A unified proxy server for AI CLI tools β use your existing subscriptions with any OpenAI / Gemini / Claude / Codex compatible client.
English | δΈζ
π Docs Β· π₯οΈ Management Panel Β· π Report Bug Β· β¨ Request Feature
β¨ Heavily enhanced fork of the CLIProxyAPI project β rebuilt with a production-grade management layer, web control panel hosting, and a terminal TUI for day-2 operations.
CliRelay turns AI CLI subscriptions, OAuth credentials, API keys, and compatible upstream services into one managed API layer. It proxies Claude Code, Gemini CLI, OpenAI Codex, Amp CLI, OpenAI-compatible clients, and other AI coding tools through a unified endpoint, then adds routing groups, failover, request logging, quota control, model pricing, image-generation support, API-key self-service, online updates, /manage web hosting, and terminal management workflows around that traffic.
βββββββββββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββ
β AI Coding Tools β β β β Upstream Providers β
β β β β βββββββΆ β Google Gemini β
β Claude Code β βββββββΆ β CliRelay β βββββββΆ β OpenAI / Codex β
β Gemini CLI β β :8317 β βββββββΆ β Anthropic Claude β
β OpenAI Codex β β β βββββββΆ β Qwen / iFlow β
β Amp CLI / IDE β β β βββββββΆ β Antigravity β
β Any OAI-compatible β ββββββββββββββββ β Vertex / OpenAI β
βββββββββββββββββββββββββ β iFlow / Qwen / β
β Kimi / Claude β
ββββββββββββββββββββββ
| Feature | Description |
|---|---|
| π Unified Endpoint | One http://localhost:8317 fronts Gemini, Claude, Codex, Qwen, iFlow, Antigravity, Vertex-compatible endpoints, OpenAI-compatible upstreams, and Amp integration |
| βοΈ Smart Load Balancing | Round-robin or fill-first scheduling across multiple API keys for the same provider |
| π§ Group & Path Routing | Bind channels into groups, restrict API keys to allowed groups, and expose custom path namespaces for teams or workloads |
| π Auto Failover | Automatically switches to backup channels when quotas are exhausted or errors occur |
| π§ Multimodal Support | Full support for text + image inputs, image-generation routing, function calling (tools), and streaming SSE responses |
| π OpenAI-Compatible | Works with any upstream that speaks the OpenAI Chat Completions protocol |
| Feature | Description |
|---|---|
| π Full Request Capture | Every API request is logged to SQLite with timestamp, model, tokens (in/out/reasoning/cache), latency, status, and source channel |
| π¬ Message Body Storage | Full request/response message content captured in compressed SQLite storage, with separate retention for content vs. metadata |
| π Advanced Querying | Filter logs by API Key, model, status, time range with efficient pagination (LIMIT/OFFSET) |
| π Analytics Aggregation | Pre-computed dashboards: daily trends, model distribution, hourly heatmaps, per-key statistics |
| π₯ Health Score Engine | Real-time 0β100 health score considering success rate, latency, active channels, and error patterns |
| π‘ WebSocket Monitoring | Live system stats streamed via WebSocket: CPU, memory, goroutines, network I/O, DB size |
| ποΈ No-CGO SQLite | Uses modernc.org/sqlite β pure Go, no CGO dependency, easy cross-compilation |
| Feature | Description |
|---|---|
| π API Key CRUD | Create, edit, delete API keys via Management API β each with custom name, notes, and independent enable/disable toggle |
| π Per-Key Quotas | Set max token / request quotas per key with automatic enforcement |
| β±οΈ Rate Limiting | Per-key rate limiting (requests per minute/hour) |
| π₯ Team Permissions | Assign API keys to different users or groups with scoped channel access and model permissions |
| π Key Masking | API keys are always displayed masked (sk-***xxx) in UI and logs |
| π Public Lookup Page | End users can query their own usage stats and request logs via a public self-service page (no login required) |
| Feature | Description |
|---|---|
| π Multi-Tab Config | Manage channels organized by provider type: Gemini, Claude, Codex, Vertex, OpenAI Compatible, Ampcode |
| π·οΈ Channel Naming | Each channel can have a custom name, notes, proxy URL, custom headers, and model alias mappings |
| 𧩠Reusable Proxy Pool | Maintain outbound proxy entries once and attach them to OAuth/auth channels when needed |
| β±οΈ Latency Tracking | Average latency (latency_ms) tracked per channel with visual indicators |
| π Enable/Disable | Individually toggle channels on/off without deletion |
| π« Model Exclusions | Exclude specific models from a channel (e.g., block expensive models on backup keys) |
| π§Ύ Model Library Sync | Maintain custom models and sync model IDs/pricing from OpenRouter for quota accounting |
| π Channel Stats | Per-channel success/fail counts and model availability displayed on each channel card |
| Feature | Description |
|---|---|
| π OAuth Support | Native OAuth flows for Gemini, Claude, Codex, Qwen, iFlow, Antigravity, and Kimi, plus device/browser/cookie variants where supported |
