{"id":50213523,"url":"https://github.com/hugobatista/slimproxy","last_synced_at":"2026-05-26T07:02:26.794Z","repository":{"id":360249691,"uuid":"1249232175","full_name":"hugobatista/slimproxy","owner":"hugobatista","description":"Slim forward proxy CLI with IP allowlisting, Basic auth, and destination host filtering — built on proxy.py","archived":false,"fork":false,"pushed_at":"2026-05-25T16:57:39.000Z","size":67,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-25T17:31:06.507Z","etag":null,"topics":["cli","forward-proxy","http-proxy","proxy","proxy-py","python"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hugobatista.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-25T13:39:45.000Z","updated_at":"2026-05-25T16:57:43.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hugobatista/slimproxy","commit_stats":null,"previous_names":["hugobatista/slimproxy"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/hugobatista/slimproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugobatista%2Fslimproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugobatista%2Fslimproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugobatista%2Fslimproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugobatista%2Fslimproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hugobatista","download_url":"https://codeload.github.com/hugobatista/slimproxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugobatista%2Fslimproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33508317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T03:12:49.672Z","status":"ssl_error","status_checked_at":"2026-05-26T03:12:47.976Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","forward-proxy","http-proxy","proxy","proxy-py","python"],"created_at":"2026-05-26T07:02:22.985Z","updated_at":"2026-05-26T07:02:26.788Z","avatar_url":"https://github.com/hugobatista.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GitHub Tag](https://img.shields.io/github/v/tag/hugobatista/slimproxy?logo=github\u0026label=latest)](https://go.hugobatista.com/gh/slimproxy/releases)\n[![Lint](https://img.shields.io/github/actions/workflow/status/hugobatista/slimproxy/lint.yml?label=Lint)](https://go.hugobatista.com/gh/slimproxy/actions/workflows/lint.yml)\n[![Test](https://img.shields.io/github/actions/workflow/status/hugobatista/slimproxy/test.yml?label=Test)](https://go.hugobatista.com/gh/slimproxy/actions/workflows/test.yml)\n[![PyPI - Version](https://img.shields.io/pypi/v/slimproxy.svg)](https://pypi.org/project/slimproxy)\n[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/slimproxy.svg)](https://pypi.org/project/slimproxy)\n[![PyPI - License](https://img.shields.io/pypi/l/slimproxy.svg)](https://pypi.org/project/slimproxy)\n\n🛡️ **slimproxy** — A lightweight forward proxy CLI built on `proxy.py` — deploy anywhere Python runs.\n\n**The problem**: Your enterprise-managed desktop sits behind a corporate forward proxy that intercepts and inspects TLS traffic to certain endpoints (AI APIs, for example). You can't control the proxy settings or install software — the machine is locked down.\n\n**The workaround**: Deploy slimproxy on a **second machine** on the same network — an unmanaged one you control (a Raspberry Pi, an old laptop, a cloud VM). That machine connects directly to the internet. Point your tools on the locked-down desktop at slimproxy, and traffic flows through the unmanaged machine, bypassing the corporate inspection entirely.\n\n```\nLocked-down desktop    →    slimproxy on unmanaged host    →    internet (direct)\n     HTTPS_PROXY=http://unmanaged:3128                              no inspection\n```\n\n**Why not Squid?** Squid doesn't run on Windows without Cygwin, needs a config file, and is overkill for a raw TCP forwarder. slimproxy is `pip install` + one command on any OS.