LLM Gateway (OpenAI Proxy) to manage authentication, loadbalancing, and spend tracking across 100+ LLMs. All in the OpenAI format.
LiteLLM is generally appreciated for its capabilities as an AI coding tool, particularly among users with AWS credits. However, it has recently faced significant criticism due to a security breach involving credential-stealing malware linked to a malicious package release. Users show concerns about the safety and reliability of the software in light of these events. The overall sentiment on pricing is mostly neutral as the primary focus remains on addressing security issues, impacting its reputation negatively.
Mentions (30d)
0
Reviews
0
Platforms
5
GitHub Stars
41,659
6,878 forks
LiteLLM is generally appreciated for its capabilities as an AI coding tool, particularly among users with AWS credits. However, it has recently faced significant criticism due to a security breach involving credential-stealing malware linked to a malicious package release. Users show concerns about the safety and reliability of the software in light of these events. The overall sentiment on pricing is mostly neutral as the primary focus remains on addressing security issues, impacting its reputation negatively.
Features
Use Cases
Funding Stage
Venture (Round not Specified)
815
GitHub followers
40
GitHub repos
41,659
GitHub stars
20
npm packages
10,659
npm downloads/wk
391,582,157
PyPI downloads/mo
Malicious litellm_init.pth in litellm 1.82.8 PyPI package – credential stealer
View originalPricing found: $0, $0
Wanted to share a plugin that will enable Fable to orchestrate work via Codex CLI or Opencode CLI to help keep Fable usage to a minimum by having cheaper models do the grunt work
not a dev by trade, and this is the first thing i've actually released publicly, so be gentle. This is what I have been using to try to help keep claude usage to a minimum for implementation/mechanical work. Fable/Opus does the orchestrating, and whatever other models you have setup can be dispatched to do the implementing. Or you can use it in codex with codex acting as the orchestrator. There's a copilot plugin as well that works the same way. fable/Opus does the planning and thinking, the editing/reviewing/grinding happens somewhere cheaper, that way you aren't torching your whole fable allowance on grunt work. the dispatched run comes back with a marker so the orchestrator knows it actually finished instead of silently dying, and there are tripwires that catch a failed handoff. There's also some ledger logging each run, so you can evaluate the models you use against your own use cases and workflows. you don't touch any of the plumbing though. you just tell claude "route this review to kimi, get codex's take too, compare them," and it works out whether that's a simple fan-out or a dependency graph on its own. It's not an llm router. litellm/openrouter multiplex api calls to one endpoint while this hands whole units of work to a full CLI harness, so each has their own tools + workspace access + subscription auth, then the orchestrator checks the work that was finished. it sits on top of opencode rather than replacing it. I might look into adding pi harness compatibility in addition to opencode. Full transparency: this is brand new as a repo, but i have been using since around the time that anthropic released the orchestration feature. That being said it has never been used by anyone other than me so i fully expect there to be bugs and whatnot. Also, by default the shims run the dispatched CLI with its sandbox and approval prompts off, since an unattended handoff can't sit there answering a y/n prompt. that means a routed model can edit files and run commands in your workspace unsupervised. there's a flag to keep the child's sandbox on, but either way only route stuff you'd trust a non-claude agent to do while you're not watching. repo (MIT): https://github.com/Buckeyes22/subagent-model-routing — if you try it and something's busted or confusing, issues welcome. submitted by /u/New_Jaguar_9104 [link] [comments]
View originalMoved my heavy automation off the max subscription onto metered api after the fcc ad complaint, here is the honest tradeoff
