Deli is in active development. Here’s a transparent look at what’s shipped, what’s coming next, and where we’re headed.
Transparency matters. Here’s what we’ve shipped recently.
RFC 6749-compliant with PKCE enforcement (RFC 7636), authorization code flow, token revocation (RFC 7009), and server metadata (RFC 8414). Full E2E flow verified on production.
API keys encrypted at rest with unique random IV per key. Authentication tags for integrity verification. Decrypted only in-memory during proxy forwarding.
Secure request forwarding to OpenAI, Anthropic, Stripe, and GitHub. Real-time key decryption, complete request/response logging, and usage tracking.
RLS enabled on credential tables. Security audit log tracks all credential access events with actor, target, and metadata.
Four-tier rate limiting: auth (10/15min), general (100/15min), proxy (60/min), token (20/15min). Per-token rate limiting added — each OAuth token is independently rate-limited (30 req/min, configurable) to contain impact of compromised tokens.
Real-time event delivery with HMAC SHA-256 signature verification and timing-safe comparison. Configurable per application.
PBKDF2-derived unique encryption keys per developer/user account, replacing the single global key. All credential paths (identity mappings, app services, user keys) use account-isolated encryption.
Per-user governance mode that strips all non-billing metadata from proxy logs. Only minimum billing data (userId, timestamp, tokenCount, provider) is retained. Configurable via API, SDK, and CLI.
Published on npm. Agent-based authentication, direct API calls through proxy, and local configuration management.
TypeScript SDK with OAuth 2.0 PKCE client, service-specific helpers (OpenAI, Anthropic, Stripe, GitHub), and proxy API client. Defaults to production.
client_credentials grant for AI agents. Scoped tokens, full audit trail, secret rotation, and per-agent deactivation.
Configure data retention mode per user via REST API, SDK methods (governance.configure, governance.status), and CLI commands (deli governance set/status).
Run a local HTTP proxy server that intercepts agent requests and injects real Deli credentials. Agents set a placeholder token; the proxy swaps it for the real credential before forwarding to api.withdeli.com. Host allowlist enforced — requests to non-configured services are blocked. No VM or QEMU required.
Time-limited, scoped access tokens for stored credentials. Generate a shareable URL with configurable expiry (15m to 30d), optional one-time-use, and optional password protection. Full audit trail on redemption.
App management (CRUD), agent management with scoped credentials, analytics dashboard with 30-day historical data, credential identity mappings.
API key storage per service (OpenAI, Anthropic, Stripe, GitHub), authorization review and revocation, activity monitoring, account settings.
8-section docs with sidebar navigation covering 40+ endpoints, OAuth flow, proxy usage, SDK, and agent authentication.
Drip campaign for new developer sign-ups to drive activation. Resend integration is in place.
Middleware-enforced routing boundaries between developer and user portals. Unauthenticated requests are redirected to the appropriate login page.
Distinct entry points for developer and user portals, currently sharing a domain.
Prepaid credit packs via Stripe Checkout. Credits deducted per proxy call based on token usage. Balance tracking and transaction history.
Per-token cost tracking across all providers. Real-time balance updates after each proxied request.
Configurable budget limits and alerts per app or agent. Auto-pause when limits are reached.
Link Ethereum addresses to agents for verifiable on-chain identity across EVM-compatible chains.
Cryptocurrency-based micro-transaction billing for proxied API calls. Architecture designed; awaiting ecosystem maturity.
Expand on-chain identity and payment support beyond Ethereum to additional chains.
Multi-user developer accounts with role-based access control for apps and agents.
SAML/OIDC single sign-on integration for enterprise developer accounts.
Expand the proxy to support more services beyond the current four.
Comprehensive internal security audit across 8 categories: memory safety, transport security, sanitization, isolation, rate limiting, key derivation, TEE readiness, and forensics. Tier 1 fixes shipped: response sanitization, per-token rate limits, enhanced headers, secure memory clearing.
Framework token secret now fails hard at startup in production environments (no insecure fallback). Wallet address derivation corrected to use ethers.js (previous implementation derived incorrect addresses). Proxy-chat async error boundary added to prevent silent unhandled rejections.
Comprehensive Vitest coverage targeting 30%+ across API endpoints, OAuth flows, and proxy logic.
Baseline behavior tracking per agent with real-time deviation alerts. Flags unusual service switching, abnormal request volumes, and other compromise indicators.
Cryptographically signed audit events stored in append-only format. Log integrity verification endpoint. Database compromise cannot silently falsify the audit trail.
External penetration test and audit of the full credential proxy stack.
Have a feature request or want to follow along?