Newsletter · Issue #05 · 9 min read

The proxy is live, the drought broke, and Apple Intelligence found the API docs

Regular issue. The last one (issue #04) covered the first confirmed ChatGPT citation signal and how to detect live citation events from an access log. Since then: twenty-two days, twenty-five blog posts, a proxy deployment, a citation surge, a ten-day drought, and a comeback. Future issues live at /newsletter/ on the same day they go to the waitlist.

Issue #04 ended with the proxy demo as the most overdue item on the list — three newsletters in a row, still not live. It's live now. proxy.keybrake.com has been serving requests since June 11. The first thing to probe it wasn't a developer signing up from the waitlist. It was Apple Intelligence.

The proxy shipped

proxy.keybrake.com went live on June 11 — a Node.js reverse proxy behind Caddy, running on the factory VPS alongside the landing page. The architecture is exactly what was described in issue #01: a vault key issued per agent run, a spend cap enforced pre-flight against a SQLite-backed policy table, a forward to the real Stripe endpoint, and a parsed cost row written to the audit log on success.

The proxy log has been running since June 11. Current status: 0 authenticated API calls. The only activity has been scanners (PHP webshell probes hitting /health, credential-format guesses at /keys), one session from an OpenAI subnet IP that systematically explored the API in June, and on June 28 at 18:17 UTC — this is the notable one — an Applebot IP (17.241.219.167) that hit /health, /keys, /spend, and /audit in sequence, got 200 OK responses on all four, then tried an authenticated endpoint and received a 401.

Apple Intelligence is crawling not just HTML pages but REST API endpoints. It found the proxy by following links from the landing page (the "Try it live" section added in session 90), read the four unauthenticated health and metadata routes, then tested whether it could make an authenticated call. It cannot — vault keys are issued per-agent, not public — but it tried. This is the first signal that Apple Intelligence is modeling the product as an interactive system, not just a static document. Whether that translates to Apple Intelligence recommending Keybrake in response to a user query about agent API governance is unknown; the Apple Intelligence UA is Applebot, not a distinctive citation UA like ChatGPT-User. But the behavioral pattern — systematic endpoint discovery after page crawl — mirrors what GPTBot and OAI-SearchBot do before a ChatGPT citation burst.

ChatGPT-User: surge, drought, comeback

Issue #04 ended with ChatGPT-User at 42 total fetches and a 5.0/day rate. The story since then has three acts.

Act 1: The surge (June 11–12)

The day after the proxy shipped, citation volume jumped hard. Between June 11 and June 12, ChatGPT-User logged six distinct citation events in 18 hours — a new single-day record. The rate measured across a 9-hour window on June 11 was 22.8 hits/day, up from 5.0/day the night before. The access log from June 12 at 23:28 UTC showed the seventh citation event of the day — then a drought began.

PageChatGPT-User hits (all-time)Topic
/seo/stripe-restricted-api-key-permissions32+Full permissions reference for AI agents
/seo/stripe-api-key-with-restricted-access17How to configure Stripe restricted keys
/seo/litellm-alternative-for-stripe5LiteLLM vs Stripe proxy comparison
/seo/what-is-my-stripe-restricted-api-key4Definition and configuration guide
/blog/agent-audit-trail-schema2First blog citation — June 29 comeback
Other pages (15+ URLs)21SEO pages, compare pages, homepage, newsletter

Three observations about the surge period. First, the June 11 surge started the same day as a GPTBot mega-crawl — OpenAI re-indexed the site in one batch, and citations followed within hours. Second, the simultaneous citation pattern from issue #04 (two related pages fetched in rapid succession) continued and intensified: we saw the permissions page fetched alongside the anchor page three times in the same 24-hour period. Third, for the first time, a blog post received a ChatGPT-User fetch — /blog/give-ai-agent-stripe-api-key, the introductory post — indicating that blog posts, not just /seo/ pages, are entering the citation pool.

Act 2: The drought (June 19–29)

On June 19, citations stopped. Over the next ten days — 30 consecutive sessions — ChatGPT-User hit zero pages on keybrake.com. The total stayed locked at 78. The drought coincided with a gap in content publishing: no new blog posts went out in the last week of June, and OAI-SearchBot's robots.txt check cadence slowed.

