cc-073 · SCUDO Pillar D · v1.0

Single egress for every LLM call.

Italian PII never leaves the customer trust boundary.

The Claresia LLM Gateway is the only path between any Claresia function — Sailford, Forge, Boss, Ledger, Gatespic, Takecare, Steve, Clawshield, Zottos, every cowork agent — and the third-party LLM providers. Per-tenant model allowlist. Per-tenant Anthropic / OpenAI / Microsoft workspaces. Bidirectional Italian + EU PII redaction. Hard quota + EUR cost cap. Audit log streamed to your SIEM. Optional BYOC mode where the gateway runs inside your VPC.

Italian + EU PII detectors

LLM providers, region-pinned

SIEM destinations supported

EUR

Cost caps in your currency

See the architecture Italian PII coverage Talk to a Solutions Engineer

Architecture

Customer trust boundary, redactor in the middle.

Every LLM call crosses three planes. The gateway never sees customer data without first passing it through the bidirectional PII redactor; every event is mirrored to the customer's SIEM as it happens.

Stage 2 + 6

Bidirectional PII redaction

Microsoft Presidio-style detectors run on both the prompt and the response. BLOCK-class categories (codice fiscale, IBAN, PAN) refuse the call before any token leaves Claresia infrastructure.

Stage 4

Region-pinned providers

Per-tenant region map enforces that Anthropic calls hit eu-central-1 and Azure OpenAI hits italynorth. Non-EU egress requires an explicit DPA addendum + per-tenant toggle.

Stage 9 + 10

Audit fan-out + Hub anchor

Every invocation produces a SHA-256 governance event. The gateway streams it to every configured customer SIEM and anchors a copy in the cc-050 Intelligence Hub for the Catena di custodia (SCUDO Pillar C).

Italian + EU PII coverage

Nine detectors, on by default for Italian tenants.

Detector defaults are tuned for Italian enterprise workloads. Codice fiscale, IBAN, PAN are BLOCK-class — the call is refused. Email, phone, address, name, IP are REDACT-class — the match is replaced with a stable placeholder. Tenants override the policy per-detector in the admin console.

Detector	Italian name	Synthetic example	Validation	Default	Legal anchor
CODICE_FISCALE	Codice fiscale italiano	RSSMRA85M01H501Q	D.M. 13/12/1989 check letter (mod-26)	BLOCK	D.Lgs. 196/2003 (Codice della Privacy) + GDPR art. 9
PARTITA_IVA	Partita IVA italiana	IT12345678903	Luhn-variant 11-digit checksum	REDACT	GDPR art. 4(1) — sole-proprietor identifier
IBAN	IBAN europeo (IT 27-ch)	IT60X0542811101000000123456	ISO 13616 modulo-97 + per-country length	BLOCK	PCI-DSS scope adjacent + customer trust
PAN	Numero carta	4242 4242 4242 4242	Luhn checksum, length 13–19	BLOCK	PCI-DSS — never to LLM
EMAIL	Indirizzo email	marco.mazzolin@dainese.example	RFC 5322 simplified	REDACT	GDPR art. 4(1)
PHONE_IT	Numero telefonico IT	+39 333 1234567	IT mobile (3xx) + landline (0xx) + E.164	REDACT	GDPR art. 4(1)
ADDRESS_IT	Indirizzo italiano	Via Roma 12, 35100 Padova	Street prefix + civic + CAP + city	REDACT	GDPR art. 4(1)
NAME_IT	Nome persona italiano	Marco Mazzolin	Curated first-name list + capitalised surname; spaCy it_core_news in production	REDACT	GDPR art. 4(1)
IPV4	Indirizzo IP v4	10.20.30.40	Octet range 0–255	REDACT	NIS2 — internal topology

All examples on this page are SYNTHETIC. The codice fiscale shown passes the D.M. 13/12/1989 check letter algorithm but does not correspond to a real person registered in Anagrafe Tributaria. The PAN is the canonical Visa test value.

Per-tenant config

One JSON file per tenant. RLS-isolated in Postgres.

Below: the live Dainese tenant configuration. Every Claresia function reads this row through Supabase RLS bound to the tenant's WorkOS organisation. The schema lives in migrations/001-llm-gateway.sql.

