9e9cbd4858 feat(cliproxy): add HTTPS tunnel for remote proxy mode (#1)
* feat(cliproxy): add HTTPS tunnel for remote proxy mode

Claude Code doesn't support HTTPS in ANTHROPIC_BASE_URL directly (undici
limitation). This adds an HTTP→HTTPS tunnel proxy for remote CLIProxyAPI
connections.

Changes:
- Add HttpsTunnelProxy: local HTTP server tunneling to remote HTTPS
- Add CodexReasoningProxy HTTPS support and path prefix stripping
- Remote mode now uses root paths (/v1/messages) not provider-prefixed
- Add remote token uploader for syncing OAuth tokens to remote server
- Auto-upload tokens after OAuth auth when remote mode is enabled

Flow for remote HTTPS:
  Claude CLI → CodexReasoningProxy → HttpsTunnel → Remote HTTPS

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address PR review issues for HTTPS tunnel proxy

- Add connection tracking with activeConnections Set for proper cleanup
- Add port validation after start() to reject port 0
- Add Authorization header fallback injection in buildForwardHeaders()
- Handle client disconnect (premature close) and request errors
- Improve error handling in uploadTokenToRemoteAsync (log instead of silent catch)
- Add comprehensive tests for HttpsTunnelProxy (97% coverage)
- Add integration tests for remote-token-uploader
- Add stripPathPrefix unit tests for remote mode

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: bump Node.js engine requirement to >=18.0.0

FormData and Blob APIs used in remote-token-uploader require Node.js 18+.
Addresses coderabbit review comment about Node.js engine compatibility.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address remaining PR suggestions

- Add verbose parameter to registerAccountFromToken for proper propagation
- Improve stripPathPrefix with path normalization (double slashes, leading slash)
- Add edge case tests for path normalization

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: add timeout to flaky npm CLI tests

Tests 'handles empty arguments gracefully' and 'handles very long argument'
were missing timeout option in execSync, causing occasional timeouts when
bun test's 5000ms limit was reached before CLI completed.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address new PR review feedback

- Add path segment boundary check to prevent partial matches (/codex vs /codextra)
- Add hostname validation in HttpsTunnelProxy constructor
- Add race condition protection with 'starting' flag in start()
- Sanitize error messages (detailed only in verbose mode)
- Update comments for clarity (regex behavior)
- Add comprehensive tests for all edge cases

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

---------

Co-authored-by: OnSteroids <built@onsteroids.ai>
2026-01-14 18:05:49 +01:00
2026-01-14 15:35:23 +00:00

CCS - Claude Code Switch

CCS Logo

The universal AI profile manager for Claude Code.

Run Claude, Gemini, GLM, and any Anthropic-compatible API - concurrently, without conflicts.

License npm PoweredBy

Features & Pricing | Documentation


The Three Pillars

Capability What It Does Manage Via
Multiple Claude Accounts Run work + personal Claude subs simultaneously Dashboard
OAuth Providers Gemini, Codex, Antigravity - zero API keys needed Dashboard
API Profiles GLM, Kimi, or any Anthropic-compatible API Dashboard

Quick Start

1. Install

npm install -g @kaitranntt/ccs
Alternative package managers
yarn global add @kaitranntt/ccs    # yarn
pnpm add -g @kaitranntt/ccs        # pnpm (70% less disk space)
bun add -g @kaitranntt/ccs         # bun (30x faster)

2. Open Dashboard

ccs config
# Opens http://localhost:3000

3. Configure Your Accounts

The dashboard provides visual management for all account types:

  • Claude Accounts: Create isolated instances (work, personal, client)
  • OAuth Providers: One-click auth for Gemini, Codex, Antigravity
  • API Profiles: Configure GLM, Kimi with your keys
  • Health Monitor: Real-time status across all profiles

Analytics Dashboard

Analytics

Live Auth Monitor

Live Auth Monitor

CLI Proxy API & Copilot Integration

CLIProxy API

Copilot API

WebSearch Fallback

WebSearch


Built-in Providers

Provider Auth Type Command Best For
Claude Subscription ccs Default, strategic planning
Gemini OAuth ccs gemini Zero-config, fast iteration
Codex OAuth ccs codex Code generation
Copilot OAuth ccs copilot or ccs ghcp GitHub Copilot models
Kiro OAuth ccs kiro AWS CodeWhisperer (Claude-powered)
Antigravity OAuth ccs agy Alternative routing
OpenRouter API Key ccs openrouter 300+ models, unified API
GLM API Key ccs glm Cost-optimized execution
Kimi API Key ccs kimi Long-context, thinking mode
Azure Foundry API Key ccs foundry Claude via Microsoft Azure
Minimax API Key ccs minimax M2 series, 1M context
DeepSeek API Key ccs deepseek V3.2 and R1 reasoning
Qwen API Key ccs qwen Alibaba Cloud, qwen3-coder

OpenRouter Integration (v7.0.0): CCS v7.0.0 adds OpenRouter with interactive model picker, dynamic discovery, and tier mapping (opus/sonnet/haiku). Create via ccs api create --preset openrouter or dashboard.

Azure Foundry: Use ccs api create --preset foundry to set up Claude via Microsoft Azure AI Foundry. Requires Azure resource and API key from ai.azure.com.

OpenRouter API Profiles

OAuth providers authenticate via browser on first run. Tokens are cached in ~/.ccs/cliproxy/auth/.

Powered by:

Tip

Need more? CCS supports any Anthropic-compatible API. Create custom profiles for self-hosted LLMs, enterprise gateways, or alternative providers. See API Profiles documentation.


