{"id":29617136,"url":"https://github.com/mscrnt/devproxy","last_synced_at":"2026-04-15T07:39:50.694Z","repository":{"id":303493053,"uuid":"1015623940","full_name":"mscrnt/DevProxy","owner":"mscrnt","description":"Secure local-only API for safely automating Windows dev tasks from LLMs and WSL. Runs as an elevated Windows service with strict command and path controls.","archived":false,"fork":false,"pushed_at":"2025-07-08T00:55:13.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-08T01:01:58.403Z","etag":null,"topics":["claude-code","vscode","windows-service","wsl-environment"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mscrnt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-07T19:34:57.000Z","updated_at":"2025-07-08T00:51:00.000Z","dependencies_parsed_at":"2025-07-08T01:03:56.727Z","dependency_job_id":"7f3aad62-b8b6-4b18-bfd6-daf46a6f3843","html_url":"https://github.com/mscrnt/DevProxy","commit_stats":null,"previous_names":["mscrnt/devproxy"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/mscrnt/DevProxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mscrnt%2FDevProxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mscrnt%2FDevProxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mscrnt%2FDevProxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mscrnt%2FDevProxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mscrnt","download_url":"https://codeload.github.com/mscrnt/DevProxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mscrnt%2FDevProxy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266226346,"owners_count":23895690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","vscode","windows-service","wsl-environment"],"created_at":"2025-07-21T01:33:57.691Z","updated_at":"2026-04-15T07:39:50.650Z","avatar_url":"https://github.com/mscrnt.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DevProxy\n\nA local-only admin bridge for secure LLM development workflows\n\n## ⚠️ IMPORTANT SECURITY WARNING ⚠️\n\n**DevProxy provides elevated system access through an API. USE AT YOUR OWN RISK.**\n\nThis tool allows external programs (including AI assistants) to execute commands on your Windows system with elevated privileges. While security measures are in place, you should understand the risks:\n\n- **Elevated Privileges**: Commands run with the same permissions as the DevProxy service\n- **Potential for Misuse**: Even with whitelisting, PowerShell access can be dangerous\n- **Token Security**: Anyone with the API token can execute commands\n- **AI Integration Risks**: AI assistants may execute unintended commands\n\n**By using DevProxy, you acknowledge these risks and take full responsibility for any consequences.**\n\n## Overview\n\nDevProxy is a secure, local-only admin API for Windows development tasks. It runs as an elevated Windows service and exposes a localhost-only JSON API that allows trusted local agents (like Claude running in WSL) to execute safe build-related commands and file operations.\n\n## Features\n\n- 🔒 **Secure by Design**: Localhost-only binding (configurable port)\n- 🛡️ **Token Authentication**: API token required for all requests\n- ✅ **Command Whitelisting**: Only allows pre-approved development commands\n- 📁 **Path Restrictions**: Operations limited to approved directories\n- 🚫 **System Protection**: Blocks access to Windows system directories\n- 📝 **Comprehensive Logging**: All requests logged with full details\n- 🪟 **Windows Service**: Runs as an auto-start Windows service\n- 🖥️ **System Tray GUI**: Admin panel for easy configuration\n\n## Installation\n\n1. **Build the executables:**\n   ```batch\n   scripts\\build.bat\n   ```\n   Or manually:\n   ```bash\n   go build -o devproxy.exe cmd/devproxy/main.go\n   go build -o devctl.exe cmd/devctl/main.go\n   ```\n\n2. **Run interactively (for testing):**\n   ```batch\n   devproxy.exe\n   ```\n\n3. **Install as Windows service (Run as Administrator):**\n   ```batch\n   scripts\\service.bat install\n   ```\n\n## Critical Setup Steps\n\n### 1. Generate and Secure Your Token\n\nWhen DevProxy runs for the first time, it generates a unique API token. This token is your only line of defense against unauthorized access.\n\n1. Run DevProxy interactively first: `devproxy.exe`\n2. Copy the generated token from the console output\n3. Find the token in `config/config.json` under the `\"token\"` field\n4. **NEVER** commit this token to version control\n5. **NEVER** share this token publicly\n\n### 2. Configure for AI Assistant Use\n\nIf you're using DevProxy with an AI assistant (Claude, ChatGPT, etc.):\n\n1. Create a `CLAUDE.md` or similar file in your project\n2. Add the token to this file for the AI to use\n3. **IMPORTANT**: Add this file to `.gitignore`\n4. Consider the risks of giving an AI system access\n\nExample CLAUDE.md format:\n```markdown\n# DevProxy Access\n\n**Token**: your-generated-token-here\n\nUse this token with devctl.exe or API calls to execute Windows commands.