{
  "tenant_id": "dainese-it",
  "currency": "EUR",
  "fx_rate_usd_eur": 0.92,
  "provider_allowlist": ["anthropic", "azure-openai"],
  "model_allowlist": [
    "claude-opus-4-7",
    "claude-sonnet-4-7",
    "claude-haiku-4-5",
    "gpt-4o-azure"
  ],
  "model_denylist": ["gpt-5", "gemini-2.5-pro"],
  "default_model": "claude-sonnet-4-7",
  "region_pinning": {
    "anthropic": "eu-central-1",
    "azure-openai": "azure-italynorth",
    "google-vertex": "europe-west8"
  },
  "default_block_mode": "block",
  "detector_overrides": {
    "CODICE_FISCALE": "block",
    "IBAN": "block",
    "PAN": "block",
    "EMAIL": "redact"
  },
  "quota_daily_tokens": 50000,
  "quota_daily_usd": 5.00,
  "audit_destinations": [
    { "id": "hub-1",                "kind": "hub",      "enabled": true },
    { "id": "sentinel-italynorth-1","kind": "sentinel", "enabled": true,
      "endpoint": "https://dce.italynorth.dainese.example" },
    { "id": "datadog-eu-1",         "kind": "datadog",  "enabled": true,
      "endpoint": "https://http-intake.logs.datadoghq.eu" }
  ],
  "default_locale": "it",
  "byoc_mode": false,
  "eu_only_egress": true
}

LLM providers

Four providers, every region pinned to EU by default.

Anthropic

eu-central-1

AWS Frankfurt

Per-tenant workspace via Anthropic Admin API; zero-retention enforced.

Azure OpenAI

azure-italynorth

Microsoft Italy North (Milano)

Per-tenant deployment on a regional endpoint; Entra ID workload identity.

OpenAI

azure-italynorth

Routed via Azure for IT residency

Direct OpenAI is disabled by default for IT customers (no regional residency).

Google Vertex AI

europe-west8

GCP Milano

Per-tenant project; Italian regional endpoint.

Audit destinations

Stream every event to your SIEM.

Per-tenant fan-out. Failures on individual destinations do not abort the batch — your SOC gets the events even if one connector is down.

Splunk HEC

Splunk Cloud EU (eu-central-1) supported

https://<customer>.splunkcloud.com/services/collector/event

HEC token from customer secret store; sourcetype=claresia:llm_gateway.

Microsoft Sentinel

italynorth (Milano) Log Analytics workspace

Logs Ingestion API → DCE in italynorth

Entra ID workload identity; per-tenant DCR + DCE.

Datadog Logs

Datadog EU (Frankfurt + Amsterdam)

https://http-intake.logs.datadoghq.eu/api/v2/logs

EU site recommended for Italian customers; ddsource=claresia.llm_gateway.

Elastic Cloud

Elastic Cloud eu-central-1 / eu-south-1

POST https://<deployment>.es.<eu-region>.aws.elastic-cloud.com/_bulk

Per-tenant API key; index template ships with the gateway docs.

Quota + cost

Hard caps in EUR. Soft warnings at 80%.

Hard daily cap

€5.00

Dainese tenant. Cap projection runs before every call; exceeding it short-circuits with decision_reason: quota_hard_cap_breached.

Soft cap

€4.00

80% of hard cap. Emits a governance event but lets the call through, so admins see the warning before the cap blocks production.

Token cap

50K / day

Token + USD caps both apply; whichever projects to breach first short-circuits the call.

Honest disclosure

What's real, what's a mock.

Real today

· Italian PII redactor — full coverage for codice fiscale, partita IVA, IBAN modulo-97, PAN Luhn, IT phone, IT address, name heuristic, IP.
· Per-tenant policy engine, model allowlist + denylist, quota tracker, EUR cost estimator.
· Five SIEM connectors (Splunk, Sentinel, Datadog, Elastic, Hub) with fan-out + per-connector failure isolation.
· Governance event builder with deterministic SHA-256 over canonical JSON for the SCUDO Pillar C audit chain.
· End-to-end smoke test on mocks; 43-test pytest-equivalent suite passes.

Mocked until customer credentials are provisioned

· Anthropic Admin API per-tenant workspace provisioning (mocked; replace when ANTHROPIC_ADMIN_KEY is provisioned).
· OpenAI Enterprise admin per-tenant project (mocked or manual-upload UX in cc-059 Admin Console).
· Microsoft Power Platform Copilot Studio agent registration (mocked; needs Azure AD app per tenant).
· Real LLM call — provider clients fall back to deterministic mocks until the SDK + tenant key are wired.
· SIEM connector network hops — each connector records a delivery row but does not POST to the customer endpoint until the secret is provisioned.