bypass-vpn 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,75 @@
+# bypass-vpn
+
+Route AI service traffic (Claude, ChatGPT, Firebase, Google Auth) through your Wi-Fi gateway to bypass VPN routing.
+
+Works on **macOS** and **Windows**. Zero dependencies.
+
+## Install
+
+```bash
+npm install -g bypass-vpn
+```
+
+Or run directly without installing:
+
+```bash
+# macOS
+sudo npx bypass-vpn
+
+# Windows (run from elevated PowerShell)
+npx bypass-vpn
+```
+
+## Usage
+
+```bash
+# Route all AI services through Wi-Fi
+sudo bypass-vpn
+
+# Route specific services only
+sudo bypass-vpn --service claude --service chatgpt
+
+# Remove routes
+sudo bypass-vpn --remove
+
+# Preview without executing
+sudo bypass-vpn --dry-run
+
+# List available services
+bypass-vpn --list
+```
+
+## Supported Services
+
+| Service | Domains |
+|---------|---------|
+| Claude | api.anthropic.com |
+| ChatGPT | chatgpt.com, chat.openai.com, api.openai.com, + 5 more |
+| Firebase | firestore.googleapis.com, securetoken.googleapis.com, + 3 more |
+| Google Auth | accounts.google.com, oauth2.googleapis.com, + 2 more |
+
+Run `bypass-vpn --list` for the full domain list.
+
+## How It Works
+
+1. Detects your Wi-Fi gateway IP
+2. Resolves each service domain to its current IP addresses
+3. Adds host-specific routes through the Wi-Fi gateway, bypassing VPN's default route
+
+Routes are ephemeral — they reset on reboot or network change. Re-run as needed.
+
+## Requirements
+
+- Node.js >= 16
+- macOS or Windows
+- Root/Administrator access (needed to modify routing table)
+
+## Uninstall
+
+```bash
+npm uninstall -g bypass-vpn
+```
+
+## License
+
+MIT