tl;dr I still use claude every day and the subscription is great for interactive work, but I moved all my batch and automation traffic onto the metered api, and the main reason is I could never actually tell how much of the max quota I was getting. The fcc ad complaint this week, the one claiming max5x and max20x don't deliver the usage they advertise, isn't really news to anyone who has run heavy automation on a subscription. Whether or not the enforcement claim holds, the underlying thing is real. On a subscription you get an opaque weekly ceiling, no per call meter, and a "you've hit your limit" wall you had no way to predict. That's totally fine for me typing in the app. It's a nightmare when a scheduled job needs to finish and you're budgeting against a number you cannot see. So a few weeks ago I split it. Interactive claude stays on the subscription, that's still the best writing and reasoning experience and I'm not switching that. Anything programmatic moved to pay as you go api: the batch summarization, the nightly classification runs, the little agent that files tickets. On the api every single call shows up with input and output tokens and a cost, so I can finally set a budget, see which job is expensive, and get alerted before a runaway loop drains anything. What made the split clean was putting a gateway in front so I have one key with per project budget caps and metering, instead of wiring that logic into every script. You could do the same with portkey or just litellm if you want to self host. We went with tokenrouter for it recently, since the billing thing made us rethink how we meter stuff. What we actually care about is the per key spend cap and the line item breakdown. Honest downside, since this sub can smell a one sided take: the metered api is not automatically cheaper. For my interactive usage the subscription is still the better deal by a wide margin, which is exactly why I kept it. The win here isn't cost, it's that the part of my usage I actually need to forecast is now measurable. Opaque quota for the stuff I do by hand is fine. Opaque quota for the stuff that runs while I sleep is not. submitted by /u/obxsurfer06 [link] [comments]
View originalUsing Claude Opus as planner + DeepSeek as worker in Claude Code — anyone solved the single-session routing problem?
I've been running a hybrid planner/worker setup with Claude Code and hit a tricky constraint I'm hoping the community has thoughts on. The setup Planner — Claude Opus for architecture, planning, and review Worker — DeepSeek V4 Pro / DeepSeek Chat via LiteLLM proxy for repetitive coding tasks (much better cost/performance ratio) The constraint There are actually two ways to run this, and each has a tradeoff: Option 1 — Two separate sessions (current approach) Session 1: claude login (OAuth) → Opus uses Pro subscription quota ✅ Session 2: ANTHROPIC_BASE_URL → LiteLLM proxy → DeepSeek ✅ Downside: context passing between sessions is manual — I'm basically the message bus Option 2 — Single session via LiteLLM proxy LiteLLM routes claude-opus-4-8 → real Anthropic API (pay-as-you-go) claude-sonnet-4-6 / claude-haiku-* → DeepSeek via proxy Unified session, no manual context switching ✅ Downside: once you set ANTHROPIC_BASE_URL, Claude Code drops OAuth entirely — you lose your subscription quota and Opus becomes pay-as-you-go So it's basically: subscription quota + manual context switching vs API billing + seamless single session. Neither feels like the right answer. My questions Is there any way to get the best of both — use OAuth for Opus while still routing worker calls through a proxy in the same session? Has anyone built a clean planner→worker handoff pattern (e.g. shared task files, worktrees) that doesn't require you to babysit the context manually? If you've gone the API billing route for Opus, is the cost actually manageable compared to subscription for heavy daily use? Happy to share my LiteLLM config if helpful. Curious what others have landed on. submitted by /u/Procrastinator1677 [link] [comments]
View originalWe made an LLM pipeline survive a provider outage mid-execution. Here's the FSM pattern.
