The C-Node is intentionally a thin OpenAI-shaped HTTP layer over Morpheus. That makes it a clean target for any agent framework — LangChain, LlamaIndex, custom tools, OpenClaw, etc.

Per-agent users

Don’t share the admin user with agents. Add a per-agent user with a method whitelist: 
curl -X POST 'http://127.0.0.1:8082/auth/users' \
  -H 'Authorization: Basic <base64(admin:pw)>' \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "research-agent",
    "password": "rotate-me",
    "methods": ["chat", "open_session", "close_session", "get_balance"]
  }'
This writes a new rpcauth= and rpcwhitelist= line to proxy.conf. Full method list and semantics: API auth.

Session policies

PatternWhen to useNotes
Pre-open one long session per agent runRepeated short promptsLower per-prompt latency; one cleanup at end
Open per taskBursty, infrequent tasksHigher gas overhead, simpler state
Pool of pre-opened sessionsHigh-throughput multi-agentFan agents across sessions; close idle ones
Always close sessions explicitly when work is done. On natural expiration the consumer node submits the close itself and your full share comes back in one transaction. On manual / early close, an immediate partial refund hits your wallet plus a timelocked slice in userStakesOnHold (claimable via withdrawUserStakes after ~1 UTC day). See Sessions: stake, close, claim.

Streaming vs non-streaming

Agents that need full deterministic JSON should use stream: false. Tool-calling chains that benefit from token streaming (e.g. user-facing typing UX) should set stream: true. The proxy-router supports both transparently — see Chat.

Rate limiting

The proxy-router does not currently expose per-user rate limits. If you need hard limits, terminate agent traffic at a reverse proxy (nginx limit_req, Caddy rate limiter, etc.) in front of :8082.

Observability

  • Tag each agent with its own User-Agent header for log filtering.
  • Run a small log shipper to capture ./data/proxy-router.log lines.
  • Use GET /v1/models/attestation if your agents target tee-tagged models — surface attestation state in your dashboards.

Failure recovery

SymptomRecovery
401 / 403 from C-NodeRe-auth or rotate password
429 from C-NodeBack off; check provider/model concurrency
Empty response streamProvider may be down — close session, retry on a different model
session not foundSession expired or closed; open a new one
For a more concrete worked example, see Gateway for Everclaw.