VibeProxy: Route AI Subscriptions to Coding Tools
VibeProxy is a native macOS menu bar application that solves a specific friction point: using your existing AI subscriptions (Claude Code, ChatGPT, Gemini, Qwen, Antigravity, Z.AI GLM) with third-party AI coding tools like Factory Droids and Amp CLI without purchasing separate API keys. Released by Automaze in October 2025, it has accumulated 1,856 stars, 122 forks, and 140 releases as of March 2026.
The core insight is simple. Many developers already pay for AI subscriptions (Claude Max, ChatGPT Plus) but cannot use those same credentials with specialized coding tools. Those tools typically require API keys with separate billing. VibeProxy bridges this gap by acting as a local proxy server that authenticates via OAuth with your existing subscriptions, then exposes a compatible API interface that third-party tools can consume.
Architecture: Local Proxy with OAuth
VibeProxy is built on CLIProxyAPIPlus, an open-source unified proxy server for AI services. The macOS app wraps this server in a native SwiftUI interface that handles the complexity of OAuth flows, token management, and API routing. The architecture consists of three layers:
- Presentation layer: Native SwiftUI menu bar app with real-time status indicators and settings
- Control layer: ServerManager process controller that starts/stops the proxy server
- Service layer: CLIProxyAPIPlus binary that handles protocol translation and API routing
When you click "Connect" for a provider like Claude Code, VibeProxy opens your browser to the OAuth page. After authentication, it monitors ~/.cli-proxy-api/ for credential files and automatically detects when authentication completes. The proxy server then routes API requests from your coding tools to the appropriate provider using your existing subscription.
Provider Support and Authentication Modes
VibeProxy supports six providers with different authentication mechanisms:
| Provider | Auth Method | Subscription Required |
|---|---|---|
| Claude Code | OAuth | Claude Max or Pro |
| Codex / ChatGPT | OAuth | ChatGPT Plus |
| Gemini | OAuth via Antigravity | Gemini Advanced |
| Qwen | OAuth | Qwen subscription |
| Antigravity | OAuth | Antigravity access |
| Z.AI GLM | API key | Z.AI account |
| GitHub Copilot | OAuth | Copilot subscription |
Most providers use OAuth, which means VibeProxy never stores your actual credentials — only the OAuth tokens. The exception is Z.AI GLM, which requires an explicit API key. The Vercel AI Gateway integration (added January 2026) provides an additional layer for Claude requests, routing through Vercel's officially sanctioned gateway to reduce account risk from direct OAuth token usage.
Multi-Account and Failover
A distinctive feature is multi-account support per provider. You can connect multiple Claude Code accounts, for example, and VibeProxy distributes requests across them with automatic round-robin load balancing. If one account hits rate limits, it fails over to the next available account. This is useful for teams sharing access or individuals with multiple subscriptions.
Provider Priority controls let you enable or disable specific providers instantly. This changes which models are available to your coding tools without reconfiguration. The change takes effect immediately via "hot reload" — no server restart required.
Integration Targets
VibeProxy is specifically designed for two coding tools:
- Factory Droids: AI coding agents for automated development workflows
- Amp CLI: Terminal-based AI coding assistant with fallback support
The project includes dedicated setup guides for each. Factory Droids uses the proxy for all AI interactions, while Amp CLI can fall back to your subscriptions when its primary provider is unavailable.
Distribution and Trust
VibeProxy distributes as a signed and notarized macOS application, which means it passes Gatekeeper without warnings. The app bundle is self-contained — the CLIProxyAPIPlus binary, configuration files, and static resources are all bundled inside the .app. No separate installation steps or dependencies.
Updates are handled via Sparkle, the standard macOS auto-update framework. Starting with v1.6, VibeProxy checks for updates daily and installs them seamlessly. There are separate builds for Apple Silicon (M1/M2/M3/M4) and Intel, though the Intel build is noted as "untested — please report issues."
Security Model
The security architecture has three components:
OAuth delegation: VibeProxy never sees your actual service passwords. It initiates OAuth flows that delegate authentication to the provider's official login pages. Tokens are stored in ~/.cli-proxy-api/ with standard file permissions.
Local-only operation: The proxy server binds to localhost. No external network exposure. API keys and tokens never leave your machine except to the provider's official endpoints.
Vercel AI Gateway option: For Claude specifically, you can route requests through Vercel's AI Gateway rather than directly to Anthropic. This adds an intermediary that some users may prefer for audit logging or additional access controls.
