DOCUMENTATION

prxy.monster

prxy.monster is the control and receipt layer for AI calls. Start with the sandbox, then route your SDK through api.prxy.monster.

It sits in front of your existing model calls (Anthropic, OpenAI, Google, Groq, AWS Bedrock, OpenRouter). Every call gets cost attribution, policy metadata, an Ed25519-signed receipt, and an outcome loop. BYOK by default — your provider bills inference; prxy bills the gateway / control layer.

Production status (2026-05-07): BYOK inference, anonymous sandbox, signed receipts, receipt verification, per-project budgets, hash-only payload capture (with encrypted-at-rest opt-in), Outcome API, memory-candidates reviewer, and CUR reconciliation are all live. MPP discovery + 402 + quote + sessions are live; production Stripe SPT settlement is gated on Stripe Link SPT GA. The full status table is at /status.json.

The four pillars

Visible — see every call, provider, model, cost, cache hit, policy decision, receipt, and outcome.
Controlled — enforce budgets, policies, provider routing, payload-capture rules, and sandbox limits.
Verified — every call can carry a signed receipt, verifiable against public JWKS — no prxy code required.
Compounding — outcomes create memory candidates; reviewer-promoted candidates become reusable patterns. Receipts → outcomes → patterns → better future calls.

Get started in 5 minutes

1. Try the sandbox

5 real Bedrock calls, 5 signed receipts, no signup.

2. Cloud BYOK setup

Get a key, register a provider key, swap one env var.

3. Verify a receipt

Browser, CLI, or library — same canonicalize-and-verify path.

4. Submit an outcome

Anchor a learning signal on a receipt id.

5. Watch a memory candidate

Promote useful candidates into reusable patterns.

6. Production / self-host

Cloud-backed or MIT prxy-monster-local — same modules.

Concepts

Visibility & control

What the gateway sees, what it stores, what you can enforce.

Receipts

Schema, visibility levels, signing, JWKS, verification.

Outcomes

Anchor a learning signal on a receipt. The bridge from ledger to learning.

Memory candidates

Reviewer-promoted candidates become reusable patterns.

Payload capture

hash_only / encrypted_at_rest / none.

Module compatibility

Provider support, capability requirements, and fallback behavior.

Monster Log

Dated AI agent incidents mapped to modules.

Benchmarks

Reproducible module fixtures and commands.

API reference

Messages (Anthropic)

POST /v1/messages — Anthropic Messages-compatible.

Chat Completions (OpenAI)

POST /v1/chat/completions — OpenAI-compatible.

Outcomes

POST /v1/outcomes + GET /v1/receipts/:id/outcomes.

Receipts

GET /v1/receipts/:id + visibility filtering.

Anonymous sandbox

POST /v1/anon/sessions and how the sandbox emits public_demo receipts.

Agent payments (MPP)

Discovery, 402 challenge, quote, sessions.

Compatibility

Supported, partial, planned, and unsupported routes.

Security & data retention

Row-by-row matrix of what’s retained and where.

The shortest possible “hello”

export ANTHROPIC_BASE_URL=https://api.prxy.monster
export ANTHROPIC_API_KEY=prxy_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
curl https://api.prxy.monster/v1/messages \
  -H "Authorization: Bearer $ANTHROPIC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-sonnet-4-6",
    "max_tokens": 256,
    "messages": [{"role": "user", "content": "Say hi"}]
  }' -i

The response carries three headers you can verify:

Payment-Receipt: https://receipts.prxy.monster/r/<id>
Payment-Receipt-Digest: sha-256=:<base64>:
Payment-Receipt-Kid: prxy-receipt-2026-q2

Next: try the sandbox →