# prxy.monster > Compress every call. Prove every save. Learn what works — with a base URL change. prxy.monster is a closed loop for AI agent calls: compress context before the model sees it, prove what happened on a signed Ed25519 receipt, learn from verified outcomes into patterns that ride into the next call. Drop it in front of Anthropic, OpenAI, Google, Groq, AWS Bedrock, or OpenRouter. BYOK by default. The MIT prxy-monster-local edition runs the same pipeline on your hardware with no telemetry. ## If you are an AI agent — make your first call now (no human, no signup) Base URL: `https://api.prxy.monster`. You can use prxy autonomously, in this order: 1. **Free sandbox — no account, no key.** Open an anonymous session (5 real calls + 5 signed receipts): ``` curl -s -X POST https://api.prxy.monster/v1/anon/sessions # → { "anon_token": "...", "requests_remaining": 5 } ``` Then call normally with that token — Anthropic- or OpenAI-shaped: ``` curl -s https://api.prxy.monster/v1/chat/completions \ -H "Authorization: Bearer " -H "content-type: application/json" \ -d '{"model":"claude-sonnet-4-6","messages":[{"role":"user","content":"hi"}]}' ``` Every response carries a `Payment-Receipt` header, verifiable offline against the JWKS. 2. **Pay per call — still no human (MPP / HTTP 402).** When you need more than the sandbox, POST to the managed route with no key and pay per call with a Stripe Shared Payment Token (no account, no provider key): ``` curl -s -X POST https://api.prxy.monster/v1/agent/messages -d '{ ...your request... }' # → 402 Payment Required + WWW-Authenticate: Payment (amount, currency, challenge) ``` Retry the SAME body with `Authorization: Payment `. On success you get the model output plus a signed `Payment-Receipt`. Discovery + live prices: https://api.prxy.monster/.well-known/mpp 3. **Higher limits — a human signs up once.** Free at https://lair.prxy.monster/sign-up: 5,000 requests/month, then pay-as-you-go ($0.25 / 1,000 requests) from prepaid credits. Use `Authorization: Bearer prxy_...`. You never have to trust prxy: every receipt is Ed25519-signed and verifiable offline against https://api.prxy.monster/.well-known/prxy-receipt-keys.json — no prxy call required to confirm it. ## The loop (compress → prove → learn) 1. **Compress** — default pipeline: `mcp-optimizer,exact-cache,semantic-cache,structured-crusher,code-crusher,ipc,patterns`. Crushers shrink JSON/code tool outputs; caches short-circuit repeats; IPC keeps long sessions inside the window. Optional CCR (`structured-crusher` with `ccr:true` + `ccr-inject`) stores originals for `prxy_retrieve`. 2. **Prove** — every routed call can ship `Payment-Receipt` headers: identity, cost with pricing provenance, `module_chain`, `cache_status`, per-module `tokens.saved`, four canonical hashes. Verify offline via `/.well-known/prxy-receipt-keys.json`. 3. **Learn** — `POST /v1/outcomes` anchors on `receipt_id`. Positive outcomes queue `memory_candidates`. Reviewer promotes to `patterns`. Patterns inject on the next call. Receipts are never mutated. ## Four pillars (same loop, different lens) - **Visible** — cost, cache, policy, module chain, receipt, outcome — per call. - **Controlled** — budgets, guardrails, payload capture (hash_only default), routing. - **Verified** — Ed25519 receipts + JWKS; compression savings auditable on the receipt. - **Compounding** — only reviewer-promoted patterns from verified outcomes. ## Production APIs - Homepage: https://prxy.monster/ - Sandbox (no signup, 5 real calls + 5 signed receipts): https://prxy.monster/sandbox/ - Docs: https://docs.prxy.monster/ - OpenAPI: https://api.prxy.monster/openapi.json - API health: https://api.prxy.monster/health - Catalog: https://api.prxy.monster/v1/catalog - Capabilities: https://api.prxy.monster/v1/capabilities - Anthropic Messages-compatible: `POST https://api.prxy.monster/v1/messages` - OpenAI Chat