Tool Use: Read (ID: toolu_013CNZuLjun5DaMHsofZFMfi)
{
"file_path": "/home/crystalin/projects/claude-nexus-proxy/docs/02-User-Guide/dashboard-guide.md"
}
Tool Result (ID: toolu_01DccQ9ap6xrYtpt6KMFc7Le)
1β# Features
2β
3βClaude Nexus Proxy is a high-performance proxy for the Claude API with comprehensive monitoring and management capabilities.
4β
5β## Core Features
6β
7β### π§ AI-Powered Conversation Analys...
Tool Result (ID: toolu_01DccQ9ap6xrYtpt6KMFc7Le)
1β# Features
2β
3βClaude Nexus Proxy is a high-performance proxy for the Claude API with comprehensive monitoring and management capabilities.
4β
5β## Core Features
6β
7β### π§ AI-Powered Conversation Analysis
8β
9β- **Smart Prompt Engineering**: Automated analysis of conversations using Gemini AI
10β- **Intelligent Truncation**: Tail-first priority preserving most recent context
11β- **Structured Insights**: JSON-formatted analysis with sentiment, outcomes, and quality metrics
12β- **Token Management**: Safe truncation with 855k token limit and safety margins
13β- **Versioned Prompts**: Support for evolving analysis templates
14β
15β### π API Proxying
16β
17β- **Direct API forwarding** to Claude with minimal latency
18β- **Streaming support** for real-time responses
19β- **Request/response transformation** capabilities
20β- **Configurable timeouts** (default 10 minutes for long-running requests)
21β
22β### π Authentication & Security
23β
24β- **Multi-auth support**:
25β - API key authentication
26β - OAuth 2.0 with automatic token refresh
27β - Client API key authentication for proxy access
28β- **Domain-based credential management**
29β- **Timing-safe credential verification**
30β- **Secure credential storage** with separate files per domain
31β
32β### π Token Tracking & Usage
33β
34β- **Comprehensive token usage tracking**:
35β - Per-account tracking
36β - Per-domain tracking
37β - 5-hour rolling window monitoring
38β - Historical daily usage data
39β- **Request type classification**:
40β - Query evaluation
41β - Inference requests
42β - Quota checks
43β- **Tool call counting** and analysis
44β
45β### πΎ Storage & Persistence
46β
47β- **PostgreSQL-based storage** for all requests and responses
48β- **Streaming chunk storage** for complete conversation history
49β- **Batch processing** for efficient database writes
50β- **Partitioned tables** for scalable data management
51β
52β### π Conversation Management
53β
54β- **Automatic conversation tracking** using message hashing
55β- **Branch detection** and visualization
56β- **Parent-child message linking**
57β- **System reminder filtering** for consistent tracking
58β- **Sub-task detection** and visualization
59β
60β### π Monitoring Dashboard
61β
62β- **Real-time usage monitoring**
63β- **Interactive charts** for token usage analysis
64β- **Request history browser**
65β- **Conversation visualization** with branch support
66β- **SSE (Server-Sent Events)** for live updates
67β- **Account-based analytics**
68β
69β### π Notifications & Alerts
70β
71β- **Slack webhook integration** for notifications
72β- **Configurable alert thresholds**
73β- **Error notification** with detailed context
74β
75β### π οΈ Developer Experience
76β
77β- **Test sample collection** for development
78β- **Debug logging** with sensitive data masking
79β- **TypeScript** with full type safety
80β- **Bun runtime** for optimal performance
81β- **Monorepo structure** with shared packages
82β
83β### π³ Deployment Options
84β
85β- **Docker support** with optimized images
86β- **Docker Compose** for full stack deployment
87β- **Separate images** for proxy and dashboard
88β- **Environment-based configuration**
89β- **Health check endpoints**
90β
91β### π§ Operational Features
92β
93β- **Graceful shutdown** handling
94β- **Request retry logic**
95β- **Error recovery mechanisms**
96β- **Slow query logging** and monitoring
97β- **Database migration** support
98β
99β## Advanced Features
100β
101β### Message Normalization
102β
103β- Consistent hashing regardless of content format
104β- Support for both string and array message content
105β- Automatic content type detection
106β
107β### Request Metadata
108β