Development Activity
The repository shows consistent activity with 587 commits, 140 releases, and 13 contributors. Release v1.8.121 shipped on March 23, 2026 (the day of this analysis), adding Gemini 3 Pro support via Antigravity, GPT-5.1/Codex, Claude Sonnet 4.5/Opus 4.5 with extended thinking, GitHub Copilot, and Z.AI GLM-4.7. The commit history shows a mix of feature work, provider updates, and infrastructure maintenance.
The codebase is primarily Swift (92%), with Shell scripts (6.5%) for build automation and Makefiles (1.5%). The project uses Swift Package Manager and includes comprehensive build scripts for creating the signed, notarized app bundles.
Friction Points
macOS-only: No Windows or Linux support. This is a native SwiftUI app, so cross-platform would require a complete rewrite.
Provider dependency: When providers change their authentication flows or API specifications, VibeProxy requires updates. The changelog shows multiple releases triggered by provider-side changes.
Intel support: Listed as untested. Apple Silicon is the primary target platform.
Single-user focus: While multi-account is supported, the app is designed for individual developers rather than team-wide deployment. No enterprise features like centralized configuration or usage auditing.
Comparison with Alternatives
Direct API key usage is the obvious alternative. VibeProxy's value proposition only applies if you already have subscriptions and want to avoid double-paying for API credits. If you're starting fresh, API keys may be simpler.
CLIProxyAPIPlus (the underlying server) can be used directly without VibeProxy's UI. This is lighter weight but requires manual configuration and lacks the convenience features (menu bar, auto-updates, visual status).
Vercel's AI Gateway alone handles the routing layer but doesn't solve the OAuth/subscription integration. VibeProxy combines both concerns: subscription access + proxy routing.
Technical Assessment
Strengths:
- Solves a genuine billing friction (subscription → API without double pay)
- Native macOS experience with proper code signing and notarization
- Multi-account support with round-robin and failover
- Hot reload for provider configuration
- Active maintenance with frequent provider updates
- Open source (MIT) with underlying CLIProxyAPIPlus also open
Considerations:
- macOS-only limits audience
- Requires trust in OAuth token handling
- Provider API changes can break functionality
- Intel Macs are second-class citizens
- No visible enterprise/team features
Conclusion
VibeProxy is a focused utility that solves one problem well: using existing AI subscriptions with third-party coding tools. The 1,856 stars suggest the problem resonates with developers who have subscriptions but hesitate to purchase additional API credits for experimental tools.
The architecture is sound: OAuth for authentication, local proxy for routing, native UI for convenience. The Vercel AI Gateway integration shows awareness of security concerns. The consistent release cadence (140 releases in ~5 months) indicates active maintenance.
Use VibeProxy if you're a macOS user with existing AI subscriptions who wants to try Factory Droids, Amp CLI, or similar tools without committing to API billing. Skip it if you need cross-platform support, prefer direct API keys, or require enterprise deployment features.
Quick Facts
| Metric | Value |
|---|---|
| GitHub Stars | 1,856 |
| Forks | 122 |
| Contributors | 13 |
| Releases | 140 (v1.8.121 latest) |
| Commits | 587 |
| License | MIT |
| Primary Language | Swift 92% |
| Platform | macOS 13+ (Ventura) |
| Architecture | Apple Silicon + Intel |
| Latest Release | March 23, 2026 |
| Repository | github.com/automazeio/vibeproxy |
| Author | Automaze, Ltd. (@ranaroussi) |
Supported Providers
| Provider | Auth | Subscription |
|---|---|---|
| Claude Code | OAuth | Claude Max/Pro |
| Codex / ChatGPT | OAuth | ChatGPT Plus |
| Gemini | OAuth (Antigravity) | Gemini Advanced |
| Qwen | OAuth | Qwen subscription |
| Antigravity | OAuth | Antigravity access |
| Z.AI GLM | API key | Z.AI account |
| GitHub Copilot | OAuth | Copilot sub |
Core Features
| Feature | Description |
|---|---|
| Native macOS UI | SwiftUI menu bar app with dark mode |
| One-click auth | OAuth flow with automatic credential detection |
| Multi-account | Multiple accounts per provider, round-robin load |
