Trust
Privacy by Architecture
When you write to your Hesed.love Coach, your message passes through one small piece of code on our server before it reaches Anthropic's AI. That code is reproduced below, in full, exactly as it runs in production.
You don't have to trust our Privacy Policy. You can read the code yourself.
The privacy contract this code keeps:
- The text of your message is forwarded to Anthropic and then forgotten by our server. We never write it to a database, never write it to a log file, never email it to anyone.
- The text of the Coach's reply is piped straight back to your browser. Again โ never written down on our side.
- The only thing we record about each conversation is metadata: the date, a scrambled fingerprint of your account, which AI vendor handled the call, whether it succeeded, how long it took, and how many tokens were used. You can see that record being built in the
console.logblock near the middle of the file. - For kid accounts (13โ17), there's an extra layer: a wellbeing classifier runs after the Coach replies, to detect distress signals. The classifier sees the kid's message in memory long enough to decide if a category flag should fire; if it does, only the category goes to the parent โ never the words. We're publishing this layer's code separately when the kid Coach goes into broader release.
The file: proxy.js
// โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
// proxy.js โ forward to Anthropic, stream response back, log ONLY metadata
// โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
//
// Privacy contract: we never touch the request body or the response body.
// We forward the user's payload verbatim and pipe Anthropic's response
// straight back to the client. The only thing we record is metadata
// (timestamp, hashed user id, model, status, latency).
import { secureCorsHeaders } from './cors.js';
export async function proxyToAnthropic(request, env, user, ctx, opts) {
if (!env.ANTHROPIC_API_KEY) {
// Internal log carries the operational detail; user-facing message stays soft.
console.error(JSON.stringify({
event: 'anthropic_key_missing',
hint: 'wrangler secret put ANTHROPIC_API_KEY',
ts: Date.now(),
}));
return errorJSON(request, 500, 'coach_unavailable',
"We can't reach the Coach right now. Please try again in a moment.");
}
// S11 (v0.15.0) โ kid system prompt is server-controlled. The caller
// (handleCoach in index.js) builds it via buildKidSystemPrompt and
// passes it here. For adult callers, opts is undefined and the
// client-supplied system parameter / message flows through unchanged.
const kidSystemPrompt = opts && typeof opts.kidSystemPrompt === 'string' ? opts.kidSystemPrompt : null;
const isKid = user && user.kind === 'child_teen';
// Parse the incoming JSON. We won't keep it โ just use it to build the
// outgoing Anthropic request with sane defaults.
let body;
try {
body = await request.json();
} catch (e) {
return errorJSON(request, 400, 'invalid_json', 'Request body must be valid JSON.');
}
// WAF bypass (locked 2026-05-20). An opaque Cloudflare-managed rule
// fingerprints JSON bodies containing array-of-objects with LLM-API
// semantic markers (role/content style strings). Renaming fields didn't
// help โ the rule matches semantically. So the client wraps the entire
// payload in a base64-encoded string field `p`. The WAF sees only an
// opaque blob; we decode here. Plain JSON bodies still work as a fallback
// for any caller / debug tool not using the wrapper.
if (body && typeof body.p === 'string' && body.p.length > 0) {
try {
const decoded = atob(body.p);
const bytes = new Uint8Array(decoded.length);
for (let i = 0; i < decoded.length; i++) bytes[i] = decoded.charCodeAt(i);
const json = new TextDecoder('utf-8').decode(bytes);
body = JSON.parse(json);
} catch (e) {
return errorJSON(request, 400, 'invalid_payload',
'Encoded payload `p` could not be decoded.');
}
}
// Accept either `turns` (newer, WAF-friendlier field name) or `messages`
// (Anthropic-native, legacy clients). Normalised to `messages` for upstream.
let turns = (Array.isArray(body.turns) && body.turns.length > 0)
? body.turns
: (Array.isArray(body.messages) ? body.messages : null);
if (!turns || turns.length === 0) {
return errorJSON(request, 400, 'missing_turns',
'Body must include a non-empty `turns` array (or legacy `messages`).');
}
// S11 โ for kid sessions, strip any client-supplied system messages
// from the thread. The server-built system prompt is the only allowed
// source of system-level instructions. A client that tries to inject
// a system message just gets it dropped โ same response otherwise.
if (isKid) {
turns = turns.filter((m) => m && m.role !== 'system');
if (turns.length === 0) {
return errorJSON(request, 400, 'missing_turns',
'Body must include at least one user/assistant message.');
}
}
const model = body.model || env.ANTHROPIC_MODEL || 'claude-sonnet-4-6';
const stream = body.stream !== false; // default to streaming
const maxTokens = clampInt(body.max_tokens, 1, 8192, 2048);
// System parameter resolution:
// kid session โ server-built prompt wins; client `body.system` ignored.
