Prova Gateway
Policies enforced.
Receipts signed.
One URL change routes your existing OpenAI client through Prova. Policies and detectors run before the model emits, every decision lands in the Audit Vault as a signed receipt.
New · gateway check
Don't want to route traffic through Prova? Just call POST /api/v1/gateway/check before your model call. Prova evaluates your policies + detectors and returns action: allow | alert | block in < 100ms. You stay in control of the LLM call; Prova just tells you whether to proceed.
One line of code
Point your OpenAI client at the Prova gateway. Your API key, your model, and your prompts stay exactly the same.
Before
const openai = new OpenAI({
baseURL: "https://api.openai.com/v1",
apiKey: process.env.OPENAI_API_KEY,
})After
const openai = new OpenAI({
baseURL: "https://api.prova.cobound.dev/v1",
apiKey: process.env.OPENAI_API_KEY,
defaultHeaders: {
"X-Prova-Key": process.env.PROVA_API_KEY,
"X-Prova-Policy": "enforce",
},
})Python
from openai import OpenAI
client = OpenAI(
base_url="https://api.prova.cobound.dev/v1",
api_key=os.environ["OPENAI_API_KEY"],
default_headers={
"X-Prova-Key": os.environ["PROVA_API_KEY"],
"X-Prova-Policy": "enforce",
},
)
resp = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "..."}],
)
# Prova action + receipt are always in the response headers
print(resp._raw_response.headers["X-Prova-Action"]) # allow | alert | block
print(resp._raw_response.headers["X-Prova-Receipt"]) # PRV-2026-5573Two modes
Set X-Prova-Policy to observe or enforce, per request or as a default header. Every call gets a verdict (allow, alert, or block) in the X-Prova-Action response header; the mode decides whether a block verdict stops the call.
Run policies and detectors on every call, record a signed receipt, and return the model response unchanged. The verdict comes back in the X-Prova-Action response header and on the receipt, but the call always proceeds. Use this to build the audit trail without touching your serving path.
X-Prova-Policy: observe
X-Prova-Action: alert
{
"action": "alert",
"findings": [{ "detector": "prompt_injection", "severity": "high" }],
"receipt_id": "PRV-2026-BDC2"
}Same evaluation, but a block verdict stops the request with HTTP 422 before it reaches the model, and the blocked attempt is written to the Audit Vault. An alert verdict still proceeds with HTTP 200 and the finding on its receipt. The decision is made before forwarding, so streaming is gated the same way. Fail-open: if Prova is unreachable the call still proceeds, so enforcement never takes your inference down. Use this at compliance-critical decision points: credit, clinical, legal.
X-Prova-Policy: enforce
HTTP 422 // block verdict
{
"error": "PROVA_BLOCKED",
"findings": [{ "policy": "secret_in_prompt" }],
"receipt_id": "PRV-2026-3DC6"
}Enforce, plus fail-closed: if the gate cannot be reached the call is blocked (HTTP 503) rather than allowed through unscreened. This is the tier that turns attestation into a guarantee for routed traffic. "A disallowed call is blocked before it runs" holds even during a Prova outage, trading availability for the guarantee. Each gateway-routed call carries a signed marker proving the tier it passed, so your coverage is a measured number.
X-Prova-Policy: guarantee
HTTP 503 // gate unreachable
{
"error": "PROVA_GATE_UNREACHABLE",
"message": "fail-closed: blocked",
"x-prova-policy": "guarantee"
}You choose the fail posture
By default the gateway is fail-open: if policy or detector evaluation fails for any reason (timeout, detector overload, ingest backpressure), the original model response is returned unmodified with action UNVERIFIED, HTTP 200, so your application never fails because of Prova. SLA: 99.5% of calls complete within 1.5s of the model response finishing.
On the paths where a missed screen is worse than a failed call, opt into guarantee mode: the gate is fail-closed, so an unreachable Prova blocks the call (HTTP 503) instead of letting it through unscreened. That is what makes a guarantee a guarantee.
X-Prova-Reason explaining why evaluation was skipped.Provider matrix
Prova is OpenAI-compatible. Any provider that exposes the /v1/chat/completions interface works. Pass X-Prova-Upstream to target non-OpenAI providers.
| Provider | Models | Status |
|---|---|---|
| OpenAI | gpt-4o, gpt-4o-mini, o3 | GA |
| Anthropic | claude-sonnet-4-6, claude-opus-4-7 | GA |
| Azure OpenAI | All deployments via /openai/deployments/* | GA |
| Mistral | mistral-large, mistral-small | beta |
| Groq | llama-3.3-70b, mixtral-8x7b | beta |
| Together AI | Any OpenAI-compatible endpoint | beta |
Targeting Anthropic directly
curl https://api.prova.cobound.dev/v1/chat/completions \
-H "Authorization: Bearer $ANTHROPIC_API_KEY" \
-H "X-Prova-Key: $PROVA_API_KEY" \
-H "X-Prova-Upstream: https://api.anthropic.com/v1" \
-H "X-Prova-Policy: enforce" \
-d '{"model": "claude-sonnet-4-6", "messages": [...]}'Latency characteristics
Prova runs policy + detector evaluation concurrently with response streaming. For non-streaming calls, the overhead is the evaluation step only. The model call itself is not slowed.
| Metric | Value | Note |
|---|---|---|
| p50 eval overhead | <80ms | sync detectors + policy evaluation |
| p95 eval overhead | <220ms | async detectors sampled |
| p99 eval overhead | <1.5s | wrapped timeout for async detectors |
| Streaming TTFB delta | 0ms | tokens stream through unblocked; action in trailer |
| Fail-open timeout | 1.5s | after model finishes; then UNVERIFIED |
Gateway mode · live
Point your existing OpenAI client at the Prova gateway. Policies and detectors run before the model emits, every decision lands in the Audit Vault as a signed receipt. No SDK change. No pipeline rewrite.
// Before
const openai = new OpenAI({
baseURL: "https://api.openai.com/v1",
apiKey: process.env.OPENAI_API_KEY,
})// After. Every response is verified by Prova
const openai = new OpenAI({
baseURL: "https://api.prova.cobound.dev/v1",
apiKey: process.env.OPENAI_API_KEY,
defaultHeaders: { "X-Prova-Policy": "flag" },
})Try a live call
Pick a scenario. We run a real model call through the gateway, evaluate it against the live policy + detector set, and return the action with a signed receipt.
Policies: observe (default, attach verdict), flag (append warning for INVALID), strict (block INVALID with 422).