Multi-account Claude proxy with automatic quota-based rotation for Claude Code.
Sits transparently between Claude Code and the Anthropic API, managing multiple Claude Max (or API key) accounts and automatically switching when one approaches its session or weekly quota limit.
- Automatic account rotation — switches to the next account when session (5h) or weekly (7d) quota reaches the configured threshold (default 98%)
- Model-aware routing — the per-model weekly cap (e.g. Fable) is tracked separately, so an account whose Fable quota is spent is skipped only for Fable requests and still serves Opus/Sonnet. Requests are routed by their
model(read exactly from the request body, in both base-URL and MITM modes). Optional model routes pin model patterns to a specific set of accounts (config,teamclaude route, or the TUI settings screen → Manage routing) - Auto-retry on 429 — waits the
retry-afterduration and retries the same account; a quota rejection (a spent weekly bucket) switches accounts immediately instead of waiting, and switches to the next on persistent errors - Interactive TUI — real-time dashboard with color-coded quota bars, reset countdowns, activity log, and keyboard controls; a settings screen (
g) edits the rotation threshold, quota-probe interval, and sx.org proxy live - OAuth token management — automatically refreshes tokens nearing expiry and persists them to config; client token refreshes pass through untouched
- Hot-reload accounts — add or change accounts while the server is running; press R in the TUI, or run headless and CLI changes auto-reload via a local control endpoint
- Headless mode — run the proxy without the TUI (
--headless) for backgrounding/services - Org-aware accounts — one email can hold multiple accounts across different organizations (e.g. corp + personal); dedup is keyed on account + org, and names disambiguate as
email (Org) - Third-party backend accounts — route requests to any Anthropic-compatible API (e.g. DeepSeek, GLM) as a fallback when Claude accounts are exhausted; a per-account
upstreamURL andmodelMaptranslate model names transparently. Accounts with amodelslist are reserved for requests that explicitly name those models, enabling per-session backend selection without touching other sessions - Rotation priority — pin a preferred account order with
teamclaude priority - Enable/disable accounts — temporarily pause an account without removing it (
teamclaude disable/enable, ordin the TUI); re-enabling also clears a stuck error state - Quota persistence — observed quota survives restarts (saved to a sibling state file), so rotation state isn't lost on restart; stale windows are discarded automatically
- Optional quota probe — off by default; when enabled, periodically refreshes idle accounts' quota from the usage endpoint (no message spend), and surfaces the Sonnet and Fable weekly buckets
- Optional keep-warm — off by default; when enabled, periodically starts idle accounts' 5h session timers with a minimal request (
teamclaude warmup) so the next account isn't cold when rotation reaches it (spends a little quota, unlike the probe) - Account pinning — force a request onto one account via an
ANTHROPIC_BASE_URL=.../tc-acct/<name>prefix, bypassing rotation - MITM proxy mode (default) —
teamclaude runroutes claude via an HTTPS forward proxy with a local CA so even hardcodedapi.anthropic.comendpoints (e.g. the Claude Design MCP) get the real token injected; pass--no-mitmfor base-URL routing only - Optional sx.org proxy mode — off by default; set an sx.org API key in the TUI settings screen (
g) and TeamClaude auto-provisions a residential proxy to change the egress IP and work around IP-based429s. Three modes (mto cycle): always (route all upstream traffic), on 429 only (stay direct, fail over to the proxy after a 429), or off (keep the key but don't use it). TLS stays end-to-end with Anthropic (the proxy only relays ciphertext) - Request logging — optional full request/response logging for debugging
- Zero dependencies — uses only Node.js built-in modules
Requires Node.js 18+.