| Failover | Auto-switch when rate-limited |
| Provider Priority | Hot reload enable/disable providers |
| Vercel AI Gateway | Safer Claude routing option |
| Auto-updates | Sparkle daily checks, seamless install |
| Code signed | Notarized, no Gatekeeper warnings |
Integration Targets
| Tool | Use Case |
|---|---|
| Factory Droids | AI coding agents for dev workflows |
| Amp CLI | Terminal AI with fallback support |
Installation
| Method | Command/Step |
|---|---|
| Download (ARM64) | Releases → VibeProxy-arm64.zip |
| Download (Intel) | Releases → VibeProxy-x86_64.zip (untested) |
| Install | Drag to /Applications |
| Build from source | See INSTALLATION.md |
Setup Flow
- Launch VibeProxy (menu bar icon appears)
- Click icon → "Open Settings"
- Server starts automatically
- Click "Connect" for desired provider
- Complete OAuth in browser
- VibeProxy auto-detects credentials
- Configure Factory Droids/Amp CLI to use proxy
Latest Models (v1.8.121)
- Gemini 3 Pro (via Antigravity)
- GPT-5.1 / GPT-5.1 Codex
- Claude Sonnet 4.5 / Opus 4.5 with extended thinking
- GitHub Copilot
- Z.AI GLM-4.7
File Locations
| Path | Purpose |
|---|---|
~/.cli-proxy-api/ | OAuth tokens and credentials |
/Applications/VibeProxy.app | Application bundle |
| Menu bar icon | Status indicator and controls |
Comparison
| Approach | Pros | Cons |
|---|---|---|
| VibeProxy | Native UI, multi-account, auto-updates | macOS only |
| CLIProxyAPIPlus direct | Lighter, no UI dependencies | Manual config |
| Direct API keys | Simpler, cross-platform | Double billing |
| Vercel Gateway alone | Audit logging, controls | No OAuth/subscription integration |
Friction Points
- macOS-only (SwiftUI dependency)
- Provider API changes require updates
- Intel support untested
- No enterprise/team features
- Single-user design
VibeProxy for Builders
Implementation patterns for extending VibeProxy and building similar OAuth proxy systems.
Architecture Overview
VibeProxy/
├── Sources/
│ ├── main.swift # App entry point
│ ├── AppDelegate.swift # Menu bar & window management
│ ├── ServerManager.swift # Server process control & auth
│ ├── SettingsView.swift # SwiftUI main interface
│ └── AuthStatus.swift # Auth file monitoring (~/.cli-proxy-api/)
├── Resources/
│ ├── cli-proxy-api-plus # Proxy server binary
│ ├── config.yaml # Server configuration
│ └── icon-*.png # Menu bar icons
├── Package.swift # SPM configuration
└── Makefile # Build automationOAuth Token Monitoring Pattern
// AuthStatus.swift - Simplified pattern
import Foundation
class AuthStatus {
let authPath = FileManager.default
.homeDirectoryForCurrentUser
.appendingPathComponent(".cli-proxy-api")
func monitorAuthFiles() {
// Monitor for credential file changes
let monitor = FileMonitor(path: authPath)
monitor.onChange = { [weak self] in
self?.detectProviderCredentials()
}
monitor.start()
}
func detectProviderCredentials() {
// Check for provider-specific files
let providers = ["claude", "codex", "gemini", "qwen"]
for provider in providers {
let credFile = authPath
.appendingPathComponent("\(provider).json")
if FileManager.default.fileExists(atPath: credFile.path) {
updateStatus(provider: provider, connected: true)
}
}
}
}Proxy Server Control
// ServerManager.swift - Process management pattern
import Foundation
class ServerManager {
private var process: Process?
private let proxyBinary: URL
func startServer() {
process = Process()
process?.executableURL = proxyBinary
process?.arguments = ["--config", configPath]
// Pipe output for logging
let pipe = Pipe()
process?.standardOutput = pipe
process?.standardError = pipe
do {
try process?.run()
updateStatus(.running)
} catch {
updateStatus(.failed(error))
}
}
func stopServer() {
process?.terminate()
process?.waitUntilExit()
updateStatus(.stopped)
}
}Provider Configuration Schema
# CLIProxyAPIPlus config.yaml
providers:
claude:
type: oauth
auth_url: "https://claude.ai/oauth/authorize"
token_url: "https://claude.ai/oauth/token"
scopes: ["claude_api"]
credential_file: "~/.cli-proxy-api/claude.json"
gemini:
type: oauth
auth_url: "https://antigravity.ai/oauth/authorize"
token_url: "https://antigravity.ai/oauth/token"
credential_file: "~/.cli-proxy-api/gemini.json"
zai:
type: api_key
api_key_header: "Authorization"
credential_file: "~/.cli-proxy-api/zai.json"
# Round-robin and failover settings
load_balancing:
strategy: round_robin
