# CC Gateway

> A reverse proxy that normalizes device fingerprints and telemetry between Claude Code and the Anthropic API, giving users control over what identity data leaves their network.

CC Gateway is an open-source reverse proxy written in TypeScript that sits between Claude Code and the Anthropic API. It intercepts and rewrites device identity, environment fingerprints, process metrics, and system prompt content to a single canonical profile, preventing hardware and identity leakage across multiple machines. The project is MIT-licensed and currently in alpha, designed for developers who want privacy-preserving control over AI API telemetry.

- **Full identity rewrite** — normalizes `device_id`, `email`, session metadata, and the `user_id` JSON blob in every API request to one canonical identity
- **40+ environment dimensions replaced** — swaps the entire `env` object including platform, architecture, Node.js version, terminal, package managers, runtimes, CI flags, and deployment environment
- **System prompt sanitization** — rewrites the `<env>` block injected into every prompt (Platform, Shell, OS Version, working directory) to match the canonical profile
- **Process metrics normalization** — masks physical RAM (`constrainedMemory`), heap size, and RSS to canonical values so hardware differences don't leak
- **Centralized OAuth** — the gateway manages token refresh internally; client machines never contact `platform.claude.com` and never need a browser login
- **Telemetry leak prevention** — strips `baseUrl` and `gateway` fields that would reveal proxy usage in analytics events
- **Three-layer defense architecture** — combines env vars (voluntary routing), Clash rules (network-level blocking), and gateway rewriting (identity normalization)
- **Docker support** — can be deployed via `docker-compose up -d` for production use
- **Clash rules template** — includes a ready-to-use `clash-rules.yaml` to block direct Anthropic connections at the network level
- **Verification endpoint** — exposes a `/_verify` endpoint showing a before/after diff of rewrites for auditing purposes

## Features
- Device identity normalization
- 40+ environment fingerprint replacement
- System prompt sanitization
- Process metrics masking
- Centralized OAuth token management
- Telemetry leak prevention
- Clash rules for network-level blocking
- Docker deployment support
- SSE stream passthrough
- Rewrite verification endpoint
- Client setup script
- Token extraction script

## Integrations
Claude Code, Anthropic API, Docker, Clash proxy

## Platforms
MACOS, API, CLI

## Pricing
Open Source

## Version
0.1.0-alpha

## Links
- Website: https://github.com/motiful/cc-gateway
- Documentation: https://github.com/motiful/cc-gateway#readme
- Repository: https://github.com/motiful/cc-gateway
- EveryDev.ai: https://www.everydev.ai/tools/cc-gateway