# Session: Secure Bridge Tracking — 2026-05-12

**Agent:** Codex
**Status:** Complete for Gateway-routed Codex/Claude paths; auth still required for Microsoft/GitHub Copilot

## Verified

- Public Gateway health is OK and DB is connected.
- Live `/v1/chat/completions` and `/v1/responses` are available for OpenAI-compatible clients.
- MacStudio Codex bridge is running locally on `127.0.0.1:3253`.
- Erik sees Codex only through an authenticated Cloudflare-Access SSH reverse tunnel bound to `127.0.0.1:3353`.
- Gateway process env points Codex providers at `http://127.0.0.1:3353`.
- End-to-end Codex smoke through Gateway worked and appeared in dashboard as caller `codex-secure-tunnel-smoke` with model `gpt-5.1-codex-mini`.
- Local Gateway Companion is running on `127.0.0.1:11435` and forwards OpenAI-compatible traffic to `https://llm-gateway.context-x.org`.
- Companion now translates Anthropic `/v1/messages` to Gateway `/v1/chat/completions` so Claude Code style calls can be tracked.
- Claude Companion smoke worked with caller `claude-code-companion-smoke-46b` and model `claude-sonnet-4-6`.

## Local Client Routing

- `~/.codex/config.toml` now defaults new Codex starts to provider `llm-gateway`, model `gpt-5.1-codex-mini`, `wire_api = "responses"`, `env_key = "LLM_GATEWAY_API_KEY"`.
- `~/.zshrc` exports Gateway defaults for OpenAI-compatible clients:
  - `OPENAI_BASE_URL=https://llm-gateway.context-x.org/v1`
  - `OPENAI_API_BASE=https://llm-gateway.context-x.org/v1`
  - `OPENAI_API_KEY=gateway` when unset
  - `LLM_GATEWAY_API_KEY=gateway`
- `~/.zshrc` also points Claude-compatible clients at the local Companion:
  - `ANTHROPIC_BASE_URL=http://127.0.0.1:11435`
  - `ANTHROPIC_API_KEY=gateway` when unset
  - `ANTHROPIC_DEFAULT_SONNET_MODEL_NAME=claude-sonnet-4-6`
- macOS `launchctl` GUI environment has the same Gateway variables for newly started GUI apps.

## Security Decision

- Do not expose subscription bridges on LAN or public interfaces.
- Keep MacStudio bridges loopback-only.
- Use authenticated Cloudflare Access SSH reverse tunnels to Erik.
- Bind remote tunnel ports on Erik to `127.0.0.1` only.
- Gateway may call tunneled bridges from Erik loopback; outside traffic cannot connect to the bridge ports directly.

## Important Limits

- The Gateway can track and compress only requests that enter it before the provider call.
- Existing native Codex/Claude sessions are not retroactively tracked; restart/new sessions are required.
- Full Claude Code agent tool-use through an Anthropic adapter is not fully implemented. The Companion supports basic `/v1/messages` text calls and tracking; deeper tool-call translation remains a follow-up.
- GitHub Copilot bridge remains `auth_required` until `copilot-api` auth is completed.
- Microsoft 365 Copilot bridge remains `auth_required` until Graph delegated auth or a Microsoft app/client flow is configured. Do not fake a token.

## Next

- Add first-class `/v1/messages` to the Gateway itself instead of relying only on the local Companion.
- Update Gateway provider model aliases from older Claude names to current Claude Code aliases such as `claude-sonnet-4-6`.
- Implement tool-call translation if Claude Code itself should run as a full agent through the Gateway.
- Finish GitHub Copilot and M365 auth interactively.