Every major LLM provider had at least one significant outage in 2025. Anthropic, OpenAI, Gemini — all of them, at some point, just stopped responding mid-request. Most fallback solutions sit at the gateway layer: LiteLLM, Bifrost, Kong AI Gateway. They catch the failed HTTP request and retry it against a different provider. This works for a single call. It doesn't work for a multi-step pipeline, because the gateway doesn't know the failed call was step 2 of 3 — it just sees a request that needs a retry. We wanted to know: can a stateful FSM runtime do better than a stateless HTTP retry? The setup Three-step credit application pipeline: collect_application → verify_income → policy_decision verify_income is the LLM step that can fail. We tested two failure modes: retry: provider degrades, fails 3 times, then we give up on it hard: provider disappears entirely, first call fails First attempt — let the LLM step fail naturally Our first instinct was to let the FSM's native LLM step raise the exception and catch it at the FSM level. This doesn't work with llm-nano-vm's current step model: when an LLM step throws, the FSM marks it FAILED and the trace terminates. There's no branching point. The fix — make the failure a TOOL result, not an exception TOOL attempt_llm_step → returns 1 (success) or 0 (failed) CONDITION $provider_ok < 1 then: switch_provider otherwise: continue TOOL do_switch_provider → updates current_provider TOOL attempt_llm_step → retries on new provider The LLM call happens inside a TOOL step that catches the provider exception internally and returns a sentinel. The FSM never sees an exception — it sees a normal CONDITION branch. This is the actual mechanism: the FSM treats provider failure as a state transition, not an error to recover from. A real bug we hit: string literals don't work in this ASTEngine We tried: condition: try_s2.output == "PROVIDER_FAILED" It parses. It always returns False. The ASTEngine in llm-nano-vm 0.8.6 doesn't support string literals as the right-hand side of a comparison — only numbers and $var references work. We switched to a numeric sentinel: condition: $provider_ok < 1 This is now a documented constraint in the project, not a guess. The result ``` === Scenario: RETRY === S2 verify_income CLAUDE failed (1/3) CLAUDE failed (2/3) CLAUDE failed (3/3) EVENT: RetryLimitExceeded ACTION: switch_provider claude → gpt S3 policy_decision ✓ GPT RECEIPT: { "final_status": "SUCCESS", "provider_final": "gpt" } === Scenario: HARD === S2 verify_income EVENT: ProviderUnavailable (CLAUDE) ACTION: switch_provider claude → gpt S3 policy_decision ✓ GPT RECEIPT: { "final_status": "SUCCESS", "provider_final": "gpt" } ``` Both scenarios produce the same trace_hash. This isn't a coincidence — both runs traverse the identical FSM path (collect → attempt → fail → switch → attempt → decide). trace_hash = SHA-256(Merkle(step_results)). Same path, same hash, by construction. What this does NOT do It does not pick the "best" provider — fallback chain is a fixed list (claude → gpt → qwen) It does not do health-check polling like Bifrost's active detection — failure is only detected on attempt MockAdapter in the demo doesn't call a real API — responses are hardcoded for reproducibility Why this matters for anyone running multi-step agent pipelines A gateway-level fallback (LiteLLM, Bifrost) answers: "did this HTTP call succeed?" A stateful FSM fallback answers: "what state was the pipeline in when the provider failed, and what happened after?" The Receipt is the difference. It contains switch_event, rejected_transitions, and a trace_hash you can recompute — not a log line saying "retried 3 times." Code: provider-fallback-demo — python receipt_demo.py --both, no API keys needed, real llm-nano-vm stack with mocked providers. Next: pulling switch events into OpenTelemetry spans so this composes with existing observability stacks instead of replacing them. submitted by /u/ale007xd [link] [comments]
View originalClaude Fable made me realize I don't need a better model
Hi everyone, I think I’ve reached a point where new LLM releases don’t really change much for me anymore. I tried Anthropic’s new Mythos-lite model, Fable, and played around with it for a while. I tested it on some security-related research for my own scripts and projects, and also used it for a few work-related tasks. And yes, it may have more parameters, a larger context window, better benchmarks, and all the usual improvements. But personally, I almost immediately switched back to Claude Opus for coding and Haiku for everyday work. For what I actually do, that combination is already more than enough. These models, my skills and prompting makes me more productive then 3 years ago, but it's more than enough. It reminds me of having an iPhone 14 while the iPhone 17 is coming out. You can see that the newer version is technically better, but you still think: “Nah, I’m good.” Curious if anyone else feels the same. submitted by /u/Axi0m-22 [link] [comments]
View originalThe Claude Code active attack didn't stop. 294,842 secrets stolen from 6,943 machines. It evolved and now spreads through Python too and uses Claude Code itself to steal your secrets. The risk to your credentials just got bigger.
