← RESOLVE corpus

Governed Conversational Assistant

Seed-derived from Doc 282. ENTRACE Stack active. Empirical study (Cohen's d > 3).

Bring Your Own Key

This assistant runs on your Anthropic API key using a prepare/execute security model. When this page loaded, the server generated a unique action token. When you enter your key, it is sent exactly once to bind to that token. After binding, only the opaque token is used — your raw key is not included in subsequent request headers.

Your key and your conversation are held in server memory only — not written to disk, to a database, or to logs under the current implementation. Server restart = everything gone. Sessions auto-expire after 1 hour. The server operator's key is not used. Get an API key

Informed Consent Required

By entering your API key, you acknowledge that:

  • Anthropic advises against sharing your API key with third-party services. See Anthropic's documentation: API keys should be kept secure and not exposed to untrusted parties.
  • This is a third-party service operated by Jared Foy in southern Oregon, not by Anthropic. You are trusting this server's code with your key for the duration of your session.
  • We mitigate this trust requirement architecturally using a prepare/execute security model where your key transits once and is held in server memory only (never disk). But architectural mitigation is not zero risk.
  • You can verify the code yourself — click "Show Me the Code" below, or view the public GitHub repo. The code running on this server is the code in that repo.
  • Defense in depth — single-use token rotation. Your key is bound to an opaque action token via a one-time POST. After each chat request, the token is consumed and a new one is issued. Each token is used at most once — an intercepted token has a short reuse window bounded by the rotation cadence; origin validation on the bind and chat endpoints further narrows the cross-origin attack surface.
  • Rotate your Anthropic API key when you are done. We cannot confirm you are on a secure local network. After testing, go to console.anthropic.com/settings/keys and rotate (delete + regenerate) the key you used here. This eliminates any residual risk regardless of our architecture.
  • You accept this risk voluntarily. If you are not comfortable, do not enter your key. You can still read the entire RESOLVE corpus without it.

Don't trust me. See how the architecture narrows the trust required and bounds specific risks.

This security model was derived from first principles — the derivation inversion applied to API key handling via the PRESTO prepare/execute pattern. The architecture narrows specific classes of risk structurally rather than by policy — prepare/execute bounds the key's transit to a single POST, in-memory-only storage keeps the key off disk, single-use token rotation limits the usable window of any intercepted token, and origin validation on the bind and chat endpoints closes cross-origin paths. Residual risks (dependency vulnerabilities, server compromise, supply-chain attacks on CDN resources, and bugs in this code) remain. Rotate your API key after use; that is the practical mitigation the architecture cannot provide. Perform a complete security audit yourself: github.com/jaredef/jaredfoy.com