clawshell 0.0.1

# ClawShell Configuration

# Log level: trace, debug, info, warn, error
log_level = "info"

[server]
host = "127.0.0.1"
port = 18790

[upstream]
base_url = "https://api.openai.com"
anthropic_base_url = "https://api.anthropic.com"

# Virtual-to-real API key mappings
# Multiple virtual keys can map to the same real key.
# The "provider" field determines which upstream to use ("openai" or "anthropic").
# Defaults to "openai" if not specified.

[[keys]]
virtual_key = "vk-alice-001"
real_key = "sk-your-real-openai-key-here"
provider = "openai"

[[keys]]
virtual_key = "vk-bob-002"
real_key = "sk-your-real-openai-key-here"
provider = "openai"

[[keys]]
virtual_key = "vk-service-003"
real_key = "sk-another-real-key"
# Uses the default rate limit and provider (openai) when not specified

[[keys]]
virtual_key = "vk-claude-001"
real_key = "sk-ant-your-real-anthropic-key-here"
provider = "anthropic"

# Data Loss Prevention (DLP)
# Each pattern has a name, a regex, and an action.
# action = "redact" (default): Reject the request with 400 Bad Request.
# action = "redact": Replace matches with [REDACTED:<name>] and forward.
# scan_responses: When true, upstream responses are also scanned and PII is redacted.
[dlp]
scan_responses = false
patterns = [
    { name = "ssn",             regex = '\b\d{3}-\d{2}-\d{4}\b',                                       action = "redact" },
    { name = "visa_card",       regex = '\b4[0-9]{12}(?:[0-9]{3})?\b',                                  action = "redact" },
    { name = "visa_mastercard", regex = '\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})\b',              action = "redact" },
    { name = "mastercard",      regex = '\b5[1-5][0-9]{14}\b',                                          action = "redact" },
    { name = "amex_card",       regex = '\b3[47][0-9]{13}\b',                                           action = "redact" },
]