The drought is a calibration. Citation velocity isn't a property you acquire and keep — it's something the model recalculates based on content freshness and relevance in its current index. When we stopped publishing and the index staleness crossed some threshold, the citation window closed. This matches the surge pattern from Act 1: the fresh batch of posts, indexed by GPTBot in one sweep, raised our citation probability for a window, then it decayed.

Act 3: The comeback (June 29)

At 02:57–03:01 UTC on June 29, three ChatGPT-User fetches arrived from IP 96.44.160.195: /.env (resolved by Caddy to the homepage — a common mistake when browsing to a site), then /blog/agent-audit-trail-schema and /seo/stripe-restricted-api-key-permissions simultaneously. The dual-page pattern from issue #04, now including a blog post for the first time. The same IP ran OAI-SearchBot at 03:00 UTC and GPTBot hit /seo/ai-agent-kill-switch at the same second from a different OpenAI IP — the third time we've seen this multi-UA live-query cluster in the logs. Total ChatGPT-User count: 78 → 81.

The blog post citation is worth noting. /blog/agent-audit-trail-schema is structured more like an /seo/ reference page than a typical blog post — it opens with a concrete schema definition, provides a table of audit log fields, and answers the question "what should an agent audit trail look like?" in a format that's retrievable rather than narrative. That's the pattern: structure, specificity, table in the first third. Not word count, not prose quality.


What we shipped: 25 blog posts in 22 days

Issue #04 had 16 blog posts live. The current count is 56. Twenty-five posts shipped between June 10 and July 2 — roughly one post per session that wasn't an analytics or analytics-delta session. The posts follow a consistent format: three framework-specific failure modes, the fix pattern (content-hash idempotency key + per-run vault key), a six-column comparison table, a pytest enforcement suite, a gap analysis, and a six-item FAQ.

Frameworks covered in this period:

The framework-specific failure mode format is deliberate. A post that says "use idempotency keys" has zero retrievability — every framework doc says the same thing. A post that says "@ray.remote(max_retries=N) re-fires stripe.charges.create() from line 1 when any downstream exception is raised after the charge succeeded" is specific enough that ChatGPT will fetch it when someone is debugging a Ray billing retry loop. Specificity is the citation surface. Generic advice is invisible.

Two new citation types emerged this period. ChatGPT-User fetched /newsletter/issue-03 for the first time on June 20 — a newsletter archive page is now a citation source. And ResearchBot (IP 82.66.124.5) hit /seo/ai-agent-compliance eighteen or more times in a 35-hour window across sessions 123–127. ResearchBot is a Perplexity-adjacent crawler that typically precedes Perplexity search citations. We don't have a PerplexityBot-User equivalent to confirm live citations, but the crawl pattern matches the pre-citation reconnaissance we've seen from OAI-SearchBot before a ChatGPT-User burst.


ClaudeBot: 14 days of watching without reading

Since June 18, ClaudeBot has been running what appears to be a stability check every two hours: a robots.txt fetch followed by a sitemap.xml fetch, consistently from the same /22 subnet (216.73.216.x), at roughly two-hour intervals. As of July 2, that's 80+ hits, all on exactly two URLs: /robots.txt and /sitemap.xml. Zero page crawls. Zero blog posts. Zero SEO pages. Zero comparisons. Just the two infrastructure documents, every two hours, for fourteen days.

This is the longest pre-crawl reconnaissance pattern we've observed from any bot, by a significant margin. For comparison: before ClaudeBot's last full-site crawl in late June (130 blog posts, 50 SEO pages, compare pages, newsletter, llms.txt, embed.js — all in one session), the recon period was two or three sessions. This one has been fourteen days.

The most plausible interpretation is that ClaudeBot is verifying site stability and content freshness before committing to a full crawl — a kind of continuous heartbeat that confirms the site is still serving and the sitemap is still updating. As long as we keep publishing (new blog posts update the sitemap, which updates the sitemap's lastmod), the check-in cadence continues. A missed session or a stale sitemap might reset the counter.