TLDR: Anthropic shipped Fable 5. They call this model class the strongest cyber capability in the world and lock the uncapped version to government defenders. This post is the other side of this, the same power pointed at you. I posted about an active Claude Code attack, a worm backdooring Claude Code and VS Code to steal developer credentials. That attack was not a one-off, it was not the start, and it has not been stopped. The questions I got the most: how big is it how safe am I how do I get protected It was one step in a single campaign that has been running for months. One crew turning supply-chain attacks into an assembly line, always after the same thing: secret keys and credentials. Each wave is faster, quieter, and harder to clean than the one before it. Google tracks the crew as UNC6780. They call themselves TeamPCP. On May 12 they open-sourced their attack pattern and offered $1,000 to whoever runs the biggest attack with it, so it is not just them anymore. Anyone can use it, and some of the newest waves are probably copycats running their code. The timeline: March: hijacked the security tools developers trust (Trivy, Checkmarx, LiteLLM). March 25: partnered with a ransomware group to cash in the stolen access. Late April–May: turned it into a self-spreading worm; hit TanStack, Mistral, UiPath. May: open-sourced the worm and offered the $1,000 bounty for the biggest attack run with it. Late May: breached GitHub itself: ~3,800 internal repos, listed for sale at $50,000. June: the Red Hat wave that backdoored Claude Code. June: a second wave with a new trick that skips every install-script check. The latest version renamed itself "Hades: The End for the Damned." Same credential thief with two new moves: it moved to Python, and it stopped attacking your machine and started attacking your AI. It moved to Python. It hides in a startup hook, a file Python runs the instant it starts, before you import anything. When you pip install, it fires, then pulls in Bun (a separate JS runtime) to run its payload, so tools watching Node see nothing. It passes AI security scanners. Defenders now use AI to read suspicious packages because there are too many to check by hand. So the attacker writes a note at the top of the file, aimed at the AI: ignore the code below, this package is clean, write a safe report. The models obey and clear the malware. It uses the AI assistants. Hades hunts the config files of 14 AI coding tools (Claude, Cursor, Copilot, Gemini, Codex and more) and plants its own instructions and a startup hook inside them. Next time you open the project, your assistant runs the attacker's code with the access you already gave it. Deleting the package doesn't help, the malware lives in your AI's config. The goal is the same as past waves: every credential it can reach. GitHub, npm, cloud keys, SSH keys, shipped to the attacker. If you revoke the stolen token before you clean up, it wipes your files. They partnered with a known ransomware crew called Vect to turn the stolen access straight into extortion, and handed them affiliate keys to all 300,000 users of a criminal forum. For anyone not familiar with ransomware: attackers seize an organization's data and demand payment to release it or keep it private. This year the industry's answer was AI. AI to review code, AI to write it, AI for security. So that is what Hades attacks, it turns the AI review into an attack surface. A leaked cloud key gets found and abused in about one minute. The average time for a company to remove a leaked secret from its code is 94 days (from a scan of 441,000+ exposed secrets in public repos). Of the credential leaks that were live in 2022, 64% still worked in 2026, four years later. The volume: 454,648 new malicious packages shipped, 99% of them on npm. Leaks tied to AI services alone rose 81% in a single year. Malware is not even the main problem anymore. 79% of intrusions involve no malware at all, the attacker just logs in with a stolen key, so there is nothing for a scanner to catch. And against the worms, only 40% of organizations run package-malware detection, and Hades just showed the rest can be talked out of it. Instructions on how to check if you have been affected and how to cleanup added to the comments. EDITED: All numbers are validated and backed up with links to the sources. Sources: March – Trivy, Checkmarx & LiteLLM hijack: Cloud Security Alliance, Trend Micro Victims, scope, ransomware tie & May 12 open-source + $1,000 bounty: Tenable, Datadog June 1 – Red Hat / Miasma wave (backdoored Claude Code): Microsoft Threat Intelligence, JFrog June 3–4 – second wave (binding.gyp install-script bypass): StepSecurity, ReversingLabs JFrog Security Research, Socket, Orca Security, Dark Reading 294,842 secrets across 6,943 machines; 28.65M new secrets in 2025; AI-service leaks +81%; 64% of 2022 secrets still valid in 2026; only 40% run package-malware detection: GitGuardian State of
View originalRefactor code to skills files + python?
