A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
AI API identity gateway — reverse proxy that normalizes device fingerprints and telemetry for privacy-preserving API pro
Take back control of your AI API telemetry
Alpha — This project is under active development. Test with a non-primary account first.
Disclaimer — See full disclaimer below.
Claude Code collects 640+ telemetry event types across 3 parallel channels, fingerprints your machine with 40+ environment dimensions, and phones home every 5 seconds. Your device ID, email, OS version, installed runtimes, shell type, CPU architecture, and physical RAM are all reported to the vendor — continuously.
If you run Claude Code on multiple machines, each device gets a unique permanent identifier. There is no built-in way to manage how your identity is presented to the API.
CC Gateway is a reverse proxy that sits between Claude Code and the Anthropic API. It normalizes device identity, environment fingerprints, and process metrics to a single canonical profile — giving you control over what telemetry leaves your network.
user_id JSON blob in every API request are normalized to one canonical identityenv object is swapped, not patched<env> block injected into every prompt (Platform, Shell, OS Version, working directory) is rewritten to match the canonical profilex-anthropic-billing-header (which contains a per-session fingerprint hash) is removed entirely, consistent with the official CLAUDE_CODE_ATTRIBUTION_HEADER=false toggle. This also enables cross-session prompt cache sharing, reducing system prompt costs by ~85%constrainedMemory), heap size, and RSS are masked to canonical values so hardware differences don't leak~/.zshrc changes, no config filesplatform.claude.comHTTPS_PROXY / HTTP_PROXY env vars for outbound connections (Clash, V2Ray, etc.)baseUrl and gateway fields that would reveal proxy usage in analytics eventsOne command. Requires Node.js 22+ and an existing Claude Code login on this machine.
git clone https://github.com/motiful/cc-gateway.git
cd cc-gateway
npm install
bash scripts/quick-setup.sh
This will:
config.yaml./clients/cc-<hostname>http://localhost:8443In another terminal:
./clients/cc-<hostname>
That's it. Claude Code launches, traffic routes through the gateway. No env vars to set, no files to edit.
HTTPS_PROXY=http://127.0.0.1:7890 bash scripts/quick-setup.sh
The gateway will route all outbound traffic (API calls + token refresh) through your proxy.
Each person gets their own launcher script with a unique token. The admin generates it:
bash scripts/add-client.sh alice
bash scripts/add-client.sh bob
This creates ./clients/cc-alice and ./clients/cc-bob. Send each file to the respective person.
chmod +x cc-alice
./cc-alice install # installs as 'ccg' command
ccg # start Claude Code through gateway
That's it. All Claude arguments work: ccg --print "hello", ccg --resume, etc.
claude go through gateway tooccg hijack # alias claude → ccg (new terminals auto-apply)
claude # now goes through gateway
ccg release # undo — restore native claude
ccg Start Claude Code through gateway
ccg install Install as 'ccg' system command
ccg uninstall Remove 'ccg' and clean up
ccg hijack Make 'claude' also go through gateway
ccg release Restore 'claude' to native
ccg native [args] Run native claude once (bypass gateway)
ccg status Show gateway connection and hijack status
ccg help Show help
ccg and claude coexist by default. Hijack is opt-in and reversible. Supports zsh, bash, and fish.
| Layer | Field | Action |
|---|---|---|
| Identity | device_id in metadata + events | → canonical ID |
email | → canonical email | |
| Environment | env object (40+ fields) | → entire object replaced |
| Process | constrainedMemory (physical RAM) | → canonical value |
rss, heapTotal, heapUsed | → randomized in realistic range | |
| Headers | User-Agent | → canonical CC version |
x-api-key | → real OAuth token (injected by gateway) | |
x-anthropic-billing-header | → stripped | |
| Prompt text | Platform, Shell, OS Version | → canonical values |
Working directory | → canonical path | |
/Users/xxx/, /home/xxx/ | → canonical home prefix | |
| Billing | x-anthropic-billing-header system block | → stripped entirely |
| Leak fields | baseUrl (ANTHROPIC_BASE_URL) | → stripped |
gateway (provider detection) | → stripped |
npm run dev # tsx watch, auto-reload
bash scripts/admin-setup.sh
This interactive script:
After setup, add more clients with:
bash scripts/add-client.sh <name>
# Restart to pick up new tokens:
docker compose restart
Mac-A ──┐
Mac-B ──┼──→ gateway-server:8443 ──→ api.anthropic.com
Mac-C ──┘
Important: All machines — including the admin — should use the gateway. Direct connections from the admin machine would create a second device fingerprint visible to Anthropic.