# Install
npm install -g @karpeleslab/teamclaude
# Add your first account (opens browser for OAuth)
teamclaude login
# Add a second account
teamclaude login
# Start the proxy
teamclaude server
# In another terminal, run Claude Code through the proxy
teamclaude runYou can also import existing Claude Code credentials instead of logging in:
claude /login # Log into an account in Claude Code
teamclaude import # Import its credentialsThe easiest way to add accounts — opens your browser for authentication:
teamclaude loginUses the same OAuth flow as Claude Code. Auto-detects the account email and subscription tier. Logging in with the same account again updates its credentials.
You can add accounts while the server is running — press R in the TUI to reload.
If you already have Claude Code set up, you can import its credentials directly:
claude /login # Log into an account in Claude Code
teamclaude import # Import its credentialsRe-importing the same account updates its credentials. You can also import from a custom path:
teamclaude import --from /path/to/credentials.jsonFor Anthropic API key accounts (billed via Console):
teamclaude login --apiteamclaude serverWhen running from a TTY, shows an interactive TUI with:
- Account table with session/weekly quota progress bars and reset countdowns
- Real-time activity log with request tracking
- Keyboard shortcuts (see below)
Falls back to plain log output when not a TTY (e.g. running as a service). Pass --headless (or --no-tui) to force the plain-log mode even from a terminal — useful for backgrounding the proxy.
When running headless, you can re-sync accounts from the config without a restart by POSTing to the local control endpoint (the equivalent of pressing R in the TUI):
curl -X POST http://localhost:3456/teamclaude/reloadYou usually don't need to call it directly: teamclaude login, import, enable, disable, and priority automatically notify a running server to reload. (New accounts and credential/priority/enable-disable changes are picked up live; account removals still require a restart.)
| Key | Action |
|---|---|
s |
Switch active account |
a |
Add account (import or API key) |
r |
Remove an account |
d |
Enable/disable an account |
R |
Reload accounts from config |
q |
Quit |
In selection mode, use j/k or arrow keys to navigate, Enter to confirm, Esc to cancel.
teamclaude runrun probes the proxy first: if it's up, Claude Code is routed through it; if it's not running, claude is launched directly so nothing breaks.
Since 1.1.0, run defaults to MITM forward-proxy mode so even hardcoded api.anthropic.com endpoints (e.g. the Claude Design MCP) are intercepted. To keep the previous base-URL-only behavior, pass --no-mitm:
teamclaude run --no-mitmOr manually set the environment:
eval $(teamclaude env)
claudeSo you don't have to type teamclaude run every time, add a shell alias that makes plain claude go through the proxy (and fall back to direct when it's down):
teamclaude alias # print the alias for your shell
teamclaude alias --install # or write it to your shell rc (--uninstall to remove)This is an interactive-shell alias — it affects claude typed at a prompt, not claude spawned by editors or scripts. It's a thin passthrough to teamclaude run, which holds the proxy-up/down logic.
teamclaude accounts # List accounts with subscription tier and token status
teamclaude accounts -v # Also show token expiry times
teamclaude status # Show live proxy status (requires running server)
teamclaude remove <name> # Remove an account (by name or email)
teamclaude disable <name> # Temporarily exclude an account from rotation
teamclaude enable <name> # Re-enable it (also clears a stuck error state)
teamclaude priority <name> 1 # Set rotation priority (lower = preferred)
teamclaude route list # Manage per-model routes (add/rm); see Model routes
teamclaude probe 300 # Enable background quota refresh (off by default)
teamclaude alias # Print/install a `claude` alias that routes via the proxy
teamclaude api <path> # Call an API endpoint with account credentials
teamclaude update # Check npm for a newer teamclaude and install it
teamclaude version # Print the installed version
teamclaude help # Show all commandsWhen teamclaude is installed globally via npm, it self-updates in the
background: it checks the npm registry at most once a day, and when a newer
version is published it runs npm install -g @karpeleslab/teamclaude@latest and
applies it on the next launch. The check runs after a teamclaude run session
ends and when a headless server starts; a git checkout is never touched (update
it with git pull). Run teamclaude update to update on demand.
