OpenRouter Integration

OpenRouter uses the OpenAI-compatible API, so you can use wrap_openai() to add automatic policy enforcement. Your dashboard policies control which models and providers agents can access through OpenRouter.

Gateway proxy not available

Control Zero does not have a native OpenRouter gateway path. Since OpenRouter is OpenAI API-compatible, use the OpenAI integration with base_url="https://openrouter.ai/api/v1" and your OpenRouter API key.

Setup

pip install controlzero openai

from controlzero import Client
from controlzero.integrations.openai import wrap_openai
import openai

cz = Client(api_key="cz_live_your_api_key_here")

# Point OpenAI SDK at OpenRouter and wrap it
client = wrap_openai(
    openai.OpenAI(
        base_url="https://openrouter.ai/api/v1",
        api_key="sk-or-your-openrouter-key",
    ),
    cz,
)

# Use normally. All calls are governed by your dashboard policies
response = client.chat.completions.create(
    model="anthropic/claude-sonnet-4-6",
    messages=[{"role": "user", "content": "Hello"}],
)

Since OpenRouter uses the OpenAI SDK format, wrap_openai() works identically. The model name (including the provider prefix like anthropic/ or openai/) is used as the resource in policy checks.

Example Policy

Allow specific models through OpenRouter while blocking expensive ones:

{
  "name": "openrouter-model-policy",
  "description": "Control which models can be used via OpenRouter",
  "rules": [
    {
      "effect": "allow",
      "action": "llm:generate",
      "resource": "model/anthropic/claude-sonnet-4-6"
    },
    { "effect": "allow", "action": "llm:generate", "resource": "model/openai/gpt-5.4" },
    {
      "effect": "allow",
      "action": "llm:generate",
      "resource": "model/meta-llama/llama-3-70b-instruct"
    },
    {
      "effect": "deny",
      "action": "llm:generate",
      "resource": "model/anthropic/claude-opus-4-6"
    },
    { "effect": "deny", "action": "llm:generate", "resource": "model/*" }
  ]
}

Runtime behavior:

# ALLOWED: matches rule 1
client.chat.completions.create(model="anthropic/claude-sonnet-4-6", messages=[...])

# BLOCKED: matches rule 4
client.chat.completions.create(model="anthropic/claude-opus-4-6", messages=[...])
# Raises PolicyDeniedError

# BLOCKED: matches catch-all deny (rule 5)
client.chat.completions.create(model="google/gemini-pro", messages=[...])
# Raises PolicyDeniedError

Why Use Control Zero with OpenRouter?

OpenRouter aggregates many providers, which increases the surface for cost overruns and unauthorized model usage. Control Zero adds governance:

• Model allowlists: Only approved models can be used, even if OpenRouter supports hundreds more.
• Cost control: Block expensive models (Opus, GPT-4 Turbo) while allowing cost-effective ones.
• Per-agent policies: Different agents get different model access through conditions.
• Audit trail: Every model call is logged with agent, model, and decision.

Node.js

import { Client } from '@controlzero/sdk';
import OpenAI from 'openai';

const cz = new Client({ policyFile: './controlzero.yaml' });

const client = new OpenAI({
  baseURL: 'https://openrouter.ai/api/v1',
  apiKey: process.env.OPENROUTER_API_KEY,
});

// Manual enforcement for Node.js
function generate(prompt: string, model: string) {
  cz.guard('llm', { method: 'generate', args: { model }, raiseOnDeny: true });

  const response = await client.chat.completions.create({
    model,
    messages: [{ role: 'user', content: prompt }],
  });
  return response.choices[0].message.content;
}

Next Steps

• OpenAI Integration: Same wrap_openai() pattern with more details.
• LiteLLM Integration: Another multi-provider approach with callback enforcement.
• Policies: How to construct dashboard policies.