API Reference
The Pretense proxy exposes a local HTTP API on port 9339. It speaks both the Anthropic and OpenAI API formats.
Base URL
http://localhost:9339Start the proxy with pretense start before making requests.
Authentication
The Pretense proxy does not require its own API key for local use. Pass your upstream provider key (Anthropic, OpenAI, etc.) as the Authorization header.
Authorization: Bearer sk-ant-api03-.../v1/messagesAnthropic-compatible messages endpoint. Drop-in replacement for the Anthropic API. Requests are mutated before forwarding; responses are reverse-mutated before returning.
- The x-pretense-mutations header reports how many identifiers were mutated.
- Streaming (stream: true) is supported via SSE.
{
"model": "claude-opus-4-5",
"max_tokens": 1024,
"messages": [
{
"role": "user",
"content": "Refactor getUserToken() to use async/await"
}
]
}{
"id": "msg_01XFDUDYJgAACzvnptvVoYEL",
"type": "message",
"role": "assistant",
"content": [{ "type": "text", "text": "Here is the refactored getUserToken()..." }],
"model": "claude-opus-4-5",
"stop_reason": "end_turn",
"x-pretense-mutations": 3,
"x-pretense-session": "sess_a8f2c1"
}/v1/chat/completionsOpenAI-compatible chat completions endpoint. Use this with Cursor, the OpenAI SDK, or any tool that accepts an OpenAI base URL.
- Streaming (stream: true) is fully supported.
- The proxy routes to OpenAI, Anthropic, or a custom endpoint based on the model prefix.
{
"model": "gpt-4o",
"messages": [
{
"role": "user",
"content": "What does calculateRisk() return when input is null?"
}
],
"temperature": 0.3
}{
"id": "chatcmpl-abc123",
"object": "chat.completion",
"model": "gpt-4o",
"choices": [{
"message": { "role": "assistant", "content": "When calculateRisk() receives null..." },
"finish_reason": "stop"
}],
"usage": { "prompt_tokens": 22, "completion_tokens": 94 }
}/healthHealth check endpoint. Returns proxy status, version, and uptime. Useful for monitoring and CI readiness checks.
- Returns HTTP 200 when healthy, 503 when the proxy cannot reach upstream providers.
{
"status": "ok",
"version": "0.2.0",
"uptime": 14382,
"mutations_processed": 1482,
"secrets_blocked": 3,
"proxy": { "anthropic": "connected", "openai": "connected" }
}/auditReturns the mutation audit log. Each entry records what was mutated, which session triggered it, and the timestamp.
- Supports ?page=N and ?per_page=N query parameters.
- Export to CSV or PDF via the Pro/Enterprise dashboard.
{
"entries": [{
"id": "aud_001",
"timestamp": "2026-04-01T10:22:14Z",
"session": "sess_a8f2c1",
"mutations": 3,
"secrets_blocked": 0,
"model": "claude-opus-4-5"
}],
"total": 1,
"page": 1,
"per_page": 50
}/scanScan a file or code string for secrets and mutable identifiers. Returns a structured report without applying any mutations.
- Supported languages: TypeScript, JavaScript, Python, Go, Java.
- A risk_score of 0–100 is returned (100 = critical, 0 = clean).
- No data is stored or forwarded. Scan runs entirely in the local proxy process.
{
"content": "const apiKey = \"sk-prod-abc123...\";\nfunction getUserToken() { ... }",
"filename": "auth.ts",
"language": "typescript"
}{
"secrets": [{ "type": "openai_api_key", "severity": "critical", "line": 1 }],
"identifiers": [{ "name": "getUserToken", "kind": "function", "mutable": true }],
"summary": { "secrets_found": 1, "identifiers_found": 1, "risk_score": 95 }
}Rate limits
The local proxy itself has no rate limits. Rate limits are enforced by your upstream provider (Anthropic, OpenAI). The Free tier is limited to 1,000 mutations per 7-day rolling period. Pro: 100,000 / 7 days. Enterprise: unlimited.