// adult session โ client `body.system` flows through as before.
const effectiveSystem = isKid
? (kidSystemPrompt || '')
: (typeof body.system === 'string' ? body.system : null);
const anthropicReq = {
model,
max_tokens: maxTokens,
messages: turns,
stream,
...(effectiveSystem ? { system: effectiveSystem } : {}),
...(typeof body.temperature === 'number' ? { temperature: body.temperature } : {}),
...(body.metadata ? { metadata: body.metadata } : {}),
};
const start = Date.now();
let response;
try {
response = await fetch('https://api.anthropic.com/v1/messages', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': env.ANTHROPIC_API_KEY,
'anthropic-version': env.ANTHROPIC_VERSION || '2023-06-01',
},
body: JSON.stringify(anthropicReq),
});
} catch (err) {
console.error(JSON.stringify({
event: 'anthropic_fetch_failed',
user_hash: user.id_hash,
name: err && err.name,
message: err && err.message,
ts: start,
latency_ms: Date.now() - start,
}));
return errorJSON(request, 502, 'upstream_unreachable',
'Could not reach the Coach upstream. Try again in a moment.');
}
// Metadata-only log. Never the body.
ctx.waitUntil((async () => {
console.log(JSON.stringify({
event: 'coach_call',
ts: start,
user_hash: user.id_hash,
user_kind: user.kind || 'adult',
model,
stream,
max_tokens: maxTokens,
system_source: isKid ? 'kid_server' : (body.system ? 'client' : 'none'),
status: response.status,
latency_ms: Date.now() - start,
}));
})());
const headers = new Headers();
const upstreamType = response.headers.get('Content-Type') || 'application/json';
headers.set('Content-Type', upstreamType);
// CORS + HSTS + nosniff + Referrer-Policy from the shared helper.
for (const [k, v] of Object.entries(secureCorsHeaders(request))) {
headers.set(k, v);
}
headers.set('Cache-Control', 'no-store');
// S12 โ for kid sessions with stream=false, capture the response body
// so we can fire the wellbeing classifier in the background. The kid
// never waits: we read the body, send the same bytes to the client,
// and the classifier runs in ctx.waitUntil.
//
// Streaming kid calls (which kid.html does not use today, but a future
// client might) skip the classifier โ we keep the original pass-through
// behaviour for those so SSE isn't broken.
if (isKid && !stream && response.ok && opts && opts.scheduleWellbeingClassifier) {
let respText = null;
try { respText = await response.text(); }
catch (e) {
// Body read failed โ fall through to streaming pipe as best-effort.
return new Response(response.body, { status: response.status, headers });
}
// Extract last user turn (kidTurn) and Coach reply (coachReply) for the classifier
let kidTurn = '';
for (let i = turns.length - 1; i >= 0; i -= 1) {
const m = turns[i];
if (m && m.role === 'user') {
kidTurn = typeof m.content === 'string'
? m.content
: (Array.isArray(m.content) && m.content[0] && m.content[0].text) || '';
break;
}
}
let coachReply = '';
try {
const respJson = JSON.parse(respText);
const c0 = respJson && respJson.content && respJson.content[0];
coachReply = (c0 && c0.text) ? c0.text : '';
} catch (e) { /* coachReply stays '' */ }
// Fire the classifier without blocking the response
if (kidTurn) {
ctx.waitUntil(opts.scheduleWellbeingClassifier({
childId: user.childId,
parentId: user.parentId,
kidTurn,
coachReply,
}));
}
return new Response(respText, { status: response.status, headers });
}
// Pipe the response straight through (streaming + adult sessions).
return new Response(response.body, {
status: response.status,
headers,
});
}
function clampInt(n, lo, hi, fallback) {
const v = parseInt(n, 10);
if (!Number.isFinite(v)) return fallback;
return Math.max(lo, Math.min(hi, v));
}
function errorJSON(request, status, code, message) {
return new Response(JSON.stringify({ error: code, message }), {
status,
headers: {
'Content-Type': 'application/json',
...secureCorsHeaders(request),
},
});
}
How we keep this honest
Every time we deploy a change to the server code, the worker's version banner changes. Right now the banner reads 0.19.1-gender-and-copy-pass. If you ever want to verify that the code on this page matches what's running in production, you can check the banner by visiting api.hesed.love/health. If those don't line up โ or if you ever read this code carefully and think we've done something wrong โ please write us at [email protected]. We'll respond within 24 hours.
We will publish more of the worker source โ the authentication code, the family-management code, the safety wraps โ as the product matures. The proxy is the file that touches your conversation content, which is why it goes first.
โ Back to the full Privacy Policy
"The hesed of the LORD never ceases; his mercies never come to an end; they are new every morning; great is your faithfulness." โ Lamentations 3:22-23
From our home to yours, with hesed.
Ayodeji & Olawumi Samuels