Runtime access
Access policy
Settings is where access, credentials, and policy live. Keep it separate from the model catalog itself.
No tenant selectedSelect a workspace first
standardShown beside the live entitlement payload for comparison
Backend credential rows have not been loaded yet, so the portal falls back to the scaffold.Fallback
Add a tenant-owned OpenAI API key for byok/openai/* routes.
Portal fallback: the live credential rows are shown in the dashboard when the backend surface is reachable.
Store an Anthropic key for byok/anthropic/* routes.
Keep this isolated from pooled tiers; no fallback to cheap/*.
Reserved for future tenant-managed Gemini routing.
Intentionally scaffolded in the portal before the backend adapter lands.
Reserved for future tenant-managed GLM routing.
This section is visible so the UX contract is ready before the backend integration.
standardPortal defaults until live entitlement payload loads
Pooled inference is available in the default portal contract.
Models: cheap/gpt-5.4, cheap/claude-sonnet, cheap/longctx
Official-provider pass-through is available to this tenant.
Models: resale/gpt-5.4, resale/claude-sonnet
BYOK is visible in the portal contract and becomes active once tenant provider credentials are configured.
Models: byok/openai/gpt-5.4, byok/anthropic/claude-sonnet
Operator guardrails
Policy & risk
Keep pooled-route caveats visible, but secondary to the actual access state on the left.
Cheap/* traffic is routed through pooled accounts. Keep secrets, tokens, and personal data out of those requests unless you explicitly accept the pooled-mode caveats.
Review scrub policyThe portal exposes the cleanup story as an operator workflow, but pooled requests can still be visible in the shared account history. Treat them as non-dedicated traffic.
Read the privacy notesBYOK routes should never use pooled fallbacks. The live portal keeps tenant provider credentials masked and tenant-scoped.
Configure provider keys