Problem
Current hook-based integration has two fundamental limitations:
- Integration difficulty — each AI tool has a different hook mechanism (Claude Code, GSD2, Cursor, Codex CLI all differ). Some tools have no hooks at all, making capture impossible.
- User bypass — users can configure their tools with a private API key that is never routed through Visdom Trace, making governance gaps unavoidable.
Proposed solution: LLM proxy
A proxy service that sits between AI coding tools and LLM providers. Users configure their tool's base URL to point at the proxy instead of Anthropic/OpenAI directly. The proxy:
- Forwards requests to the actual LLM provider (Anthropic, OpenAI)
- Captures every prompt/response at the API boundary — more reliable than hooks
- Manages API keys so users never need to hold them directly
Authentication
Uses the same login system as Visdom Trace — if you can log in to TV, you can authenticate with the proxy. TV user tokens are accepted.
Model routing
Admin configures named routes:
| Route name |
Provider |
Model |
API key ref |
claude-sonnet-4-6 |
anthropic |
claude-sonnet-4-6 |
org-anthropic-key |
claude-sonnet-specialized |
anthropic |
claude-sonnet-4-6 |
user-private-key |
gpt-4o |
openai |
gpt-4o |
org-openai-key |
Dispatching happens on model name in the request. Users point their tool at the proxy URL and use the route name as the model — the proxy resolves which provider/key to use.
API key management
Admin-managed keys: Admin adds keys available to all or specific users. Referenced by name (e.g. org-anthropic-key). Keys are encrypted at rest and cannot be read back — only used by the proxy internally.
User-managed keys: Users can optionally add their own private API keys. Same encryption/non-readable policy. Admin can disable this capability per-org.
Security model:
- Keys stored encrypted (same mechanism as existing org signing keys)
- Keys never returned via API — only used internally by the proxy
- Users cannot extract admin-managed keys to use elsewhere
- Admins technically could access keys via DB — documented limitation; users should not add private keys to an org they don't control
Routing policy
- Admin can create routes available to all org users
- Admin can create user-specific routes
- Users can create their own routes (admin can restrict this)
- Admin can prevent users from adding their own API keys
Proxy support
At minimum: Anthropic API and OpenAI API (covers Claude Code, GSD2, Cursor, Codex CLI, and most other tools).
Architecture note
Open question: separate service/binary vs built into tracevault-server. Separate service scales independently and has a cleaner security boundary, but adds operational complexity. To be decided.
Why this matters for tracing
The proxy is the correct place to capture traces — every request through it is a trace at the API boundary. This is more reliable than hooks (which can be misconfigured, skipped, or unavailable) and works universally across all tools. Long-term this becomes the primary capture mechanism, with hooks as a fallback for environments where proxy routing is not feasible.
Problem
Current hook-based integration has two fundamental limitations:
Proposed solution: LLM proxy
A proxy service that sits between AI coding tools and LLM providers. Users configure their tool's base URL to point at the proxy instead of Anthropic/OpenAI directly. The proxy:
Authentication
Uses the same login system as Visdom Trace — if you can log in to TV, you can authenticate with the proxy. TV user tokens are accepted.
Model routing
Admin configures named routes:
claude-sonnet-4-6org-anthropic-keyclaude-sonnet-specializeduser-private-keygpt-4oorg-openai-keyDispatching happens on model name in the request. Users point their tool at the proxy URL and use the route name as the model — the proxy resolves which provider/key to use.
API key management
Admin-managed keys: Admin adds keys available to all or specific users. Referenced by name (e.g.
org-anthropic-key). Keys are encrypted at rest and cannot be read back — only used by the proxy internally.User-managed keys: Users can optionally add their own private API keys. Same encryption/non-readable policy. Admin can disable this capability per-org.
Security model:
Routing policy
Proxy support
At minimum: Anthropic API and OpenAI API (covers Claude Code, GSD2, Cursor, Codex CLI, and most other tools).
Architecture note
Open question: separate service/binary vs built into
tracevault-server. Separate service scales independently and has a cleaner security boundary, but adds operational complexity. To be decided.Why this matters for tracing
The proxy is the correct place to capture traces — every request through it is a trace at the API boundary. This is more reliable than hooks (which can be misconfigured, skipped, or unavailable) and works universally across all tools. Long-term this becomes the primary capture mechanism, with hooks as a fallback for environments where proxy routing is not feasible.