Operate your AI coding agents from the clients you already use.
Give supported web, desktop, CLI, and remote MCP clients one user-owned gateway for Claude Code, Codex, Gemini, Grok, Vibe, Devin, Cursor, and API-provider LLMs while keeping execution workspace-scoped, approval-gated, durable, and auditable.
codex_request: flags test gap in auth boundary
gemini_request: suggests smaller deployment slice
validation_receipt: durable evidence, retrievable after restart
Read https://llm-cli-gateway.dev/install.md and configure yourself to use
llm-cli-gateway as an MCP server.
npx -y llm-cli-gateway
codex_request: flags missing test
gemini_request: suggests smaller patch
result: disagreement summarized for review
status: running
persisted: SQLite by default, Postgres when configured
no native Claude Code session
no Codex CLI resume
no local provider CLI config
file and test access must be rebuilt
codex_request uses real Codex sessions
gemini_request uses the installed Antigravity CLI (agy)
grok_request, mistral_request, devin_request, and cursor_request follow provider CLIs
Coding agents are strongest when they keep their native tools, credentials, and session semantics. `llm-cli-gateway` puts Claude Code, Codex, Gemini/Antigravity, Grok Build, Vibe, Devin, Cursor Agent, and API-provider LLMs behind one control plane without flattening them into a generic chat proxy.
The practical payoff: supported clients can delegate work to local agents, scope remote execution to registered workspaces, gate risky actions, survive disconnects, and retrieve validation receipts after the gateway restarts.
Review before you ship
Consensus, red-team, compare, and second-opinion tools turn model disagreement into an artifact you can inspect.
Keep native agent behavior
Provider CLIs keep their auth stores, local file access, resume semantics, tool execution, and model-specific controls.
Run it like infrastructure
Async jobs persist to SQLite by default or Postgres for service deployments, with per-principal isolation over HTTP.
Add API models safely
OpenAI-compatible, Anthropic, and xAI-style providers read keys from named environment variables at request time.
The gateway orchestrates local CLIs and configured API providers. It does not replace them.
| Signal | Status | Why it matters |
|---|---|---|
| Runtime | local stdio or remote HTTP | run on your machine, or expose it behind a bearer token or OAuth |
| Remote auth | bearer or built-in OAuth 2.0 | PKCE, opt-in consent gate, per-principal isolation, fail-closed posture |
| Async jobs | SQLite default, Postgres optional | long calls can survive gateway restarts |
| Validation | cross-model tools | compare, red-team, second opinion, and consensus workflows |
| Release | audited npm package + Sigstore installers | published artifacts have supply-chain controls |
| License | MIT | open source and installable without a hosted service |
--transport=http for remote
clients)