Skip to main content

Architecture

Turen runs entirely on your infrastructure. Each developer’s Mac gets a lightweight agent, and your organization’s data stays under your control. 
┌──────────────────────────────────────────────────────┐
│                  Developer's Mac                      │
│                                                      │
│   Claude Code  ──▶  Turen Proxy  ──▶  Anthropic API │
│                     (port 7778)                       │
│                         │                            │
│                    Rule Enforcement                   │
│                    LLM Telemetry                      │
│                         │                            │
│   Turen Daemon  ◀───────┘                            │
│   (background)                                       │
│       │                                              │
│       ├── Policy sync                                │
│       ├── Session upload                             │
│       └── Periodic check-in                          │
└───────┼──────────────────────────────────────────────┘
        │ HTTPS

┌──────────────────────────────────────────────────────┐
│                  Turen Cloud                          │
│                                                      │
│   Dashboard  ◀──▶  API  ◀──▶  Database              │
│                                                      │
│   Session Storage (encrypted)                        │
│   LLM Event Analytics                                │
│   Policy Management                                  │
└──────────────────────────────────────────────────────┘

The Proxy

The Turen proxy is a local HTTP server that sits between Claude Code and the Anthropic API. When Claude Code makes an API call, the proxy:
  1. Evaluates security rules — checks for dangerous commands, prompt injections, and secrets.
  2. Injects policy rules — adds organization-specific instructions to the LLM prompt if configured.
  3. Forwards the request to the Anthropic API.
  4. Captures telemetry — records token counts, latency, model, and cost data.
  5. Returns the response to Claude Code.
Developers continue using Claude Code exactly as before. The installer configures Claude Code automatically via managed-settings.json — setting environment variables, proxy routing, and hooks. No manual setup required.

The Daemon

The Turen daemon is a background service that handles everything else:
  • Registration — one-time setup that links the Mac to your organization.
  • Policy sync — periodically fetches the latest rules from your Turen dashboard.
  • Check-ins — sends heartbeats so the dashboard knows which agents are online.
  • Session collection — scans for Claude Code session files and uploads them encrypted.
  • Proxy supervision — monitors the proxy process and restarts it if needed.

Security Rules

Turen ships with 96 built-in rules across three categories:
CategoryCountWhat it catches
Command Validation61Dangerous shell commands (rm -rf /, DROP TABLE, kubectl delete, etc.)
Prompt Injection20Attempts to override agent instructions via malicious input
Secret Detection15API keys, credentials, and sensitive files in prompts or outputs
Rules are evaluated before execution — blocked actions never reach the LLM or the terminal. You can also create custom rules for your organization’s specific needs.

Session Recording

Every Claude Code session is automatically recorded and uploaded to your Turen organization. Sessions capture:
  • All user messages and assistant responses
  • Tool invocations and their results
  • Token usage and timing data
Sessions are encrypted with your organization’s unique encryption key before storage. Only members of your organization can decrypt and view them.

Data Flow

All communication between the agent and Turen Cloud uses HTTPS. Session data is encrypted at rest with AES-256-GCM using per-organization keys. See Security Architecture for details.