Route the traffic.
Point existing AI calls at Aera Gateway where supported, instead of scattering provider access across every app, agent, or workflow.
Keep your existing agent and app shape where supported. Route model traffic through Aera Gateway, attach operating metadata, and enable PriviShield, Vault, Sentinel, telemetry, and evidence controls by route.
Start with the route. Add controls where risk exists.
Adoption starts by moving model traffic onto a governed Gateway route where supported. Your applications can keep a familiar request shape while Aera adds controls around provider access, credentials, sensitive data, runtime decisions, telemetry, and evidence.
Point existing AI calls at Aera Gateway where supported, instead of scattering provider access across every app, agent, or workflow.
Attach tenant, workspace, team, app, agent, workflow, environment, provider, and model metadata where supported.
Enable PriviShield, Vault, Sentinel, telemetry, and evidence according to each route’s risk, data, and operating environment.
Developers can begin with the smallest useful change: route model calls through Aera Gateway where OpenAI-compatible integration is supported. The first step is familiar. The operating path around it becomes governed.
from openai import OpenAI
client = OpenAI(
api_key="AERA_GATEWAY_KEY",
base_url="https://gateway.aera.example/v1"
)
response = client.chat.completions.create(
model="aera/openai/gpt-4o-mini",
messages=[
{"role": "user", "content": "Summarise this customer request."}
],
extra_body={
"metadata": {
"tenant": "customer.demo",
"workspace": "ops",
"team": "support",
"agent": "support.triage",
"workflow": "ticket.summary"
}
}
)Illustration only. Endpoint, key, model, and metadata syntax are confirmed during implementation or onboarding.
A route is more than a provider and model choice. Metadata gives Aera the operating context needed for cost visibility, behavioural telemetry, policy decisions, replay, customer reporting, and team accountability.
Different AI routes carry different risk. Some routes only need visibility. Some need sensitive-data sanitization. Some need Vault-backed credential release. Some need Sentinel review or block mode before execution continues.
Centralise provider access, route metadata, usage records, model selection, and cost visibility.
Detect, redact, mask, strip, block, or route sensitive cases for consent before provider execution where enabled.
Keep credentials and access objects out of model context, then release capabilities through controlled paths where required.
Control continuation using policy, pathway risk, behavioural telemetry, runtime decisions, evidence, trajectory, and replay where integrated.
{
"route": "agent.support.triage",
"provider": "openai",
"model": "gpt-4o-mini",
"controls": {
"privishield": "redact",
"sentinel": "review",
"vault": "on_demand",
"evidence": "metadata_first"
}
}Illustration only. Control names and modes are configured during implementation or onboarding.
If you have built agents, automations, copilots, or internal tools with AI, the first safety step is not a full rebuild. Put a governed route in front of model calls, protect keys, sanitize sensitive prompts, and make agent behaviour visible.
Move direct provider calls onto a Gateway route and migrate credentials into Vault when ready.
Enable PriviShield where supported so common PII, secrets, and unsafe disclosure patterns can be sanitized before provider execution.
Enable Sentinel to observe, review, or block continuation decisions where integrated.
Use run telemetry, cost telemetry, control telemetry, behavioural telemetry, and replayable evidence in supported paths to understand route behaviour.
Developers, internal platform teams, and MSPs need different entry points, but the operating model stays the same: route AI traffic through Gateway, attach metadata, apply controls, and keep telemetry and evidence tied to the customer environment.
Test route metadata, provider access, and control enablement before wider rollout.
Connect provider accounts, teams, workspaces, policies, and evidence posture into a controlled operating path.
Support tenant-aware routing, telemetry, cost visibility, policy posture, privacy decisions, evidence, and replay across managed customer environments.
Private, VPC, or customer-managed deployment patterns depend on release capability, security requirements, and the customer environment.
Aera integration works best when the operating environment is clear: which apps call models, which provider accounts are used, where credentials live, which teams own the routes, and what evidence posture each workflow needs.
Map which apps, agents, workflows, tools, or automations currently call provider APIs.
Identify provider keys, tool credentials, service tokens, and execution rights that should move into controlled handling.
Decide which routes need visibility, PriviShield sanitization, Vault release, Sentinel review, or Sentinel block mode.
Decide how route evidence, telemetry, cost reporting, and retention should work for each team, tenant, or customer environment.
Move from scattered direct model calls to a governed AI route. Gateway centralises provider access, metadata, and usage. PriviShield, Vault, and Sentinel add sanitization, credential control, runtime governance, telemetry, and evidence where each route needs them.