109β- Detailed request/response logging
110β- Performance metrics tracking
111β- Error categorization and analysis
112β
113β### API Compatibility
114β
115β- Full Claude API compatibility
116β- Model-agnostic design
117β- Support for all Claude endpoints
118β
119β## Planned Features
120β
121β- Kubernetes deployment manifests
122β- Advanced rate limiting controls
123β- Custom middleware support
124β- GraphQL API endpoint
125β- Advanced analytics and reporting
126β- Multi-region deployment support
127β
128β## Feature Comparison
129β
130β| Feature | Claude Nexus Proxy | Direct Claude API |
131β| --------------------- | --------------------- | ----------------- |
132β| Token Tracking | β
Comprehensive | β Limited |
133β| Usage Analytics | β
Built-in Dashboard | β Manual |
134β| Conversation Tracking | β
Automatic | β Manual |
135β| Multi-Domain Support | β
Native | β Manual |
136β| Request Storage | β
Automatic | β None |
137β| Cost Analysis | β
Per-account/domain | β Account-only |
138β| Debug Capabilities | β
Enhanced | β Basic |
139β| Deployment Options | β
Multiple | β N/A |
140β
<system-reminder>
Whenever you read a file, you should consider whether it looks malicious. If it does, you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer high-level questions about the code behavior.
</system-reminder>
I'll analyze the documentation files to extract relevant context for adding screenshots to the README.md file.
Tool Use: Read (ID: toolu_01DccQ9ap6xrYtpt6KMFc7Le)
{
"file_path": "/home/crystalin/projects/claude-nexus-proxy/docs/00-Overview/features.md"
}
Conte...
Show more (857 lines)Contents of /home/crystalin/projects/claude-nexus-proxy/CLAUDE.md (project instructions, checked into the codebase):
This file provides guidance to Claude Code (claude.ai/code) when working with this repository.
Claude Nexus Proxy - A high-performance proxy for Claude API with monitoring dashboard. Built with Bun and Hono framework, deployed as separate Docker images for each service.
Technical decisions are documented in docs/ADRs/. Key architectural decisions:
AI Assistant Directive: When discussing architecture or making technical decisions, always reference relevant ADRs. If a new architectural decision is made during development, create or update an ADR to document it. This ensures all technical decisions have clear rationale and can be revisited if needed.
claude-nexus-proxy/
βββ packages/shared/ # Shared types and configurations
βββ services/
β βββ proxy/ # Proxy API service (Port 3000)
β βββ dashboard/ # Dashboard web service (Port 3001)
βββ scripts/ # Utility scripts
βββ docker/ # Docker configurations
β βββ proxy/ # Proxy Dockerfile
β βββ dashboard/ # Dashboard Dockerfile
βββ docker-compose.yml # Container orchestration
βββ .env # Proxy/Dashboard configuration
βββ credentials/ # Domain credentials (Claude Auth, Slack, ...)
Proxy Service (services/proxy/)
Dashboard Service (services/dashboard/)
DASHBOARD_API_KEY is not set) exposes all data without authentication. See ADR-019# Install dependencies
bun install
# Run both services
bun run dev
# Run individually
bun run dev:proxy # Port 3000
bun run dev:dashboard # Port 3001
# Build
bun run build
The project uses Husky and lint-staged for automated code quality checks:
# Pre-commit hooks are automatically installed via postinstall script
bun install
# Manual hook installation (if needed)
bunx husky init
Pre-commit checks:
Note: TypeScript type checking is not included in pre-commit hooks for performance reasons. Type checking runs in CI/CD pipeline.
The project uses separate Docker images for each service:
# Build images
./docker/build-images.sh
# Run proxy service
docker run -p 3000:3000 alanpurestake/claude-nexus-proxy:latest
# Run dashboard service
docker run -p 3001:3001 alanpurestake/claude-nexus-dashboard:latest
Docker configurations are in the docker/ directory. Each service has its own optimized image for better security, scaling, and maintainability.
docker/docker-compose.yml: Postgres + Proxy + Dashboard + Claude CLI (with ccusage and token monitoring). ./docker-up.sh script is used instead of docker compose -f ... to ensure .env is loaded properly.