\n\n## Installation\n\nInstall globally via `uv` (recommended):\n\n```bash\nuv tool install slimproxy\n```\n\nOr via `pip`:\n\n```bash\npip install slimproxy\n```\n\nOr run directly without installing:\n\n```bash\nuvx slimproxy\n```\n\nOr from source (clone + run):\n\n```bash\ngit clone https://github.com/hugobatista/slimproxy.git\ncd slimproxy\nuv sync\nuv run slimproxy run\n```\n\nOr via Docker:\n\n```bash\ndocker build -t slimproxy .\n```\n\n## Usage\n\n### `run` — Start the proxy server\n\n```bash\nslimproxy run \\\n  --port 3128 \\\n  --basic-auth myuser:password123 \\\n  --allow-ips \"192.168.1.0/24,10.0.0.0/8\" \\\n  --allow-dests \"api.opencode.ai,api.github.com,models.dev\"\n```\n\nAll options are optional. With no flags, the proxy listens on `0.0.0.0:3128` and forwards everything without auth or filtering.\n\nUse `--wizard` for an interactive guided setup that prompts for each option:\n\n```bash\nslimproxy run --wizard\n```\n\nConfigure your client to use it:\n\n```bash\n# Linux / macOS\nexport HTTPS_PROXY=http://myuser:password123@host:3128\n# Windows CMD\nset HTTPS_PROXY=http://myuser:password123@host:3128\n# Windows PowerShell\n$env:HTTPS_PROXY=\"http://myuser:password123@host:3128\"\n```\n\n### `check` — Detect SSL inspection\n\n```bash\nslimproxy check api.opencode.ai api.github.com\n```\n\nConnects to each target over TLS and prints the certificate issuer. If the issuer is your company, SSL inspection is active.\n\n## Options\n\n| Flag | Default | Description |\n|------|---------|-------------|\n| `--hostname` | `0.0.0.0` | Address to bind to |\n| `--port` | `3128` | Listen port |\n| `--basic-auth` | *(none)* | Enable Basic auth (`user:password` format) |\n| `--allow-ips` | *(none)* | Comma-separated client CIDRs (e.g. `192.168.1.0/24`). When omitted, all IPs are allowed. |\n| `--allow-dests` | *(none)* | Comma-separated upstream hosts (e.g. `api.opencode.ai`). When omitted, all destinations are allowed. |\n| `--log-level` | `INFO` | Log level |\n| `--timeout` | `10` | Connection timeout in seconds |\n| `--wizard` | *(off)* | Guided interactive setup — prompts for hostname, port, auth, IP/dest allowlists, log level, and timeout. On Windows, also handles firewall elevation. Requires an interactive terminal. |\n| `--firewall-rule` | *(off)* | Add Windows Firewall inbound rule for the proxy port (Windows only, requires admin) |\n\n## Security\n\nAll three filters are optional, independent, and disabled by default — when a filter is\nomitted, the corresponding access is unrestricted:\n\n- **IP allowlist**: Clients outside the specified CIDR ranges are rejected with `418`\n- **Basic auth**: Password checked against `--basic-auth` value on every CONNECT request\n- **Dest allowlist**: Upstream hosts not in the list are rejected with `403`\n\nThe proxy speaks vanilla HTTP CONNECT — no TLS interception, no decryption. The end-to-end TLS handshake happens between the client and the target server.\n\nNote: When `--basic-auth` is used on a non-localhost interface, credentials\nare transmitted in cleartext HTTP and can be intercepted by anyone on the\nnetwork.\n\n### Windows Firewall\n\nOn Windows, pass `--firewall-rule` to auto-add an inbound firewall rule for the proxy port:\n\n```bash\nslimproxy run --port 3128 --firewall-rule\n```\n\nIf not running as Administrator, a UAC prompt will appear to elevate. The rule is removed when the proxy stops. On other platforms the flag is accepted but ignored.\n\n## Docker\n\n```bash\n# Build\ndocker build -t slimproxy .\n\n# Run\ndocker run -it --rm \\\n  -p 3128:3128 \\\n  slimproxy run --basic-auth myuser:password123\n```\n\nPublished via GHCR on tagged releases:\n\n```bash\ndocker run -it --rm \\\n  -p 3128:3128 \\\n  ghcr.io/hugobatista/slimproxy:latest run --basic-auth myuser:password123\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugobatista%2Fslimproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhugobatista%2Fslimproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugobatista%2Fslimproxy/lists"}