Disable auto-update with TEAMCLAUDE_DISABLE_AUTOUPDATE=1 or "autoUpdate": false
in the config.
When the same email belongs to multiple organizations, accounts are named
email (Org) to keep them distinct. Pass --org <name|uuid> to disambiguate a
bare email, e.g. teamclaude remove user@example.com --org Acme. Use
teamclaude priority <name> --first / --last to move an account to the front
or back of the rotation order.
Log full request/response details to a directory (one file per request):
teamclaude server --log-to /tmp/requestsConfig is stored at ~/.config/teamclaude.json (or $XDG_CONFIG_HOME/teamclaude.json). A random proxy API key is generated on first use.
Volatile runtime state (observed quota) is written separately to teamclaude.state.json alongside the config, so the config file stays clean and hand-editable. The state file is safe to delete — quota is simply re-learned from traffic.
Override the config path with TEAMCLAUDE_CONFIG:
TEAMCLAUDE_CONFIG=./my-config.json teamclaude serverAfter a host network drop and reconnect, Node's shared connection pool can hold dead keep-alive sockets. Because a request has no default time limit, a retry can land on a dead socket and hang forever — every account and every retry keeps hitting the same poison, so the proxy appears wedged until you restart it. teamclaude bounds each stage so a stuck request fails fast instead: the failure lets Node evict the dead socket, the client retries, and the next request connects fresh — no restart needed. Recovery is per-socket, so after a flap it can take a few failed-then-retried requests to fully drain, but it always converges.
| Variable | Default | Description |
|---|---|---|
TEAMCLAUDE_UPSTREAM_HEADERS_TIMEOUT_MS |
120000 |
Max wait for upstream response headers (time-to-first-byte). Cleared the instant headers arrive, so a long streaming body is never cut. Streamed completions deliver first byte in seconds; a non-streaming (stream:false) request that legitimately generates for longer than this could trip it — raise it for such callers. |
TEAMCLAUDE_UPSTREAM_BODY_TIMEOUT_MS |
120000 |
Max idle gap between response-body chunks. Resets on every chunk, so a slow-but-healthy stream is fine; it fires only when the socket goes silent mid-stream (a drop after headers), turning a hang into a fast, retryable failure. |
TEAMCLAUDE_REFRESH_TIMEOUT_MS |
30000 |
Max wait for an OAuth token refresh. A hung refresh is coalesced across all callers, so it would otherwise wedge every request for that account. |
{
"proxy": {
"port": 3456,
"apiKey": "tc-auto-generated-key"
},
"upstream": "https://api.anthropic.com",
"switchThreshold": 0.98,
"sx": { "apiKey": "your-sx-org-api-key", "mode": "always" },
"accounts": [
{
"name": "user@example.com (Acme)",
"type": "oauth",
"accountUuid": "...",
"orgUuid": "...",
"orgName": "Acme",
"priority": 0,
"accessToken": "sk-ant-oat01-...",
"refreshToken": "sk-ant-ort01-...",
"expiresAt": 1774384968427
}
]
}| Field | Description |
|---|---|
proxy.port |
Local port the proxy listens on |
proxy.host |
Interface to bind. Defaults to 127.0.0.1 (localhost only). Set to 0.0.0.0 (or override with env TEAMCLAUDE_HOST) to accept off-box clients — in which case set proxy.apiKey, since remote clients must present it (via x-api-key, or Proxy-Authorization for CONNECT/HTTPS-proxy usage); loopback is always exempt |
proxy.apiKey |
API key clients use to authenticate with the proxy (required for any non-loopback client; the proxy injects real account tokens, so an unauthenticated open port would leak them) |
upstream |
Upstream API base URL |
switchThreshold |
Quota utilization (0–1) at which to switch accounts (TUI: g → t) |
quotaProbeSeconds |
Background quota-probe interval in seconds (0 = off, the default; CLI probe or TUI g → p) |
warmupSeconds |
Keep-warm interval in seconds (0 = off, the default; CLI warmup). Spawns a minimal claude per idle account to start its 5h timer — spends a little quota, unlike the probe |
sx.apiKey |
