Security
ClawPipe sits between your application and your LLM providers. That's a sensitive position. This page documents what we protect, how we protect it, and how to report a vulnerability.
The short version. API keys are hashed. Provider secrets are encrypted at rest. Prompt content is never logged. The gateway runs on Cloudflare's edge with isolation per Worker invocation. You can also run the SDK fully local and never touch our gateway.
Data at a glance
| Data | Storage | Protection |
|---|---|---|
| Account password | D1 | Argon2id hash, never plaintext |
| Session token | HttpOnly cookie | Signed JWT, 30-day expiry |
| Project API key | D1 | SHA-256 hash, plaintext shown once |
| Provider API key (BYOK) | Cloudflare KV | Encrypted at rest, decrypted at request time only |
| Prompt text | Not stored | Hash-only for cache lookup |
| Request metadata | D1 | Provider, model, tokens, latency, cost |
Authentication
- Email + password with Argon2id hashing (configurable cost parameters).
- Optional OAuth 2.0 with Google and GitHub. Only
profileandemailscopes are requested. - Session cookies are
HttpOnly,Secure, andSameSite=Lax. - API key auth for gateway requests uses SHA-256 hashed lookups — plaintext keys are never written to storage after creation.
Authorization
- Every gateway request is validated against the project's key hash before any provider dispatch.
- Analytics and logs endpoints require both a valid bearer key and the matching
X-Project-Idheader. - Per-project rate limiting enforced at the KV layer before any D1 write.
- Daily tier caps enforced on every request (Free: 1,000/day, Pro: 100,000/day).
Encryption
- In transit. TLS 1.3 everywhere. HSTS enabled on all subdomains.
- At rest. D1 and KV are encrypted by Cloudflare. Provider API keys are additionally wrapped with a gateway-held key before write.
- Keys in code. All secrets live in
wrangler secret. None are checked into the repository.
Network and isolation
- The gateway runs on Cloudflare Workers — every invocation is a fresh, isolated V8 context with no shared state between tenants.
- No long-lived servers. No SSH. No persistent shells. There is nothing for an attacker to land on.
- The SDK runs locally in your process. When you use the SDK offline (Ollama, llamafile), your prompts never touch our network at all.
Secret handling
- API keys are displayed once on creation and never shown again. Rotation generates a new key and invalidates the old one in the same write.
- Provider keys (OpenAI, Anthropic, etc.) are stored encrypted in KV per project.
- Logs are scrubbed for common secret patterns before they are written.
- Prompt content is never logged. Only a SHA-256 hash is stored for cache lookup.
Logging and audit
- Auth events (login, signup, password change, OAuth link) are written to an audit table.
- Admin and billing actions are audited with actor, timestamp, and action.
- Per-request telemetry captures provider, model, token counts, latency, and cost — never prompt or response text.
- Customers on the Team and Enterprise plans can export audit logs to their own SIEM.
Development and CI
- Every pull request runs SAST, dependency vulnerability scan, secret scan, and license compliance scan.
- Unit, integration, and smoke tests must pass before merge. Coverage gates enforced in CI (≥90% line, ≥85% branch, 100% on auth/payments/rate-limit code).
- Pre-push hook runs a full customer-journey smoke test (signup → project creation → live SDK call → cleanup) against production before every push to main.
- Release blocking: any unresolved Critical or High vulnerability blocks a deploy.
Third-party providers
- Cloudflare. Hosting, DNS, KV, D1, Workers. SOC 2 Type II, ISO 27001, ISO 27018.
- LemonSqueezy. PCI DSS compliant payments. We never see card numbers.
- OAuth providers. Google and GitHub, optional, least-privilege scopes.
Responsible disclosure
If you find a vulnerability, please email [email protected] with enough detail to reproduce it. We commit to:
- Acknowledging the report within 48 hours.
- A triage response within 5 business days.
- A remediation plan within 30 days for Critical/High issues.
- Public credit (with your permission) for the fix.
Please do not run scans or exploit tests against production accounts other than your own. Do not access or modify other users' data. We will not pursue action against researchers who act in good faith.
Compliance roadmap
ClawPipe is a young product. We do not yet carry SOC 2 or ISO certifications in our own name. Our immediate roadmap: HIPAA-eligible deployment option for Enterprise, SOC 2 Type I audit in 2026, and Type II in 2027. Enterprise customers with specific compliance needs should contact [email protected].