package/bin/bypass-vpn.js

@@ -0,0 +1,196 @@
+#!/usr/bin/env node
+
+const { showBanner, showSummary, c, Spinner } = require('../src/ui');
+const { ensureAdmin } = require('../src/platform');
+const { detect } = require('../src/gateway');
+const { resolveAll } = require('../src/resolver');
+const { addRoute, removeRoute } = require('../src/router');
+const services = require('../src/services');
+const { version } = require('../package.json');
+
+// ── Arg parsing ────────────────────────────────────────────────
+
+const args = process.argv.slice(2);
+const flags = {
+  help: args.includes('--help') || args.includes('-h'),
+  version: args.includes('--version') || args.includes('-v'),
+  remove: args.includes('--remove') || args.includes('-r'),
+  dryRun: args.includes('--dry-run'),
+  list: args.includes('--list'),
+  services: [],
+};
+
+for (let i = 0; i < args.length; i++) {
+  if (args[i] === '--service' && args[i + 1]) {
+    flags.services.push(args[i + 1].toLowerCase());
+    i++;
+  }
+}
+
+// ── Help ───────────────────────────────────────────────────────
+
+if (flags.help) {
+  console.log(`
+  ${c.bold('bypass-vpn')} v${version}
+  Route AI service traffic through Wi-Fi gateway to bypass VPN.
+
+  ${c.bold('Usage:')}
+    ${c.cyan('sudo')} bypass-vpn              Add routes (macOS)
+    bypass-vpn                    Add routes (Windows, elevated)
+    bypass-vpn ${c.dim('--remove')}          Remove previously added routes
+    bypass-vpn ${c.dim('--dry-run')}         Show commands without executing
+    bypass-vpn ${c.dim('--service claude')}  Route specific service(s) only
+    bypass-vpn ${c.dim('--list')}            List available services
+
+  ${c.bold('Flags:')}
+    -h, --help              Show this help
+    -v, --version           Show version
+    -r, --remove            Remove routes instead of adding
+        --dry-run           Print route commands without executing
+        --service <name>    Route only specified service (repeatable)
+        --list              List services and their domains
+
+  ${c.bold('Services:')} claude, chatgpt, firebase, googleauth
+
+  ${c.bold('Examples:')}
+    sudo npx bypass-vpn
+    sudo bypass-vpn --service claude --service chatgpt
+    sudo bypass-vpn --remove
+`);
+  process.exit(0);
+}
+
+// ── Version ────────────────────────────────────────────────────
+
+if (flags.version) {
+  console.log(version);
+  process.exit(0);
+}
+
+// ── List ───────────────────────────────────────────────────────
+
+if (flags.list) {
+  console.log('');
+  for (const [key, svc] of Object.entries(services)) {
+    console.log(`  ${c.bold(svc.name)} ${c.dim(`(--service ${key})`)}`);
+    for (const d of svc.domains) {
+      console.log(`    ${c.dim('-')} ${d}`);
+    }
+    console.log('');
+  }
+  process.exit(0);
+}
+
+// ── Main ───────────────────────────────────────────────────────
+
+async function main() {
+  showBanner();
+
+  if (!flags.dryRun) {
+    ensureAdmin();
+  }
+
+  // Detect gateway
+  const spinner = new Spinner();
+  spinner.start('Detecting Wi-Fi gateway...');
+
+  const gateway = detect();
+  if (!gateway) {
+    spinner.stop(c.red('x'), c.red('No Wi-Fi gateway found — connect to Wi-Fi first!'));
+    process.exit(1);
+  }
+  spinner.stop(c.green('OK'), `Gateway: ${c.bold(gateway)}`);
+
+  // Select services
+  let selectedServices;
+  if (flags.services.length > 0) {
+    selectedServices = {};
+    for (const key of flags.services) {
+      if (!services[key]) {
+        console.error(c.red(`  Unknown service: ${key}`));
+        console.error(c.dim(`  Available: ${Object.keys(services).join(', ')}`));
+        process.exit(1);
+      }
+      selectedServices[key] = services[key];
+    }
+  } else {
+    selectedServices = services;
+  }
+
+  // Process each service
+  const allIps = new Set();
+  let totalRouted = 0;
+  let totalSkipped = 0;
+  let totalFailed = 0;
+
+  for (const [, svc] of Object.entries(selectedServices)) {
+    console.log('');
+    console.log(`  ${c.bold(svc.name)} ${c.dim(`(${svc.domains.length} domain${svc.domains.length > 1 ? 's' : ''})`)}`);
+
+    const { resolved, failed } = await resolveAll(svc.domains);
+
+    for (const domain of failed) {
+      console.log(`    ${c.yellow('--')} ${c.dim(domain)} ${c.dim('— no A records')}`);
+      totalSkipped++;
+    }
+
+    for (const [domain, ips] of resolved) {
+      const newIps = ips.filter((ip) => !allIps.has(ip));
+      const dupeCount = ips.length - newIps.length;
+
+      if (newIps.length === 0) {
+        console.log(`    ${c.yellow('--')} ${c.dim(domain)} ${c.dim('— IPs already routed')}`);
+        totalSkipped++;
+        continue;
+      }
+
+      let hostFailed = false;
+      for (const ip of newIps) {
+        if (flags.remove) {
+          const result = removeRoute(ip);
+          if (!result.success) hostFailed = true;
+        } else {
+          const result = addRoute(ip, gateway, { dryRun: flags.dryRun });
+          if (flags.dryRun) {
+            console.log(`    ${c.dim('$')} ${c.dim(result.cmd)}`);
+          }
+          if (!result.success) hostFailed = true;
+        }
+        allIps.add(ip);
+      }
+
+      if (!flags.dryRun) {
+        const action = flags.remove ? 'removed' : 'routed';
+        const ipStr = newIps.join(', ');
+        const dupeNote = dupeCount > 0 ? c.dim(` (+${dupeCount} dupes)`) : '';
+        if (hostFailed) {
+          console.log(`    ${c.red('x')}  ${domain} — failed`);
+          totalFailed++;
+        } else {
+          console.log(`    ${c.green('OK')} ${domain} ${c.dim(`-> ${ipStr}`)}${dupeNote}`);
+          totalRouted++;
+        }
+      } else {
+        totalRouted++;
+      }
+    }
+  }
+
+  if (!flags.dryRun) {
+    showSummary({ routed: totalRouted, skipped: totalSkipped, failed: totalFailed });
+    if (!flags.remove) {
+      console.log(`  ${c.dim('To remove these routes later:')} sudo bypass-vpn --remove`);
+      console.log('');
+    }
+  } else {
+    console.log('');
+    console.log(`  ${c.cyan(c.bold('Dry run complete.'))} No routes were modified.`);
+    console.log(`  ${c.dim(`${totalRouted} domain(s) would be routed, ${totalSkipped} skipped.`)}`);
+    console.log('');
+  }
+}
+
+main().catch((err) => {
+  console.error(c.red(`  Error: ${err.message}`));
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "bypass-vpn",
+  "version": "1.0.0",
+  "description": "Route AI service traffic (Claude, ChatGPT, Firebase) through Wi-Fi gateway to bypass VPN",
+  "bin": {
+    "bypass-vpn": "./bin/bypass-vpn.js"
+  },
+  "engines": {
+    "node": ">=16.0.0"
+  },
+  "files": [
+    "bin/",
+    "src/"
+  ],
+  "keywords": [
+    "vpn",
+    "bypass",
+    "route",
+    "ai",
+    "claude",
+    "chatgpt",
+    "firebase",
+    "networking",
+    "wifi"
+  ],
+  "author": "",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ProjectAJ14/bypass-ai-vpn"
+  }
+}

