Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 91 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
name: Bug report
description: Report a reproducible ReRouted problem without exposing credentials or private data.
title: "[Bug]: "
labels:
- bug
body:
- type: markdown
attributes:
value: |
Thanks for helping improve ReRouted.

**Do not paste API keys, gateway keys, tokens, OAuth callback URLs or codes, cookies, raw `config.json`, email addresses, account IDs, private prompts, or full unreviewed logs.** Use placeholders and include only sanitized diagnostic excerpts.

For a suspected vulnerability, follow [SECURITY.md](https://github.com/gitcommit90/rerouted/blob/main/SECURITY.md) instead of filing a public report.
- type: input
id: version
attributes:
label: ReRouted version
placeholder: "For example: 0.4.2"
validations:
required: true
- type: input
id: macos
attributes:
label: macOS version and Mac
placeholder: "macOS 15.5, M2 MacBook Air"
validations:
required: true
- type: input
id: client
attributes:
label: Client and request mode
description: Name the editor, agent, or script and whether the request was streaming.
placeholder: "Client name/version, streaming"
validations:
required: true
- type: input
id: provider
attributes:
label: Provider, authentication method, and model
description: Use generic account labels; do not include an email address or account ID.
placeholder: "Claude, OAuth, claude-sonnet model"
validations:
required: true
- type: dropdown
id: request_target
attributes:
label: Request target
options:
- Direct provider/model
- Named fallback route
- Named round-robin route
- Onboarding or account connection
- Application UI or settings
- Other
validations:
required: true
- type: textarea
id: problem
attributes:
label: What happened?
description: Describe the expected and actual behavior, including sanitized status codes or error text.
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Minimal reproduction
description: List the smallest safe sequence that reproduces the problem. Replace credentials and private request content with placeholders.
placeholder: |
1. Connect one provider using OAuth.
2. Create a route with ...
3. Send a sanitized request with ...
4. Observe ...
validations:
required: true
- type: textarea
id: diagnostics
attributes:
label: Sanitized diagnostics
description: Optional. Paste only the few relevant lines after reviewing and redacting them.
render: shell
- type: checkboxes
id: safety
attributes:
label: Safety check
options:
- label: I tested the latest stable release and searched existing issues.
required: true
- label: I removed credentials, OAuth data, account identifiers, email addresses, private prompts, and other sensitive information.
required: true
8 changes: 8 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Security report
url: https://github.com/gitcommit90/rerouted/blob/main/SECURITY.md
about: Read the private-reporting instructions before disclosing a vulnerability.
- name: Privacy information
url: https://github.com/gitcommit90/rerouted/blob/main/PRIVACY.md
about: Learn what ReRouted stores locally and how to remove its data.
40 changes: 40 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: Feature request
description: Suggest a focused improvement to ReRouted.
title: "[Feature]: "
labels:
- enhancement
body:
- type: markdown
attributes:
value: |
Describe the routing or application problem first, then the change you would like.

**Do not include credentials, tokens, OAuth callback data, account identifiers, email addresses, private prompts, or unreviewed logs.**
- type: textarea
id: problem
attributes:
label: Problem to solve
description: What workflow is difficult or unavailable today?
validations:
required: true
- type: textarea
id: proposal
attributes:
label: Proposed behavior
description: Explain the smallest useful outcome rather than prescribing an implementation.
validations:
required: true
- type: textarea
id: context
attributes:
label: Relevant context
description: Include sanitized provider, client, or route details only when they clarify the request.
- type: checkboxes
id: safety
attributes:
label: Safety check
options:
- label: I searched existing issues for the same request.
required: true
- label: This request contains no credentials, OAuth data, account identifiers, email addresses, private prompts, or other sensitive information.
required: true
47 changes: 47 additions & 0 deletions .github/ISSUE_TEMPLATE/question.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Question or support
description: Ask a focused usage or compatibility question without exposing private data.
title: "[Question]: "
labels:
- question
body:
- type: markdown
attributes:
value: |
Include enough sanitized context to understand the workflow.

