{"id":47747286,"url":"https://github.com/zanel1u/cloud-cli-proxy","last_synced_at":"2026-05-31T08:01:13.446Z","repository":{"id":347756573,"uuid":"1195183467","full_name":"ZaneL1u/cloud-cli-proxy","owner":"ZaneL1u","description":"一条命令获取专属云主机，预装 Claude Code，所有流量走指定出口 IP。基于 Docker + WireGuard/sing-box 全隧道，零泄漏。","archived":false,"fork":false,"pushed_at":"2026-05-29T07:35:32.000Z","size":14644,"stargazers_count":39,"open_issues_count":0,"forks_count":9,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-29T09:22:23.660Z","etag":null,"topics":["claude-code","cloud-cli-proxy","ssh"],"latest_commit_sha":null,"homepage":"https://zanel1u.github.io/cloud-cli-proxy/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ZaneL1u.png","metadata":{"files":{"readme":"README.en.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-29T10:45:23.000Z","updated_at":"2026-05-29T07:35:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ZaneL1u/cloud-cli-proxy","commit_stats":null,"previous_names":["zanel1u/cloud-cli-proxy"],"tags_count":61,"template":false,"template_full_name":null,"purl":"pkg:github/ZaneL1u/cloud-cli-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZaneL1u%2Fcloud-cli-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZaneL1u%2Fcloud-cli-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZaneL1u%2Fcloud-cli-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZaneL1u%2Fcloud-cli-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ZaneL1u","download_url":"https://codeload.github.com/ZaneL1u/cloud-cli-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZaneL1u%2Fcloud-cli-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33723549,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","cloud-cli-proxy","ssh"],"created_at":"2026-04-03T01:36:19.792Z","updated_at":"2026-05-31T08:01:13.440Z","avatar_url":"https://github.com/ZaneL1u.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"docs/public/logo.svg\" width=\"88\" height=\"88\" alt=\"Cloud CLI Proxy\" /\u003e\n\n# Cloud CLI Proxy\n\n**One command. One cloud machine. All traffic through your exit IP.**\n\nOut-of-the-box isolated cloud hosts for Claude Code and dev teams. Pre-installed AI coding tools, full-tunnel egress through designated IPs, zero leaks.\n\n[![CI](https://github.com/ZaneL1u/cloud-cli-proxy/actions/workflows/ci.yml/badge.svg)](https://github.com/ZaneL1u/cloud-cli-proxy/actions/workflows/ci.yml)\n[![Images](https://github.com/ZaneL1u/cloud-cli-proxy/actions/workflows/build-images.yml/badge.svg)](https://github.com/ZaneL1u/cloud-cli-proxy/actions/workflows/build-images.yml)\n[![Release](https://img.shields.io/github/v/release/ZaneL1u/cloud-cli-proxy)](https://github.com/ZaneL1u/cloud-cli-proxy/releases)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n\n[中文](README.md) | [Documentation](https://zanel1u.github.io/cloud-cli-proxy/en/)\n\n**Go · React · PostgreSQL · Docker · sing-box**\n\n\u003c/div\u003e\n\n---\n\n## Features\n\n- **One-command access** — `curl | bash` to authenticate, create container, and SSH in. Zero user config\n- **cloud-claude local CLI** — `alias claude=cloud-claude` to run remote Claude Code from your terminal; local cwd is sshfs-mounted at the **same path** in the container; optional local exec for commands like `git`; supports Auto/Full/SSHFS-Only mount modes and oversized-file throttling\n- **Claude Code ready** — Pre-installed in every container. All API requests auto-routed through designated exit IP\n- **Full-tunnel egress** — sing-box tun + Linux netns full-tunnel, nftables default-deny, no DNS/WebRTC leaks\n- **Multi-protocol** — 6 proxy protocols (SOCKS5 / VMess / VLESS / Shadowsocks / Trojan / HTTP)\n- **Per-user isolation** — Dedicated Docker containers with KasmVNC remote desktop + Chromium browser\n- **Admin dashboard** — React SPA for users, hosts, egress IPs, events, and stats; supports host bind mounts\n- **Auto expiration** — Auto-stop containers and block login on expiry\n- **Multi-arch CI/CD** — GitHub Actions builds `linux/amd64` + `linux/arm64` images\n- **Self-explanatory error codes** — `cloud-claude explain \u003cCODE\u003e` for detailed description and remediation\n- **tmux multi-client sessions** — Multiple clients can attach the same tmux session; supports `--new-session` for isolation and `--take-over` to detach others\n- **Network resilience** — Built-in Reconnector auto-recovers within 30s on disconnect; buffered input survives reconnections\n- **doctor five-domain checks** — `cloud-claude doctor [network|auth|ssh|mount|disk]` with `--fix` for auto-repair\n\n---\n\n## Deployment\n\n### Docker Compose\n\n```bash\ngit clone https://github.com/ZaneL1u/cloud-cli-proxy.git\ncd cloud-cli-proxy\n\nbash deploy/scripts/setup-env.sh\n\n# Recommended: prefer prebuilt images (latest)\ndocker compose pull\ndocker compose up -d\n\ncurl http://127.0.0.1:8080/healthz\n# {\"status\":\"ok\"}\n```\n\n`setup-env.sh` interactively generates all passwords and secrets. Supports built-in Docker PostgreSQL (zero-config) or external database.