Trust and architecture

A narrow control layer with explicit evidence.

The public dashboard runs on Vercel. The proxy does not: it runs as a Node 22 service managed by PM2 on a MassiveGRID VPS, behind Caddy at api.cachepilot.clclabs.ai, and writes content-free telemetry to Neon Postgres.

Content-free by default

Telemetry stores hashes and operational metadata. Prompt and output storage are disabled by default.

Bring your own key

The workload supplies its upstream provider credential; CachePilot forwards it in memory for the request.

Encrypted transport

Public proxy traffic terminates over TLS at Caddy before forwarding to the local Node service.

Scoped project identity

X-CachePilot-Key resolves the project policy, plan, mode, rate limit, and attribution boundary.

Versioned policy

Policy versions and hashes provide an auditable record of the governance envelope applied to traffic.

Receipt evidence

X-CP-* headers expose policy, mode, mutations, hashes, cache usage, and output-budget evidence where supported.

Request data flow

Client → TLS/Caddy → CachePilot authentication and policy resolution → provider API → receipt and response → content-free telemetry. The dashboard reads the shared telemetry and policy database; it is not in the model-request path.

Agent or application
  └─ Authorization: Bearer <provider key>
  └─ X-CachePilot-Key: cp_live_...
       ↓ TLS
Caddy on CachePilot MassiveGRID VPS
       ↓ localhost
CachePilot proxy (PM2 / Node 22)
       ├─ resolve project + mode + policy
       ├─ observe or enforce supported controls
       ├─ forward to OpenAI or Anthropic
       └─ return response + X-CP-* receipt
              ↓
       Neon content-free telemetry → Vercel dashboard
Failure boundary. CachePilot is in-band for routed model requests. If the proxy is unavailable, those requests cannot complete unless your application deliberately implements a direct-provider fallback. A fallback restores availability but bypasses CachePilot governance and should be logged and alerted as an explicit policy decision.

Formal availability commitments, custom retention, security questionnaires, and incident-notification terms are scoped for managed production deployments. Contact sean@clclabs.ai.