**Do not include credentials, tokens, OAuth callback data, account identifiers, email addresses, private prompts, or unreviewed logs.**
- type: input
id: version
attributes:
label: ReRouted version
placeholder: "For example: 0.4.2"
validations:
required: true
- type: input
id: environment
attributes:
label: macOS version and client
placeholder: "macOS 15.5, client name/version"
validations:
required: true
- type: textarea
id: question
attributes:
label: Question
description: Describe what you are trying to accomplish and where you are unsure.
validations:
required: true
- type: textarea
id: context
attributes:
label: Sanitized context
description: Optional provider, authentication method, route, or model details that clarify the question.
- type: checkboxes
id: safety
attributes:
label: Safety check
options:
- label: I searched existing issues and documentation first.
required: true
- label: This question contains no credentials, OAuth data, account identifiers, email addresses, private prompts, or other sensitive information.
required: true
18 changes: 18 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
## External contributions are not yet accepted

ReRouted is source-visible while its licensing approach is finalized. Please read [CONTRIBUTING.md](../CONTRIBUTING.md) before opening a pull request. External code and documentation contributions may be closed without review until a license and contribution process are published.

Never include real API keys, gateway keys, OAuth tokens or codes, callback URLs, cookies, account identifiers, email addresses, private prompts, provider responses, or unreviewed logs.

## Maintainer change

Describe the user-visible problem and the resulting behavior.

## Verification

- [ ] Focused validation passes.
- [ ] `npm test` passes.
- [ ] `git diff --check` passes.
- [ ] UI changes include current captures where applicable.
- [ ] No credentials, private user data, or generated release artifacts are included.
- [ ] Release/version work is left to the maintainer release process.
27 changes: 27 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Tests

on:
push:
branches:
- main
pull_request:

permissions:
contents: read

jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Use Node.js 22.13
uses: actions/setup-node@v4
with:
node-version: 22.13.0
cache: npm
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
51 changes: 51 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Contributing

Thank you for helping improve ReRouted.

## Current contribution status

ReRouted is source-visible while its licensing approach is finalized. No software license has been selected, and external code contributions are not currently accepted.

Please do not open a pull request with code or documentation changes yet. It may be closed without review. Focused issues, feature requests, compatibility reports, and sanitized reproduction cases are welcome.

## Before opening an issue

1. Install the latest stable release and check existing issues.
2. Confirm the behavior with the smallest route and request that reproduce it.
3. Record the ReRouted version, macOS version, provider type, authentication method, model, client, and whether the request streamed.
4. Replace account names, model identifiers, or request content when they are not essential to the report.

Never attach `config.json` or paste full, unreviewed diagnostics. Remove API keys, gateway keys, tokens, OAuth callback URLs or codes, cookies, account IDs, email addresses, prompts, and private provider responses.

Use the repository's bug or feature request form so maintainers receive the context needed to reproduce the report.

## Reproduction cases

Good reports distinguish between:

- A response produced by the upstream provider and a response produced by ReRouted.
- A direct provider/model request and a named-route request.
- Streaming and non-streaming behavior.
- One connected account and an OAuth account pool.

Include exact status codes and sanitized error text when available. Do not include credentials to make a reproduction executable.

## Local verification

These commands document the baseline used by maintainers and may help when investigating an issue locally:

```bash
npm ci
npm test
git diff --check
```

Node.js 22.13 or newer is required. The packaged application currently targets Apple Silicon and macOS 12 Monterey or newer.

Maintainers handle package version changes, signing, notarization, release publication, and installation verification. Reproduction branches should not include generated release artifacts or real provider credentials.

## Security reports

Do not use a public issue for a vulnerability or credential exposure. Follow [Security](./SECURITY.md) instead.

This policy will be updated when a project license and an external pull-request process are in place.
62 changes: 62 additions & 0 deletions PRIVACY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Privacy

ReRouted is a local macOS application. It has no ReRouted account, hosted control plane, or third-party product analytics service.