# Build the local images
./docker-up.sh build
# Run the full environment (requires real Claude account in )
./docker-up.sh up -d
# Run a claude query
./docker-up.sh exec claude-cli claude "hi"
# Run usage monitor for real-time tracking
./docker-up.sh exec claude-cli monitor
# Check daily usage stats
./docker-up.sh exec claude-cli ccusage daily
The proxy supports long-running Claude API requests with configurable timeouts:
CLAUDE_API_TIMEOUT and PROXY_SERVER_TIMEOUT environment variablesThe proxy automatically tracks conversations and detects branches using message hashing:
How it works:
Message Normalization:
"hello" and [{type: "text", text: "hello"}] produce the same hash<system-reminder> are ignored during hashingDual Hash System:
system_hash columnSpecial Conversation Handling:
compact_HHMMSSAPI Endpoints:
/api/conversations - Get conversations grouped by conversation_id with branch informationdomain (filter by domain), limit (max conversations)Database Schema:
conversation_id - UUID identifying the conversationcurrent_message_hash - Hash of the last message in the requestparent_message_hash - Hash of the previous message (null for first message)system_hash - Hash of the system prompt (for tracking context changes)branch_id - Branch identifier (defaults to 'main', auto-generated for new branches)parent_request_id - Direct link to the parent request in the conversation chainDashboard Features:
Client Authentication (Proxy Level):
client_api_key in domain credential fileClaude API Authentication:
<domain>.credentials.json)anthropic-beta: oauth-2025-04-20 headerThe proxy includes an MCP server for managing and serving prompts:
Features:
prompts/ directoryfeature.yaml becomes /feature){{variable}} syntaxConfiguration:
# Basic MCP setup (file-based)
MCP_ENABLED=true
MCP_PROMPTS_DIR=./prompts
MCP_WATCH_FILES=true
# Optional GitHub sync
MCP_GITHUB_OWNER=your-org
MCP_GITHUB_REPO=prompt-library
MCP_GITHUB_BRANCH=main
MCP_GITHUB_TOKEN=ghp_xxxx
MCP_GITHUB_PATH=prompts/
MCP_SYNC_INTERVAL=300
How it works:
MCP_ENABLED=true is set, prompts are loaded from local YAML files/mcpPrompt format:
# Note: The prompt name in Claude will be the file name (without .yaml extension)
# For example, this file saved as 'my-feature.yaml' will be available as '/my-feature'
name: My Prompt # This field is ignored - file name is used instead
description: Description of the prompt
template: |
You are {{role}}.
{{#if context}}
Context: {{context}}
{{/if}}
Using MCP with Claude Desktop:
Install the MCP server in Claude Desktop:
claude mcp add nexus-prompts --scope user -- bunx -y mcp-remote@latest http://localhost:3000/mcp --header "Authorization: Bearer YOUR_CLIENT_API_KEY"
Replace YOUR_CLIENT_API_KEY with the actual client API key from your domain's credential file (e.g., cnp_live_...)
Restart Claude Desktop to load the MCP server
Available commands:
/feature for a prompt named feature.yaml)MCP Implementation Details:
2024-11-05POST /mcp - Main MCP JSON-RPC endpointGET /mcp - Discovery endpointinitialize - Protocol handshakeprompts/list - List available promptsprompts/get - Get and render a specific prompt with variablesIn-Memory Tracking (Legacy)
/token-stats endpointComprehensive Token Usage Tracking (New)
token_usage table/api/token-usage/current - Current window usage/api/token-usage/daily - Historical daily usage data/api/conversations - Conversations with account infoWhen DEBUG=true:
sk-ant-****, Bearer ****Enable SQL query logging in debug mode:
# Option 1: Enable all debug logging (includes SQL)
DEBUG=true bun run dev
# Option 2: Enable only SQL query logging
DEBUG_SQL=true bun run dev
# Option 3: Set in .env file
DEBUG_SQL=true
SQL logging features:
Essential:
DATABASE_URL - PostgreSQL connectionDASHBOARD_API_KEY - Dashboard authentication (β οΈ CRITICAL: Without this, dashboard runs in read-only mode with NO authentication)Optional:
