Byoky

You've got 15× the room you're using. Chrome Web Store users actually read descriptions (more than App Store), and MV3 reviewers care about clear, specific permission justification. Here's a
fleshed-out replacement:

Your AI keys are worth $1000s. Stop pasting them into every new extension.

byoky (Bring Your Own Key) is an open-source browser wallet that stores your LLM API keys and OAuth tokens in an encrypted local vault. Developers integrate via @byoky/sdk — their apps use your keys without ever seeing them.

HOW IT WORKS

1. Install byoky and set a master password — your vault is encrypted on-device with AES-256-GCM.
2. Paste your API keys or sign in via OAuth (Anthropic, OpenAI, Google Gemini).
3. Open any byoky-enabled app — approve access in one click. Your keys stay in the vault.

• 15 AI providers — Anthropic, OpenAI, Google Gemini, Mistral, Cohere, xAI (Grok), DeepSeek,
Perplexity, Groq, Together AI, Fireworks AI, OpenRouter, Azure OpenAI, and custom endpoints. • Setup tokens — use your Claude Pro or Max subscription, not only pay-per-use API keys.
• Apps marketplace — install curated mini-apps that run sandboxed inside the wallet. Your keys stay in the vault.
• Token Pool — discover free token gifts shared by the community, or publish your own.
• Token gifts — share access with friends or teammates without sharing the key itself. Set budgets, expirations, revoke in one click.
• Alias Groups — bucket apps by purpose (Personal, Work, Side Project) and pin each group to a specific key. Drag apps between groups to swap keys on the fly.
• Cross-provider routing — drag an app from a Claude group into a GPT group and the wallet transparently translates the request body, response body, and SSE streams. Apps keep calling their preferred SDK; byoky picks the upstream.
• Mobile pairing — pair your iPhone or Android wallet via QR code; no extension install required for mobile users.
• CLI / desktop support — route OpenClaw or any CLI tool through @byoky/bridge. Your keys never leave the browser.
• Backend relay — @byoky/sdk/server lets your server make LLM calls through the user's browser. No secrets on the server.
• Full audit log — every request timestamped by app, provider, status. • Spending caps — per-app and per-provider token limits, enforced in the proxy.
• Encrypted export/import — back up the vault as a .byoky file.
• Local-first — no cloud account, no telemetry, no tracking.

SECURITY

• AES-256-GCM encryption with PBKDF2 key derivation (600,000 iterations) via Web Crypto API.
• Master password never leaves your device. • Keys never leave the extension — apps only receive short-lived session tokens.
• Fully open source under MIT license. Audit the code: https://github.com/MichaelLod/byoky