For remote deployment, generate TLS certificates:
mkdir certs
openssl req -x509 -newkey rsa:2048 \
-keyout certs/key.pem -out certs/cert.pem \
-days 365 -nodes -subj "/CN=cc-gateway"
Uncomment the tls section in config.yaml, then generate client launchers pointing to the server address:
bash scripts/add-client.sh alice "" <gateway-ip>:8443 https
If all devices have Tailscale installed, run the gateway on any machine in the mesh. No TLS needed (Tailscale encrypts the tunnel), no public IP needed, no port forwarding.
Client machines CC Gateway Anthropic
┌────────────┐ ┌──────────────────┐
│ ./cc-alice │── ANTHROPIC_ ────│ Auth: x-api-key │
│ (launcher) │ BASE_URL │ OAuth: auto- │
│ + env vars │ │ refresh │──── single ────▶ api.anthropic.com
│ │ │ Rewrite: all │ identity
│ │ │ identity │
└────────────┘ │ Strip: billing │
│ header │
│ Stream: SSE │
│ passthrough │
└──────────────────┘
│
platform.claude.com
(token refresh only,
from gateway IP)
Defense in depth:
| Layer | Mechanism | What it prevents |
|---|---|---|
| Launcher env vars | ANTHROPIC_BASE_URL + DISABLE_NONESSENTIAL + ATTRIBUTION_HEADER=false | CC voluntarily routes to gateway, disables side channels, skips billing hash |
| Clash (optional) | Domain-based REJECT rules | Any accidental or future direct connections to Anthropic |
| Gateway | Body + header + prompt rewriting | All 40+ fingerprint dimensions normalized to one device |
The gateway manages the full OAuth token lifecycle:
platform.claude.com.extract-token.sh.Clients never contact platform.claude.com. They send requests to the gateway with their client token; the gateway injects the real OAuth token before forwarding upstream.
Optional network-level safety net. Even if Claude Code bypasses env vars or adds new hardcoded endpoints in a future update, Clash blocks direct connections.
rules:
- DOMAIN,gateway.your-domain.com,DIRECT # Allow gateway
- DOMAIN-SUFFIX,anthropic.com,REJECT # Block direct API
- DOMAIN-SUFFIX,claude.com,REJECT # Block OAuth
- DOMAIN-SUFFIX,claude.ai,REJECT # Block OAuth
- DOMAIN-SUFFIX,datadoghq.com,REJECT # Block telemetry
See clash-rules.yaml for the full template.
mcp-proxy.anthropic.com is hardcoded and does not follow ANTHROPIC_BASE_URL. If clients use official MCP servers, those requests bypass the gateway. Use Clash to block this domain if MCP is not needed.extract-token.sh on the admin machine.Billing header strategy overhaul
x-anthropic-billing-header entirely (system prompt block + HTTP header) instead of rewriting the hash. This is consistent with the official CLAUDE_CODE_ATTRIBUTION_HEADER=false env var and enables cross-session prompt cache sharing (~85% cost reduction on system prompt).cli.js) is implemented as a fallback but not active by default.Zero-login client setup
add-client.sh generates self-contained launcher scripts (./clients/cc-<name>). Clients run one file — no ~/.zshrc changes, no config files, no browser login.ANTHROPIC_API_KEY for gateway auth instead of the fragile CLAUDE_CODE_OAUTH_TOKEN + ANTHROPIC_CUSTOM_HEADERS approach.Instant gateway startup
config.yaml supports access_token + expires_at fields alongside refresh_token.Proxy support
HTTPS_PROXY / HTTP_PROXY / ALL_PROXY env vars for all outbound connections (API calls + token refresh).Observability
Admin tooling
admin-setup.sh — interactive Docker deployment with credential extraction and client generation.quick-setup.sh — one-command local setup that extracts full credentials (access + refresh + expiry).Initial release. Identity rewriting, environment normalization, centralized OAuth, SSE passthrough.
This project builds on:
I pay Anthropic $200/month. I have for almost a year.
I own a laptop, a desktop, and a tablet. Three devices, one person, one subscription. I logged into a fourth device and my account was banned. No warning. No explanation. No refund. No way to export my conversation history. No customer support to contact.
I'm not in the US. For non-US subscribers, there is no appeals process. The ban is permanent and silent.
This project is not a hack. It is not a crack. It does not bypass rate limits, share accounts, or steal service. It is a reverse proxy that makes my own devices — devices I already paid for access to — present a consistent identity to an API that I already pay for.
The technical approach is conservative by design:
CLAUDE_CODE_ATTRIBUTION_HEADER=false) that Anthropic built into their own code. Thousands of legitimate users already have this set.If Anthropic offered a way to manage multiple devices — a device dashboard, a family plan, a per-seat enterprise option — this tool would not need to exist. They don't. So it does.
This project is for educational and research purposes only.
Native macOS app to monitor Claude AI usage limits and watch your coding sessions live
干净、强大、属于你的 AI Agent 平台 --AI agents, without the clutter.
npx CLI installing 100+ agents, commands, hooks, and integrations in one command
Pocket Flow: Codebase to Tutorial