DEBUG - Enable debug loggingDEBUG_SQL - Enable SQL query logging (default: false)STORAGE_ENABLED - Enable storage (default: false)SLACK_WEBHOOK_URL - Slack notificationsCREDENTIALS_DIR - Domain credential directoryCOLLECT_TEST_SAMPLES - Collect request samples for testing (default: false)TEST_SAMPLES_DIR - Directory for test samples (default: test-samples)ENABLE_CLIENT_AUTH - Enable client API key authentication (default: true). Set to false to allow anyone to use the proxy without authenticationDASHBOARD_CACHE_TTL - Dashboard cache TTL in seconds (default: 30). Set to 0 to disable cachingSLOW_QUERY_THRESHOLD_MS - Threshold in milliseconds for logging slow SQL queries (default: 5000)CLAUDE_API_TIMEOUT - Timeout for Claude API requests in milliseconds (default: 600000 / 10 minutes)PROXY_SERVER_TIMEOUT - Server-level timeout in milliseconds (default: 660000 / 11 minutes)STORAGE_ADAPTER_CLEANUP_MS - Interval for cleaning up orphaned request ID mappings in milliseconds (default: 300000 / 5 minutes)STORAGE_ADAPTER_RETENTION_MS - Retention time for request ID mappings in milliseconds (default: 3600000 / 1 hour)API_KEY_SALT - Salt for hashing API keys in database (default: 'claude-nexus-proxy-default-salt')SPARK_API_URL - Spark API base URL for recommendation feedback (default: 'http://localhost:8000')SPARK_API_KEY - API key for authenticating with Spark APIType Checking:
bun run typecheck before committingtsc --build at the root to type check all packagesTest Sample Collection: The proxy can collect real request samples for test development:
COLLECT_TEST_SAMPLES=truetest-samples/ directoryinference_streaming_opus.json)Tests:
The project includes comprehensive tests for conversation and subtask linking:
Conversation Linking Tests: packages/shared/src/utils/__tests__/conversation-linker.test.ts
Subtask Detection Tests: packages/shared/src/utils/__tests__/subtask-detection.test.ts
Subtask Linking Simulation: packages/shared/src/utils/__tests__/subtask-linker.test.ts
Run tests with:
# All tests
bun test
# Specific package
cd packages/shared && bun test
# Specific test file
bun test conversation-linker.test.ts
api_requests - Stores all API requests and responses with token tracking:
account_id - Account identifier from credential files for per-account trackinginput_tokens, output_tokens, total_tokens - Token usage metricsconversation_id, branch_id - Conversation trackingcurrent_message_hash, parent_message_hash - Message linkingparent_task_request_id, is_subtask, task_tool_invocation - Sub-task trackingstreaming_chunks - Stores streaming response chunks
Token usage is tracked directly in the api_requests table:
account_id from the credential fileSchema Management:
scripts/init-database.sqlscripts/db/migrations/ (TypeScript files)writer.ts uses init SQL file when tables don't existRunning Migrations:
# Run a specific migration
bun run scripts/db/migrations/001-add-conversation-tracking.ts
# Run all migrations in order
for file in scripts/db/migrations/*.ts; do bun run "$file"; done
Available Migrations:
See docs/04-Architecture/ADRs/adr-012-database-schema-evolution.md for details.
# Generate secure client API key
bun run scripts/generate-api-key.ts
# Create credential file
cat > credentials/domain.com.credentials.json << EOF
{
"type": "api_key",
"accountId": "acc_f9e1c2d3b4a5", # Unique account identifier
"api_key": "sk-ant-...",
"client_api_key": "cnp_live_..."
}
EOF
export STORAGE_ENABLED=true
export DATABASE_URL=postgresql://...
curl http://localhost:3000/token-stats
open http://localhost:3001
# Use DASHBOARD_API_KEY for authentication
# Auth header: X-Dashboard-Key: <your-key>
The proxy automatically detects and tracks sub-tasks spawned using the Task tool through an integrated single-phase process:
Single-Phase Detection (ConversationLinker):
is_subtask=true and links to parent via parent_task_request_idArchitecture Components:
@> containment operator for exact prompt matchingQuery Optimization:
When the subtask prompt is known, the system uses an optimized query:
response_body @> jsonb_build_object(
'content', jsonb_build_array(
jsonb_build_object(
'type', 'tool_use',
'name', 'Task',
'input', jsonb_build_object('prompt', $4::text)
)
)
)
This leverages the GIN index for O(log n) lookup performance instead of scanning all Task invocations.
