-ready logging — full payloads for security investigation

One Endpoint, Every Model

  • OpenAI-compatible API — drop-in replacement, no SDK changes
  • 200+ models via OpenRouter, Vertex AI, and Bedrock from one endpoint
  • Multi-provider routing — switch models with a config change, not a refactor
  • Streaming support — real-time token streaming across all providers
  • Usage analytics — per-model cost tracking and request metrics
  • No vendor lock-in — your code stays clean, Corveil handles the plumbing

Capabilities

Everything You Need to Control AI Access

A unified gateway that handles authentication, cost management, security, and observability.

Virtual API Keys

Issue scoped keys to users and teams. Real provider credentials stay locked in your infrastructure — never exposed.

Spend Tracking & Budgets

Real-time cost tracking per user, team, and API key. Set hard budget limits and get alerts before overruns.

Request Logging & Audit

Full request/response capture with structured metadata. Built for compliance audits and incident investigation.

Guardrails & Content Filtering

Pre- and post-call filtering pipeline. PII detection, jailbreak prevention, and content moderation — inline, not bolted on.

Multi-Provider Routing

Access 200+ models through OpenRouter, Vertex AI, and Bedrock. One endpoint, zero provider lock-in.

OpenAI-Compatible API

Drop-in replacement for any OpenAI SDK client. Streaming, function calling, and tool use — all supported.

How It Works

Three Steps to Controlled AI Access

Deploy Corveil in front of your AI providers and gain immediate visibility and control.

1

Connect

Point your AI clients at Corveil's OpenAI-compatible endpoint. Add your provider credentials once.

2

Control

Issue virtual API keys, set budgets, and configure guardrails. Define who can access which models.

3

Monitor

Track spend in real time, review audit logs, and get alerts. Full visibility into every AI interaction.

Get Started

Deploy Corveil in Minutes

Choose the deployment method that fits your infrastructure.

Shell 
helm upgrade --install corveil oci://ghcr.io/radiusmethod/corveil-helm/corveil-chart \
            --set corveil.environment=development \
            --set corveil.devLoginEnabled=true \
            --set providers.openrouter.apiKey="sk-or-xxx"

Requires Helm 3.x and a running Kubernetes cluster.

Shell 
git clone https://github.com/radiusmethod/corveil.git
cd corveil
docker compose up -d

Starts Corveil, PostgreSQL, and Redis with sensible defaults.

Shell 
curl -sSL https://get.radiusmethod.com/corveil | sh
corveil serve --port 8080

Single binary for Linux and macOS. No containers required.

Try It Out

Chat with AI from Your Terminal

Connect your favorite AI tool to Corveil in minutes.

1. Install aichat

Shell 
# macOS
brew install aichat

# Linux / Windows
cargo install aichat

2. Configure aichat

Open your aichat config file. Run aichat --info to find its location, then add a Corveil client:

YAML 
clients:
- type: openai-compatible
  name: corveil
  api_base: https://your-corveil-host/v1    # must include /v1
  api_key: sk-corveil-your-key-here
  models:
  - name: or-claude-haiku-4.5
  - name: or-gpt-5.1

Replace your-corveil-host with your Corveil URL and sk-corveil-your-key-here with your virtual API key. List any models your key has access to — check GET /v1/models for the full list.

3. Start chatting

Shell 
# One-shot query
aichat -m corveil:or-claude-haiku-4.5 "Explain zero-trust architecture"

# Interactive session
aichat -m corveil:or-claude-haiku-4.5

Every request flows through Corveil — authenticated, logged, and governed by your guardrails and budget policies.

Prerequisites

  • A running Corveil instance (see deployment options above)
  • A Corveil virtual API key (sk-corveil-...) — create one from the Corveil admin panel or CLI
  • Claude Code installed

1. Configure Claude Code

Corveil supports two authentication modes. Choose the one that fits your setup:

Option A: Direct API Key (Corveil manages the Anthropic key)

Your ANTHROPIC_API_KEY is a Corveil virtual key. Corveil authenticates the request and forwards it upstream using its own provider credentials.

Shell (env vars) 
export ANTHROPIC_BASE_URL="https://your-corveil-host"
export ANTHROPIC_API_KEY="sk-corveil-your-key-here"

Or configure via settings.json (project .claude/settings.json or global ~/.claude/settings.json):

JSON (settings.json) 
{
  "env": {
    "ANTHROPIC_BASE_URL": "https://your-corveil-host",
    "ANTHROPIC_API_KEY": "sk-corveil-your-key-here"
  }
}

Option B: Passthrough (use your own Claude subscription)

Your own Anthropic API key or OAuth token is sent directly to Anthropic. A separate x-corveil-api-key header authenticates with Corveil for tracking and guardrails.

Shell (env vars) 
export ANTHROPIC_BASE_URL="https://your-corveil-host"
export ANTHROPIC_CUSTOM_HEADERS="x-corveil-api-key: sk-corveil-your-key-here"

Or configure via settings.json:

JSON (settings.json) 
{
  "env": {
    "ANTHROPIC_BASE_URL": "https://your-corveil-host",
    "ANTHROPIC_CUSTOM_HEADERS": "x-corveil-api-key: sk-corveil-your-key-here"
  }
}

These can be set in Claude Code's settings file at the project level (.claude/settings.json) or globally (~/.claude/settings.json). See the Claude Code settings documentation for details.

Replace your-corveil-host with your Corveil URL and sk-corveil-your-key-here with your virtual API key. If using env vars, reload your shell or run source ~/.zshrc.

2. Launch Claude Code

Start Claude Code as usual — it will automatically route all requests through Corveil:

Shell 
claude

3. Verify the connection

Ask Claude Code a simple question. If it responds, requests are flowing through Corveil. You can confirm by checking the Corveil dashboard or logs for the incoming request.

