ai-cc-router 0.4.0 → 0.4.2

package/dist/cli/cmd-client.js

@@ -122,7 +122,7 @@ export function registerClient(program) {
             });
         }
         if (wantsDesktop) {
-            await setupDesktopInterception(url);
+            await setupDesktopInterception(url, secret);
             cfg.client.desktopEnabled = true;
             writeConfig(cfg);
         }
@@ -277,7 +277,7 @@ export function registerClient(program) {
             process.exit(1);
         }
         if (!cfg.client.desktopEnabled) {
-            await setupDesktopInterception(cfg.client.remoteUrl);
+            await setupDesktopInterception(cfg.client.remoteUrl, cfg.client.remoteSecret);
             cfg.client.desktopEnabled = true;
             writeConfig(cfg);
         }
@@ -305,11 +305,12 @@ export function registerClient(program) {
             }
         }
         const target = cfg.client.remoteUrl;
+        const secret = cfg.client.remoteSecret;
         const processName = getProcessName();
         console.log(chalk.cyan(`\nStarting mitmproxy interceptor for "${processName}"...`));
         console.log(chalk.gray(`  Redirecting api.anthropic.com/v1/messages → ${target}`));
         try {
-            await startInterceptor(target);
+            await startInterceptor(target, secret);
         }
         catch (e) {
             console.error(chalk.red(`\n✗ Failed to start interceptor:\n`));
@@ -325,7 +326,7 @@ export function registerClient(program) {
                 default: true,
             });
             if (autoStart) {
-                const ok = await installInterceptorService(target);
+                const ok = await installInterceptorService(target, secret);
                 if (ok) {
                     cfg.client.desktopAutoStart = true;
                     writeConfig(cfg);
@@ -408,7 +409,7 @@ export function printNetworkExtensionInstructions() {
     console.log("    " + chalk.cyan("5.") + " Enter your Mac admin password when prompted\n");
     console.log(chalk.gray("  You only need to do this ONCE per machine.\n"));
 }
-async function setupDesktopInterception(target) {
+async function setupDesktopInterception(target, secret) {
     console.log(chalk.bold("\n🖥  Claude Desktop Setup\n"));
     // 0. Explain what actually works before anything else
     printDesktopSupportExplainer();
@@ -474,8 +475,8 @@ async function setupDesktopInterception(target) {
             console.log(chalk.gray("      ~/.mitmproxy/mitmproxy-ca-cert.pem"));
         }
     }
-    // 4. Write addon script
-    writeAddonScript(target);
+    // 4. Write addon script (with secret so intercepted requests authenticate)
+    writeAddonScript(target, secret);
     console.log(chalk.green("✓ Redirect addon configured"));
     // 5. macOS Network Extension — THIS is the step people miss
     if (isMacos()) {

package/dist/cli/cmd-setup.js

@@ -400,7 +400,7 @@ async function runClientSetupFromWizard() {
             default: false,
         });
         if (wantsDesktop) {
-            await setupDesktopFromWizard(url);
+            await setupDesktopFromWizard(url, secret);
             cfg.client.desktopEnabled = true;
             writeConfig(cfg);
         }
@@ -413,7 +413,7 @@ async function runClientSetupFromWizard() {
     }
     console.log();
 }
-async function setupDesktopFromWizard(target) {
+async function setupDesktopFromWizard(target, secret) {
     console.log(chalk.bold("\n🖥  Claude Desktop — Cowork / Agent Setup\n"));
     // 1. Check mitmproxy
     if (!(await checkMitmproxyInstalled())) {
@@ -459,8 +459,8 @@ async function setupDesktopFromWizard(target) {
             console.log(chalk.gray("    -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem"));
         }
     }
-    // 3. Addon
-    writeAddonScript(target);
+    // 3. Addon (with secret so intercepted requests authenticate against the proxy)
+    writeAddonScript(target, secret);
     console.log(chalk.green("✓ Redirect addon configured"));
     // 4. Network Extension walkthrough (macOS)
     if (isMacos()) {

package/dist/interceptor/mitmproxy-manager.js

@@ -192,12 +192,13 @@ export async function installCaCert() {
  * Write the redirect addon to ~/.cc-router/interceptor/addon.py.
  * Uses the bundled template as source.
  */
-export function writeAddonScript(target) {
+export function writeAddonScript(target, secret) {
     if (!existsSync(ADDON_DIR))
         mkdirSync(ADDON_DIR, { recursive: true });
     // Try to use the bundled addon as template; fall back to a minimal inline version.
-    // In BOTH cases we inject the actual target URL so the addon is self-contained
-    // and doesn't depend on the CC_ROUTER_TARGET env var being present at runtime.
+    // In BOTH cases we inject the actual target URL (and secret) so the addon is
+    // self-contained and doesn't depend on the CC_ROUTER_TARGET / CC_ROUTER_SECRET
+    // env vars being present at runtime.
     const bundled = addonSourcePath();
     let src;
     if (existsSync(bundled)) {
@@ -217,6 +218,8 @@ _target_parsed = urlparse(_target)
 if not _target_parsed.scheme or not _target_parsed.netloc:
     raise RuntimeError(f"CC_ROUTER_TARGET is not a valid URL: {_target_raw!r}")
 