\n\nAdmin dashboard at `http://YOUR_HOST:3000`, API at `:8080`.\n\nOptional local source build (fallback when prebuilt images are unavailable):\n\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.build.yaml --profile build-only build --no-cache\ndocker compose -f docker-compose.yml -f docker-compose.build.yaml up -d --force-recreate\n```\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `DATABASE_URL` | PostgreSQL connection string (required) | — |\n| `ADMIN_USERNAME` | Admin username | `admin` |\n| `ADMIN_PASSWORD` | Admin password (required) | — |\n| `ADMIN_JWT_SECRET` | JWT signing secret (required) | — |\n| `ADMIN_PORT` | Admin dashboard port | `3000` |\n| `SSH_PROXY_PORT` | SSH proxy port | `2222` |\n| `LOG_FORMAT` | Log format `json` / `text` | `json` |\n| `LOG_LEVEL` | Log level | `info` |\n\n---\n\n## Usage\n\n### Admin Setup\n\nLog into the admin dashboard, then:\n\n1. **Add egress IPs** — Multiple proxy protocols, with one-click connectivity test\n2. **Create users** — Set username, password, expiration\n3. **Create hosts** — Create container for user and bind egress IP\n4. **Share access info** — Copy the `curl` command from host details; for `cloud-claude` users also share: **gateway HTTPS URL**, **host Short ID**, and **user password**\n\n### User Access\n\nUsers run the command provided by admin:\n\n```bash\ncurl -sSf http://YOUR_HOST/entry/abc123 | bash\n# Enter password → wait for boot → auto SSH into cloud host\n```\n\n### cloud-claude (local CLI, recommended)\n\nAfter the admin **creates the host, binds an egress IP**, and the container is ready, give the user three things:\n\n| Field | Meaning |\n|-------|---------|\n| **Gateway URL** | Public HTTPS base URL of the control plane, e.g. `https://gw.example.com` (same origin you use for the admin UI in the browser; usually **not** the `:3000` admin dev port) |\n| **Short ID** | **Host** short ID from the host detail page. If the user configures a **user** short ID instead, they connect to that user’s primary host |\n| **Password** | The user’s password from the admin dashboard |\n\nInstall the CLI once, run `init`, then from **any project directory** run `cloud-claude` — the cwd is mounted at the **same path** in the container. By default `git` runs locally (tune with `proxy_commands` in `~/.cloud-claude/config.yaml`).\n\n#### Install cloud-claude\n\n**Homebrew (macOS / Linux, recommended):**\n\n```bash\nbrew tap ZaneL1u/tap\nbrew install cloud-claude\n```\n\n**One-liner (any platform):**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/ZaneL1u/cloud-cli-proxy/main/scripts/install.sh | bash\n```\n\nOr download the matching `tar.gz` from [Releases](https://github.com/ZaneL1u/cloud-cli-proxy/releases), or build from source:\n\n```bash\ngo build -ldflags \"-s -w\" -trimpath -o cloud-claude ./cmd/cloud-claude\n```\n\n#### First-time setup\n\n```bash\ncloud-claude init\n# Prompts: gateway, Short ID, password → ~/.cloud-claude/config.yaml\n```\n\nFlags or environment variables:\n\n```bash\ncloud-claude init --gateway https://gw.example.com --short-id abc123 --password your-password\n\nexport CLOUD_CLAUDE_GATEWAY=https://gw.example.com\nexport CLOUD_CLAUDE_SHORT_ID=abc123\nexport CLOUD_CLAUDE_PASSWORD=your-password\ncloud-claude init\n```\n\n#### Daily use\n\n```bash\ncd ~/your/project   # repo root you want Claude Code to see\n\nalias claude=cloud-claude   # optional\n\ncloud-claude\ncloud-claude -p \"refactor this function\"\n```\n\n**Session management:** By default attaches the existing tmux session for the same account; disconnects do not lose the workspace:\n\n```bash\ncloud-claude                  # default: attach existing session (multi-client)\ncloud-claude --new-session    # force a new isolated session\ncloud-claude --take-over      # take over the primary session and detach others\n\ncloud-claude sessions                  # list current tmux sessions\ncloud-claude sessions --attach 0       # attach a specific session\n```\n\n**Mount modes:** Auto mode picks the best strategy; you can also specify manually:\n\n```bash\ncloud-claude --mount-mode=auto         # default: HotSync preferred, falls back to SSHFS\ncloud-claude --mount-mode=full         # HotSync + SSHFS dual-track (full features)\ncloud-claude --mount-mode=sshfs-only   # SSHFS only (compatibility first)\n```\n\n**Self-checks and troubleshooting:**\n\n```bash\ncloud-claude doctor                    # full five-domain check (network / auth / ssh / mount / disk)\ncloud-claude doctor mount --fix        # mount-only check with auto-repair\ncloud-claude explain MOUNT_SSHFS_DISCONNECTED   # query error code details and remediation\ncloud-claude env check                 # verify remote timezone, locale, egress IP, FUSE, etc.