Shroud
Shroud is 1claw’s LLM proxy: your agent sends requests to Shroud instead of directly to the provider. Shroud authenticates the agent, (optionally) resolves the provider API key from the vault, runs threat detection and secret redaction, then forwards the request to the upstream LLM. Use it to block prompt injection, redact secrets from prompts, centralize provider keys, and sign transactions inside the TEE.
Try out the examples in this repo: Shroud Demo (health, Intents API, LLM proxy), Shroud LLM (LLM Token Billing + Stripe AI Gateway), Shroud Security (threat detection with MCP), and Local Inspect (same detections offline, no account).
Per-Agent Configuration (shroud_config)
Each agent with shroud_enabled: true can have a shroud_config JSON object. Configure via Dashboard (Agents → Shroud LLM Proxy), API (PATCH /v1/agents/:id), SDK, or CLI.
Basic settings
| Field | Type | Description |
|---|---|---|
pii_policy | block | redact | warn | allow | How PII in LLM traffic is handled |
injection_threshold | number (0.0–1.0) | Prompt injection detection sensitivity |
context_injection_threshold | number (0.0–1.0) | Context injection detection sensitivity |
allowed_providers | string[] | LLM providers the agent may use (empty = all) |
allowed_models | string[] | Models the agent may use (empty = all) |
denied_models | string[] | Models explicitly blocked |
max_tokens_per_request | number | Token cap per LLM request |
max_requests_per_minute | number | Per-minute rate limit |
max_requests_per_day | number | Per-day rate limit |
daily_budget_usd | number | Daily LLM spend cap in USD |
enable_secret_redaction | boolean | Redact vault secrets from LLM context |
enable_response_filtering | boolean | Filter sensitive data from LLM responses |
Threat detection (per detector)
Nested objects (e.g. social_engineering_detection, network_detection, encoding_detection, command_injection_detection, filesystem_detection, unicode_normalization) include enabled and an action where applicable: block (HTTP 403 when the pipeline detected a match), warn / log (allow through but log), or encoder-specific values like decode for encoding_detection.