\n```\n\n### 3. Review and Restrict Allowed Commands\n\nThe default configuration includes PowerShell, which is powerful but dangerous. Review `config/config.json` and remove any commands you don't need:\n\n```json\n{\n  \"allowed_commands\": [\n    \"go\", \"msbuild\", \"dotnet\", \"npm\", \"node\", \"python\", \"pip\"\n    // Consider removing \"powershell\" if not needed\n  ]\n}\n```\n\n## Configuration\n\nOn first run, DevProxy creates a `config/config.json` file with:\n- Generated API token (save this securely!)\n- Allowed commands list\n- Allowed path patterns\n- Log file location\n- Port number (default: 2223)\n\nExample configuration:\n```json\n{\n  \"api_token\": \"your-generated-token-here\",\n  \"allowed_commands\": [\n    \"go\", \"msbuild\", \"signtool\", \"powershell\",\n    \"dotnet\", \"gcc\", \"g++\", \"make\", \"cmake\",\n    \"npm\", \"node\", \"python\", \"pip\"\n  ],\n  \"allowed_paths\": [\n    \"C:\\\\Dev\",\n    \"C:\\\\Users\\\\*\\\\Projects\",\n    \"C:\\\\Users\\\\*\\\\source\\\\repos\"\n  ],\n  \"log_file\": \"logs\\\\log.txt\",\n  \"port\": 2223\n}\n```\n\n⚠️ **Path Wildcard Warning**: Wildcards in paths (e.g., `C:\\Users\\*\\Projects`) may not work as expected. Use specific paths when possible.\n\n### System Tray GUI\n\nRun `devproxy-tray.exe` to access the admin panel where you can:\n- Start/Stop/Restart the service\n- Change the port number\n- Manage allowed paths\n- View and regenerate the API token\n- Edit allowed commands\n\n## API Usage\n\n### Run Command Endpoint\n\n**POST** `/run`\n\nHeaders:\n- `X-Admin-Token: your-api-token`\n- `Content-Type: application/json`\n\nRequest body:\n```json\n{\n  \"command\": \"go\",\n  \"args\": [\"build\", \"-o\", \"out.exe\"],\n  \"cwd\": \"C:\\\\Dev\\\\MyApp\"\n}\n```\n\nResponse:\n```json\n{\n  \"stdout\": \"...\",\n  \"stderr\": \"\",\n  \"exit_code\": 0\n}\n```\n\n## Security Features\n\n### Blocked Operations\n- System directories (C:\\Windows, C:\\Program Files, etc.)\n- Registry modifications\n- Service management commands\n- System shutdown/restart commands\n- Path traversal attempts (..)\n\n### Blocked Keywords\n- `reg`, `shutdown`, `format`, `schtasks`, `sc`, `net`, `bcdedit`, `diskpart`\n\n## Using with AI Assistants\n\n### From WSL (e.g., Claude)\n\nAI assistants running in WSL can use devctl.exe directly:\n\n```bash\n/mnt/c/path/to/devctl.exe -token YOUR_TOKEN -cwd C:\\\\Dev command args\n```\n\n### Security Considerations for AI Use\n\n1. **Audit Regularly**: Review `logs/log.txt` frequently\n2. **Limit Scope**: Only allow paths where AI should operate\n3. **Remove Dangerous Commands**: Consider removing PowerShell access\n4. **Monitor Activity**: Watch for unexpected command patterns\n5. **Revoke Access**: Regenerate token if you suspect misuse\n\n## Service Management\n\n```batch\n# Install and start service\nscripts\\service.bat install\n\n# Stop service\nscripts\\service.bat stop\n\n# Start service\nscripts\\service.bat start\n\n# Check service status\nscripts\\service.bat status\n\n# Uninstall service\nscripts\\service.bat uninstall\n```\n\n## Testing from WSL\n\nUsing curl:\n```bash\ncurl -X POST http://127.0.0.1:2223/run \\\n  -H \"X-Admin-Token: your-token-here\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"command\": \"go\",\n    \"args\": [\"version\"],\n    \"cwd\": \"C:\\\\Dev\"\n  }'\n```\n\n## Logs\n\nAll operations are logged to `logs/log.txt` in JSON format, including:\n- Timestamp\n- Source IP\n- Command and arguments\n- Working directory\n- Output (stdout/stderr)\n- Exit code\n- Status (completed/rejected)\n- Rejection reason (if applicable)\n\n**Review logs regularly to ensure no unauthorized or unintended commands are being executed.**\n\n## Best Practices\n\n1. **Token Management**\n   - Regenerate tokens periodically\n   - Never share tokens in public repositories\n   - Use different tokens for different projects\n\n2. **Command Restrictions**\n   - Remove commands you don't need\n   - Avoid PowerShell if possible\n   - Use specific tools instead of general interpreters\n\n3. **Path Restrictions**\n   - Be as specific as possible with allowed paths\n   - Avoid wildcards when possible\n   - Never allow access to system directories\n\n4. **Monitoring**\n   - Check logs daily\n   - Set up alerts for suspicious commands\n   - Review AI assistant interactions\n\n## Disclaimer\n\nDevProxy is provided \"as is\" without warranty of any kind. The authors are not responsible for any damage or data loss resulting from the use of this software. By using DevProxy, you acknowledge that you understand the security implications and accept all risks.\n\n## License\n\nMIT License\n\n## Author\n\nKenneth Blossom","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmscrnt%2Fdevproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmscrnt%2Fdevproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmscrnt%2Fdevproxy/lists"}