sx.org API key. When set, TeamClaude auto-provisions a residential proxy (egress-IP 429 workaround). Absent/empty = off |
sx.mode |
always (route all upstream traffic), 429 (direct, fail over to the proxy after a 429), or off (keep the key but don't use it). Defaults to always when a key is set |
accounts[].accountUuid |
Anthropic account (person) id; set automatically from the OAuth profile |
accounts[].orgUuid / orgName |
Organization the account is scoped to — lets one email hold multiple org accounts |
accounts[].priority |
Rotation preference, lower = preferred (default 0) |
accounts[].disabled |
If true, the account is excluded from rotation until re-enabled |
accounts[].upstream |
Alternative upstream base URL for this account (e.g. https://api.deepseek.com/anthropic). Overrides the global upstream for this account only |
accounts[].modelMap |
Object mapping Anthropic model names to this backend's model names (e.g. {"claude-sonnet-4-6": "deepseek-v4-pro[1m]"}). Applied automatically when requests are routed to this account |
accounts[].models |
Array of model names this account exclusively handles. When any account declares a models list, requests for those models are routed only to accounts that list them — use this to reserve a third-party account for sessions that pass --model <name> explicitly |
routes |
Optional list of routing rules that pin model patterns to specific accounts — see Model routes |
By default every request routes through the same pool, and per-model quota is respected automatically: a family with its own weekly bucket (Fable, Sonnet) only blocks that family, so an account whose Fable quota is spent still serves Opus/Sonnet. teamclaude status shows this per account (a Models line) and any families it detects appear as auto routes.
To go further you can pin model patterns to an exclusive set of accounts with a routes table. Each route matches the request's model id against shell-style globs (* is the only wildcard) and, on the first matching route, restricts the request to the listed accounts:
"routes": [
{ "name": "fable", "match": ["*fable*"], "accounts": ["personal-max"] },
{ "name": "bulk", "match": ["*opus*", "*sonnet*"], "accounts": ["corp-1", "corp-2"] }
]match— one or more model globs; the first route whose globs match wins.accounts— account names (or indices) that may serve matching models. Exclusive: only these are used (and they 429/rotate among themselves when spent). Omit to route to all accounts — e.g. to only set abucketoverride.bucket— optional: force which quota bucket governs eligibility (unified7dFable,unified7dSonnet,unified7d), for the rare case the family can't be inferred from the model id.
Manage routes from the shell (changes apply to a running server immediately):
teamclaude route list
teamclaude route add fable --match '*fable*' --accounts personal-max
teamclaude route add bulk --match '*opus*,*sonnet*' --accounts corp-1,corp-2
teamclaude route rm fable…or interactively in the TUI: open settings (g) → Manage routing, then a add / e edit / d delete. The routes table (configured + auto-detected) is shown in both the TUI and teamclaude status.
By default TeamClaude is passive — it learns each account's quota only from the responses that flow through it, so an account that hasn't been used yet shows unknown quota until it's first rotated to.
If you'd rather keep idle accounts' quota fresh, enable the background probe:
teamclaude probe 300 # refresh every 300s
teamclaude probe off # back to passive (default)
teamclaude probe # show current settingYou can also set the interval live from the TUI settings screen (g → p), alongside the rotation threshold (t).
It reads each OAuth account's utilization from Anthropic's usage endpoint (/api/oauth/usage), which reports quota without consuming any message quota. Minimum interval is 30s. Changing it takes effect on a running server immediately (no restart). When enabled, it also surfaces the Sonnet 7-day and Fable 7-day buckets as extra bars in the TUI / status (when your plan exposes them).