package/src/gateway.js

@@ -0,0 +1,62 @@
+const { execSync } = require('child_process');
+const { getPlatform } = require('./platform');
+
+function detect() {
+  const platform = getPlatform();
+
+  if (platform === 'darwin') {
+    return detectMac();
+  }
+  if (platform === 'win32') {
+    return detectWindows();
+  }
+  return null;
+}
+
+function detectMac() {
+  try {
+    const output = execSync('netstat -nr', { encoding: 'utf8', timeout: 5000 });
+    for (const line of output.split('\n')) {
+      const parts = line.trim().split(/\s+/);
+      if (parts[0] === 'default' && parts[parts.length - 1] === 'en0') {
+        return parts[1];
+      }
+    }
+  } catch {}
+
+  // Fallback: networksetup
+  try {
+    const output = execSync('networksetup -getinfo Wi-Fi', { encoding: 'utf8', timeout: 5000 });
+    const match = output.match(/^Router:\s+(.+)$/m);
+    if (match) return match[1].trim();
+  } catch {}
+
+  return null;
+}
+
+function detectWindows() {
+  // Try PowerShell Get-NetRoute
+  try {
+    const cmd = `powershell -NoProfile -Command "Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Where-Object { $_.InterfaceAlias -like '*Wi-Fi*' -or $_.InterfaceAlias -like '*Wireless*' } | Select-Object -First 1 -ExpandProperty NextHop"`;
+    const output = execSync(cmd, { encoding: 'utf8', timeout: 10000 }).trim();
+    if (output && /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(output)) {
+      return output;
+    }
+  } catch {}
+
+  // Fallback: parse ipconfig
+  try {
+    const output = execSync('ipconfig', { encoding: 'utf8', timeout: 5000 });
+    const sections = output.split(/\r?\n\r?\n/);
+    for (const section of sections) {
+      if (/Wi-Fi|Wireless/i.test(section)) {
+        const match = section.match(/Default Gateway[.\s]*:\s*([\d.]+)/);
+        if (match) return match[1];
+      }
+    }
+  } catch {}
+
+  return null;
+}
+
+module.exports = { detect };