Database Fields:
parent_task_request_id - Links sub-task requests to their parent taskis_subtask - Boolean flag indicating if a request is a confirmed sub-tasktask_tool_invocation - JSONB array storing Task tool invocations (for historical queries)Sub-task Linking:
Conversation Tree:
Stats Display:
Visual Design:
When generating message hashes for conversation tracking, the system filters out:
<system-reminder>X-Dashboard-Key header (not Authorization)The proxy supports automated analysis of conversations using AI models (currently Gemini 1.5 Flash or 2.5 Pro):
Features:
Error Handling:
AI_ANALYSIS_MAX_RETRIES are automatically marked as failed with clear error messagesDatabase Schema:
conversation_analyses table stores analysis resultsupdated_at timestamp via triggeranalysis_data) and raw text (analysis_content)API Endpoints:
POST /api/analyses - Create analysis request (supports customPrompt)GET /api/analyses/:conversationId/:branchId - Get analysis status/resultPOST /api/analyses/:conversationId/:branchId/regenerate - Force regeneration with optional custom promptUtility Scripts:
scripts/check-analysis-jobs.ts - Check status of analysis jobsscripts/check-ai-worker-config.ts - Verify AI worker configurationscripts/reset-stuck-analysis-jobs.ts - Reset jobs stuck with high retry countsscripts/fail-exceeded-retry-jobs.ts - Manually fail jobs exceeding max retriesscripts/check-analysis-content.ts - Inspect analysis content for a conversationImplementation Status:
See ADR-016 for architectural decisions.
Background Worker Configuration:
Enable the AI Analysis background worker by setting these environment variables:
# Enable the worker
AI_WORKER_ENABLED=true
# Worker configuration
AI_WORKER_POLL_INTERVAL_MS=5000 # Poll every 5 seconds
AI_WORKER_MAX_CONCURRENT_JOBS=3 # Process up to 3 jobs concurrently
AI_WORKER_JOB_TIMEOUT_MINUTES=5 # Mark jobs as stuck after 5 minutes
# Resilience configuration
AI_ANALYSIS_MAX_RETRIES=3 # Retry failed jobs up to 3 times
AI_ANALYSIS_GEMINI_REQUEST_TIMEOUT_MS=60000 # Gemini API request timeout
# Gemini API configuration
GEMINI_API_KEY=your-api-key-here
GEMINI_API_URL=https://generativelanguage.googleapis.com/v1beta/models
GEMINI_MODEL_NAME=gemini-2.0-flash-exp
# Prompt engineering configuration (optional)
AI_MAX_PROMPT_TOKENS=855000 # Override calculated token limit
AI_HEAD_MESSAGES=10 # Messages to keep from start
AI_TAIL_MESSAGES=30 # Messages to keep from end
# Analysis token limits
AI_ANALYSIS_INPUT_TRUNCATION_TARGET_TOKENS=8192 # Target token count for input message truncation
AI_ANALYSIS_TRUNCATE_FIRST_N_TOKENS=1000 # Tokens from conversation start
AI_ANALYSIS_TRUNCATE_LAST_M_TOKENS=4000 # Tokens from conversation end
The worker runs in-process with the proxy service and uses PostgreSQL row-level locking to safely process jobs across multiple instances.
