Skip to content

feat(infra): Anthropic reverse-proxy relay for Cloud Run#209

Merged
oratis merged 1 commit into
mainfrom
feat/gcp-anthropic-relay
Jul 2, 2026
Merged

feat(infra): Anthropic reverse-proxy relay for Cloud Run#209
oratis merged 1 commit into
mainfrom
feat/gcp-anthropic-relay

Conversation

@oratis

@oratis oratis commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Transparent Anthropic relay on Cloud Run (packaging/gcp-relay/) so a China-side client can reach Claude reliably by pointing ANTHROPIC_BASE_URL at it instead of a flaky local proxy.

  • ~110-line zero-dep Node relay; forwards /v1/* incl. streaming to api.anthropic.com.
  • Key-swap gate: real Anthropic key only in Secret Manager (injected server-side); clients present a revocable RELAY_TOKEN as x-api-key.
  • Not an OpenClaw billing proxy — no anthropic-beta:claude-code spoof / OAuth reuse; bills normally (researched: those get fingerprinted + blocked by Anthropic).
  • deploy.sh = secrets + IAM + deploy. Live on oratis-491316/us-central1.

Gotcha documented: loadConfigEnv doesn't override an existing env var, so a launchd/shell ANTHROPIC_BASE_URL shadows config.env → serve-command.txt uses env -u.

🤖 Generated with Claude Code

…cp-relay)

A ~110-line, zero-dep transparent relay: forwards /v1/* (streaming included) to
api.anthropic.com from Cloud Run. Lets a client on a network that can't reliably
reach Anthropic (flaky local proxy) point ANTHROPIC_BASE_URL at the relay instead
— GCP egress to Anthropic is stable.

Security: the real Anthropic key lives only in Secret Manager and is injected
server-side; clients authenticate with a separate, revocable RELAY_TOKEN sent as
x-api-key (key-swap gate). NOT an OpenClaw-style billing proxy — no
anthropic-beta:claude-code spoofing, no OAuth reuse; requests bill normally.

deploy.sh handles secrets + IAM + Cloud Run deploy and prints the config.env lines.

Deployed live to oratis-491316 (us-central1). Note: LISA's loadConfigEnv does NOT
override an already-set env var, so a shell/launchd ANTHROPIC_BASE_URL shadows
config.env — the Mac's serve-command.txt uses `env -u ANTHROPIC_BASE_URL` so
config.env wins.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@oratis

oratis commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

Reviewed. Security ✓: no hardcoded secrets in the diff (the sk-ant-... in README/comments are placeholders; RELAY_TOKEN is openssl rand -hex 24). Real Anthropic key stays in Secret Manager and is injected server-side; clients present a revocable RELAY_TOKEN via x-api-key, compared constant-time-ish after a length check. Relay only proxies /v1/* + health, strips client auth before swapping the real key, streams SSE straight through, zero deps. Self-contained under packaging/gcp-relay/, +247/-0, CI green. LGTM.

@oratis oratis merged commit e6a2cfc into main Jul 2, 2026
1 check passed
@oratis oratis deleted the feat/gcp-anthropic-relay branch July 2, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant