CC Gateway

CC Gateway is an open-source reverse proxy written in TypeScript that sits between Claude Code and the Anthropic API. It intercepts and rewrites device identity, environment fingerprints, process metrics, and system prompt content to a single canonical profile, preventing hardware and identity leakage across multiple machines. The project is MIT-licensed and currently in alpha, designed for developers who want privacy-preserving control over AI API telemetry.

• Full identity rewrite — normalizes device_id, email, session metadata, and the user_id JSON blob in every API request to one canonical identity
• 40+ environment dimensions replaced — swaps the entire env object including platform, architecture, Node.js version, terminal, package managers, runtimes, CI flags, and deployment environment
• System prompt sanitization — rewrites the <env> block injected into every prompt (Platform, Shell, OS Version, working directory) to match the canonical profile
• Process metrics normalization — masks physical RAM (constrainedMemory), heap size, and RSS to canonical values so hardware differences don't leak
• Centralized OAuth — the gateway manages token refresh internally; client machines never contact platform.claude.com and never need a browser login
• Telemetry leak prevention — strips baseUrl and gateway fields that would reveal proxy usage in analytics events
• Three-layer defense architecture — combines env vars (voluntary routing), Clash rules (network-level blocking), and gateway rewriting (identity normalization)
• Docker support — can be deployed via docker-compose up -d for production use
• Clash rules template — includes a ready-to-use clash-rules.yaml to block direct Anthropic connections at the network level
• Verification endpoint — exposes a /_verify endpoint showing a before/after diff of rewrites for auditing purposes