Overview

Enterprise AI deployments need governance: who can access what, how much they're spending, what the AI is actually saying, and whether it's staying within policy. Cognipeer provides this through Console's observability layer and Agent SDK's runtime guardrails.

This guide covers setting up enterprise-grade governance across your AI infrastructure.

When to reach for this recipe

If your team needs the capabilities described above and you'd rather build on proven primitives than wire one from scratch — this is the shape to start from.

Architecture

Console provides the control plane: project management, API key scoping, usage tracking, tracing, and dashboard-level observability.

Agent SDK adds runtime-level governance with input/output guardrails, content filtering, and approval workflows.

1. Project-Scoped API Keys

Console organises resources into projects. Each project gets its own API keys, models, and usage quotas.

1// Each project has isolated API keys
2// Configure via Console dashboard:
3//
4// Project: "Customer Support"
5// - API Key: cp_support_xxx
6// - Allowed models: gpt-4o, claude-3.5-sonnet
7// - Rate limit: 100 req/min
8//
9// Project: "Internal Tools"
10// - API Key: cp_internal_xxx
11// - Allowed models: gpt-4o-mini
12// - Rate limit: 500 req/min
13 
14// In your application, use the project-scoped key
15const client = new ConsoleClient({
16 apiKey: "cp_support_xxx", // Scoped to "Customer Support"
17 baseURL: "https://your-console.example.com",
18});

2. Agent SDK Guardrails

Apply input and output guardrails in Agent SDK to control what agents can say and do before and after a response is generated.

1import { createSmartAgent } from "@cognipeer/agent-sdk";
2 
3const governedAgent = createSmartAgent({
4 name: "GovernedAssistant",
5 model,
6 tools: [/* ... */],
7 guardrails: {
8 input: [
9 // Block prompt injection attempts
10 { type: "injection_detection", config: { sensitivity: "high" } },
11 // Filter inappropriate content
12 { type: "content_filter", config: { categories: ["hate", "violence"] } },
13 ],
14 output: [
15 // Mask personal information
16 { type: "pii_filter", config: { mask: true, types: ["email", "phone", "ssn"] } },
17 // Enforce response length
18 { type: "length_limit", config: { maxTokens: 2000 } },
19 ],
20 },
21 // Require human approval for sensitive actions
22 humanInTheLoop: {
23 requireApproval: ["send_email", "delete_record", "update_account"],
24 },
25 tracing: { enabled: true },
26});

3. Console Guardrail Evaluation

Use Console guardrails when you want tenant-managed policies that can also be evaluated outside the agent runtime, for example at API boundaries or batch moderation steps.

1import { ConsoleClient } from '@cognipeer/console-sdk';
2 
3const client = new ConsoleClient({
4 apiKey: process.env.COGNIPEER_API_KEY!,
5 baseURL: 'https://console.example.com',
6});
7 
8const moderation = await client.guardrails.evaluate({
9 guardrail_key: 'support-output-policy',
10 text: 'Please share the customer password reset token here.',
11 target: 'output',
12});
13 
14if (!moderation.passed) {
15 console.log(moderation.action, moderation.findings);
16}

4. Observability & Tracing

Console traces every request through the system — from API call to provider response. Use the tracing API to ingest agent-level traces too.

1// Console SDK tracing integration
2await client.tracing.ingest({
3 sessionId: 'sess_governance_1',
4 threadId: 'thread_customer-support',
5 source: 'custom',
6 status: 'success',
7 startedAt: new Date(Date.now() - 800).toISOString(),
8 endedAt: new Date().toISOString(),
9 durationMs: 800,
10 agent: {
11 name: 'governed-assistant',
12 version: '1.0.0',
13 model: 'gpt-4o-mini',
14 },
15 summary: {
16 totalInputTokens: 450,
17 totalOutputTokens: 180,
18 totalCachedInputTokens: 0,
19 totalBytesIn: 9000,
20 totalBytesOut: 4200,
21 eventCounts: { ai_call: 1, tool_call: 1 },
22 },
23 events: traceEvents,
24 errors: [],
25});
26 
27// View in Console dashboard:
28// - Session timeline with all events
29// - Token usage and cost per session
30// - Tool call success/failure rates
31// - Guardrail trigger frequency

Result

You now have enterprise AI governance that:

- Isolates projects with scoped API keys and quotas - Applies runtime guardrails inside Agent SDK - Evaluates centrally managed guardrails through Console APIs - Requires human approval for sensitive operations - Traces every request, tool call, and decision - Dashboards usage, cost, and compliance metrics

Related recipes

Recipe · 8 min

Quota-Aware LLM Gateway

Run application traffic through Console with project-scoped quotas, model routing, and request-level visibility for cost control.

Recipe · 9 min

Vector RAG Operations Control Plane

Operate RAG pipelines through Console by combining file ingestion, vector index management, embeddings, and chat retrieval in one control surface.

Recipe · 10 min

PromptOps And MCP Tool Gateway

Use Console as the control plane for prompt versioning, secure config storage, and converting OpenAPI specs into MCP and tool endpoints.

Recipe · 8 min

AI-Powered Applications

Integrate AI capabilities into existing applications with OpenAI-compatible APIs, provider routing, and type-safe SDKs.

All recipesSuggest a change