\n```\n\n**Environment variables:**\n\n- `CLOUD_CLAUDE_NO_PROMOTION=1` — disable cold-file read promotion (enabled by default on Linux; skipped on macOS)\n- Set `proxy_commands` in `~/.cloud-claude/config.yaml` (list of command names to run on the host). Default is `git` only; use an empty list to disable.\n- `hot_sync_max_file_mb` — per-file throttling threshold (default 50MB); files larger than this fall back to the cold path.\n\n`cloud-claude` does: gateway auth → wait for container → sshfs mount at the same path → start Claude Code remotely. Terminal size, signals, and exit codes are forwarded; network jitters auto-recover within 30s with buffered input surviving reconnections.\n\n### Claude Code (via SSH)\n\nClaude Code is pre-installed. Just use it:\n\n```bash\nclaude\n```\n\nAll Claude API requests are automatically routed through the designated exit IP. No proxy configuration needed.\n\n### KasmVNC Remote Desktop\n\nContainers include KasmVNC + Chromium. Access the browser desktop via the admin dashboard.\n\n---\n\n## Architecture\n\n```\n                                                    ┌───────────────────────────────────┐\nUser ──curl──\u003e Control Plane (:8080) ──Docker──\u003e    │ User Container                    │\n                    │                                │  SSH + Claude Code + VNC          │\n               PostgreSQL                            │  sshfs ← same path as local cwd  │\n                    │                                │  sing-box tun Tunnel              │\n              Admin SPA (:3000)                      │       ↓                           │\n                    │                                │  Designated Exit IP               │\n              SSH Proxy (:2222)                      └───────────────────────────────────┘\n                    ↑                                           ↑\n                    │                                           │\nUser ──cloud-claude──\u003e auth + SSH + sshfs ──────────────────────┘\n```\n\n| Component | Description |\n|-----------|-------------|\n| **Control Plane** | Go API — auth, user management, task orchestration, SSH proxy |\n| **Host Agent** | Privileged agent — Docker containers, network namespaces, tunnels |\n| **User Container** | Ubuntu 24.04 — OpenSSH + Claude Code + sshfs + KasmVNC + Chromium |\n| **cloud-claude** | Go CLI — transparent `claude`; sshfs same-path mount; supports Auto/Full/SSHFS-Only mount modes, tmux multi-client sessions, auto-reconnect, doctor five-domain checks, and error code explanations |\n| **PostgreSQL** | Persists users, hosts, egress IPs, tasks, and events |\n| **Admin SPA** | React 19 + TypeScript + Vite + Tailwind CSS |\n\n---\n\n## Development\n\n```bash\nmake setup    # Install deps\nmake db       # Start PostgreSQL\nmake dev      # Backend + frontend hot reload\nmake test     # Run tests\n```\n\nSee `make help` for all commands.\n\n---\n\n## Release And Changelog\n\nPushing a `v*` tag triggers the `Release` workflow automatically and does three things:\n\n- Runs CI quality gates first (Go tests + admin web build)\n- Creates a GitHub Release\n- Publishes multi-arch images (`semver` + `latest`)\n- Generates monorepo-grouped release notes and writes them to [CHANGELOG.md](CHANGELOG.md)\n\nThe default changelog groups are path-based:\n\n- Backend (Go / API, `cmd` + `internal`)\n- Frontend (`web/admin`)\n- Runtime \u0026 Deployment (`deploy`, compose files, workflows)\n- Docs (`docs` + READMEs)\n\nManual release example:\n\n```bash\nmake release VERSION=1.5.0\n```\n\n---\n\n## Documentation\n\nFull docs on [GitHub Pages](https://zanel1u.github.io/cloud-cli-proxy/en/):\n\n- [Quick Start](https://zanel1u.github.io/cloud-cli-proxy/en/guide/quickstart) — Deploy and first use\n- [Deployment](https://zanel1u.github.io/cloud-cli-proxy/en/guide/deployment) — systemd native deployment\n- [Configuration](https://zanel1u.github.io/cloud-cli-proxy/en/guide/configuration) — Environment variables and egress proxy setup\n- [Architecture](https://zanel1u.github.io/cloud-cli-proxy/en/guide/architecture) — System design and project structure\n- [API Reference](https://zanel1u.github.io/cloud-cli-proxy/en/reference/api) — Full Admin API\n- [FAQ \u0026 Recovery](https://zanel1u.github.io/cloud-cli-proxy/en/reference/faq) — Troubleshooting and disaster recovery\n\n---\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzanel1u%2Fcloud-cli-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzanel1u%2Fcloud-cli-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzanel1u%2Fcloud-cli-proxy/lists"}