Shell 
# Check Corveil logs for the request
corveil logs --tail 5

How it works

Claude Code natively supports the ANTHROPIC_BASE_URL environment variable. When set, all API requests are sent to that URL instead of the default api.anthropic.com:

  • Routing: Claude Code sends all Anthropic API requests to your Corveil host
  • Direct mode (Option A): ANTHROPIC_API_KEY is sent as the standard x-api-key header. Corveil uses it for auth, spend tracking, and policy enforcement, then forwards the request upstream using its own provider credentials
  • Passthrough mode (Option B): x-corveil-api-key (via ANTHROPIC_CUSTOM_HEADERS) authenticates with Corveil for tracking and guardrails. The user's own OAuth token or API key flows through the Authorization header to Anthropic
  • Full visibility: In both modes, every request and response is logged, guardrails are enforced, and costs are tracked — all transparent to the Claude Code user

Troubleshooting

  • 401 Unauthorized (Direct mode): Verify your ANTHROPIC_API_KEY matches a valid Corveil virtual API key
  • 401 Unauthorized (Passthrough mode): Verify your x-corveil-api-key header value is a valid Corveil virtual API key, and that your Anthropic credentials are valid
  • Connection refused: Ensure your Corveil instance is running and the ANTHROPIC_BASE_URL is reachable
  • Environment not picked up: Make sure you reloaded your shell after adding the exports, or set them in the same terminal session. If using settings.json, ensure the file is valid JSON and in the correct location
  • Custom headers not sent: Verify ANTHROPIC_CUSTOM_HEADERS uses the format header-name: value (colon-space separated)
  • Model not available: Ensure your Corveil instance has the requested Anthropic models configured in its provider settings

Prerequisites

  • A running Corveil instance (see deployment options above)
  • A Corveil virtual API key (sk-corveil-...) — create one from the Corveil admin panel or CLI
  • OpenClaw installed and running (openclaw gateway run or the Mac app)
  • An existing Anthropic API key or OAuth session configured in OpenClaw

1. Configure the Anthropic provider

Tell OpenClaw to route Anthropic requests through Corveil by setting a custom baseUrl and adding your Corveil API key as a header. This uses OpenClaw's passthrough mode — your existing Anthropic credentials are forwarded upstream automatically.

Shell 
openclaw config set models.providers.anthropic '{
  "baseUrl": "https://your-corveil-host",
  "api": "anthropic-messages",
  "headers": {
    "x-corveil-api-key": "sk-corveil-your-key-here"
  },
  "models": [
    {
      "id": "claude-sonnet-4-6",
      "name": "Claude Sonnet 4.6",
      "reasoning": true,
      "input": ["text", "image"],
      "cost": { "input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0 },
      "contextWindow": 200000,
      "maxTokens": 16384
    }
  ]
}'

Replace your-corveil-host with your Corveil URL and sk-corveil-your-key-here with the virtual API key you created. Add additional models to the models array as needed. Setting costs to 0 is recommended since Corveil tracks spend on its side.

2. Restart the gateway

The configuration change requires a gateway restart to take effect:

Shell 
# If using the Mac app, restart from the menu bar
# Otherwise:
openclaw gateway restart

3. Verify the connection

Check that the provider is configured and reachable:

Shell 
# Check provider status
openclaw channels status --probe

# Send a test message
openclaw message send "Hello from OpenClaw via Corveil"

If the message goes through, every request is now flowing through Corveil with spend tracking, logging, and guardrails active.

How passthrough mode works

OpenClaw's passthrough mode lets Corveil sit transparently between OpenClaw and the upstream AI provider:

  • Routing: OpenClaw sends requests to your Corveil host instead of directly to api.anthropic.com
  • Corveil auth: The x-corveil-api-key header authenticates the request with Corveil for spend tracking and policy enforcement
  • Upstream auth: Your existing Anthropic credentials (OAuth token or API key) are forwarded to the upstream provider automatically — Corveil does not need to store provider keys
  • Full visibility: Corveil logs every request/response, enforces guardrails, and tracks costs — all without changing how OpenClaw handles conversations

Troubleshooting

  • 401 Unauthorized from Corveil: Verify your x-corveil-api-key is valid and has not expired
  • 401 from upstream provider: Check that your Anthropic credentials are still configured in OpenClaw (openclaw config get models.providers.anthropic)
  • Connection refused: Ensure your Corveil instance is running and the baseUrl is reachable from the machine running OpenClaw
  • Model not found: The model IDs in your config must match models available through your Corveil instance

Marketplace

Extend Corveil with Plugins & Templates

A growing ecosystem of guardrails, connectors, and workflow automations.

Guardrail Plugins

PII redaction, jailbreak detection, content moderation, and more — plug in the safety layers you need.

6 Built-in

Model Connectors

OpenRouter, Vertex AI, Bedrock, and Azure OpenAI. Connect to any provider through a unified interface.

4 Available

Workflow Templates

Pre-built automations for cost alerting, webhook notifications, and approval gates.

3 Templates

Analytics Modules

Cost dashboards, usage heatmaps, and model comparison tools for data-driven decisions.

Coming Soon
Explore the Marketplace →

Integrations

Connects to Your Entire Stack

SDKs, infrastructure tools, and security platforms — all supported out of the box.

Developer & API

  • Python SDK
  • Node.js SDK
  • REST API
  • Webhooks
  • Claude Code
  • OpenClaw

Infrastructure

  • Kubernetes & Helm
  • CI/CD Pipelines
  • SIEM Forwarding
  • SSO / OIDC
View All Integrations →

See Corveil in Action

Book a 15-minute walkthrough and see how Corveil fits your environment.

Book a Demo → Contact Us

Or email us directly at contact@radiusmethod.com