diff --git a/apps/cli-proxy-api/6.8.41/.env.sample b/apps/cli-proxy-api/6.8.41/.env.sample new file mode 100644 index 00000000..94e7d3dd --- /dev/null +++ b/apps/cli-proxy-api/6.8.41/.env.sample @@ -0,0 +1,8 @@ +CLI_PROXY_PORT_11451=11451 +CLI_PROXY_PORT_1455=1455 +CLI_PROXY_PORT_51121=51121 +CLI_PROXY_PORT_54545=54545 +CLI_PROXY_PORT_8085=8085 +CONTAINER_NAME="cliproxyapi" +DEPLOY="" +PANEL_APP_PORT_HTTP=8317 diff --git a/apps/cli-proxy-api/6.8.41/data.yml b/apps/cli-proxy-api/6.8.41/data.yml new file mode 100644 index 00000000..ddf03670 --- /dev/null +++ b/apps/cli-proxy-api/6.8.41/data.yml @@ -0,0 +1,108 @@ +additionalProperties: + formFields: + - default: 8317 + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: Web Port (8317) + labelZh: Web 访问端口 (8317) + label: + en: Web Port (8317) + ja: Webポート (8317) + ms: Web Port (8317) + pt-br: Porta Web (8317) + ru: Веб-порт (8317) + ko: 웹 포트 (8317) + zh-Hant: Web 訪問埠 (8317) + zh: Web 访问端口 (8317) + required: true + rule: paramPort + type: number + - default: 8085 + edit: true + envKey: CLI_PROXY_PORT_8085 + label: + en: Port 8085 + ja: ポート 8085 + ms: Port 8085 + pt-br: Porta 8085 + ru: Порт 8085 + ko: 포트 8085 + zh-Hant: 埠 8085 + zh: 端口 8085 + required: true + rule: paramPort + type: number + - default: 1455 + edit: true + envKey: CLI_PROXY_PORT_1455 + label: + en: Port 1455 + ja: ポート 1455 + ms: Port 1455 + pt-br: Porta 1455 + ru: Порт 1455 + ko: 포트 1455 + zh-Hant: 埠 1455 + zh: 端口 1455 + required: true + rule: paramPort + type: number + - default: 54545 + edit: true + envKey: CLI_PROXY_PORT_54545 + label: + en: Port 54545 + ja: ポート 54545 + ms: Port 54545 + pt-br: Porta 54545 + ru: Порт 54545 + ko: 포트 54545 + zh-Hant: 埠 54545 + zh: 端口 54545 + required: true + rule: paramPort + type: number + - default: 51121 + edit: true + envKey: CLI_PROXY_PORT_51121 + label: + en: Port 51121 + ja: ポート 51121 + ms: Port 51121 + pt-br: Porta 51121 + ru: Порт 51121 + ko: 포트 51121 + zh-Hant: 埠 51121 + zh: 端口 51121 + required: true + rule: paramPort + type: number + - default: 11451 + edit: true + envKey: CLI_PROXY_PORT_11451 + label: + en: Port 11451 + ja: ポート 11451 + ms: Port 11451 + pt-br: Porta 11451 + ru: Порт 11451 + ko: 포트 11451 + zh-Hant: 埠 11451 + zh: 端口 11451 + required: true + rule: paramPort + type: number + - default: "" + edit: true + envKey: DEPLOY + label: + en: Deploy Env Variable + ja: デプロイ環境変数 + ms: Variabel Persekitaran Deploy + pt-br: Variável de Ambiente de Deploy + ru: Переменная среды развертывания + ko: 배포 환경 변수 + zh-Hant: 部署環境變數 + zh: 部署环境变量 + required: false + type: text diff --git a/apps/cli-proxy-api/6.8.41/data/config.yaml b/apps/cli-proxy-api/6.8.41/data/config.yaml new file mode 100644 index 00000000..fbabac8f --- /dev/null +++ b/apps/cli-proxy-api/6.8.41/data/config.yaml @@ -0,0 +1,330 @@ +# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). +# Use "127.0.0.1" or "localhost" to restrict access to local machine only. +host: "" + +# Server port +port: 8317 + +# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. +tls: + enable: false + cert: "" + key: "" + +# Management API settings +remote-management: + # Whether to allow remote (non-localhost) management access. + # When false, only localhost can access management endpoints (a key is still required). + allow-remote: false + + # Management key. If a plaintext value is provided here, it will be hashed on startup. + # All management requests (even from localhost) require this key. + # Leave empty to disable the Management API entirely (404 for all /v0/management routes). + secret-key: "" + + # Disable the bundled management control panel asset download and HTTP route when true. + disable-control-panel: false + + # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. + panel-github-repository: "https://github.com/router-for-me/Cli-Proxy-API-Management-Center" + +# Authentication directory (supports ~ for home directory) +auth-dir: "~/.cli-proxy-api" + +# API keys for authentication +api-keys: + - "your-api-key-1" + - "your-api-key-2" + - "your-api-key-3" + +# Enable debug logging +debug: false + +# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. +pprof: + enable: false + addr: "127.0.0.1:8316" + +# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. +commercial-mode: false + +# When true, write application logs to rotating files instead of stdout +logging-to-file: false + +# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log +# files are deleted until within the limit. Set to 0 to disable. +logs-max-total-size-mb: 0 + +# Maximum number