Drop-in replacement for the OpenAI API with built-in DLP. Scans every prompt and response for PII, credentials, and injection attacks. Routes across 6 LLM backends. Self-hosted, zero telemetry.
Client (any SDK) → OpenClaw Proxy → [DLP Scan] → LLM Backend
↓ ↓
PII blocked/redacted OpenAI / Anthropic
Injection blocked Google / Ollama
Logged + alerted vLLM / OpenClaw
| Feature | LiteLLM | Portkey | OpenRouter | OpenClaw |
|---|---|---|---|---|
| Multi-provider routing | ✅ | ✅ | ✅ | ✅ |
| PII/credential scanning | ❌ | ❌ | ❌ | ✅ |
| Injection detection | ❌ | ❌ | ❌ | ✅ |
| Security webhooks | ❌ | ❌ | ❌ | ✅ |
| Spend tracking + budgets | ✅ | ✅ | ❌ | ✅ |
| Multi-tenancy | ❌ | ✅ | ❌ | ✅ |
| Self-hosted | ✅ | ❌ | ❌ | ✅ |
| Helm chart + Prometheus | ❌ | ❌ | ❌ | ✅ |
Scans inbound prompts for PII (SSN, credit cards, API keys) and injection attacks. Scans outbound responses for PII leakage. Block, redact, or log.
Route by model prefix. gpt-* → OpenAI, claude-* → Anthropic, gemini-* → Google. Fallback chains on failure. Load balancing (3 strategies).
Per-backend cost calculation. Monthly budgets with 402 enforcement. GET /spend endpoint. Multi-tenant budgets.
Per-team API keys with own rate limits, budgets, and backend/model restrictions. Enterprise-ready out of the box.
In-memory LRU cache with TTL. Redis support for shared cache. Saves money on repeated prompts.
Live dashboard, Prometheus metrics, JSONL logs, Kafka for high-scale, X-Request-Id tracing. Grafana-ready.