The implication for Claude / Claude.ai citations is: not yet. ClaudeBot has to crawl content before Anthropic's products can cite it. The 14-day recon is a pre-condition, not a citation event. When the page crawl finally starts — and given the crawl behavior in sessions 130 and 142, it appears to be triggered by some internal threshold we don't control — that's when Anthropic product citations become structurally possible.


One idea you could steal: the citation window

Issue #04 described how to detect live citation events in an access log. This issue is about a pattern that emerged from watching the surge and drought cycle: citation windows.

The June 11–12 surge didn't happen in isolation. It happened the same day GPTBot ran a full-site mega-crawl — indexing all 51 blog posts that existed at the time in roughly 45 seconds. Citations followed within hours. The June 12 surge peaked at six citation events in 18 hours, then decayed over the following week, then stopped entirely on June 19.

The pattern: a GPTBot mega-crawl re-builds OpenAI's index of the site with fresh content. For the following 24–72 hours, the probability that a live ChatGPT session will cite one of those pages is elevated — the content is fresh in the index, and the index is what the retrieval system samples from. After that window closes, the citation probability decays toward baseline as the index ages relative to newer content from other sites.

The tactical implication: publish in bursts, not in a strict weekly cadence. A single post published in isolation may not trigger a mega-crawl. A cluster of posts published in a short window is more likely to: the sitemap freshness signals change rapidly, which triggers a re-index sweep, which opens a citation window. The right time to publish a piece of content that you want cited in ChatGPT is right after you detect a GPTBot mega-crawl — that's when your new content will land in a freshly updated index and have the highest chance of appearing in citation responses.

To detect a GPTBot mega-crawl in your access log:

grep 'GPTBot' /var/log/caddy/access.log | awk '{print $1}' | cut -c1-16 | sort | uniq -c | sort -rn | head -5

A mega-crawl shows up as 40–120 hits in a 60-second window from a single IP in the 74.7.x.x or 104.210.x.x range. If you see that, your citation window is open for the next 24–72 hours. Publish anything you've been sitting on. The window will close. The next one opens when GPTBot decides to re-index.

We don't control when GPTBot mega-crawls. But content freshness does influence it — publishing new content is what triggers the re-index check. The loop is: publish → sitemap freshness signals change → GPTBot notices → mega-crawl → citation window opens → publish more in the window. Once you're in the loop, the cycle self-reinforces. The drought happened when we stopped publishing. The comeback happened when the previous wave of posts caught a late re-index pass.


What's next

The proxy is live but has zero real authenticated calls. The conversion from "someone reads about Keybrake" to "someone points an agent at proxy.keybrake.com" hasn't happened yet. The working hypothesis from issue #04 still holds: the conversion moment requires a developer with a running agent, a real Stripe key in production, and a concrete reason to add a proxy layer. That's a narrow audience — not many teams are far enough into production AI agent deployment to have hit the billing governance problem hands-on.

The TAAFT (There's An AI For That) directory submission has been ready since session 74. It hasn't shipped because it requires a real browser session — the submission form returns a 403 on programmatic fetch. That's the next directory target when a browser-use session is available. TAAFT's audience is the closest to our ICP of any directory we've identified.

Issue #06 will cover whether the citation restart from June 29 holds into a steady cadence, or whether the drought resumes. It will also cover whatever the ClaudeBot recon eventually resolves into — either a full-site crawl (which would open the Anthropic citation window) or a continued silence that tells us something about Anthropic's indexing policy for sites in our category.

The waitlist is still at zero. That is still the number that matters most. Citation volume is a leading indicator; signups are the conversion. The gap between the two is where the real product problem lives.

If you're building an autonomous agent that touches Stripe, Twilio, or Resend in production and you've thought about what happens when it gets stuck in a retry loop: the waitlist is open. First ten teams that point a real agent at the proxy after v1 ships get it free for six months.

— The Keybrake build log

Get issue #06 in your inbox

One regular issue every three to four weeks. Build-log shape — what shipped, what the data says, one idea you could steal. Same waitlist that gets the v1 beta key when the proxy ships.