The rolling 5-hour session window only starts once an account sends a real message. So when your active account runs out and rotation moves to a cold account, that account's 5h window starts then — right when you need its full headroom. Keep-warm (#76) starts the timer on idle accounts ahead of time, so the next account is already partway (or fully) through a fresh window when it's needed.
teamclaude warmup 600 # warm idle accounts every 600s
teamclaude warmup off # disabled (default)
teamclaude warmup # show current setting
⚠️ This spends a little quota — unlike the passive quota probe. The 5h timer can't be started by a read-only call, so keep-warm sends a real (minimal) message: for each eligible idle account it spawns a one-shotclaude -p --bare --model haiku "hi"pointed at this proxy, pinned to that account (see below). It only warms accounts whose 5h window is not already running, skips disabled/throttled/errored and third-party-backend accounts, and uses the cheapest model — but it does consume a few tokens and a slice of the 5h/weekly buckets per account per window. Requires theclaudeCLI onPATH. Minimum interval 60s; changes apply live (no restart). Status shows underwarminteamclaude status --json.
ANTHROPIC_BASE_URL with a /tc-acct/<name-or-index> prefix forces every request onto one account, bypassing rotation (and never failing over to another). This is what keep-warm uses internally, and it doubles as a manual way to exercise a specific account:
# Route this whole claude session to the account named "work (Acme)" (index also works)
ANTHROPIC_BASE_URL='http://127.0.0.1:3456/tc-acct/1' \
ANTHROPIC_API_KEY='<your teamclaude proxy key>' \
claude -p --bare 'say hi'The <name> matches an account's display name exactly (URL-encode spaces/parens), or a numeric rotation index. An unknown pin returns 404. The prefix is stripped before the request is forwarded upstream.
Any Anthropic-compatible API can be added as an account alongside your Claude accounts. Give it a higher priority value (lower = preferred, so use e.g. 100) and it will be used as a fallback when all Claude accounts are exhausted.
{
"name": "deepseek",
"type": "oauth",
"accessToken": "sk-your-deepseek-api-key",
"upstream": "https://api.deepseek.com/anthropic",
"priority": 100,
"modelMap": {
"claude-haiku-4-5-20251001": "deepseek-v4-flash",
"claude-sonnet-4-6": "deepseek-v4-pro[1m]"
},
"models": ["deepseek-v4-pro[1m]", "deepseek-v4-pro", "deepseek-v4-flash"]
}upstream— base URL of the target API. Requests are sent toupstream + /v1/messages(etc.) for this account only.modelMap— when a Claude model name arrives in the request body, it is rewritten to the mapped name before forwarding.models— model names this account exclusively handles. Once any account declares amodelslist, requests for those model names are locked to matching accounts. This lets you send a specific session to a third-party backend without touching others — use--modelon launch or/modelinside a session:
# This session routes to DeepSeek; all other sessions still use Claude accounts.
claude --model 'deepseek-v4-pro[1m]'Note: model names with brackets (e.g. deepseek-v4-pro[1m]) must be quoted in the shell.
The plain reverse-proxy only intercepts what ANTHROPIC_BASE_URL covers. Some Claude Code features (e.g. the Claude Design MCP) use a hardcoded https://api.anthropic.com URL that ignores that variable, so they bypass the proxy. MITM proxy mode captures those too, which is why it's the default for teamclaude run (and the shell alias):
teamclaude run -- <claude args...>To opt out and route via ANTHROPIC_BASE_URL only, pass --no-mitm:
teamclaude run --no-mitm -- <claude args...>That launches claude pointed at teamclaude as an HTTPS forward proxy (HTTPS_PROXY) and trusts a locally-generated CA (NODE_EXTRA_CA_CERTS). For an intercepted host, teamclaude terminates the tunnel with a real HTTP/2 server (HTTP/1.1 clients are handled too) presenting its local leaf, then forwards each request with a buffering, retrying client — the same path the base URL mode uses. On each request it:
- injects the active account's real token as
authorization(dropping any clientx-api-key); - rewrites the
account_uuidinsidemetadata.user_idto the active account's UUID (so the body agrees with the injected token); - routes by the request's
model(a Fable-exhausted account is skipped for Fable but still serves other models); - reads
anthropic-ratelimit-*from responses for quota; and - resends the request on a different account if one returns a quota
429, so a "you've reached your limit" is never surfaced while another account has headroom.