of error log files retained when request logging is disabled. +# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. +error-logs-max-files: 10 + +# When false, disable in-memory usage statistics aggregation +usage-statistics-enabled: false + +# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ +proxy-url: "" + +# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). +force-model-prefix: false + +# When true, forward filtered upstream response headers to downstream clients. +# Default is false (disabled). +passthrough-headers: false + +# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. +request-retry: 3 + +# Maximum number of different credentials to try for one failed request. +# Set to 0 to keep legacy behavior (try all available credentials). +max-retry-credentials: 0 + +# Maximum wait time in seconds for a cooled-down credential before triggering a retry. +max-retry-interval: 30 + +# Quota exceeded behavior +quota-exceeded: + switch-project: true # Whether to automatically switch to another project when a quota is exceeded + switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded + +# Routing strategy for selecting credentials when multiple match. +routing: + strategy: "round-robin" # round-robin (default), fill-first + +# When true, enable authentication for the WebSocket API (/v1/ws). +ws-auth: false + +# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. +nonstream-keepalive-interval: 0 + +# Streaming behavior (SSE keep-alives + safe bootstrap retries). +# streaming: +# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. +# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. + +# Gemini API keys +# gemini-api-key: +# - api-key: "AIzaSy...01" +# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential +# base-url: "https://generativelanguage.googleapis.com" +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" +# models: +# - name: "gemini-2.5-flash" # upstream model name +# alias: "gemini-flash" # client alias mapped to the upstream model +# excluded-models: +# - "gemini-2.5-pro" # exclude specific models from this provider (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# - api-key: "AIzaSy...02" + +# Codex API keys +# codex-api-key: +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential +# base-url: "https://www.example.com" # use the custom codex API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# models: +# - name: "gpt-5-codex" # upstream model name +# alias: "codex-latest" # client alias mapped to the upstream model +# excluded-models: +# - "gpt-5.1" # exclude specific models (exact match) +# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex) +# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini) +# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low) + +# Claude API keys +# claude-api-key: +# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential +# base-url: "https://www.example.com" # use the custom claude API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# models: +# - name: "claude-3-5-sonnet-20241022" # upstream model name +# alias: "claude-sonnet-latest" # client alias mapped to the upstream model +# excluded-models: +# - "claude-opus-4-5-20251101" # exclude specific models (exact match) +# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219) +# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking) +# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022) +# cloak: # optional: request cloaking for non-Claude-Code clients +# mode: "auto" # "auto" (default): cloak only when client is not Claude Code +# # "always": always apply cloaking +# # "never": never apply cloaking +# strict-mode: false # false (default): prepend Claude Code prompt to user system messages +# # true: strip all user system messages, keep only Claude Code prompt +# sensitive-words: # optional: words to obfuscate with zero-width characters +# - "API" +# - "proxy" +# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request + +# Default headers for Claude API requests. Update when Claude Code releases new versions. +# These are used as fallbacks when the client does not send its own headers. +# claude-header-defaults: +# user-agent: "claude-cli/2.1.44 (external, sdk-cli)" +# package-version: "0.74.0" +# runtime-version: "v24.3.0" +# timeout: "600" + +# OpenAI compatibility providers +# openai-compatibility: +# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. +# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials +# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider. +# headers: +# X-Custom-Header: "custom-value" +# api-key-entries: +# - api-key: "sk-or-v1-...b780" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# - api-key: "sk-or-v1-...b781" # without proxy-url +# models: # The models supported by the provider. +# - name: "moonshotai/kimi-k2:free" # The actual model name. +# alias: "kimi-k2" # The alias used in the API. + +# Vertex API keys (Vertex-compatible endpoints, use API key + base URL) +# vertex-api-key: +# - api-key: "vk-123..." # x-goog-api-key header +# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential +# base-url: "https://example.com/api" # e.g. https://zenmux.ai/api +# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override +# headers: +# X-Custom-Header: "custom-value" +# models: # optional: map aliases to upstream model names +# - name: "gemini-2.5-flash" # upstream model name +# alias: "vertex-flash" # client-visible alias +# - name: "gemini-2.5-pro" +# alias: "vertex-pro" + +# Amp Integration +# ampcode: +# # Configure upstream URL for Amp CLI OAuth and management features +# upstream-url: "https://ampcode.com" +# # Optional: Override API key for Amp upstream (otherwise uses env or file) +# upstream-api-key: "" +# # Per-client upstream API key mapping +# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys. +# # Useful when different clients need to use different Amp accounts/quotas. +# # If a client key isn't mapped, falls back to upstream-api-key (default behavior). +# upstream-api-keys: +# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients +# api-keys: # Client keys that use this upstream key +# - "your-api-key-1" +# - "your-api-key-2" +# - upstream-api-key: "amp_key_for_team_b" +# api-keys: +# - "your-api-key-3" +# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false) +# restrict-management-to-localhost: false +# # Force model mappings to run before checking local API keys (default: false) +# force-model-mappings: false +# # Amp Model Mappings +# # Route unavailable Amp models to alternative models available in your local proxy. +# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5) +# # but you have a similar model available (e.g., Claude Sonnet 4). +# model-mappings: +# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI +# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead +# - from: "claude-sonnet-4-5-20250929" +# to: "gemini-claude-sonnet-4-5-thinking" +# - from: "claude-haiku-4-5-20251001" +# to: "gemini-2.5-flash" + +# Global OAuth model name aliases (per channel) +# These aliases rename model IDs for both model listing and request routing. +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kimi. +# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode. +# You can repeat the same name with different aliases to expose multiple client model names. +# oauth-model-alias: +# gemini-cli: +# - name: "gemini-2.5-pro" # original model name under this channel +# alias: "g2.5p" # client-visible alias +# fork: true # when true, keep original and also add the alias as an extra model (default: false) +# vertex: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# aistudio: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# antigravity: +# - name: "gemini-3-pro-high" +# alias: "gemini-3-pro-preview" +# claude: +# - name: "claude-sonnet-4-5-20250929" +# alias: "cs4.5" +# codex: +# - name: "gpt-5" +# alias: "g5" +# qwen: +# - name: "qwen3-coder-plus" +# alias: "qwen-plus" +# iflow: +# - name: "glm-4.7" +# alias: "glm-god" +# kimi: +# - name: "kimi-k2.5" +# alias: "k2.5" + +# OAuth provider excluded models +# oauth-excluded-models: +# gemini-cli: +# - "gemini-2.5-pro" # exclude specific models (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# vertex: +# - "gemini-3-pro-preview" +# aistudio: +# - "gemini-3-pro-preview" +# antigravity: +# - "gemini-3-pro-preview" +# claude: +# - "claude-3-5-haiku-20241022" +# codex: +# - "gpt-5-codex-mini" +# qwen: +# - "vision-model" +# iflow: +# - "tstars2.0" +# kimi: +# - "kimi-k2-thinking" + +# Optional payload configuration +# payload: +# default: # Default rules only set parameters when they are missing in the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "generationConfig.thinkingConfig.thinkingBudget": 32768 +# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON). +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}" +# override: # Override rules always set parameters, overwriting any existing values. +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "reasoning.effort": "high" +# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON). +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}" +# filter: # Filter rules remove specified parameters from the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON paths (gjson/sjson syntax) to remove from the payload +# - "generationConfig.thinkingConfig.thinkingBudget" +# - "generationConfig.responseJsonSchema" \ No newline at end of file diff --git a/apps/cli-proxy-api/6.8.41/docker-compose.yml b/apps/cli-proxy-api/6.8.41/docker-compose.yml new file mode 100644 index 00000000..3bff3f97 --- /dev/null +++ b/apps/cli-proxy-api/6.8.41/docker-compose.yml @@ -0,0 +1,26 @@ +services: + cli-proxy-api: + image: "eceasy/cli-proxy-api:v6.8.41" + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + environment: + - DEPLOY=${DEPLOY:-} + ports: + - "${PANEL_APP_PORT_HTTP}:8317" + - "${CLI_PROXY_PORT_8085}:8085" + - "${CLI_PROXY_PORT_1455}:1455" + - "${CLI_PROXY_PORT_54545}:54545" + - "${CLI_PROXY_PORT_51121}:51121" + - "${CLI_PROXY_PORT_11451}:11451" + volumes: + - "./data/config.yaml:/CLIProxyAPI/config.yaml" + - "./data/auths:/root/.cli-proxy-api" + - "./data/logs:/CLIProxyAPI/logs" + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true diff --git a/apps/cli-proxy-api/README.md b/apps/cli-proxy-api/README.md new file mode 100644 index 00000000..c8badb0b --- /dev/null +++ b/apps/cli-proxy-api/README.md @@ -0,0 +1,25 @@ +# CLIProxyAPI + +一个为 CLI 提供 OpenAI/Gemini/Claude/Codex 兼容 API 接口的代理服务器。 + +## 相关链接 +- [GitHub 仓库](https://github.com/router-for-me/CLIProxyAPI) + +## 数据配置说明 +安装本应用后,相关数据和日志挂载在 1Panel 应用安装目录下的 `data` 文件夹中。 +- `config.yaml`: 配置文件 +- `auths`: 认证信息缓存目录 +- `logs`: 运行日志目录 + +## 使用 CLI Proxy API 自带的 Web UI + +**注意**:要开启远程访问,应该先修改 `config.yaml` 里的以下几个部分: +```yaml +remote-management: + allow-remote: false + secret-key: "" +``` + +1. 启动 CLI Proxy API 服务。 +2. 打开:`http://:/management.html` +3. 输入 **管理密钥** 并连接。 diff --git a/apps/cli-proxy-api/data.yml b/apps/cli-proxy-api/data.yml new file mode 100644 index 00000000..42865763 --- /dev/null +++ b/apps/cli-proxy-api/data.yml @@ -0,0 +1,32 @@ +name: CLIProxyAPI +tags: + - AI +title: 一个为 CLI 提供 OpenAI 等兼容 API 接口的代理服务器 +description: 一个为 CLI 提供 OpenAI 等兼容 API 接口的代理服务器 +additionalProperties: + key: cli-proxy-api + name: CLIProxyAPI + tags: + - AI + shortDescZh: 一个为 CLI 提供 OpenAI 等兼容 API 接口的代理服务器 + shortDescEn: A proxy server providing OpenAI-compatible API interfaces for CLI + description: + en: A proxy server providing OpenAI-compatible API interfaces for CLI + ja: CLI向けにOpenAI互換APIインターフェースを提供するプロキシサーバー + ms: Pelayan proksi yang menyediakan antara muka API serasi OpenAI untuk CLI + pt-br: Um servidor proxy que fornece interfaces de API compatíveis com OpenAI para CLI + ru: Прокси-сервер, предоставляющий OpenAI-совместимые API-интерфейсы для CLI + ko: CLI용 OpenAI 호환 API 인터페이스를 제공하는 프록시 서버 + zh-Hant: 一個為 CLI 提供 OpenAI 等兼容 API 接口的 + zh: 一个为 CLI 提供 OpenAI 等兼容 API 接口的代理服务器 + type: website + crossVersionUpdate: true + limit: 0 + recommend: 0 + batchInstallSupport: true + website: https://help.router-for.me/ + github: https://github.com/router-for-me/CLIProxyAPI + document: https://help.router-for.me/ + architectures: + - amd64 + - arm64 diff --git a/apps/cli-proxy-api/latest/.env.sample b/apps/cli-proxy-api/latest/.env.sample new file mode 100644 index 00000000..94e7d3dd --- /dev/null +++ b/apps/cli-proxy-api/latest/.env.sample @@ -0,0 +1,8 @@ +CLI_PROXY_PORT_11451=11451 +CLI_PROXY_PORT_1455=1455 +CLI_PROXY_PORT_51121=51121 +CLI_PROXY_PORT_54545=54545 +CLI_PROXY_PORT_8085=8085 +CONTAINER_NAME="cliproxyapi" +DEPLOY="" +PANEL_APP_PORT_HTTP=8317 diff --git a/apps/cli-proxy-api/latest/data.yml b/apps/cli-proxy-api/latest/data.yml new file mode 100644 index 00000000..ddf03670 --- /dev/null +++ b/apps/cli-proxy-api/latest/data.yml @@ -0,0 +1,108 @@ +additionalProperties: + formFields: + - default: 8317 + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: Web Port (8317) + labelZh: Web 访问端口 (8317) + label: + en: Web Port (8317) + ja: Webポート (8317) + ms: Web Port (8317) + pt-br: Porta Web (8317) + ru: Веб-порт (8317) + ko: 웹 포트 (8317) + zh-Hant: Web 訪問埠 (8317) + zh: Web 访问端口 (8317) + required: true + rule: paramPort + type: number + - default: 8085 + edit: true + envKey: CLI_PROXY_PORT_8085 + label: + en: Port 8085 + ja: ポート 8085 + ms: Port 8085 + pt-br: Porta 8085 + ru: Порт 8085 + ko: 포트 8085 + zh-Hant: 埠 8085 + zh: 端口 8085 + required: true + rule: paramPort + type: number + - default: 1455 + edit: true + envKey: CLI_PROXY_PORT_1455 + label: + en: Port 1455 + ja: ポート 1455 + ms: Port 