Skip to main content

Request Flow

Sandbox                    Oshu Vault                  Upstream API
  |                             |                              |
  |  CONNECT api.anthropic.com  |                              |
  |---------------------------->|                              |
  |  HTTP 200 (tunnel open)     |                              |
  |<----------------------------|                              |
  |                             |                              |
  |  POST /v1/messages          |                              |
  |  x-api-key: SEALED_abc123  |                              |
  |---------------------------->|                              |
  |                             |  POST /v1/messages           |
  |                             |  x-api-key: sk-ant-real-key  |
  |                             |----------------------------->|
  |                             |                              |
  |                             |  200 OK (response)           |
  |                             |<-----------------------------|
  |  200 OK (response)          |                              |
  |<----------------------------|                              |

Components

Sealed Tokens

When you create a session, each secret gets a unique sealed token:
Secret NamePlaintext ValueSealed Token
ANTHROPIC_API_KEYsk-ant-abc123...SEALED_7f3a9b2c...
Sealed tokens are 32 hex characters prefixed with SEALED_. They are:
  • Opaque — no way to derive the real secret from the token
  • Session-scoped — only valid for the session that created them
  • Replaced on-the-fly — the proxy scans headers and bodies for the pattern

MITM Proxy

For HTTPS traffic, the proxy acts as a man-in-the-middle:
  1. The sandbox sends a CONNECT request to establish a tunnel
  2. The proxy presents a dynamically-generated TLS certificate signed by its CA
  3. The sandbox trusts this CA via NODE_EXTRA_CA_CERTS (or system trust store)
  4. The proxy decrypts traffic, replaces sealed tokens, re-encrypts, and forwards

Session Authentication

Each session has a unique ID and token, passed as Proxy-Authorization (Basic auth):
  • Username: sess_<id> — identifies the session
  • Password: tok_<token> — authenticates the request
This is encoded in the proxy URL: https://sess_id:[email protected]

Host Allowlist

Optionally restrict which hosts get token replacement: 
const session = await client.createSession({
  secrets: { ANTHROPIC_API_KEY: "sk-ant-..." },
  allowed_hosts: ["api.anthropic.com"],
});
Requests to non-allowed hosts pass through without replacement — sealed tokens remain intact in those requests.