DROP-IN FOR CLAUDE CODE, CURSOR & CI

Sit in the request path.
Keep the receipts.

Every LLM call passes through one gateway that enforces policy before the provider is called, posts every dollar to a finance-grade ledger, and proves what the spend produced. One product — not five stitched together.

EARLY ACCESS · NO CREDIT CARD REQUIRED
ONE REQUEST · SIX STOPS · ZERO BLIND SPOTS--:--:-- UTC · ● LIVE
INGRESSidentified & keyed
POLICYenforced in-path
ROUTEany provider, one key
LEDGERevery $ posts to a team
EVIDENCEsigned receipt, hash-chained
OUTCOMEStied to business results
14:32:04alice.chenclaude-sonnet-4.5$0.41PASS ✓
14:31:58ci-backendclaude-haiku-4.5$0.06CACHE-HIT
14:31:51sales-assistclaude-sonnet-4.5$0.28REDACTED ◆
PII REDACTED IN-PATH 847× THIS MONTHCACHE RECOVERED $2,140 MTDRECEIPTS SIGNED 1.24M QTDINJECTIONS BLOCKED 23×COST / TASK ▼ 22% QOQCHAIN STATUS VERIFIED
01 — THE THESIS

Nobody else sits in the path and keeps the evidence.

Observability tools watch traffic after the fact. Guardrail services score risk but can't stop a request. FinOps platforms see the invoice, not the request. Developer-analytics tools count activity, not outcomes.

Wardin is the only layer that enforces, meters, and attributes from inside the request path — so a policy violation never reaches a provider, every token has an owner before finance asks, and every dollar can be traced to the work it produced.

5 → 1
tools replaced by one control plane
0 ms
between violation and enforcement — it happens in-path
100%
of requests emit signed, audit-ready receipts
02 — THREE PRODUCTS, ONE PATH

Bought separately everywhere else. Native here.

ENFORCE

Policy-enforcing gateway

PII redaction, injection shields, model allowlists, and budget caps execute before the provider is called. A violation never leaves your network — there is nothing to clean up afterward.

REPLACES: guardrail service + gateway
METER

Finance-grade cost allocation

Every dollar posts to a team, a virtual key, and a person — as it's spent, not when the invoice lands. Budgets enforce themselves; month-end closes clean into NetSuite.

REPLACES: FinOps platform + spreadsheets
ATTRIBUTE

Outcome attribution

Spend correlated with PR acceptance, review cycles, and delivery signals from GitHub and Jira. Raw token counts are excluded by design — you can't game it by burning more.

REPLACES: developer-analytics tool
03 — EVIDENCE BY CONSTRUCTION

Every request leaves a receipt. Every receipt is signed.

Each call emits a tamper-evident record — actor, model, policy checks, cost — chained by hash to the one before it. When the auditor asks, you export a quarter of evidence in one click, not one quarter of engineering time.

EU AI Act, NIST AI RMF, SOC 2 — compliance stops being a project and becomes a byproduct of the path itself.

ED25519
signed at emit time
HASH-CHAINED
tampering is self-evident
S3 · PARQUET
nightly export, your bucket
WARDIN RECEIPT
REQUEST IDreq_8f2c41ab
TIMESTAMP14:32:04 UTC
ACTORalice.chen · prod-engineering
MODELclaude-sonnet-4.5
PII / SECRETS SCANPASS ✓
INJECTION SHIELDPASS ✓
BUDGET CHECKPASS ✓
MODEL ALLOWLISTPASS ✓
TOKENS3.1k / 812
DEBIT$0.41
PREV HASHc41d…9e0b
THIS HASH7fa2…b3d8
SIGNED · ED25519 · TAMPER-EVIDENT
04 — THE STACK YOU WON'T BUILD

Teams stitch five products to get what the path gives you natively.

Five contracts, five dashboards, five places the story can disagree — and still nothing that can stop a bad request.

LLM gatewayROUTES, CAN'T GOVERN
Observability toolWATCHES, AFTER THE FACT
Guardrail serviceSCORES, CAN'T BLOCK
FinOps platformSEES THE INVOICE ONLY
Developer analyticsCOUNTS ACTIVITY, NOT ROI
COLLAPSES INTO
Wardin

One gateway in the request path. Policy, ledger, evidence, and outcomes are properties of the same record — they can't disagree.

ONE CONTRACT · ONE DASHBOARD · ONE SOURCE OF TRUTH
05 — ONE RECORD, THREE READERS

The same receipt answers three different questions.

SECURITY & COMPLIANCE ASKS
"What left the building?"

Nothing un-scanned. Every prompt passed PII and injection checks in-path, and the signed chain proves it — per request, per quarter, per framework.

FINANCE ASKS
"Who spent it, on what?"

Every token debits a team and a key at request time. Budgets warn at 80% and enforce at 100% — the ledger closes clean without a reconciliation sprint.

LEADERSHIP ASKS
"Is it actually working?"

Spend lines up against PR acceptance and delivery signals — not token volume. You see which teams turn dollars into shipped work, and which just burn.

06 — QUESTIONS, ANSWERED

Before you ask sales.

How is Wardin different from LiteLLM or Portkey?

LiteLLM and Portkey are proxies — they route requests. Wardin sits in the request path to enforce: budgets hard-stop with an atomic Redis check before the request reaches a provider, policies (model allowlists, prompt-injection screens) block in-path, and every request emits a signed, tamper-evident receipt. If you only need routing, they're great; if you need governance and finance-grade cost attribution, that's Wardin.

How is it different from Helicone or Langfuse?

Observability tools tell you what happened after the money is spent — they can't block a request. Wardin is enforcement plus observability: the same gateway that meters cost per team, key, and session can refuse the request that would blow the budget.

Is Wardin open source?

Not yet. The gateway may be open-sourced later, but we won't put "open source" on the site until there's a public repo you can actually clone.

Does it work with Claude Code, Cursor, and other agentic tools?

Yes — point ANTHROPIC_BASE_URL (or your tool's base-URL setting) at the gateway with a Wardin virtual key. No client code changes. Agentic traffic is grouped into sessions so you see cost per task, not noise across thousands of tool-call requests.

Which model providers are supported?

Anthropic, OpenAI, AWS Bedrock, and Google Vertex (Gemini), with configurable fallback routing across them. Bring your own provider keys.

How do I get access?

Join the waitlist. We onboard teams in small batches so early support stays personal — reply to the welcome email and tell us what your AI cost chaos looks like, and we'll prioritize you.

Put Wardin in the path. Everything downstream gets simpler.

Point your SDK at one base URL. Policy, ledger, evidence, and outcomes start on the first request.

base_url = "https://gw.wardin.ai/v1"
EARLY ACCESS · NO CREDIT CARD REQUIRED