1455 + pt-br: Porta 1455 + ru: Порт 1455 + ko: 포트 1455 + zh-Hant: 埠 1455 + zh: 端口 1455 + required: true + rule: paramPort + type: number + - default: 54545 + edit: true + envKey: CLI_PROXY_PORT_54545 + label: + en: Port 54545 + ja: ポート 54545 + ms: Port 54545 + pt-br: Porta 54545 + ru: Порт 54545 + ko: 포트 54545 + zh-Hant: 埠 54545 + zh: 端口 54545 + required: true + rule: paramPort + type: number + - default: 51121 + edit: true + envKey: CLI_PROXY_PORT_51121 + label: + en: Port 51121 + ja: ポート 51121 + ms: Port 51121 + pt-br: Porta 51121 + ru: Порт 51121 + ko: 포트 51121 + zh-Hant: 埠 51121 + zh: 端口 51121 + required: true + rule: paramPort + type: number + - default: 11451 + edit: true + envKey: CLI_PROXY_PORT_11451 + label: + en: Port 11451 + ja: ポート 11451 + ms: Port 11451 + pt-br: Porta 11451 + ru: Порт 11451 + ko: 포트 11451 + zh-Hant: 埠 11451 + zh: 端口 11451 + required: true + rule: paramPort + type: number + - default: "" + edit: true + envKey: DEPLOY + label: + en: Deploy Env Variable + ja: デプロイ環境変数 + ms: Variabel Persekitaran Deploy + pt-br: Variável de Ambiente de Deploy + ru: Переменная среды развертывания + ko: 배포 환경 변수 + zh-Hant: 部署環境變數 + zh: 部署环境变量 + required: false + type: text diff --git a/apps/cli-proxy-api/latest/data/config.yaml b/apps/cli-proxy-api/latest/data/config.yaml new file mode 100644 index 00000000..fbabac8f --- /dev/null +++ b/apps/cli-proxy-api/latest/data/config.yaml @@ -0,0 +1,330 @@ +# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). +# Use "127.0.0.1" or "localhost" to restrict access to local machine only. +host: "" + +# Server port +port: 8317 + +# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. +tls: + enable: false + cert: "" + key: "" + +# Management API settings +remote-management: + # Whether to allow remote (non-localhost) management access. + # When false, only localhost can access management endpoints (a key is still required). + allow-remote: false + + # Management key. If a plaintext value is provided here, it will be hashed on startup. + # All management requests (even from localhost) require this key. + # Leave empty to disable the Management API entirely (404 for all /v0/management routes). + secret-key: "" + + # Disable the bundled management control panel asset download and HTTP route when true. + disable-control-panel: false + + # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. + panel-github-repository: "https://github.com/router-for-me/Cli-Proxy-API-Management-Center" + +# Authentication directory (supports ~ for home directory) +auth-dir: "~/.cli-proxy-api" + +# API keys for authentication +api-keys: + - "your-api-key-1" + - "your-api-key-2" + - "your-api-key-3" + +# Enable debug logging +debug: false + +# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. +pprof: + enable: false + addr: "127.0.0.1:8316" + +# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. +commercial-mode: false + +# When true, write application logs to rotating files instead of stdout +logging-to-file: false + +# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log +# files are deleted until within the limit. Set to 0 to disable. +logs-max-total-size-mb: 0 + +# Maximum number of error log files retained when request logging is disabled. +# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. +error-logs-max-files: 10 + +# When false, disable in-memory usage statistics aggregation +usage-statistics-enabled: false + +# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ +proxy-url: "" + +# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). +force-model-prefix: false + +# When true, forward filtered upstream response headers to downstream clients. +# Default is false (disabled). +passthrough-headers: false + +# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. +request-retry: 3 + +# Maximum number of different credentials to try for one failed request. +# Set to 0 to keep legacy behavior (try all available credentials). +max-retry-credentials: 0 + +# Maximum wait time in seconds for a cooled-down credential before triggering a retry. +max-retry-interval: 30 + +# Quota exceeded behavior +quota-exceeded: + switch-project: true # Whether to automatically switch to another project when a quota is exceeded + switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded + +# Routing strategy for selecting credentials when multiple match. +routing: + strategy: "round-robin" # round-robin (default), fill-first + +# When true, enable authentication for the WebSocket API (/v1/ws). +ws-auth: false + +# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. +nonstream-keepalive-interval: 0 + +# Streaming behavior (SSE keep-alives + safe bootstrap retries). +# streaming: +# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. +# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. + +# Gemini API keys +# gemini-api-key: +# - api-key: "AIzaSy...01" +# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential +# base-url: "https://generativelanguage.googleapis.com" +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" +# models: +# - name: "gemini-2.5-flash" # upstream model name +# alias: "gemini-flash" # client alias mapped to the upstream model +# excluded-models: +# - "gemini-2.5-pro" # exclude specific models from this provider (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# - api-key: "AIzaSy...02" + +# Codex API keys +# codex-api-key: +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential +# base-url: "https://www.example.com" # use the custom codex API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# models: +# - name: "gpt-5-codex" # upstream model name +# alias: "codex-latest" # client alias mapped to the upstream model +# excluded-models: +# - "gpt-5.1" # exclude specific models (exact match) +# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex) +# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini) +# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low) + +# Claude API keys +# claude-api-key: +# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential +# base-url: "https://www.example.com" # use the custom claude API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# models: +# - name: "claude-3-5-sonnet-20241022" # upstream model name +# alias: "claude-sonnet-latest" # client alias mapped to the upstream model +# excluded-models: +# - "claude-opus-4-5-20251101" # exclude specific models (exact match) +# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219) +# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking) +# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022) +# cloak: # optional: request cloaking for non-Claude-Code clients +# mode: "auto" # "auto" (default): cloak only when client is not Claude Code +# # "always": always apply cloaking +# # "never": never apply cloaking +# strict-mode: false # false (default): prepend Claude Code prompt to user system messages +# # true: strip all user system messages, keep only Claude Code prompt +# sensitive-words: # optional: words to obfuscate with zero-width characters +# - "API" +# - "proxy" +# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request + +# Default headers for Claude API requests. Update when Claude Code releases new versions. +# These are used as fallbacks when the client does not send its own headers. +# claude-header-defaults: +# user-agent: "claude-cli/2.1.44 (external, sdk-cli)" +# package-version: "0.74.0" +# runtime-version: "v24.3.0" +# timeout: "600" + +# OpenAI compatibility providers +# openai-compatibility: +# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. +# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials +# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider. +# headers: +# X-Custom-Header: "custom-value" +# api-key-entries: +# - api-key: "sk-or-v1-...b780" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# - api-key: "sk-or-v1-...b781" # without proxy-url +# models: # The models supported by the provider. +# - name: "moonshotai/kimi-k2:free" # The actual model name. +# alias: "kimi-k2" # The alias used in the API. + +# Vertex API keys (Vertex-compatible endpoints, use API key + base URL) +# vertex-api-key: +# - api-key: "vk-123..." # x-goog-api-key header +# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential +# base-url: "https://example.com/api" # e.g. https://zenmux.ai/api +# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override +# headers: +# X-Custom-Header: "custom-value" +# models: # optional: map aliases to upstream model names +# - name: "gemini-2.5-flash" # upstream model name +# alias: "vertex-flash" # client-visible alias +# - name: "gemini-2.5-pro" +# alias: "vertex-pro" + +# Amp Integration +# ampcode: +# # Configure upstream URL for Amp CLI OAuth and management features +# upstream-url: "https://ampcode.com" +# # Optional: Override API key for Amp upstream (otherwise uses env or file) +# upstream-api-key: "" +# # Per-client upstream API key mapping +# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys. +# # Useful when different clients need to use different Amp accounts/quotas. +# # If