One API, all the LLMs, with a prompt path you can verify

Developers reach for the OpenRouter shape because it kills switching cost. One base URL, many models, fallback when a provider dies, one ledger for usage. The missing piece is a way to verify trust, and that's the part that matters once a real prompt is on the wire.

TrustedRouter splits the dashboard and billing surface off from the attested API gateway. The hosted prompt path is built so you can check the running code, the image digest, and the attestation evidence yourself. The whole point is that you can verify it.

For a developer the change is small. Keep the OpenAI SDK and point the base URL somewhere new. From there you route to hundreds of models across many providers. Use trustedrouter/zdr when you need zero-retention providers, and trustedrouter/e2e for confidential provider routes where they exist. Verify the hosted gateway at trust.trustedrouter.com.

This does not turn every upstream model provider confidential by magic. It can't. The router's job is to be plain about where the guarantee starts, where it ends, and which provider route actually got picked, so you know exactly what you're trusting.