gephyr 1.16.18

Gephyr is a headless local AI relay/proxy API handling OpenAI, Claude, and Gemini-compatible APIs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

# API key used by console scripts and API auth for /healthz, /v1, /api.
API_KEY=gph_your_api_key_here

# Google OAuth client credentials used by login/account-link flow.
# OAuth client id for Google auth.
GOOGLE_OAUTH_CLIENT_ID=your_client_id.apps.googleusercontent.com
# OAuth client secret for Google auth.
GOOGLE_OAUTH_CLIENT_SECRET=GOCSPX-your_client_secret
# Optional runtime TLS backend override when build includes both backends.
# Allowed: native-tls, rustls
TLS_BACKEND=
# Optional startup TLS canary probe URL.
# If set, Gephyr performs one startup probe using the selected TLS backend.
TLS_CANARY_URL=
# Optional startup TLS canary timeout in seconds (clamped 1..60, default 5).
TLS_CANARY_TIMEOUT_SECS=5
# Optional: fail startup when canary probe fails.
TLS_CANARY_REQUIRED=false
# ALLOWED_GOOGLE_DOMAINS: optional Workspace domain allowlist for identity verification.
# Comma-separated list (e.g. "example.com,subsidiary.example.com").
# Leave empty to allow all domains.
ALLOWED_GOOGLE_DOMAINS=

# Security and network behavior.
# AUTH_MODE: auth mode for API key enforcement (strict/off).
AUTH_MODE=strict
# ALLOW_LAN_ACCESS: false binds localhost only; true binds 0.0.0.0.
ALLOW_LAN_ACCESS=false
# ENABLE_ADMIN_API: true enables /api admin endpoints.
ENABLE_ADMIN_API=false
# WEB_PASSWORD: optional web UI/admin password.
WEB_PASSWORD=

# Data and routing.
# DATA_DIR: optional override for runtime data directory.
DATA_DIR=
# PUBLIC_URL: external base URL used for OAuth callback generation behind proxy.
PUBLIC_URL=
# MAX_BODY_SIZE: max request body size in bytes (default 100MB).
MAX_BODY_SIZE=104857600

# Encryption and shutdown controls.
# ENCRYPTION_KEY: stable high-entropy secret used for token encryption.
# Recommendation: use >= 32 random characters.
# Weak/short values trigger a startup warning.
# In many container environments this key is required (machine UID fallback may be unavailable).
ENCRYPTION_KEY=qeTdn/4Zp0ygtegbyHXXcbNNf4HpuFdkApWZGF5EVeo=
# SHUTDOWN_DRAIN_TIMEOUT_SECS: graceful shutdown drain timeout for in-flight requests.
SHUTDOWN_DRAIN_TIMEOUT_SECS=10
# ADMIN_STOP_SHUTDOWN: true allows admin stop endpoint to trigger process shutdown.
ADMIN_STOP_SHUTDOWN=false

# Scheduler timing hardening.
# SCHEDULER_REFRESH_JITTER_MIN_SECONDS / MAX_SECONDS:
# Adds randomized delay before each scheduled quota-refresh batch (default range: 30..120).
# Keep min <= max.
SCHEDULER_REFRESH_JITTER_MIN_SECONDS=30
SCHEDULER_REFRESH_JITTER_MAX_SECONDS=120
# ACCOUNT_REFRESH_STAGGER_MIN_MS / MAX_MS:
# Deterministic per-account delay before each account refresh task starts (one-IP burst smoothing).
# Keep min <= max.
ACCOUNT_REFRESH_STAGGER_MIN_MS=250
ACCOUNT_REFRESH_STAGGER_MAX_MS=1500

# Startup health-check refresh smoothing (token refresh at boot):
# - STARTUP_HEALTH_MAX_CONCURRENT_REFRESHES: clamp 1..32 (default 5)
# - STARTUP_HEALTH_JITTER_MIN_MS / MAX_MS: random per-account delay before startup refresh
STARTUP_HEALTH_MAX_CONCURRENT_REFRESHES=5
STARTUP_HEALTH_JITTER_MIN_MS=150
STARTUP_HEALTH_JITTER_MAX_MS=1200

# Proxy-pool one-IP isolation knobs are config/API settings (not env vars):
# - proxy.proxy_pool.allow_shared_proxy_fallback
# - proxy.proxy_pool.require_proxy_for_account_requests

# Startup health token refresh runs sequentially (one account at a time),
# with randomized delay between accounts (default range: 2..8 seconds).
STARTUP_HEALTH_DELAY_MIN_SECONDS=2
STARTUP_HEALTH_DELAY_MAX_SECONDS=8

# Ensures that when a user starts a chat, the proxy is already "warmed up" and doesn't experience a delay while fetching new tokens.
# It identifies and disables "dead" accounts in the background so they aren't even attempted for user traffic.
SCHEDULED_WARMUP.ENABLED=true