OpenRouter-compatible. Attested. 99.9% router availability.
Security
What is logged, what is not logged, and where prompt traffic belongs.
1 linebase_url migration
99.9%router availability
0prompt/output logs
No prompt logsTrustedRouter alpha does not store prompt or output content.
Fail closedIf attestation fails, the prompt path shuts down.
Open sourceBackend, infrastructure, config, and UI.
VerifySource commit, image reference, image digest.
Trust boundary
What touches your prompt is the part you can verify.
Metadata rows are limited to generation ID, workspace, key hash, model, provider, token counts, cost, usage type, speed, finish reason, and status.
We never log your prompt or the output. We only log metadata like tokens used and processed for billing. We log date and time, which model you use, and which region was used.
We can never claim that we're perfectly secure but we can claim that we're perfectly transparent and being open source and open about everything that we're doing.
User app
OpenAI-compatible request
Attested gateway
metadata only
Provider
Production path
api.quillrouter.com
The FastAPI control plane does not register production chat, messages, responses, or embeddings routes.
Fail closed
Attestation failure stops the API path.
It's very important that if the security attestation ever fails that we have to have it shut down, not stay open.
Verify
Trust page first.
The trust page publishes source commit, image reference, and image digest.
Open trust page
Open source standard
Demand routers you can inspect.
We should really demand that all routers be totally open source. That's really the only way to be sure that it is running things that are safe and secure.
Most importantly it's all open source software. Every part of the backend infrastructure, configuration, bring up, and UI is entirely open source.
The intention of this is to secure your prompts from anybody who can attack part of our network or any kind of attack that could be used to look at your prompts.
We cannot provide complete protection if the cloud provider has physical access to the machine in a way that lets them do something to look at it, and obviously if there's a state-level actor that has direct access we would not necessarily be able to stop that.