This document describes the application as shipped. The upstream providers and clients you connect have their own privacy policies and data practices.

## Website

The public `rerouted.dev` website is a static site delivered through Cloudflare and loads its display fonts from Google Fonts. Those services may receive ordinary web-request metadata such as your IP address, browser headers, and requested asset URLs under their own privacy policies. The website does not include ReRouted product analytics or an account system.

## Data stored on your Mac

ReRouted stores application data in its macOS Application Support directory, normally `~/Library/Application Support/ReRouted`. Existing installations may use `~/Library/Application Support/rerouted`.

Local data includes:

- Provider settings, OAuth credentials, API keys, gateway keys, routes, and application preferences in `config.json`.
- Request metadata, provider and route selections, statuses, timestamps, and token counts in the uncapped `usage.sqlite` database.
- Gateway, OAuth, update, and routing diagnostics in `rerouted.log`.

Prompt bodies are not intentionally persisted. Provider credentials and gateway keys are not encrypted at rest. ReRouted restricts local file permissions where macOS supports doing so, but anyone who can access your macOS user account or its files may be able to read them.

Diagnostics can contain provider error text, model and route names, account identifiers, and OAuth metadata. Treat logs as sensitive and review every line before sharing an excerpt.

## Local credential discovery

Credential discovery happens when you choose to scan or import accounts. Depending on the providers installed on the Mac, ReRouted may inspect supported entries in the Codex configuration, the Claude Code macOS Keychain or supported local auth files, ReRouted auth-profile folders, and Antigravity-named JSON files in supported folders including `~/Downloads`. ReRouted summarizes discoveries before import; selected credentials are copied into its own configuration.

At startup, ReRouted may also read the local `~/.grok/auth.json` file to attach a human-readable identity to an xAI account that is already connected. This startup lookup only updates local account labeling; it does not import a new account by itself.

## Network activity

ReRouted makes network requests only as needed to operate features you choose:

- Completion requests, credentials, and supported image inputs are sent to the selected upstream provider.
- OAuth authorization and token refresh requests are sent to the relevant provider.
- Quota checks are sent to supported providers when you open the Quota page, every 60 seconds while that page remains open, or when you manually refresh it.
- Automatic update checks contact `update.electronjs.org` shortly after launch and about every six hours; signed update downloads come from GitHub Releases.

The gateway binds to `127.0.0.1` by default. If you enable network access, it binds to `0.0.0.0`; devices that can reach the Mac can attempt to access it, and the gateway bearer key becomes the primary access boundary.

## OAuth and subscription notice

ReRouted is independent and is not affiliated with or endorsed by any upstream provider. This provider's subscription or OAuth session is not officially licensed for proxy or router use. Using it this way may result in account restrictions or bans. Proceed at your own risk, review the provider's current terms, and prefer a documented API-key integration when you need a stable production path.

## Retention and deletion

Usage history is not automatically pruned and remains on the Mac until the Application Support data is removed. Existing installations may also retain the former `usage.json` as a one-time migration backup. Logs can be cleared from the Activity diagnostics view.

Uninstalling the application bundle does not automatically remove Application Support data. To remove ReRouted and its stored credentials completely:

1. Quit ReRouted.
2. Delete `/Applications/ReRouted.app`.
3. Delete the ReRouted Application Support directory listed above.

Deleting the Application Support directory permanently removes connected accounts, keys, routes, settings, usage history, and logs. Back up only the data you intentionally want to retain.

## Sharing diagnostics

Never post `config.json` or an unreviewed log file. Remove API keys, gateway keys, tokens, OAuth codes and callback URLs, cookies, email addresses, account identifiers, private provider responses, and prompt content before sharing a reproduction or log excerpt.

See [Security](./SECURITY.md) for reporting a suspected vulnerability and [Contributing](./CONTRIBUTING.md) for safe bug-report guidance.
Loading
Loading