package/src/platform.js

@@ -0,0 +1,37 @@
+const { execSync } = require('child_process');
+const { c } = require('./ui');
+
+function getPlatform() {
+  const p = process.platform;
+  if (p === 'darwin' || p === 'win32') return p;
+  return 'unsupported';
+}
+
+function ensureAdmin() {
+  const platform = getPlatform();
+
+  if (platform === 'unsupported') {
+    console.error(c.red('  Unsupported platform. Only macOS and Windows are supported.'));
+    process.exit(1);
+  }
+
+  if (platform === 'darwin') {
+    if (process.getuid() !== 0) {
+      console.error(c.yellow('  This tool needs root privileges to modify routes.'));
+      console.error(c.dim('  Run: sudo bypass-vpn'));
+      process.exit(1);
+    }
+  }
+
+  if (platform === 'win32') {
+    try {
+      execSync('net session', { stdio: 'ignore' });
+    } catch {
+      console.error(c.yellow('  This tool needs Administrator privileges to modify routes.'));
+      console.error(c.dim('  Run from an elevated Command Prompt or PowerShell.'));
+      process.exit(1);
+    }
+  }
+}
+
+module.exports = { getPlatform, ensureAdmin };

package/src/resolver.js

@@ -0,0 +1,42 @@
+const dns = require('dns');
+const dnsPromises = dns.promises;
+
+async function resolveAll(domains) {
+  const resolved = new Map();
+  const failed = [];
+
+  const results = await Promise.allSettled(
+    domains.map(async (domain) => {
+      const ips = await withTimeout(dnsPromises.resolve4(domain), 5000);
+      return { domain, ips };
+    })
+  );
+
+  for (const result of results) {
+    if (result.status === 'fulfilled') {
+      const { domain, ips } = result.value;
+      if (ips && ips.length > 0) {
+        resolved.set(domain, ips);
+      } else {
+        failed.push(domain);
+      }
+    } else {
+      // Extract domain from the original array by index
+      const idx = results.indexOf(result);
+      failed.push(domains[idx]);
+    }
+  }
+
+  return { resolved, failed };
+}
+
+function withTimeout(promise, ms) {
+  return new Promise((resolve, reject) => {
+    const timer = setTimeout(() => reject(new Error('DNS timeout')), ms);
+    promise
+      .then((val) => { clearTimeout(timer); resolve(val); })
+      .catch((err) => { clearTimeout(timer); reject(err); });
+  });
+}
+
+module.exports = { resolveAll };

package/src/router.js

@@ -0,0 +1,65 @@
+const { execSync } = require('child_process');
+const { getPlatform } = require('./platform');
+
+const IP_REGEX = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+
+function validateIp(ip) {
+  if (!IP_REGEX.test(ip)) {
+    throw new Error(`Invalid IP address: ${ip}`);
+  }
+}
+
+function addRoute(ip, gateway, { dryRun = false } = {}) {
+  validateIp(ip);
+  validateIp(gateway);
+
+  const platform = getPlatform();
+  let cmd;
+
+  if (platform === 'darwin') {
+    // Remove existing route first (ignore errors)
+    const delCmd = `route -n delete -host ${ip} 2>/dev/null || true`;
+    cmd = `route -n add -host ${ip} ${gateway}`;
+    if (dryRun) {
+      return { success: true, ip, cmd };
+    }
+    try { execSync(delCmd, { stdio: 'ignore' }); } catch {}
+  } else {
+    // Windows: remove existing then add
+    const delCmd = `route delete ${ip}`;
+    cmd = `route add ${ip} mask 255.255.255.255 ${gateway}`;
+    if (dryRun) {
+      return { success: true, ip, cmd };
+    }
+    try { execSync(delCmd, { stdio: 'ignore' }); } catch {}
+  }
+
+  try {
+    execSync(cmd, { stdio: 'ignore' });
+    return { success: true, ip };
+  } catch (err) {
+    return { success: false, ip, error: err.message };
+  }
+}
+
+function removeRoute(ip) {
+  validateIp(ip);
+
+  const platform = getPlatform();
+  let cmd;
+
+  if (platform === 'darwin') {
+    cmd = `route -n delete -host ${ip}`;
+  } else {
+    cmd = `route delete ${ip}`;
+  }
+
+  try {
+    execSync(cmd, { stdio: 'ignore' });
+    return { success: true, ip };
+  } catch (err) {
+    return { success: false, ip, error: err.message };
+  }
+}
+
+module.exports = { addRoute, removeRoute };

