Prova Gateway

Policies enforced.
Receipts signed.

One URL change routes your existing OpenAI client through Prova. Policies and detectors run before the model emits, every decision lands in the Audit Vault as a signed receipt.

New · gateway check

Don't want to route traffic through Prova? Just call POST /api/v1/gateway/check before your model call. Prova evaluates your policies + detectors and returns action: allow | alert | block in < 100ms. You stay in control of the LLM call; Prova just tells you whether to proceed.

Read the gateway-check guide →
p50 overhead<80ms
fail-opendefault; guarantee mode is opt-in fail-closed
streamingsupported (action in trailer header)
providers6 supported

One line of code

Point your OpenAI client at the Prova gateway. Your API key, your model, and your prompts stay exactly the same.

Before

const openai = new OpenAI({
  baseURL: "https://api.openai.com/v1",
  apiKey: process.env.OPENAI_API_KEY,
})

After

const openai = new OpenAI({
  baseURL: "https://api.prova.cobound.dev/v1",
  apiKey: process.env.OPENAI_API_KEY,
  defaultHeaders: {
    "X-Prova-Key": process.env.PROVA_API_KEY,
    "X-Prova-Policy": "enforce",
  },
})

Python

from openai import OpenAI

client = OpenAI(
    base_url="https://api.prova.cobound.dev/v1",
    api_key=os.environ["OPENAI_API_KEY"],
    default_headers={
        "X-Prova-Key": os.environ["PROVA_API_KEY"],
        "X-Prova-Policy": "enforce",
    },
)

resp = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "..."}],
)

# Prova action + receipt are always in the response headers
print(resp._raw_response.headers["X-Prova-Action"])   # allow | alert | block
print(resp._raw_response.headers["X-Prova-Receipt"])  # PRV-2026-5573

Two modes

Set X-Prova-Policy to observe or enforce, per request or as a default header. Every call gets a verdict (allow, alert, or block) in the X-Prova-Action response header; the mode decides whether a block verdict stops the call.

observedefault

Run policies and detectors on every call, record a signed receipt, and return the model response unchanged. The verdict comes back in the X-Prova-Action response header and on the receipt, but the call always proceeds. Use this to build the audit trail without touching your serving path.

X-Prova-Policy: observe
X-Prova-Action: alert
{
  "action": "alert",
  "findings": [{ "detector": "prompt_injection", "severity": "high" }],
  "receipt_id": "PRV-2026-BDC2"
}
enforcecompliance gating

Same evaluation, but a block verdict stops the request with HTTP 422 before it reaches the model, and the blocked attempt is written to the Audit Vault. An alert verdict still proceeds with HTTP 200 and the finding on its receipt. The decision is made before forwarding, so streaming is gated the same way. Fail-open: if Prova is unreachable the call still proceeds, so enforcement never takes your inference down. Use this at compliance-critical decision points: credit, clinical, legal.

X-Prova-Policy: enforce
HTTP 422   // block verdict
{
  "error": "PROVA_BLOCKED",
  "findings": [{ "policy": "secret_in_prompt" }],
  "receipt_id": "PRV-2026-3DC6"
}
guaranteefail-closed

Enforce, plus fail-closed: if the gate cannot be reached the call is blocked (HTTP 503) rather than allowed through unscreened. This is the tier that turns attestation into a guarantee for routed traffic. "A disallowed call is blocked before it runs" holds even during a Prova outage, trading availability for the guarantee. Each gateway-routed call carries a signed marker proving the tier it passed, so your coverage is a measured number.

X-Prova-Policy: guarantee
HTTP 503   // gate unreachable
{
  "error": "PROVA_GATE_UNREACHABLE",
  "message": "fail-closed: blocked",
  "x-prova-policy": "guarantee"
}

You choose the fail posture

By default the gateway is fail-open: if policy or detector evaluation fails for any reason (timeout, detector overload, ingest backpressure), the original model response is returned unmodified with action UNVERIFIED, HTTP 200, so your application never fails because of Prova. SLA: 99.5% of calls complete within 1.5s of the model response finishing.

On the paths where a missed screen is worse than a failed call, opt into guarantee mode: the gate is fail-closed, so an unreachable Prova blocks the call (HTTP 503) instead of letting it through unscreened. That is what makes a guarantee a guarantee.

UNVERIFIED responses include X-Prova-Reason explaining why evaluation was skipped.

Provider matrix

Prova is OpenAI-compatible. Any provider that exposes the /v1/chat/completions interface works. Pass X-Prova-Upstream to target non-OpenAI providers.

ProviderModelsStatus
OpenAIgpt-4o, gpt-4o-mini, o3GA
Anthropicclaude-sonnet-4-6, claude-opus-4-7GA
Azure OpenAIAll deployments via /openai/deployments/*GA
Mistralmistral-large, mistral-smallbeta
Groqllama-3.3-70b, mixtral-8x7bbeta
Together AIAny OpenAI-compatible endpointbeta

Targeting Anthropic directly

curl https://api.prova.cobound.dev/v1/chat/completions \
  -H "Authorization: Bearer $ANTHROPIC_API_KEY" \
  -H "X-Prova-Key: $PROVA_API_KEY" \
  -H "X-Prova-Upstream: https://api.anthropic.com/v1" \
  -H "X-Prova-Policy: enforce" \
  -d '{"model": "claude-sonnet-4-6", "messages": [...]}'

Latency characteristics

Prova runs policy + detector evaluation concurrently with response streaming. For non-streaming calls, the overhead is the evaluation step only. The model call itself is not slowed.

MetricValueNote
p50 eval overhead<80mssync detectors + policy evaluation
p95 eval overhead<220msasync detectors sampled
p99 eval overhead<1.5swrapped timeout for async detectors
Streaming TTFB delta0mstokens stream through unblocked; action in trailer
Fail-open timeout1.5safter model finishes; then UNVERIFIED

Gateway mode · live

Point your existing OpenAI client at the Prova gateway. Policies and detectors run before the model emits, every decision lands in the Audit Vault as a signed receipt. No SDK change. No pipeline rewrite.

// Before
const openai = new OpenAI({
  baseURL: "https://api.openai.com/v1",
  apiKey: process.env.OPENAI_API_KEY,
})
// After. Every response is verified by Prova
const openai = new OpenAI({
  baseURL: "https://api.prova.cobound.dev/v1",
  apiKey: process.env.OPENAI_API_KEY,
  defaultHeaders: { "X-Prova-Policy": "flag" },
})

Try a live call

Pick a scenario. We run a real model call through the gateway, evaluate it against the live policy + detector set, and return the action with a signed receipt.

Policies: observe (default, attach verdict), flag (append warning for INVALID), strict (block INVALID with 422).