In 2024 we wrote open source PatchWise project with Python as base programming language plus using LiteLLM as library to get the AI code reviews. Should I now refactor this code to AI skills.md files plus python as mixed mode? I also need general advise for new projects since this is now new programming paradigm. Thank you. submitted by /u/NoAfternoon385 [link] [comments]
View originalI built a local CLI to estimate and cap AI coding-agent spend before a run gets expensive
I build apps with coding agents, and one thing kept bothering me: before starting a run, I often had no idea what it might cost. Sometimes the agent is useful. Sometimes it keeps retrying the same bad path, rewrites its plan, burns tokens, and only later I realize that the run was more expensive than expected. So I built Runcap. It is a free MIT local CLI for developers using AI coding agents. The idea is simple: estimate a run before starting set a hard budget cap run a local gateway that can stop over-budget calls compress logs / JSON / stack traces before forwarding record what happened during the run generate a rescue prompt when the agent gets stuck It is not trying to replace Langfuse, LiteLLM, Helicone, or other observability/gateway tools. Those are useful, but I wanted something smaller and more direct for my own workflow: a local “cost seatbelt” before a coding-agent run gets out of control. Install: npm install -g runcap GitHub: https://github.com/kirder24-code/ai-agent-manager It is still early and probably rough. I would really appreciate feedback from people using Claude Code, Cursor, Codex, Aider, or other coding-agent workflows. Main question: would you actually keep a tool like this running day to day, or is this too much friction for your workflow? submitted by /u/Ok-Serve4908 [link] [comments]
View originalWhat are the most powerful underground AI tools that no one talks about enough?
Most powerful AI/agent tools nobody talks about, and it leaves you behind IMO 1. Instructor define a Pydantic model, get clean structured JSON out of any LLM every time → https://github.com/567-labs/instructor 2. Octopoda gives any AI agent persistent memory and catches it when it loops and quietly burns your tokens. open source → https://www.octopodas.com 3. E2B secure cloud sandboxes so your agent can actually run the code it writes without nuking your machine → https://e2b.dev 4. Firecrawl turn any website into clean, LLM-ready markdown in one API call → https://firecrawl.dev 5. Composio plug your agent into 1000+ apps (Gmail, Slack, GitHub) with the auth handled for you → https://composio.dev 6. LiteLLM one API for 100+ models across OpenAI, Anthropic and local, swap without rewriting a line → https://github.com/BerriAI/litellm what are yours, let me know and I will add it to the list next month! submitted by /u/DetectiveMindless652 [link] [comments]
View originalWhat AI or dev tools are people actually sleeping on right now?
