Skip to main content

Dashnet inference

Use Dashnet inference when an approved external application, notebook, or managed desktop client needs model execution through DashQ. The production gateway exposes an Anthropic-compatible messages contract at https://inference.dashnet.ai.

Inference and data access are separate capabilities:

CapabilityProduction surfaceAuthentication
Model inferencehttps://inference.dashnet.aiClient-specific API key
Governed data toolshttps://mcp.dashnet.ai/mcpOAuth login and consent
Direct SQL/BI accessProvisioned BigQuery viewsClient-owned Google identity

An inference key does not grant MCP or warehouse access. MCP and warehouse authorization do not grant inference access.

For external business users on Windows, use the DashQ Claude Cowork client pack supplied through the approved onboarding channel. The pack configures the production inference gateway and Dashnet MCP together while keeping their credentials separate.

Prerequisites

  • A Windows laptop with the current Claude Desktop application and Cowork available for the user's plan and organization.
  • Windows Virtual Machine Platform enabled. Enabling it may require an administrator and a restart.
  • The complete DashQ production client pack; keep every file and its _internal folder together.
  • The client-specific DashQ inference API key supplied separately from the pack.
  • Permission to sign in to the client's Claude organization and complete DashQ OAuth for the connector.

The client pack contains the user-facing installer, removal command, production settings, optional DashQ skill, and supporting files. Do not copy a package from another client or edit its environment, model, gateway, connector, or policy values.

Install and connect

  1. Install or update Claude Desktop, then close it completely.
  2. Open the DashQ client-pack folder and double-click 1-Install DashQ Claude.
  3. If setup enables Windows Virtual Machine Platform, restart Windows and run 1-Install DashQ Claude again.
  4. At the masked credential prompt, paste the DashQ inference API key. The key is stored in the user's protected Windows environment; it is not shipped inside the client pack.
  5. Open Claude Desktop, sign in to the approved organization, and enter Cowork.
  6. When Claude asks to connect the Dashnet connector, select Connect and complete DashQ login and consent. The connector uses OAuth; do not paste the inference key into the connector setup.
  7. Optional: open Customize > Skills and upload DashQ Dashnet Skill.zip from the client pack.
  8. Keep generated work inside Documents\DashQ Claude Outputs. Ask Claude to save dashboards and reports as HTML or DOCX when a durable file is needed.

The installer configures:

  • Inference through https://inference.dashnet.ai.
  • Governed MCP tools through https://mcp.dashnet.ai/mcp with OAuth.
  • The enabled model catalog supplied for the production client.
  • Network access for inference.dashnet.ai, mcp.dashnet.ai, and DashQ authentication.
  • A managed workspace and automatic file export under Documents\DashQ Claude Outputs.
  • Notebook environment variables for Python or Jupyter on the same laptop.
  • Restrictions on local MCP servers and unapproved desktop extensions.

Verify the setup

Run these checks in a new Cowork task:

  1. Send a simple message such as Reply with one sentence confirming that DashQ inference is available. A normal response verifies the configured inference path.
  2. Ask Use the configured DashQ connector to list the datasets I can access. Complete OAuth if prompted. The result must contain only resources authorized for that user.
  3. Ask Claude to save a short HTML or DOCX file, then confirm it appears under Documents\DashQ Claude Outputs.
SymptomAction
Windows Virtual Machine Platform is missingEnable the feature, restart Windows, and rerun the installer. IT may also need to permit virtualization.
Inference returns 401Close Claude, rerun the installer, and enter the currently provisioned inference key. Rotate the key if exposure is possible.
A model is rejectedUse the model configured by the production pack or ask DashQ to review the client's model entitlement.
Dashnet is disconnectedSelect Connect inside Claude and complete DashQ OAuth with the provisioned user.
OAuth completes but Cowork does not reconnectClose Claude, rerun the installer, reopen Claude, and connect again from a new Cowork task.
A generated preview is blankOpen the exported file from Documents\DashQ Claude Outputs.

To remove the managed setup, close Claude and run 2-Remove DashQ Claude. If the optional skill was uploaded, remove it separately from Customize > Skills. Removal clears installer-managed local settings and credentials; DashQ access must still be revoked through the approved onboarding channel when the user or client is deprovisioned.

Connector-only setup

Use manual Cowork connector setup only when DashQ explicitly provisions a connector-only workflow. In Claude, an authorized user or organization owner adds the remote connector under Customize > Connectors using https://mcp.dashnet.ai/mcp, then each user connects and completes OAuth. This adds governed MCP tools only; it does not route Cowork model execution through inference.dashnet.ai and it does not use the inference API key.

Anthropic notes that remote MCP connections are brokered through Claude's cloud infrastructure, including for Cowork and Claude Desktop. Client network and connector policy must therefore allow the remote service and follow the organization's approval rules.

Current upstream references:

API and notebook provisioning

DashQ supplies the following through the approved client onboarding channel:

  • Production inference base URL: https://inference.dashnet.ai
  • A client-specific API key
  • The models enabled for that client
  • The applicable request and token limits
  • The production support and key-rotation procedure

Store the key in the client's secret manager or protected user environment. Never put it in a browser bundle, repository, notebook output, support capture, log, URL, or AI prompt.