Because the request is buffered, the retry is transparent to claude. Remote Control (/v1/code/*) and client token refreshes (/v1/oauth/token) are passed through with the client's own credential. Any host other than the upstream is blind-tunnelled. The server accepts both base-URL and proxy clients at once, so instances launched with and without --no-mitm can share one server.
Trust model:
- The CA is generated locally, stored in the config dir, and trusted only by the claude process you launch via
teamclaude run(throughNODE_EXTRA_CA_CERTS) — it is never added to your system trust store. The leaf private key is0600; the CA private key is never written to disk. - teamclaude still verifies the real Anthropic certificate on the upstream leg.
Verify the proxy + CA without any credentials — the proxy always answers a built-in test host:
# (with the server running and certs generated, e.g. after one `teamclaude run`)
curl --proxy http://localhost:3456 --cacert ~/.config/teamclaude-ca.pem https://www.example.org/
# → {"teamclaude":"mitm-proxy-ok","host":"www.example.org",...}Some transient 429s key on the proxy's outbound IP, not the account — so rotating accounts doesn't help. To work around them, TeamClaude can route upstream requests through a residential proxy from sx.org, giving a different egress IP.
Open the TUI and press g for the settings screen, then k to paste your sx.org API key (stored in config.sx.apiKey). TeamClaude reuses an existing active proxy port on your sx.org account, or auto-creates a residential US one, and dials the upstream through it via HTTP CONNECT on both the reverse-proxy and --mitm paths.
Press m to cycle the mode:
| Mode | Behavior |
|---|---|
| always | Tunnel every upstream request through sx.org. |
| on 429 only | Connect directly; on a 429 (which is IP-based), immediately retry that request through sx.org's fresh egress IP — no wait. On the --mitm path, a recent 429 routes new tunnels through sx.org for a short window. |
| off | Never use sx.org, but keep the API key so you can re-enable it instantly. |
TLS is established end-to-end with api.anthropic.com over the tunnel, so the sx.org proxy only ever relays ciphertext and the real Anthropic certificate is still verified. Mode and key changes apply live (no restart). Press x to forget the key entirely.
Cost: in always mode all Claude traffic flows through the residential proxy, which sx.org meters by bandwidth — expect real per-GB cost. on 429 only uses the proxy just when you're actually being throttled, so it's the cheaper way to ride out rate limits.
- Claude Code connects to the local proxy instead of
api.anthropic.com - The proxy selects the active account and forwards requests with that account's credentials
- OAuth tokens expiring within 5 minutes are automatically refreshed and persisted to config
- Rate limit headers from the API (
anthropic-ratelimit-unified-*) track session (5h) and weekly (7d) quota utilization - When usage reaches the threshold, the proxy switches to the next available account via round-robin
- On 429 responses, the proxy waits the
retry-afterduration and retries; on persistent errors, it switches accounts - Transient network errors (connection reset, timeout) drop the connection so the client can retry
- If all accounts are exhausted, returns 429 with the soonest reset time
- Client token refresh requests (
/v1/oauth/token) are relayed to upstream untouched — the proxy and client manage their own token lifecycles independently
The only canonical sources for TeamClaude are this repository
(https://github.com/KarpelesLab/teamclaude) and the
@karpeleslab/teamclaude
npm package. TeamClaude is never distributed as a downloadable binary
archive — be wary of soft-forks that bundle a .zip and tell you to extract and
run it. See SECURITY.md for details and how to report issues.
MIT — see LICENSE.
