$monorouter
/ security

Security is the whole product.

MonoRouter exists because developers wanted a private, audit-friendly way to route their Claude subscription through coding tools. We hold that bar across every layer — encrypted tokens, hashed passwords, no request bodies on disk, no IP logs. This page lays out exactly how.

// encrypted at rest
Tokens never sit in plaintext.

Every Claude OAuth token and OpenAI key is encrypted at rest with AES-256-GCM. We only decrypt them to proxy a request — they're never returned to you, logged, or stored in backups in plaintext.

// hashed credentials
Your password is mathematically gone.

Passwords and recovery codes go through argon2id with a per-user salt before they hit the database. We can't recover either if you lose them — by design, not by accident.

// invalidatable sessions
One click logs out everywhere.

Logging out, changing your password, or revoking access invalidates every live session on your account immediately. Session cookies are HttpOnly, Secure, SameSite=Lax — no XSS, no CSRF, no JS access.

// zero body retention
We forward, we don't keep.

Request and response bodies stream through the proxy verbatim — Anthropic / OpenAI see them, we don't. They're never written to disk in production. IP addresses aren't kept around; they live only inside a short rate-limit window and then expire.

// api keys (mrk_*)

  • ·Keys are stored as hashes — we hash them on creation and never store the plaintext again. Showing a key after creation is impossible by design; the welcome / create modals reveal it once and then it's gone.
  • ·Up to 10 keys per account. Each can be revoked individually; revoked keys stop working instantly.
  • ·Treat them like passwords. Anyone with one of your keys can burn your routed quota; per-key revoke is the right tool if one leaks.

// rate limiting + abuse

  • ·Per-IP and per-handle rate limits on signup, login, and recovery so a coordinated attacker can't brute-force handles.
  • ·Per-token cooldown. A provider token that hits a quota error is temporarily parked; the round-robin selector skips it instead of hammering it.
  • ·Free quota caps usage on free accounts (1,500 lifetime successful calls). Past that, calls fail until the user upgrades. This is a soft economic gate, not a security boundary.

// what does NOT touch our servers

  • ·Request and response bodies. The proxy forwards them verbatim to Anthropic / OpenAI. They're never written to disk or to the database in production.
  • ·The OpenClaw config merger on /keys runs entirely client-side. Whatever you paste into it is parsed, transformed, and rendered locally — no fetch, no server action, no analytics. Verifiable in DevTools → Network.
  • ·IP addresses aren't logged persistently. They're consulted only inside the rate-limit window above and then dropped.

// who else sees your data

  • ·Anthropic / OpenAI — every routed request lands at one of them. They see the request body and whatever metadata their API records. Their privacy policies apply to that traffic.
  • ·No one else. We don't sell, share, or trade any of this.
// responsible disclosure

Found something we missed? Tell us first.

If you discover a vulnerability — anything from a missing CSRF check to a token leak — please email [email protected] with reproduction steps and an estimated impact.

[ back to home ]·[ privacy ]·[ terms ]