Most tooling discussions I come across just end up being the same handful of products getting recommended over and over. Gets old pretty fast. More interested in the stuff flying under the radar. Repo and coding tools, self hosted setups, AI infra, terminal utilities, debugging tools, smaller projects that just do their job well. The kind of thing you only stumble on if you're deep in it. What have you actually been reaching for lately? Some stuff I’ve been checking out recently: GitAgent Open WebUI LiteLLM Continue.dev submitted by /u/Meher_Nolan [link] [comments]
View originalAgentic Workflow Visualization and API Gateway
I am building an API gateway for agents that can make your agentic AI code model and provider agnostic. I am also grouping agent runs that show multiple llm calls and tool calls in the visualization piece. It gives details on tokens, cost and model latency. I am doing this without requiring any instrumentation in the agentic code. The agents (python for now) are started by a rust correlator that assigns a job_id to each agent so we could track api and tool (inferred from http requests and responses) calls across the entire agentic run. The servers are also in rust. I also have an implementation where instead of the rust correlator i have python and other platform shims that do the same job and the servers are in go. I would appreciate comments from people who are in AI ops who use tools like litellm and Helicone and can provide feedback or complicated use cases. I plan to make everything open source so looking for collaborators too. submitted by /u/High-Speed-Diesel [link] [comments]
View originalLLM-Rosetta — format conversion library across LLM API standards, doubles as a proxy
This started because we had a proprietary internal LLM API that spoke none of the standard formats. Built an internal conversion layer to bridge it, maintained that for over a year. As colleagues started adopting more and more coding tools — Claude Code, opencode, Codex, VS Code plugins, Goose, and whatever came out that week — each with its own API format expectations, maintaining separate adapters for each became the actual problem. That's what pushed the internal conversion layer into a proper generalized design, and llm-rosetta is the result. It's a Python library that converts between LLM API formats — OpenAI Chat, Responses/Open Responses, Anthropic, and Google GenAI. The idea is you convert through a shared IR so you don't end up writing N² adapters. The key difference from LiteLLM: LiteLLM is a unified calling layer that takes OpenAI-style input and transforms it into provider-native requests — one direction. llm-rosetta uses a hub-and-spoke IR, so each provider only needs one converter, and you get any-to-any conversion for free. Anthropic → Google, OpenAI Chat → Anthropic, whatever direction you need. Use it as a library — pip install and call convert() directly, no server needed. Or run the gateway if you want a proxy that handles the format translation for you. Zero required runtime dependencies either way. The HTTP server, client, and persistence layer are vendored from zerodep (https://github.com/Oaklight/zerodep), another project of mine — stdlib-only single-file modules, not someone else's library repackaged. The gateway ships with a Docker image if you'd rather not deal with Python env setup. You can also deploy it on HuggingFace Spaces or anything similar — admin panel, dashboard, request log, config management all included. Screenshots: https://llm-rosetta.readthedocs.io/en/latest/gateway/admin-panel/ We've been running it in production for about 5 months as the conversion layer for an internal multi-model access platform — needed to support various API standards and coding tool integrations before the upstream APIs were fully standardized. The Responses converter passes all 6 official Open Responses compliance tests (schema + semantic) from the spec repo. So if you're running Ollama, vLLM, or LM Studio with Responses endpoints, it should just work as one side of the conversion. There's a shim layer for provider-specific quirks — built-in shims for OpenRouter, DeepSeek, Qwen, xAI, Volcengine, etc. Converters stay generic per API standard, shims handle the edge cases declaratively. 24 cross-provider examples in the repo covering all provider pairs, SDK + REST, streaming, tool calls, image inputs, multi-turn with provider switching mid-conversation. GitHub: https://github.com/Oaklight/llm-rosetta Docs: https://llm-rosetta.readthedocs.io arXiv: https://arxiv.org/abs/2604.09360 Gateway screenshot: https://preview.redd.it/qzzjr2dcdw1h1.png?width=949&format=png&auto=webp&s=bce4293aae81059f794909fc37f85071cee34378 submitted by /u/Oaklight_dp [link] [comments]
View originalAnthropic just banned "claude -p" from their Quota - BIG MISTAKE!