| πͺͺ Identity Fingerprints | Centralize upstream identity metadata so providers receive consistent client fingerprints |
| π TLS Handling | Configurable TLS settings for upstream communication |
| π Panel Isolation | Management panel access controlled independently with admin password |
| π‘οΈ Request Cloaking | Upstream requests are stripped of client-identifying headers for privacy |
| Feature | Description |
|---|---|
| π₯οΈ Visual Management Panel | Configure providers, auth, API keys, models, routing, logs, updates, and system status from /manage |
| π Chinese / English UI | Built-in i18n for the management panel and Compose/TUI language selection |
| π Dark Mode | Full dark theme for long-running operational sessions |
| 𧬠Visual Config Editor | Edit runtime config visually or inspect source YAML when you need exact control |
| π Online Update Flow | Check versions, review update notes, trigger the updater sidecar, and wait for backend recovery from the panel |
| π₯ CC Switch Import | Import cc-switch style configuration into the managed model/channel workspace |
| Feature | Description |
|---|---|
| πΎ SQLite Storage | All usage data, request logs, and message bodies stored in local SQLite database |
| π Redis Backup | Optional Redis integration for periodic snapshotting and cross-restart metric preservation |
| ποΈ Pluggable Auth/Config Backends | Local files by default, with optional PostgreSQL, Git, or S3-compatible object storage backends for config/auth persistence |
| π¦ Config Snapshots | Import/export entire system configuration as JSON for backup and migration |
CliRelay can expose a built-in web control panel at /manage. The server can host bundled SPA assets or fall back to synced management assets from the configured panel repository.
The gallery below uses the latest supplied screenshots, covering the current end-to-end management workflow.
| Home overview | Operations overview |
|---|---|
| Chinese / English interface | Dark mode |
|---|---|
| Monitor center | Request logs |
|---|---|
| Request details | Log query system |
|---|---|
| API key lookup |
|---|
| Unified OAuth management | Identity fingerprints |
|---|---|
| Team permissions | OAuth proxy assignment |
|---|---|
| Multi-channel API setup | Group routing and custom paths |
|---|---|
| Visual config | Upstream debug passthrough |
|---|---|
| CC Switch import |
|---|
| OpenRouter model sync | Custom model maintenance |
|---|---|
| Image generation config | Online update flow |
|---|---|
| System information |
|---|
π The runtime panel source is configurable via
remote-management.panel-github-repository. The default repository is kittors/codeProxy.
| Provider / Channel | Auth | Notes |
|---|---|---|
| Google Gemini | OAuth + API Key | Gemini CLI / AI Studio style flows |
| Anthropic Claude | OAuth + API Key | Claude Code and Claude-compatible clients |
| OpenAI Codex | OAuth + API Key | Includes Responses and WebSocket bridging |
| Qwen | OAuth | Qwen Code style login flow |
| iFlow / GLM | OAuth + Cookie | Supports iFlow routing and related model families |
| Kimi | OAuth | Browser-based login flow |
| Antigravity | OAuth | Dedicated OAuth channel with model backfill support |
| Vertex-compatible endpoints | API Key | Custom base URL, headers, aliases, exclusions |
| OpenAI-compatible upstreams | API Key | OpenRouter, Grok-compatible endpoints, and custom providers |
| Amp integration | Upstream API key + mappings | Direct Amp upstream fallback or mapped local routing |
Docker Compose is the recommended installation path for CliRelay. The included docker-compose.yml uses the published ghcr.io/kittors/clirelay:latest image by default and starts both the API service and updater sidecar.
git clone https://github.com/kittors/CliRelay.git
cd CliRelay
cp config.example.yaml config.yaml
docker compose up -dEdit config.yaml to add your API keys or OAuth credentials, then restart the service:
docker compose restart cli-proxy-apiBy default, client API routes (/v1, /v1beta) require an API key. To run without client keys, set allow-unauthenticated: true in config.yaml (not recommended for production).
After startup:
- API endpoint:
http://localhost:8317 - Web panel:
http://localhost:8317/manage - Logs:
docker compose logs -f cli-proxy-api - Restart:
docker compose restart cli-proxy-api - Stop:
docker compose down - TUI:
docker compose exec cli-proxy-api ./cli-proxy-api -tui - OAuth login modes:
docker compose exec cli-proxy-api ./cli-proxy-api -login
Set CLIRELAY_LOCALE=en or CLIRELAY_LOCALE=zh in your Compose environment to control the default TUI language.
For cloud platforms that only allow one mounted directory, set AUTH_PATH to the authentication directory inside the container, for example /CLIProxyAPI/auths. CLI_PROXY_AUTH_PATH remains the host-side bind path, while AUTH_PATH is also used to override auth-dir at runtime.