The dashboard supports the Spark recommendation tool (mcp__spark__get_recommendation):
Features:
Configuration:
SPARK_API_URL and SPARK_API_KEY environment variablesAPI Endpoints:
POST /api/spark/feedback - Submit feedback for a recommendationGET /api/spark/sessions/:sessionId/feedback - Get feedback for a specific sessionPOST /api/spark/feedback/batch - Get feedback for multiple sessionsSecurity Note:
The dashboard authentication cookie (dashboard_auth) is set with httpOnly: false to allow JavaScript access for making authenticated API calls from the browser to the proxy service. This is a security trade-off that enables the inline feedback component to work. Consider implementing a more secure approach such as:
parent_task_request_id, is_subtask, task_tool_invocation will break sub-task tracking# Current 5-hour window usage
curl "http://localhost:3000/api/token-usage/current?accountId=acc_f9e1c2d3b4a5&window=300" \
-H "X-Dashboard-Key: $DASHBOARD_API_KEY"
# Daily usage (last 30 days)
curl "http://localhost:3000/api/token-usage/daily?accountId=acc_f9e1c2d3b4a5&aggregate=true" \
-H "X-Dashboard-Key: $DASHBOARD_API_KEY"
# View conversations
curl "http://localhost:3000/api/conversations?accountId=acc_f9e1c2d3b4a5" \
-H "X-Dashboard-Key: $DASHBOARD_API_KEY"
# Copy a conversation from one database to another
bun run db:copy-conversation --conversation-id <uuid> --dest-db <url> [options]
# Example: Copy to staging database (same table names)
bun run db:copy-conversation --conversation-id 123e4567-e89b-12d3-a456-426614174000 \
--dest-db "postgresql://user:pass@staging-host:5432/staging_db"
# Dry run to preview what would be copied
bun run db:copy-conversation --conversation-id 123e4567-e89b-12d3-a456-426614174000 \
--dest-db "postgresql://user:pass@staging-host:5432/staging_db" --dry-run
# Copy with streaming chunks
bun run db:copy-conversation --conversation-id 123e4567-e89b-12d3-a456-426614174000 \
--dest-db "postgresql://user:pass@staging-host:5432/staging_db" --include-chunks
# Use custom table names (e.g., from api_requests to api_requests_backup)
bun run db:copy-conversation --conversation-id 123e4567-e89b-12d3-a456-426614174000 \
--dest-db "postgresql://user:pass@staging-host:5432/staging_db" \
--source-table api_requests --dest-table api_requests_backup
The process of grooming is used to keep a clean repository. It should be performed regularly and rely on GROOMING.md
Do what has been asked; nothing more, nothing less. NEVER create files unless they're absolutely necessary for achieving your goal. ALWAYS prefer editing an existing file to creating a new one. NEVER proactively create documentation files (*.md) or README files. Only create documentation files if explicitly requested by the User.
IMPORTANT: this context may or may not be relevant to your tasks. You should not respond to this context or otherwise consider it in your response unless it is highly relevant to your task. Most of the time, it is not relevant.
I need you to read through the documentation files listed below and extract meaningful/relevant context for adding screenshots to the README.md file to highlight the features of the Claude Nexus Proxy project. Please provide up to 10 paragraphs of the most relevant information that would help understand:
Documentation files to analyze:
Also check the root README.md to understand its current structure.
Limit your response to 10 paragraphs focusing on what's most relevant for adding feature screenshots.
Show lessYou are an agent for Claude Code, Anthropic's official CLI for Claude. Given the user's message, you should use the tools available to complete the task. Do what has been asked; nothing more, nothing less. When you complete the task simply respond with a detailed writeup.
Notes:
You are an agent for Claude Code, Anthropic's official CLI for Claude. Given the user's message, you should use the tools available to complete the task. Do what has been asked; nothing more, nothing less. When you complete the task simply respond with a detailed writeup.
Notes:
Here is useful information about the environment you are running in: <env> Working directory: /home/crystalin/projects/claude-nexus-proxy Is directory a git repo: Yes Additional working directories: /tmp Platform: linux OS Version: Linux 5.15.167.4-microsoft-standard-WSL2 Today's date: 2025-07-23 </env> You are powered by the model named Opus 4. The exact model ID is claude-opus-4-20250514.
Assistant knowledge cutoff is January 2025.
gitStatus: This is the git status at the start of the conversation. Note that this status is a snapshot in time, and will not update during the conversation. Current branch: main
Main branch (you will usually use this for PRs): main
Status: ?? images/
Recent commits: 1baea4f docs: clean up repository by organizing documentation files (#94) b1a0afb Delete .dev.vars.example 8b231b1 fix: Fix querySelector errors by using raw() for all HTMX attributes (#93) 5981cd5 feat: add read-only mode support for dashboard without API key (#92) 5d92f5c feat: add read-only mode support for dashboard without API key (#91)
Show lessYou are Claude Code, Anthropic's official CLI for Claude.