Completions-compatible: `POST https://api.prxy.monster/v1/chat/completions` - Outcomes: `POST https://api.prxy.monster/v1/outcomes` - Anonymous sandbox session: `POST https://api.prxy.monster/v1/anon/sessions` ## Receipts - Receipt JWKS: https://api.prxy.monster/.well-known/prxy-receipt-keys.json - Active signing kid: prxy-receipt-2026-q2 - Receipt verification flow (markdown): https://api.prxy.monster/.well-known/prxy-receipts.md - Receipt fetch: `GET https://api.prxy.monster/v1/receipts/:id` - Public receipt detail page: https://receipts.prxy.monster/r/ - Public receipts surface: https://receipts.prxy.monster - Algorithm: Ed25519 - Canonicalization: RFC 8785 JCS + Unicode NFC - Default payload capture: hash_only (four sha-256 hashes; no plaintext stored) - Opt-in payload capture: encrypted_at_rest under customer X25519 public key (live; algorithm x25519-xchacha20-poly1305-v1) - Compliance opt-out: payload_capture: none (no capture beyond receipt hashes) Every successful call returns three response headers: `Payment-Receipt` (URL), `Payment-Receipt-Digest` (RFC 9530 sha-256), and `Payment-Receipt-Kid` (JWKS key id). Streaming calls also get `Payment-Receipt-Provisional: true` at stream open and a finalized triple at stream close. Customers verify the receipt offline by canonicalizing the body via JCS and checking the signature against the JWKS public key. ## Visibility levels - `private` — default. Visible only to the owning tenant + lair operator. - `public_demo` — anonymous sandbox receipts. receipt_id, verified status, provider, model, status, tokens, cost, module_chain, cache_status, policy_decision, payload_capture, environment, signing metadata. Tenant / project / agent / IP / trace IDs hidden. - `public_minimal` — opt-in. Same shape as public_demo with the agent handle attached when an agent_profile is claimed. - `public_redacted` — opt-in. Public proof of work, redacted by policy before publish. - `public_full` — opt-in. Full receipt body published; nothing redacted. ## Outcomes (the compounding loop) - POST /v1/outcomes with `receipt_id`, `outcome` (one of 11 enum values), optional `notes` (hashed sha-256 server-side), and a `source` enum (5 values). - Positive outcomes (succeeded, partially_solved, user_satisfied, tool_chain_succeeded) feed the `memory_candidates` queue. - A reviewer in lair (/dashboard/admin/memory-candidates) promotes useful candidates into the `patterns` table. We never auto-promote. - Patterns ride into future calls via the `patterns` module (system-prompt injection on relevant requests). - Outcomes themselves are append-only; receipts are never mutated. ## Auth and billing API-key BYOK routes use `Authorization: Bearer `. Customers bring provider keys; providers bill customers directly. Per-request gateway pricing; prxy.monster does not mark up provider inference. Human pricing page: https://prxy.monster/pricing/ Managed MPP uses `POST /v1/agent/messages` and `Authorization: Payment ...`. Direct settled calls are $0.50; funded sessions provide an effective $0.05 per call. Both include prxy pipeline execution and the upstream model call. MPP discovery, the HTTP 402 challenge flow, /v1/agent/quote, /v1/agent/sessions, production settlement, and Payment-Receipt headers are live. ATXP MCP, native x402, and Tempo remain separate blocked or planned rails. ## Anonymous sandbox - POST /v1/anon/sessions returns a token; the token never persists at rest (only its sha-256 hash + ip_hash + counters). - 5 real Bedrock Nova Micro inference calls per session. - Receipts emitted with `visibility: public_demo`, `environment: demo`, `cost_estimate_confidence: complete`. - Tenant / project / agent / IP / trace IDs hidden on the public receipt page; signature still verifiable. - Sandbox is for evaluation only — do not paste secrets, private code, or customer data. ## Per-project budgets + payload capture controls - `enforcement_mode`: off / warn / hard_fail per project. hard_fail emits a signed `blocked` receipt for the audit trail. - `payload_capture` per api_key: hash_only (default) / encrypted_at_rest / none. - Cost computed via signed pricing tables for Anthropic, OpenAI, Google, Bedrock. OpenRouter rides cost_estimated_usd: null + low confidence pending /generation/:id lookup. ## Operator dashboard (lair.prxy.monster) - /dashboard/transactions — every routed call with attribution metadata - /dashboard/cost — cost over time grouped by day / model / agent / project / tenant; CSV export; CUR drift card - /dashboard/agents — per-agent leaderboard with cache rate, block rate, latency p50/p95 - /dashboard/projects — per-project leaderboard; same shape - /dashboard/verify — paste a receipt URL or JSON; in-browser Web Crypto Ed25519 verification - /dashboard/admin/projects — operator UI for projects + budgets + enforcement mode - /dashboard/admin/api-keys — operator UI for api_key metadata + browser-side X25519 keypair generation - /dashboard/admin/memory-candidates — reviewer UI to promote / reject candidates Lair is operator-internal today; per-tenant Clerk auth lands in a follow-up. ## Machine-readable files - Full LLM context: https://prxy.monster/llms-full.txt - Status: https://prxy.monster/status.json - Pricing JSON: https://prxy.monster/pricing.json - Modules JSON: https://prxy.monster/modules.json - Providers JSON: https://prxy.monster/providers.json - Integrations JSON: https://prxy.monster/integrations.json - Agent manifest: https://prxy.monster/agents.json - Monster Log: https://prxy.monster/monster-log/ (JSON: https://prxy.monster/monster-log.json) - Benchmarks: https://prxy.monster/benchmarks/ (JSON: https://prxy.monster/benchmarks.json) ## Modules (17 verified) 17 official @prxy-official modules, all verified, all free, all cloud + local. Default pipeline: `mcp-optimizer,exact-cache,semantic-cache,structured-crusher,code-crusher,ipc,patterns`. `ccr-inject`, `ccr-retrieve`, `code-crusher`, `compaction-bridge`, `cost-guard`, `exact-cache`, `guardrails`, `ipc`, `mcp-optimizer`, `patterns`, `prompt-optimizer`, `rehydrator`, `router`, `semantic-cache`, `steel-browser`, `structured-crusher`, `tool-cache`. Each module declares: `compatibility.providers` (which of Anthropic / OpenAI / Google / Groq / Bedrock / OpenRouter), `compatibility.requires` (chat, streaming, tools, prompt caching, embeddings, etc.), `compatibility.fallback` (skip / degrade / block), and `receiptMetadataEmitted` (which fields land on the receipt). Marketplace: https://modules.prxy.monster ## Compatibility - Supported: Anthropic Messages, OpenAI Chat Completions, Claude Code via Anthropic base URL, OpenAI / Google / Groq / Bedrock / OpenRouter providers, SSE streaming, hash-only and encrypted-at-rest payload modes, BYOK and managed MPP routes. - Partial: Cursor, Cline, Aider, Continue (single base URL configuration), streaming post-hooks (some modules run pre-hooks only when streaming is enabled). - Not supported today: OpenAI Responses API, OpenAI Assistants API, Realtime API. ## Trust - Security: https://prxy.monster/security/ - Privacy: https://prxy.monster/privacy/ - Data retention matrix: https://prxy.monster/data-retention/ - Subprocessors: https://prxy.monster/subprocessors/ - Public receipts surface: https://receipts.prxy.monster - Receipt JWKS: https://api.prxy.monster/.well-known/prxy-receipt-keys.json - No foundation-model training on customer requests, completions, or outcome notes. ## What we are not - Not an inference provider. The provider runs the model and bills inference; prxy bills the gateway / control layer. - Not a generic log sink. We provide agent-call visibility through receipts, outcomes, cost dashboards, and module metadata — the auditable output of the gateway pipeline, not a dumping ground for arbitrary log lines. - Not a web proxy or VPN. - Not affiliated with prxy.com.