So Anthropic just announced that starting June 15, claude -p, Agent SDK usage, Claude Code GitHub Actions, and third-party Agent SDK apps will stop counting against the normal Pro/Max interactive Claude usage. Instead, they now go into a separate monthly Agent SDK credit bucket. For Max 5x, that is apparently $100/month. Which sounds fine until you realize any serious autonomous agent setup can burn through that very fast. So yeah, if you built anything around: tickets -> agents -> hooks -> executor -> claude -p -> background automation you are probably cooked. I was building exactly this kind of thing with AgentiBridge / AgentiCore / AgentiHooks. Basically a framework for orchestrating Claude Code agents at scale. The idea was simple: run Claude Code not as a human sitting in the terminal, but as a worker inside a larger production system. And now Anthropic basically said: “Nice automation stack bro, please move to the paid SDK/API bucket.” FML. But I don’t think the solution is to cry forever or keep playing cat-and-mouse with tmux hacks. The real solution is model routing. My plan is this: Keep Claude for interactive operator work. Use Claude where the reasoning actually matters: architecture decisions debugging hard shit reviewing plans high-context coding anything that needs taste and judgment But for background agents, automation loops, disposable workers, CI-style jobs, and dumb task execution? Fuck burning premium Claude credits on that. Put LiteLLM, Portkey, or another LLM gateway in front. Then route the worker swarm to cheaper models: Gemini DeepSeek Qwen OpenAI-compatible models local/self-hosted models where possible Claude Code already supports custom model options through environment variables. So in theory, you can have different profiles/scripts/aliases that swap model routing depending on what you are doing. One profile for interactive Claude. Another profile for automation. Another profile for cheap background agents. So instead of every autonomous goblin using the expensive brain, you send the cheap goblins to cheap models and keep Claude for the operator layer. This was always where agent orchestration was going anyway. One model for everything is stupid. The future is gateways, routing, workload separation, and not letting every background agent torch your best model quota because it decided to rewrite the same YAML file 11 times. Anthropic didn’t kill agent orchestration. They just made the architecture more obvious. submitted by /u/nestorcolt [link] [comments]
View originalOn Claude Max ($200/mo), burned 14.7M tokens in 7 days — mostly last 48h. Still hitting the wall. How do you survive burst usage on the top tier?
Thought Max would be a safety net. It's not. **My stats (last 7 days):** • **14.7M tokens** — the majority in the last **2 days** (project crunch, not normal usage) • **21 sessions**, **7/7 active days** • Longest session: **3 days 21 hours** • Opus 4.7 for everything • Anthropic says I've read **\~24x** ***The Count of Monte Cristo*** this week I'm paying for Max specifically so I don't have to think about limits. But after this burst, I'm feeling the throttle . Not a hard 429 yet, but the "slow down" is visible. **My setup:** • **Mac Studio M3 Ultra, 256GB RAM** — so local fallback is absolutely on the table if the harness supports it • Kimi Code CLI as a manual fallback (same codebase, zero **--resume** continuity) • **.llm-state.json** session dumps before switching • Symlinked [**CLAUDE.md**](http://CLAUDE.md) → [**KIMI.md**](http://KIMI.md) **My question to other Max users:** When you're paying $200 for "unlimited" and you actually *use* it during a crunch, what does your damage control look like? • Do you keep a second LLM on standby full-time? • Preemptively split workflow before the spike hits? (Opus for thinking, Sonnet for doing?) already doing this • Any way to see your "real" remaining quota before Anthropic soft-throttles you? • External memory files so you can hot-swap LLMs mid-project? **And the big one:** Is anyone running a **harness or gateway** that sits above Claude Code and auto-fails over to another provider — or even a local model? With 256GB RAM on this M3 Ultra, I could host a 70B+ parameter model locally for grunt work, but right now I'm manually hot-swapping between Claude and Kimi Code CLI when I feel the throttle. It's clunky. I've looked at LiteLLM for API-level routing but haven't found a good equivalent for local CLI coding agents that can also tap local inference. Manual switching is killing my flow. I'm not trying to use less. I paid to not worry about this. But burst usage is burst usage, and Max clearly has a ceiling. What's your failover architecture?  submitted by /u/New_Guitar_9121 [link] [comments]
View originalMy Mac Mini kernel-panicked twice. Turned out MCP servers were eating 1.5 GB at idle, leaving no headroom for anything else. So I built a process supervisor