failover_on: [429, 503, 504]
retry_attempts: 3
# Provider priority (hot reload enabled)
priority:
enabled: [claude, gemini, codex]
disabled: []Multi-Account Round-Robin
// Simplified routing logic
class LoadBalancer {
var accounts: [ProviderAccount]
var currentIndex = 0
func nextAccount() -> ProviderAccount? {
guard !accounts.isEmpty else { return nil }
// Round-robin selection
let account = accounts[currentIndex]
currentIndex = (currentIndex + 1) % accounts.count
return account
}
func reportFailure(_ account: ProviderAccount) {
// Mark for failover, remove temporarily
account.lastError = Date()
account.consecutiveFailures += 1
if account.consecutiveFailures > 3 {
account.isActive = false
}
}
}Sparkle Auto-Update Integration
// Auto-update configuration
import Sparkle
class UpdateManager {
let updaterController: SPUStandardUpdaterController
init() {
updaterController = SPUStandardUpdaterController(
startingUpdater: true,
updaterDelegate: self,
userDriverDelegate: nil
)
// Daily check (default Sparkle behavior)
updaterController.updater.updateCheckInterval = 86400
// Appcast feed URL
updaterController.updater.feedURL = URL(string:
"https://github.com/automazeio/vibeproxy/releases.atom"
)
}
}Building Signed App Bundle
#!/bin/bash
# create-app-bundle.sh
APP_NAME="VibeProxy"
BUNDLE_ID="io.automaze.vibeproxy"
# Build Swift package
swift build -c release
# Create .app structure
mkdir -p "${APP_NAME}.app/Contents/MacOS"
mkdir -p "${APP_NAME}.app/Contents/Resources"
# Copy binary
cp .build/release/${APP_NAME} "${APP_NAME}.app/Contents/MacOS/"
# Copy resources
cp -r Resources/* "${APP_NAME}.app/Contents/Resources/"
# Sign with Developer ID
codesign --force --options runtime \
--sign "Developer ID Application: Automaze Ltd" \
--entitlements entitlements.plist \
"${APP_NAME}.app"
# Notarize
xcrun notarytool submit "${APP_NAME}.app" \
--apple-id "dev@automaze.io" \
--team-id "XXXXXXXXXX" \
--wait
# Staple ticket
xcrun stapler staple "${APP_NAME}.app"Client Integration (Factory Droids)
# ~/.factory/droids/config.yaml
ai:
provider: vibeproxy
endpoint: http://localhost:8080/v1
# VibeProxy handles auth, no API key needed
# Falls back to next provider if rate-limited
fallback_providers:
- claude
- gemini
- codexVercel AI Gateway Integration
# Routing through Vercel Gateway for Claude
providers:
claude:
type: oauth
credential_file: "~/.cli-proxy-api/claude.json"
# Use Vercel AI Gateway instead of direct Anthropic
proxy:
enabled: true
gateway_url: "https://ai-gateway.vercel.app/v1"
headers:
"x-vercel-ai-gateway-key": "${VERCEL_GW_KEY}"
# Anthropic endpoint (fallback if gateway fails)
direct_endpoint: "https://api.anthropic.com/v1"Security Checklist for OAuth Proxies
- OAuth flows delegated to provider (never handle passwords)
- Tokens stored in user home (not app bundle)
- File permissions 0600 on credential files
- Localhost binding only (no external exposure)
- Keychain integration for sensitive storage (optional)
- Audit logging for token access (enterprise)
- Token rotation schedule (optional)
- Rate limit tracking per account
Custom Provider Extension
# Adding a new provider to VibeProxy
# 1. Add provider icon
# Resources/icon-newprovider.png
# 2. Extend Provider enum
enum Provider: String, CaseIterable {
case claude, codex, gemini, qwen, zai, newprovider
var authType: AuthType {
switch self {
case .newprovider: return .oauth
default: return ...
}
}
var icon: String { "icon-\(rawValue).png" }
}
# 3. Add OAuth configuration
# config.yaml entry for newprovider
# 4. Build and test
make build
./VibeProxy.app/Contents/MacOS/VibeProxyDeployment Checklist
- [ ] Build release binary:
swift build -c release - [ ] Create app bundle:
./create-app-bundle.sh - [ ] Code sign with Developer ID
- [ ] Notarize with Apple
- [ ] Staple notarization ticket
- [ ] Test on clean macOS VM
- [ ] Verify Gatekeeper allows launch
- [ ] Test OAuth flow end-to-end
- [ ] Test auto-update mechanism
- [ ] Create GitHub release with both architectures
Technical Appendix
Repository: github.com/automazeio/vibeproxy
Version analyzed: v1.8.121 (March 23, 2026)
Stars: 1,856 | Forks: 122 | Contributors: 13
License: MIT
Key Files Referenced:
README.md, INSTALLATION.md, FACTORY_SETUP.md, AMPCODE_SETUP.md, CHANGELOG.md
Website: automaze.io
Author: Ran Aroussi (@ranaroussi)
Underlying: CLIProxyAPIPlus (github.com/router-for-me/CLIProxyAPIPlus)