Point the official openai Python SDK at the AxioRank Gateway by changing only base_url, and every call gets local guardrails, a risk score header, and a signed receipt. The script makes one clean call (reading the x-axiorank-* headers via with_raw_response), then sends a prompt-injection attempt that the gateway blocks with a 403 before it ever reaches OpenAI.
pip install openai
export OPENAI_API_KEY=sk-... # your OpenAI key; forwarded upstream, never storedStart the gateway in another terminal:
npx @axiorank/gatewaypython main.pyanswer: A gateway gives every model call one place for guardrails, routing, and an audit trail.
risk score: 50
receipt: eyJyZWNlaXB0VmVyc2lvbiI6MSwia2luZCI6ImF4aW9yYW5r... (1572 chars, base64url, Ed25519-signed)
injection: blocked with HTTP 403
error type: axiorank_blocked
message: held for review by AxioRank gateway: Risk score 68 is in the review band (50 to 74). The hosted product turns holds into human approvals.
A score of 50 on the clean call is the neutral base prior; it climbs when detectors fire (the injection scored 68, which lands in the review band, and the OSS gateway blocks holds by default).
Every response is also appended to a hash-chained receipt log that you can verify offline:
npx @axiorank/gateway verify ~/.axiorank/gateway/receipts.jsonl