Docs: Index · Architecture · OAuth Setup · Git Flow
When processing /v1/models and /v1/chat/completions, the gateway forwards request payloads to the configured upstream API (upstream.base_url).
Forwarded data can include:
- model id
- chat messages and tool payloads
- generation parameters (
temperature,top_p, etc.)
The gateway keeps these local runtime assets in --workdir:
config.yamloauth-token.json
It does not upload local config files by itself.
- Downstream fixed API key is validated locally.
- OAuth access and refresh tokens are stored locally in
oauth-token.json. - The logger redacts known secret fields (for example
authorization,api_key,access_token,refresh_token,client_secret) to avoid leaking credentials.
- Restrict filesystem permissions for runtime directory.
- Rotate downstream fixed API key when needed.
- Re-run
auth loginif refresh is revoked or expires.