explaingit

yelixir-dev/grok-oauth-proxy

Analysis updated 2026-05-18

11Python
This is a quick first-pass explanation. The richer sections — use-cases, tech stack, setup, prompts — are still being generated.

TLDR

Grok OAuth Proxy is a small local server that lets you talk to xAI's Grok models from any tool that already understands the OpenAI API, without having to obtain or pay for an xAI API key directly.

Mindmap

A visual breakdown will appear here once this repo is fully enriched.

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

In plain English

Grok OAuth Proxy is a small local server that lets you talk to xAI's Grok models from any tool that already understands the OpenAI API, without having to obtain or pay for an xAI API key directly. It does this by piggybacking on the browser-based OAuth login that another tool, Hermes Agent, has already completed on your machine. The proxy reads the OAuth tokens that Hermes saved in ~/.hermes/auth.json, copies them into its own permission-locked file, and uses them to call api.x.ai on your behalf. It is written in Python with the FastAPI framework. To a client like LiteLLM, the OpenAI Python SDK, or a plain curl command, it looks like a normal OpenAI server at http://127.0.0.1:9996, exposing the usual /v1 routes including streaming chat completions. Behind the scenes it strips client credentials, injects a short-lived Bearer token, and forwards the request to xAI. The project takes a fail-closed approach to safety. At startup it verifies that Hermes is installed, that the xai-oauth provider is present, and that an OAuth client id is available, if any of that is missing, it refuses to start rather than falling back to anonymous credentials. Token refreshes are handled in a background loop with prewarming before expiry, plus a watcher on the Hermes auth file so that re-logins are picked up automatically. There is a /health endpoint with an optional deep mode that pings upstream, a /metrics endpoint for Prometheus, and automatic retries on transient upstream failures for idempotent requests. Installation is documented for two scenarios: a desktop Mac where Hermes already did the browser login, and a headless Linux server that imports an exported OAuth bundle from a desktop machine. systemd and launchd recipes are provided for keeping it running. The full README is longer than what was shown.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.