a client key isn't mapped, falls back to upstream-api-key (default behavior). +# upstream-api-keys: +# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients +# api-keys: # Client keys that use this upstream key +# - "your-api-key-1" +# - "your-api-key-2" +# - upstream-api-key: "amp_key_for_team_b" +# api-keys: +# - "your-api-key-3" +# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false) +# restrict-management-to-localhost: false +# # Force model mappings to run before checking local API keys (default: false) +# force-model-mappings: false +# # Amp Model Mappings +# # Route unavailable Amp models to alternative models available in your local proxy. +# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5) +# # but you have a similar model available (e.g., Claude Sonnet 4). +# model-mappings: +# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI +# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead +# - from: "claude-sonnet-4-5-20250929" +# to: "gemini-claude-sonnet-4-5-thinking" +# - from: "claude-haiku-4-5-20251001" +# to: "gemini-2.5-flash" + +# Global OAuth model name aliases (per channel) +# These aliases rename model IDs for both model listing and request routing. +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kimi. +# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode. +# You can repeat the same name with different aliases to expose multiple client model names. +# oauth-model-alias: +# gemini-cli: +# - name: "gemini-2.5-pro" # original model name under this channel +# alias: "g2.5p" # client-visible alias +# fork: true # when true, keep original and also add the alias as an extra model (default: false) +# vertex: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# aistudio: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# antigravity: +# - name: "gemini-3-pro-high" +# alias: "gemini-3-pro-preview" +# claude: +# - name: "claude-sonnet-4-5-20250929" +# alias: "cs4.5" +# codex: +# - name: "gpt-5" +# alias: "g5" +# qwen: +# - name: "qwen3-coder-plus" +# alias: "qwen-plus" +# iflow: +# - name: "glm-4.7" +# alias: "glm-god" +# kimi: +# - name: "kimi-k2.5" +# alias: "k2.5" + +# OAuth provider excluded models +# oauth-excluded-models: +# gemini-cli: +# - "gemini-2.5-pro" # exclude specific models (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# vertex: +# - "gemini-3-pro-preview" +# aistudio: +# - "gemini-3-pro-preview" +# antigravity: +# - "gemini-3-pro-preview" +# claude: +# - "claude-3-5-haiku-20241022" +# codex: +# - "gpt-5-codex-mini" +# qwen: +# - "vision-model" +# iflow: +# - "tstars2.0" +# kimi: +# - "kimi-k2-thinking" + +# Optional payload configuration +# payload: +# default: # Default rules only set parameters when they are missing in the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "generationConfig.thinkingConfig.thinkingBudget": 32768 +# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON). +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}" +# override: # Override rules always set parameters, overwriting any existing values. +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "reasoning.effort": "high" +# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON). +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}" +# filter: # Filter rules remove specified parameters from the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON paths (gjson/sjson syntax) to remove from the payload +# - "generationConfig.thinkingConfig.thinkingBudget" +# - "generationConfig.responseJsonSchema" \ No newline at end of file diff --git a/apps/cli-proxy-api/latest/docker-compose.yml b/apps/cli-proxy-api/latest/docker-compose.yml new file mode 100644 index 00000000..e06e8041 --- /dev/null +++ b/apps/cli-proxy-api/latest/docker-compose.yml @@ -0,0 +1,26 @@ +services: + cli-proxy-api: + image: "eceasy/cli-proxy-api:latest" + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + environment: + - DEPLOY=${DEPLOY:-} + ports: + - "${PANEL_APP_PORT_HTTP}:8317" + - "${CLI_PROXY_PORT_8085}:8085" + - "${CLI_PROXY_PORT_1455}:1455" + - "${CLI_PROXY_PORT_54545}:54545" + - "${CLI_PROXY_PORT_51121}:51121" + - "${CLI_PROXY_PORT_11451}:11451" + volumes: + - "./data/config.yaml:/CLIProxyAPI/config.yaml" + - "./data/auths:/root/.cli-proxy-api" + - "./data/logs:/CLIProxyAPI/logs" + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true diff --git a/apps/cli-proxy-api/logo.png b/apps/cli-proxy-api/logo.png new file mode 100644 index 00000000..31ceced3 Binary files /dev/null and b/apps/cli-proxy-api/logo.png differ