Usage

Basic Commands

ccs           # Default Claude session
ccs gemini    # Gemini (OAuth)
ccs codex     # OpenAI Codex (OAuth)
ccs kiro      # Kiro/AWS CodeWhisperer (OAuth)
ccs ghcp      # GitHub Copilot (OAuth device flow)
ccs agy       # Antigravity (OAuth)
ccs glm       # GLM (API key)

Parallel Workflows

Run multiple terminals with different providers:

# Terminal 1: Planning (Claude Pro)
ccs work "design the authentication system"

# Terminal 2: Execution (GLM - cost optimized)
ccs glm "implement the user service from the plan"

# Terminal 3: Review (Gemini)
ccs gemini "review the implementation for security issues"

Multi-Account Claude

Create isolated Claude instances for work/personal separation:

ccs auth create work

# Run concurrently in separate terminals
ccs work "implement feature"    # Terminal 1
ccs  "review code"              # Terminal 2 (personal account)

Maintenance

Health Check

ccs doctor

Verifies: Claude CLI, config files, symlinks, permissions.

Update

ccs update              # Update to latest
ccs update --force      # Force reinstall
ccs update --beta       # Install dev channel

Sync Shared Items

ccs sync

Re-creates symlinks for shared commands, skills, and settings.

Antigravity Quota Management

ccs cliproxy doctor     # Check quota status for all agy accounts

Auto-Failover: When an Antigravity account runs out of quota, CCS automatically switches to another account with remaining capacity. Shared GCP project accounts are excluded (pooled quota).


Configuration

CCS auto-creates config on install. Dashboard is the recommended way to manage settings.

Config location: ~/.ccs/config.yaml

Custom Claude CLI path

If Claude CLI is installed in a non-standard location:

export CCS_CLAUDE_PATH="/path/to/claude"              # Unix
$env:CCS_CLAUDE_PATH = "D:\Tools\Claude\claude.exe"   # Windows
Windows symlink support

Enable Developer Mode for true symlinks:

  1. SettingsPrivacy & SecurityFor developers
  2. Enable Developer Mode
  3. Reinstall: npm install -g @kaitranntt/ccs

Without Developer Mode, CCS falls back to copying directories.


WebSearch

Third-party profiles (Gemini, Codex, GLM, etc.) cannot use Anthropic's native WebSearch. CCS automatically provides web search via CLI tools with automatic fallback.

How It Works

Profile Type WebSearch Method
Claude (native) Anthropic WebSearch API
Third-party profiles CLI Tool Fallback Chain

CLI Tool Fallback Chain

CCS intercepts WebSearch requests and routes them through available CLI tools:

Priority Tool Auth Install
1st Gemini CLI OAuth (free) npm install -g @google/gemini-cli
2nd OpenCode OAuth (free) curl -fsSL https://opencode.ai/install | bash
3rd Grok CLI API Key npm install -g @vibe-kit/grok-cli

Configuration

Configure via dashboard (Settings page) or ~/.ccs/config.yaml:

websearch:
  enabled: true                    # Enable/disable (default: true)
  gemini:
    enabled: true                  # Use Gemini CLI (default: true)
    model: gemini-2.5-flash        # Model to use
  opencode:
    enabled: true                  # Use OpenCode as fallback
  grok:
    enabled: false                 # Requires XAI_API_KEY

Tip

Gemini CLI is recommended - free OAuth authentication with 1000 requests/day. Just run gemini once to authenticate via browser.

See docs/websearch.md for detailed configuration and troubleshooting.


Remote CLIProxy

CCS v7.x supports connecting to remote CLIProxyAPI instances, enabling:

  • Team sharing: One CLIProxyAPI server for multiple developers
  • Cost optimization: Centralized API key management
  • Network isolation: Keep API credentials on a secure server

Quick Setup

Configure via dashboard (Settings > CLIProxy Server) or CLI flags:

ccs gemini --proxy-host 192.168.1.100 --proxy-port 8317
ccs codex --proxy-host proxy.example.com --proxy-protocol https

CLI Flags

Flag Description
--proxy-host Remote proxy hostname or IP
--proxy-port Remote proxy port (default: 8317 for HTTP, 443 for HTTPS)
--proxy-protocol http or https (default: http)
--proxy-auth-token Bearer token for authentication
--local-proxy Force local mode, ignore remote config
--remote-only Fail if remote unreachable (no fallback)

See Remote Proxy documentation for detailed setup.


Documentation

Topic Link
Installation docs.ccs.kaitran.ca/getting-started/installation
Configuration docs.ccs.kaitran.ca/getting-started/configuration
OAuth Providers docs.ccs.kaitran.ca/providers/oauth-providers
Multi-Account Claude docs.ccs.kaitran.ca/providers/claude-accounts
API Profiles docs.ccs.kaitran.ca/providers/api-profiles
Remote Proxy docs.ccs.kaitran.ca/features/remote-proxy
CLI Reference docs.ccs.kaitran.ca/reference/cli-commands
Architecture docs.ccs.kaitran.ca/reference/architecture
Troubleshooting docs.ccs.kaitran.ca/reference/troubleshooting

Uninstall

npm uninstall -g @kaitranntt/ccs
Alternative package managers
yarn global remove @kaitranntt/ccs
pnpm remove -g @kaitranntt/ccs
bun remove -g @kaitranntt/ccs

Philosophy

  • YAGNI: No features "just in case"
  • KISS: Simple, focused implementation
  • DRY: One source of truth (config)

Contributing

See CONTRIBUTING.md.


License

MIT License - see LICENSE.


S
Description
Switch between Claude accounts, Gemini, Copilot, OpenRouter (300+ models) via CLIProxyAPI OAuth proxy. Visual dashboard, remote proxy support, WebSearch fallback. Zero-config to production-ready.
Readme MIT
33 MiB
Languages
TypeScript 81.4%
HTML 8.1%
JavaScript 7.1%
Swift 1.7%
Shell 1%
Other 0.6%