+_secret = os.environ.get("CC_ROUTER_SECRET", "")
+
 _REDIRECT_PREFIXES = ("/v1/messages", "/v1/models")
 
 def request(flow: http.HTTPFlow) -> None:
@@ -228,11 +231,17 @@ def request(flow: http.HTTPFlow) -> None:
     flow.request.host = _target_parsed.hostname or "localhost"
     flow.request.port = _target_parsed.port or (443 if _target_parsed.scheme == "https" else 80)
     flow.request.headers["host"] = flow.request.host + (f":{flow.request.port}" if flow.request.port not in (80, 443) else "")
+    if _secret:
+        flow.request.headers["x-api-key"] = _secret
 `.trimStart();
     }
-    // Inject the actual target URL into the default so the addon works even
-    // without the CC_ROUTER_TARGET env var (e.g. manual mitmdump restarts).
+    // Inject the target URL and (optionally) secret into the default values so
+    // the addon works even without the CC_ROUTER_TARGET / CC_ROUTER_SECRET env
+    // vars being present at runtime (manual mitmdump restarts, launchd, etc.).
     src = src.replace('"http://localhost:3456"', JSON.stringify(target));
+    if (secret) {
+        src = src.replace('os.environ.get("CC_ROUTER_SECRET", "")', `os.environ.get("CC_ROUTER_SECRET", ${JSON.stringify(secret)})`);
+    }
     writeFileSync(ADDON_PATH, src, "utf-8");
 }
 // ─── Interceptor lifecycle ────────────────────────────────────────────────────
@@ -240,7 +249,7 @@ def request(flow: http.HTTPFlow) -> None:
  * Start mitmdump in local mode, intercepting the Claude process and redirecting
  * api.anthropic.com traffic to CC-Router via the addon script.
  */
-export async function startInterceptor(target) {
+export async function startInterceptor(target, secret) {
     // On macOS, verify the Network Extension is enabled before attempting to start.
     // If it's "waiting", mitmdump starts silently but captures zero traffic.
     if (isMacos()) {
@@ -259,9 +268,9 @@ export async function startInterceptor(target) {
                 "  Then re-run this command.");
         }
     }
-    // Ensure addon exists
-    if (!existsSync(ADDON_PATH))
-        writeAddonScript(target);
+    // Always (re)write the addon script so package updates and target-URL
+    // changes are picked up automatically without requiring a fresh setup.
+    writeAddonScript(target, secret);
     const processName = getProcessName();
     const args = [
         "--mode", `local:${processName}`,
@@ -269,10 +278,13 @@ export async function startInterceptor(target) {
         "--set", "connection_strategy=lazy",
         "--quiet",
     ];
+    const env = { ...process.env, CC_ROUTER_TARGET: target };
+    if (secret)
+        env["CC_ROUTER_SECRET"] = secret;
     const child = spawn("mitmdump", args, {
         detached: true,
         stdio: "ignore",
-        env: { ...process.env, CC_ROUTER_TARGET: target },
+        env,
     });
     child.unref();
     if (child.pid) {
@@ -337,8 +349,12 @@ async function resolveMitmdumpPath() {
         return "mitmdump"; // fallback — hope it's on PATH at boot time
     }
 }
-function buildInterceptorPlist(mitmdumpPath, target) {
+function buildInterceptorPlist(mitmdumpPath, target, secret) {
     const processName = getProcessName();
+    const secretEntry = secret
+        ? `        <key>CC_ROUTER_SECRET</key>
+        <string>${secret}</string>`
+        : "";
     return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -375,13 +391,15 @@ function buildInterceptorPlist(mitmdumpPath, target) {
         <string>${process.env["PATH"] ?? "/usr/local/bin:/opt/homebrew/bin:/usr/bin:/bin"}</string>
         <key>CC_ROUTER_TARGET</key>
         <string>${target}</string>
+${secretEntry}
     </dict>
 </dict>
 </plist>
 `;
 }
-function buildInterceptorSystemdUnit(mitmdumpPath, target) {
+function buildInterceptorSystemdUnit(mitmdumpPath, target, secret) {
     const processName = getProcessName();
+    const secretLine = secret ? `\nEnvironment=CC_ROUTER_SECRET=${secret}` : "";
     return `[Unit]
 Description=CC-Router Interceptor — mitmproxy for Claude Desktop
 After=network-online.target
@@ -395,7 +413,7 @@ RestartSec=5
 StartLimitIntervalSec=60
 StartLimitBurst=5
 Environment=PATH=${process.env["PATH"] ?? "/usr/local/bin:/usr/bin:/bin"}
-Environment=CC_ROUTER_TARGET=${target}
+Environment=CC_ROUTER_TARGET=${target}${secretLine}
 