Recommended environment variables:

DASHQ_GATEWAY_BASE_URL=https://inference.dashnet.ai
DASHQ_GATEWAY_URL=https://inference.dashnet.ai/v1/messages
DASHQ_GATEWAY_API_KEY=YOUR_INFERENCE_API_KEY
DASHQ_MODEL=YOUR_ALLOWED_MODEL_ID

Use the exact production values supplied for the client. Do not substitute a development hostname or infer another client's model access.

Authentication

Send the API key with one of these headers:

x-api-key: YOUR_INFERENCE_API_KEY

or:

Authorization: Bearer YOUR_INFERENCE_API_KEY

Do not send both headers with different values. The gateway rejects missing, invalid, conflicting, or incorrectly provisioned keys.

Discover allowed models

Model access is client-specific. Discover the current allowlist instead of hardcoding a model from another environment:

curl "https://inference.dashnet.ai/v1/models" \
-H "x-api-key: $DASHQ_GATEWAY_API_KEY"

The response uses a model-list shape:

{
"object": "list",
"data": [
{
"id": "YOUR_ALLOWED_MODEL_ID",
"display_name": "YOUR_ALLOWED_MODEL_ID",
"owned_by": "dashq"
}
]
}

Use an id returned for the client's key.

Create a message

POST /v1/messages accepts an Anthropic-compatible JSON request. model, messages, and a positive max_tokens value are required.

curl "https://inference.dashnet.ai/v1/messages" \
-H "x-api-key: $DASHQ_GATEWAY_API_KEY" \
-H "Content-Type: application/json" \
-H "X-Client-Request-Id: YOUR_TRACE_ID" \
-d '{
"model": "YOUR_ALLOWED_MODEL_ID",
"max_tokens": 400,
"messages": [
{
"role": "user",
"content": "Summarize the supplied context in three bullets."
}
]
}'

Python:

import os
import uuid

import requests

response = requests.post(
os.environ["DASHQ_GATEWAY_URL"],
headers={
"x-api-key": os.environ["DASHQ_GATEWAY_API_KEY"],
"Content-Type": "application/json",
"X-Client-Request-Id": str(uuid.uuid4()),
},
json={
"model": os.environ["DASHQ_MODEL"],
"max_tokens": 400,
"messages": [
{"role": "user", "content": "Summarize the supplied context in three bullets."}
],
},
timeout=90,
)
response.raise_for_status()
message = response.json()
print(message["content"][0]["text"])

The gateway may clamp max_tokens to the client's configured limit. The response includes x-request-id; when a valid X-Client-Request-Id is supplied, it is echoed for client-side tracing.

Streaming

Set stream to true to receive server-sent events:

{
"model": "YOUR_ALLOWED_MODEL_ID",
"max_tokens": 400,
"stream": true,
"messages": [{"role": "user", "content": "Summarize the supplied context."}]
}

The response content type is text/event-stream. Clients must process events incrementally, handle an error event, set an explicit timeout, and close abandoned streams.

Using inference with Dashnet MCP

A client can combine the two services without sharing credentials between them:

  1. Connect the AI client to DashQ Data MCP and complete OAuth.
  2. Discover only the datasets, tables, and schemas visible to the signed-in identity.
  3. Retrieve the minimum governed context required for the question.
  4. Send only that approved context to https://inference.dashnet.ai/v1/messages using the separately stored inference key.
  5. Preserve source citations, account/property/date scope, and material caveats in the final answer.

MCP authorization remains the data boundary. The inference prompt must not be used to widen access or bypass an unavailable MCP resource.

Errors and limits

StatusMeaningClient action
400Invalid JSON, request field, model input, or client request IDCorrect the request; do not retry unchanged.
401Missing or invalid inference credentialVerify the provisioned key and rotate it if exposure is possible.
403Model or client is outside its allowlistDiscover models or request an approved entitlement change.
413Request body exceeds the gateway limitReduce supplied context and attachments.
415Content type is not application/jsonSend JSON with the correct header.
429Request or token quota is exhaustedHonor Retry-After and rate-limit headers; retry with backoff.
502 or 503Upstream inference is temporarily unavailableRetry a bounded number of times with jitter and preserve request IDs.

Do not attempt to evade limits by rotating identities, keys, or request headers. Limit changes follow the approved DashQ client provisioning process.

Production checklist

  • Keep inference keys outside frontend code and source control.
  • Use only https://inference.dashnet.ai for production.
  • Discover the allowed model catalog before first use and after entitlement changes.
  • Set request timeouts, bounded retries, and a unique client request ID.
  • Limit prompt content to data the client is authorized to process.
  • Never send MCP OAuth tokens, Google credentials, service-account keys, or hidden system instructions to inference.
  • Record gateway request IDs for support without recording the credential or full sensitive prompt.

For governed data retrieval, continue with DashQ Data MCP. For direct SQL or BI connections, use Direct warehouse connection. For embedded conversational analytics, use DashQ Assistant.