package/src/services.js

@@ -0,0 +1,38 @@
+module.exports = {
+  claude: {
+    name: 'Claude',
+    domains: ['api.anthropic.com'],
+  },
+  chatgpt: {
+    name: 'ChatGPT',
+    domains: [
+      'chatgpt.com',
+      'ab.chatgpt.com',
+      'chat.openai.com',
+      'api.openai.com',
+      'auth0.openai.com',
+      'cdn.oaistatic.com',
+      'files.oaiusercontent.com',
+      'events.statsigapi.net',
+    ],
+  },
+  firebase: {
+    name: 'Firebase',
+    domains: [
+      'firestore.googleapis.com',
+      'securetoken.googleapis.com',
+      'identitytoolkit.googleapis.com',
+      'narad-muni-14.firebaseapp.com',
+      'narad-muni-14.firebasestorage.app',
+    ],
+  },
+  googleauth: {
+    name: 'Google Auth',
+    domains: [
+      'accounts.google.com',
+      'oauth2.googleapis.com',
+      'www.googleapis.com',
+      'iamcredentials.googleapis.com',
+    ],
+  },
+};

package/src/ui.js

@@ -0,0 +1,66 @@
+const { version } = require('../package.json');
+
+const c = {
+  red: (s) => `\x1b[31m${s}\x1b[0m`,
+  green: (s) => `\x1b[32m${s}\x1b[0m`,
+  yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+  cyan: (s) => `\x1b[36m${s}\x1b[0m`,
+  bold: (s) => `\x1b[1m${s}\x1b[0m`,
+  dim: (s) => `\x1b[2m${s}\x1b[0m`,
+};
+
+const SPIN_FRAMES = ['|', '/', '-', '\\'];
+
+class Spinner {
+  constructor() {
+    this._interval = null;
+    this._frame = 0;
+  }
+
+  start(text) {
+    this._frame = 0;
+    this._interval = setInterval(() => {
+      const frame = c.cyan(SPIN_FRAMES[this._frame % SPIN_FRAMES.length]);
+      process.stderr.write(`\r  ${frame} ${text}`);
+      this._frame++;
+    }, 80);
+  }
+
+  stop(symbol, text) {
+    if (this._interval) {
+      clearInterval(this._interval);
+      this._interval = null;
+    }
+    process.stderr.write(`\r  ${symbol} ${text}\x1b[K\n`);
+  }
+}
+
+function showBanner() {
+  console.log('');
+  console.log(c.bold(c.cyan('  ╭─────────────────────────────────────╮')));
+  console.log(c.bold(c.cyan(`  │      bypass-vpn  v${version.padEnd(18)}│`)));
+  console.log(c.bold(c.cyan('  │  Route AI traffic around your VPN   │')));
+  console.log(c.bold(c.cyan('  ╰─────────────────────────────────────╯')));
+  console.log('');
+}
+
+function showSummary({ routed, skipped, failed }) {
+  console.log('');
+  console.log(c.bold(c.cyan('  ╭─────────────────────────────────────╮')));
+  console.log(c.bold(c.cyan('  │            Results                  │')));
+  console.log(c.bold(c.cyan('  ├─────────────────────────────────────┤')));
+  console.log(c.bold(c.cyan('  │')) + `  ${c.green('Routed:')}  ${String(routed + ' host(s)').padEnd(26)}` + c.bold(c.cyan('│')));
+  console.log(c.bold(c.cyan('  │')) + `  ${c.yellow('Skipped:')} ${String(skipped + ' host(s)').padEnd(26)}` + c.bold(c.cyan('│')));
+  console.log(c.bold(c.cyan('  │')) + `  ${c.red('Failed:')}  ${String(failed + ' host(s)').padEnd(26)}` + c.bold(c.cyan('│')));
+  console.log(c.bold(c.cyan('  ╰─────────────────────────────────────╯')));
+  console.log('');
+
+  if (failed === 0) {
+    console.log(`  ${c.green(c.bold('All clear!'))} VPN bypassed for AI services.`);
+  } else {
+    console.log(`  ${c.yellow(c.bold('Partial success.'))} Some routes failed — see above.`);
+  }
+  console.log('');
+}
+
+module.exports = { c, Spinner, showBanner, showSummary };