NjiraAI — The safety layer for tool-using AI agents

Overview

The Gateway proxy integration is the simplest path: point your LLM client's base_url at the NjiraAI Gateway. All traffic is intercepted, evaluated against policies, and forwarded (or blocked) transparently.

When to use: you want governance without changing application code, or you need a single enforcement point for all agents.

Prerequisites

NjiraAI services running (make quickstart or make up-all)
API key (nj_live_* or nj_test_*)
Gateway running on http://localhost:8080

Python (OpenAI Client)

from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:8080/v1",   # NjiraAI Gateway
    api_key="nj_live_dev_key_12345",       # NjiraAI API key
)

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello world"}],
    extra_headers={
        "X-Tool-Name": "chat_interface",       # optional: tag for audit
        "X-Njira-Tier": "standard",            # optional: model tier
    }
)
print(response.choices[0].message.content)

TypeScript (OpenAI Client)

import OpenAI from 'openai';

const client = new OpenAI({
  baseURL: 'http://localhost:8080/v1',
  apiKey: 'nj_live_dev_key_12345',
});

const completion = await client.chat.completions.create({
  model: 'gpt-4o',
  messages: [{ role: 'user', content: 'Hello world' }],
});

How it works

Agent sends request → Gateway receives it
Gateway calls Intelligence → policies are evaluated (Safety Sandwich pipeline)
Verdict is returned:
- ALLOW → request forwarded to upstream LLM
- BLOCK → 403 returned with structured error
- MODIFY → input sanitized/redacted, then forwarded
Audit log → verdict + trace persisted to TimescaleDB

Response headers

NjiraAI adds these headers to every response:

Header	Description	Example
`X-Njira-Request-Id`	Unique request ID	`req_abc123`
`X-Njira-Verdict`	Verdict action	`ALLOW`
`X-Njira-Latency-Ms`	Evaluation latency	`15`

Shadow mode headers (when enabled)

Header	Description
`X-Njira-Shadow-Verdict`	What would have been enforced
`X-Njira-Shadow-Reason`	Reason code for shadow verdict

Optional headers you can send

Header	Description	Example
`X-Njira-Tier`	Model capability tier	`fast`, `standard`, `strong`
`X-Policy-Id`	Enforce a specific policy pack	`pii_guard`
`X-Tool-Name`	Tag the source tool for audit	`search_tool`
`X-Tenant-Id`	Override tenant (admin only)	`tenant_xyz`

Verify

# Safe request → 200
curl -s -o /dev/null -w "%{http_code}" \
  http://localhost:8080/v1/chat/completions \
  -H "Authorization: Bearer nj_live_dev_key_12345" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'
# Expected: 200

# PII request → 403
curl -s -o /dev/null -w "%{http_code}" \
  http://localhost:8080/v1/chat/completions \
  -H "Authorization: Bearer nj_live_dev_key_12345" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"My SSN is 123-45-6789"}]}'
# Expected: 403

Success criteria

Check	Expected
Safe request returns 200	✅
PII request returns 403 with JSON body	✅
Response includes `X-Njira-Request-Id` header	✅

Next steps

Shadow → Enforce — safe production rollout
Policy packs — customize enforcement
Troubleshooting — common issues

Integrate via Proxy (Gateway)