Documentation

API Reference

The Pretense proxy exposes a local HTTP API on port 9339. It speaks both the Anthropic and OpenAI API formats.

Base URL

http://localhost:9339

Start the proxy with pretense start before making requests.

POST /v1/messages POST /v1/chat/completions GET /health GET /audit POST /scan

POST/v1/messages

Anthropic-compatible messages endpoint. Drop-in replacement for the Anthropic API. Requests are mutated before forwarding; responses are reverse-mutated before returning.

The x-pretense-mutations header reports how many identifiers were mutated in this request.
Streaming (stream: true) is supported via SSE.
All Anthropic API parameters are forwarded unchanged after mutation.

Request body

{
  "model": "claude-opus-4-5",
  "max_tokens": 1024,
  "messages": [
    {
      "role": "user",
      "content": "Refactor getUserToken() to use async/await"
    }
  ]
}

Response

{
  "id": "msg_01XFDUDYJgAACzvnptvVoYEL",
  "type": "message",
  "role": "assistant",
  "content": [
    {
      "type": "text",
      "text": "Here is the refactored getUserToken() using async/await..."
    }
  ],
  "model": "claude-opus-4-5",
  "stop_reason": "end_turn",
  "usage": { "input_tokens": 25, "output_tokens": 248 },
  "x-pretense-mutations": 3,
  "x-pretense-session": "sess_a8f2c1"
}

POST/v1/chat/completions

OpenAI-compatible chat completions endpoint. Use this with Cursor, the OpenAI SDK, or any tool that accepts an OpenAI base URL.

Streaming (stream: true) is fully supported.
The proxy routes to OpenAI, Anthropic, or a custom endpoint based on the model prefix.
Your original API key is passed through to the upstream provider.

Request body

{
  "model": "gpt-4o",
  "messages": [
    {
      "role": "user",
      "content": "What does calculateRisk() return when input is null?"
    }
  ],
  "temperature": 0.3
}

Response

{
  "id": "chatcmpl-abc123",
  "object": "chat.completion",
  "created": 1710000000,
  "model": "gpt-4o",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "When calculateRisk() receives null, it returns..."
      },
      "finish_reason": "stop"
    }
  ],
  "usage": {
    "prompt_tokens": 22,
    "completion_tokens": 94,
    "total_tokens": 116
  }
}

GET/health

Health check endpoint. Returns proxy status, version, and uptime. Useful for monitoring and CI readiness checks.

Returns HTTP 200 when healthy, 503 when the proxy cannot reach upstream providers.
Use this as a readiness probe in Docker or Kubernetes deployments.

Response

{
  "status": "ok",
  "version": "0.2.0",
  "uptime": 14382,
  "mutations_processed": 1482,
  "secrets_blocked": 3,
  "proxy": {
    "anthropic": "connected",
    "openai": "connected"
  }
}

GET/audit

Returns the mutation audit log. Each entry records what was mutated, which session triggered it, and the timestamp. This is your SOC2/HIPAA evidence trail.

Supports ?page=N and ?per_page=N query parameters.
Entries are ordered newest-first.
Export to CSV or PDF via the Pro/Enterprise dashboard.

Response

{
  "entries": [
    {
      "id": "aud_001",
      "timestamp": "2026-04-01T10:22:14Z",
      "session": "sess_a8f2c1",
      "mutations": 3,
      "secrets_blocked": 0,
      "model": "claude-opus-4-5",
      "tokens_in": 124,
      "tokens_out": 312,
      "map_id": "map_7f3b2a"
    }
  ],
  "total": 1,
  "page": 1,
  "per_page": 50
}

POST/scan

Scan a file or code string for secrets and mutable identifiers. Returns a structured report without applying any mutations.

Supported languages: TypeScript, JavaScript, Python, Go, Java.
A risk_score of 0-100 is returned (100 = critical, 0 = clean).
No data is stored or forwarded. Scan runs entirely in the local proxy process.

Request body

{
  "content": "const apiKey = \"sk-prod-abc123...\";\nfunction getUserToken() { ... }",
  "filename": "auth.ts",
  "language": "typescript"
}

Response

{
  "secrets": [
    {
      "type": "openai_api_key",
      "severity": "critical",
      "line": 1,
      "column": 16,
      "preview": "sk-prod-abc1..."
    }
  ],
  "identifiers": [
    {
      "name": "getUserToken",
      "kind": "function",
      "line": 2,
      "mutable": true
    }
  ],
  "summary": {
    "secrets_found": 1,
    "identifiers_found": 1,
    "risk_score": 95
  }
}

Authentication

The Pretense proxy does not require its own API key for local use. Pass your upstream provider key (Anthropic, OpenAI, etc.) as the Authorization header or via the standard environment variable. The proxy forwards the key to the upstream API after mutation.

Authorization: Bearer sk-ant-api03-...

Rate limits

The local proxy itself has no rate limits. Rate limits are enforced by your upstream provider (Anthropic, OpenAI). The Free tier cloud proxy is limited to 1,000 requests per month. Pro and Enterprise have unlimited requests.

Next steps

Quickstart guide Integrations Changelog Contact support

Was this page helpful?