To disable automatic update prompts, set the following in config.yaml or turn off Automatic Update Checks in the Config page:
auto-update:
enabled: falseUpdate checks follow the stable main Docker image by default. To test dev builds, set channel: dev in config.yaml or choose Development (dev) from Update Channel in the Config page:
auto-update:
channel: devBy default, API usage logs are stored in SQLite for persistence. For additional backup:
- Ensure you have a Redis server running.
- Edit
config.yamland setredis.enable: truewith your Redis address. CliRelay will automatically snapshot and restore traffic metrics on every startup!
For large installations, tune request-log-storage in config.yaml to control how full request/response bodies are retained. By default, full bodies are compressed, kept for 30 days, and capped at ~1GB (1024MB); lightweight request metadata remains queryable for longer-term statistics. Set content-retention-days: 0 to keep full content indefinitely, set store-content: false to stop new body storage without deleting existing historical content, and adjust max-total-size-mb to cap body storage so the oldest full bodies are pruned before the retention window is reached.
If you need non-local config/auth persistence, the server also supports PostgreSQL, Git-backed, and S3-compatible object-store backends through environment-based bootstrap settings.
Set your AI tool's API base to http://localhost:8317 and start coding!
Example: OpenAI Codex (~/.codex/config.toml)
[model_providers.tabcode]
name = "openai"
base_url = "http://localhost:8317/v1"
requires_openai_auth = trueπ Full setup guides β help.router-for.me
When the control panel is enabled, open:
http://localhost:8317/manageremote-management.disable-control-paneldefaults tofalsein the example config, so the control panel is reachable after a standard Docker Compose deployment.- When enabled, the current panel route is
/manage/login. The oldmanagement.html#/loginroute is legacy-only. - Docker Compose deployments expose the panel at
/manage. - The server can serve a bundled SPA directory or auto-fetch panel assets when needed.
- This repository contains the hosting/update path for
/manage; the standalone web panel source is maintained separately from the Go server code. - Make UI/interaction/copy changes in the panel source repository (default:
kittors/codeProxy) and ship them via its release artifacts for the server to fetch. - Terminal-first management is also available through
docker compose exec cli-proxy-api ./cli-proxy-api -tui. - If you want to customize the panel asset source, set
remote-management.panel-github-repository.
CliRelay/
βββ cmd/server/ # Binary entry point and CLI mode dispatch
βββ internal/api/ # HTTP server, management routes, middleware
βββ internal/auth/ # Provider OAuth / cookie / browser auth flows
βββ internal/config/ # Config parsing, defaults, migrations
βββ internal/store/ # Local, Git, PostgreSQL, object-store auth/config persistence
βββ internal/tui/ # Terminal management UI
βββ internal/usage/ # SQLite usage DB, retention, analytics
βββ internal/managementasset/ # /manage panel hosting and asset sync
βββ sdk/ # Reusable Go SDK, handlers, executors
βββ auths/ # Local credential storage
βββ examples/ # SDK / custom provider examples
βββ docs/ # Local docs and panel screenshots
βββ docker-compose.yml # Container deployment entry
| Doc | Description |
|---|---|
| Getting Started | Full installation and setup guide |
| Management API | REST API reference for management endpoints |
| Amp CLI Guide | Integrate with Amp CLI & IDE extensions |
| SDK Usage | Embed the proxy in Go applications |
| SDK Advanced | Executors & translators deep-dive |
| SDK Access | Authentication in SDK context |
| SDK Watcher | Credential loading & hot-reload |
Contributions are welcome! Here's how to get started:
# 1. Clone the repository
git clone https://github.com/kittors/CliRelay.git
cd CliRelay
# 2. Create a feature branch from the latest dev baseline
git fetch origin
git switch -c feature/amazing-feature origin/dev
# 3. Make your changes & commit
git commit -m "feat: add amazing feature"
# 4. Push to your branch & open a PR targeting dev
git push origin feature/amazing-featurePlease target pull requests at dev, not main. Maintainers merge verified changes into dev first; main is updated separately for release/stable integration. See CONTRIBUTING.md for the full branch and merge workflow.
This project is licensed under the MIT License β see the LICENSE file for details.
This project is a deeply enhanced fork built upon the excellent core logic of the open-source router-for-me/CLIProxyAPI project. We want to express our deepest gratitude to the original CLIProxyAPI project and all its contributors!
It is thanks to the solid, innovative proxy distribution foundation built by the upstream that we were able to stand on the shoulders of giants. This allowed us to develop unique advanced management features (like API Key tracking & control, full request logging with SQLite, and real-time system monitoring) and rebuild an entirely new frontend dashboard from scratch.
A huge salute to the spirit of open source! β€οΈ