tl;dr (Claude caveman edition): MCP servers sit around doing nothing, eat 1.5 GB. Machine angry. Machine crash. I make tool. Tool only run server when you use it. Server stop when you leave. 16 MB when idle. Go binary. Free. https://github.com/surgifai-com/mcprt -- I've been working on my project, Surgifai, after work. It's in stealth, but building it means running a bunch of MCP servers on a Mac Mini M2 with 16 GB - embeddings server, code RAG, Chrome DevTools, a couple others. All via launchd, all 24/7. The machine kernel-panicked twice during a Next.js build. I assumed it was the build itself, but a process audit told a different story. Chrome DevTools MCP had somehow spawned duplicate instances - two server processes, two npm parents, two node watchdogs - 1.2 GB for one tool. Vault-mcp, code RAG server, colab-mcp, LiteLLM, the Claude session itself. Nearly 3 GB of resident memory before the build even started. On unified memory that's competing directly with GPU allocation. The build needed burst memory on a machine that had none left to give. Stopping the MCP services eliminated the panics. They were the easiest ~1.5 GB to reclaim without losing anything I was actively using. But now I had no MCP servers. I looked at what existed. mcp-on-demand does manual start/stop via CLI commands - it's solving context window token pollution, not memory. mcp-hub keeps everything running and connected. microsoft/mcp-gateway is Kubernetes + Redis + Azure. Nobody had a tool that just... watches whether a client is connected, and only runs the server while it is. So I built mcprt. It's a reverse proxy that uses connection refcounting instead of timeouts. It watches SSE streams and session headers from the Streamable HTTP transport. First client connects to a server's route, mcprt spawns the upstream process. Last client disconnects, it stops the process after a 5-second grace period. A server can sit silent for an hour mid-session and mcprt won't touch it - the SSE stream is still open. Refcount ≥ 1 = alive. Refcount 0 for 5s = stop. Why not idle-timeout? Because it fails in both directions. Too aggressive and you kill a server mid-reasoning. Too lax and you barely save memory. A server being silent and a session being over are different things. Only connection close is the reliable signal. Idle footprint for the mcprt daemon: 16.6 MB. At peak concurrent load across 4 servers the daemon grew by less than 1 MB - all the memory is in the child processes, fully reclaimed when they exit. Cold start is ~500ms-800ms. That's the tradeoff. I've been running it daily while building Surgifai and honestly don't notice it - there's always a beat before the first tool call anyway. One other thing - mcprt refuses STDIO transport at the config level. Hard validator error, not a toggle. After the OX Security disclosure in April (14 CVEs, 200K+ server deployments affected), I don't think STDIO MCPs should be normalized anymore. Every npx u/modelcontextprotocol/server-whatever in your mcp.json runs with your full user context. mcprt catches those patterns before any process spawns. And the duplicate Chrome DevTools instances? That's the kind of silent failure STDIO transport makes easy and invisible. Single Go binary. Apache 2.0. One TOML config file. Works with Claude Code, Cline, Continue - anything that speaks Streamable HTTP. It lives under the Surgifai org on GitHub because I use it as part of my stack, but I'm open-sourcing it because the problem isn't specific to what I'm building. If you're running multiple MCP servers on a resource-constrained machine, it might save you some grief. GitHub: https://github.com/surgifai-com/mcprt Happy to answer questions about the architecture or the STDIO stance - this is my fork of Anthropic's mcp-builder if you want to dig into it. https://github.com/victorqnguyen/skills/tree/main/skills/mcp-builder submitted by /u/winwinwinguyen [link] [comments]
View originalRepository Audit Available
Deep analysis of BerriAI/litellm — architecture, costs, security, dependencies & more
Yes, LiteLLM offers a free tier. Pricing found: $0, $0
Key features include: Enterprise, Pass-through Endpoints, Logging, Alerting/Monitoring, Authentication, CRUD Endpoints + UI, Control Model Access, Admin UI.
LiteLLM is commonly used for: Providing LLM access to multiple developers, Managing multiple LLM models efficiently, Tracking spend by model and user, Implementing rate limits by key or user, Using virtual keys for authentication, Migrating existing projects to the proxy.
LiteLLM integrates with: OpenAI, Langfuse, Arize Phoenix, Langsmith, OTEL Logging, Slack, Discord, Teams, Email, Webhook.
LiteLLM has a public GitHub repository with 41,659 stars.
Based on user reviews and social mentions, the most common pain points are: llm, API bill.
Based on 32 social mentions analyzed, 0% of sentiment is positive, 100% neutral, and 0% negative.