 [Install]
 WantedBy=default.target
@@ -405,17 +423,17 @@ WantedBy=default.target
  * Install the mitmproxy interceptor as an OS service so it starts on boot.
  * Stops any existing detached mitmdump process first — the OS service takes over.
  */
-export async function installInterceptorService(target) {
-    // Ensure the addon script is up-to-date with the target URL
-    writeAddonScript(target);
+export async function installInterceptorService(target, secret) {
+    // Ensure the addon script is up-to-date with the target URL and secret
+    writeAddonScript(target, secret);
     // Stop any manually-spawned mitmdump — OS service will manage it now
     await stopInterceptor();
     const mitmdumpPath = await resolveMitmdumpPath();
     const platform = detectPlatform();
     switch (platform) {
-        case "macos": return installInterceptorMacOS(mitmdumpPath, target);
-        case "linux": return installInterceptorLinux(mitmdumpPath, target);
-        case "windows": return installInterceptorWindows(mitmdumpPath, target);
+        case "macos": return installInterceptorMacOS(mitmdumpPath, target, secret);
+        case "linux": return installInterceptorLinux(mitmdumpPath, target, secret);
+        case "windows": return installInterceptorWindows(mitmdumpPath, target, secret);
     }
 }
 export async function uninstallInterceptorService() {
@@ -435,7 +453,7 @@ export function isInterceptorServiceInstalled() {
     }
 }
 // ─── macOS LaunchAgent ──────────────────────────────────────────────────────
-async function installInterceptorMacOS(mitmdumpPath, target) {
+async function installInterceptorMacOS(mitmdumpPath, target, secret) {
     const launchAgentsDir = dirname(LAUNCHD_PLIST);
     if (!existsSync(launchAgentsDir))
         mkdirSync(launchAgentsDir, { recursive: true });
@@ -443,7 +461,7 @@ async function installInterceptorMacOS(mitmdumpPath, target) {
     if (existsSync(LAUNCHD_PLIST)) {
         await interceptorLaunchctlUnload();
     }
-    writeFileSync(LAUNCHD_PLIST, buildInterceptorPlist(mitmdumpPath, target), "utf-8");
+    writeFileSync(LAUNCHD_PLIST, buildInterceptorPlist(mitmdumpPath, target, secret), "utf-8");
     // Load — try modern `bootstrap` first, fallback to legacy `load`
     const uid = String(process.getuid?.() ?? 501);
     try {
@@ -483,10 +501,10 @@ async function interceptorLaunchctlUnload() {
     }
 }
 // ─── Linux systemd user service ─────────────────────────────────────────────
-async function installInterceptorLinux(mitmdumpPath, target) {
+async function installInterceptorLinux(mitmdumpPath, target, secret) {
     if (!existsSync(SYSTEMD_DIR))
         mkdirSync(SYSTEMD_DIR, { recursive: true });
-    writeFileSync(SYSTEMD_SERVICE, buildInterceptorSystemdUnit(mitmdumpPath, target), "utf-8");
+    writeFileSync(SYSTEMD_SERVICE, buildInterceptorSystemdUnit(mitmdumpPath, target, secret), "utf-8");
     try {
         await execFileP("systemctl", ["--user", "daemon-reload"]);
         await execFileP("systemctl", ["--user", "enable", "cc-router-interceptor"]);
@@ -517,9 +535,10 @@ async function uninstallInterceptorLinux() {
     catch { /* ok */ }
 }
 // ─── Windows Registry ───────────────────────────────────────────────────────
-async function installInterceptorWindows(mitmdumpPath, target) {
+async function installInterceptorWindows(mitmdumpPath, target, secret) {
     const processName = getProcessName();
-    const cmd = `cmd /c "set CC_ROUTER_TARGET=${target} && "${mitmdumpPath}" --mode local:${processName} -s "${ADDON_PATH}" --set connection_strategy=lazy --quiet"`;
+    const secretEnv = secret ? `set CC_ROUTER_SECRET=${secret} && ` : "";
+    const cmd = `cmd /c "set CC_ROUTER_TARGET=${target} && ${secretEnv}"${mitmdumpPath}" --mode local:${processName} -s "${ADDON_PATH}" --set connection_strategy=lazy --quiet"`;
     try {
         await execFileP("reg", [
             "add", WINDOWS_REG_KEY,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-cc-router",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "Round-robin proxy for Claude Max OAuth tokens — use multiple Claude Max accounts with Claude Code",
   "type": "module",
   "bin": {

package/src/interceptor/addon.py

@@ -24,6 +24,9 @@ _target_parsed = urlparse(_target)
 if not _target_parsed.scheme or not _target_parsed.netloc:
     raise RuntimeError(f"CC_ROUTER_TARGET is not a valid URL: {_target_raw!r}")
 
+# Optional proxy secret — when set, injected as x-api-key on redirected requests
+_secret = os.environ.get("CC_ROUTER_SECRET", "")
+
 # Paths that CC-Router can handle (it injects its own OAuth token)
 _REDIRECT_PREFIXES = (
     "/v1/messages",
@@ -47,3 +50,7 @@ def request(flow: http.HTTPFlow) -> None:
         if flow.request.port not in (80, 443)
         else ""
     )
+
+    # Authenticate against the proxy if a secret is configured
+    if _secret:
+        flow.request.headers["x-api-key"] = _secret