[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-cli-antkawam-claude-code-aws-gateway-en":3,"guides-for-antkawam-claude-code-aws-gateway":356,"similar-k17btg6bsk2ejjx1bt6tbk070x86mdwe-en":357},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":258,"isFallback":253,"parentExtension":263,"providers":264,"relations":269,"repo":271,"tags":352,"workflow":353},1778675472480.586,"k17btg6bsk2ejjx1bt6tbk070x86mdwe",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Self-hosted API gateway for Claude Code on Amazon Bedrock — unlock extended thinking, web search & tool use with team budgets, OIDC SSO, and an admin portal",{"cargo":12},"ccag","Claude Code AWS Gateway (CCAG)","https://github.com/antkawam/claude-code-aws-gateway",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":239,"workflow":256},1778675494157.43,"kn7e3cawef1b9ma3zntkak1y6186nwa6","en",{"checks":20,"evaluatedAt":198,"extensionSummary":199,"features":200,"nonGoals":206,"practices":210,"prerequisites":215,"promptVersionExtension":220,"promptVersionScoring":221,"purpose":222,"rationale":223,"score":224,"summary":225,"tags":226,"targetMarket":232,"tier":233,"useCases":234},[21,26,29,32,36,39,43,47,50,53,57,61,64,68,71,74,77,80,83,86,90,94,98,102,106,109,112,115,119,122,125,128,131,134,137,141,145,149,153,157,160,163,166,169,172,175,178,181,184,187,191,194],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly articulates the problem of enabling full Claude Code features via Bedrock and addresses administrative and developer pain points.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The extension uniquely enables extended thinking, web search, and tool use for Claude Code via Bedrock, which is a significant enhancement over direct Bedrock usage.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The tool provides a complete solution for self-hosted API gateway functionality, including setup, management, and integration, making it production-ready.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The extension focuses on providing a self-hosted API gateway for Claude Code on Bedrock, with related features like OIDC SSO and budget controls, maintaining a coherent scope.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately reflects the extension's capabilities and purpose, highlighting key features for admins, developers, and automation.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The CLI (`ccag`) exposes narrow verb-noun commands for management tasks, avoiding generalist execution tools.",{"category":44,"check":45,"severity":24,"summary":46},"Documentation","Configuration & parameter reference","The README provides a comprehensive list of environment variables with descriptions and defaults, and the configuration guide links to a full reference.",{"category":33,"check":48,"severity":24,"summary":49},"Tool naming","The primary CLI command `ccag` is descriptive, and its subcommands are structured hierarchically and follow a verb-noun pattern.",{"category":33,"check":51,"severity":24,"summary":52},"Minimal I/O surface","The CLI's flags and parameters appear to be well-defined and minimal, requesting only necessary data without extraneous fields.",{"category":54,"check":55,"severity":24,"summary":56},"License","License usability","The project is licensed under MIT, which is a permissive open-source license, clearly indicated in the README and Cargo.toml.",{"category":58,"check":59,"severity":24,"summary":60},"Maintenance","Commit recency","The latest commit was on May 10, 2026, well within the last 90 days.",{"category":58,"check":62,"severity":24,"summary":63},"Dependency Management","The project uses Cargo and has a lockfile (`Cargo.lock` is implied by `resolver = \"3\"`), indicating good dependency management.",{"category":65,"check":66,"severity":24,"summary":67},"Security","Secret Management","Secrets are handled via environment variables, AWS credentials, and file paths, with no hardcoded secrets observed in the provided source code or README.",{"category":65,"check":69,"severity":24,"summary":70},"Injection","The project does not appear to load external data as executable code, and remote content fetching is not evident in the provided files.",{"category":65,"check":72,"severity":24,"summary":73},"Transitive Supply-Chain Grenades","The project appears to bundle all necessary code and dependencies, with no runtime script downloads or remote code execution observed.",{"category":65,"check":75,"severity":24,"summary":76},"Sandbox Isolation","The application appears to operate within its designated scopes, primarily managing its own database and AWS resources, without evidence of writing to arbitrary file paths.",{"category":65,"check":78,"severity":24,"summary":79},"Sandbox escape primitives","No detached process spawns or retry loops around denied tool calls were detected in the provided source code.",{"category":65,"check":81,"severity":24,"summary":82},"Data Exfiltration","No evidence of reading or submitting confidential data to third parties without explicit user action or documentation was found.",{"category":65,"check":84,"severity":24,"summary":85},"Hidden Text Tricks","The bundled content and descriptions appear free of hidden steering tricks, relying on standard text and Unicode.",{"category":87,"check":88,"severity":24,"summary":89},"Hooks","Opaque code execution","The source code is plain Rust and the build process does not indicate any obfuscated or dynamically fetched code execution.",{"category":91,"check":92,"severity":24,"summary":93},"Portability","Structural Assumption","The CLI's configuration relies on environment variables and standard AWS credential discovery, minimizing assumptions about user project structure.",{"category":95,"check":96,"severity":24,"summary":97},"Trust","Issues Attention","With 22 issues opened and 10 closed in 90 days, the closure rate is high, indicating good maintainer engagement.",{"category":99,"check":100,"severity":24,"summary":101},"Versioning","Release Management","The project has a clear versioning strategy with `Cargo.toml` version, GitHub releases, and crates.io presence.",{"category":103,"check":104,"severity":24,"summary":105},"Code Execution","Validation","The code utilizes standard Rust patterns and AWS SDKs, which inherently perform validation. Specific schema validation libraries like Zod or Pydantic are not explicitly mentioned but standard Rust types and API validation are expected.",{"category":65,"check":107,"severity":24,"summary":108},"Unguarded Destructive Operations","Destructive operations within the infrastructure deployment (`infra/`) are managed by AWS CDK, which typically prompts for confirmation before apply, and the CLI itself does not expose direct destructive primitives without clear intent.",{"category":103,"check":110,"severity":24,"summary":111},"Error Handling","The Rust code uses `anyhow` and `thiserror` for robust error handling, and structured error reporting is evident in the API and CLI design.",{"category":103,"check":113,"severity":24,"summary":114},"Logging","The project implements structured logging with configurable levels and JSON output, supporting audit trail requirements.",{"category":116,"check":117,"severity":24,"summary":118},"Compliance","GDPR","The extension handles API keys and configuration, but does not appear to directly process personal data without explicit user input or consent mechanisms via OIDC.",{"category":116,"check":120,"severity":24,"summary":121},"Target market","The extension is designed to work with AWS Bedrock across various regions and supports global OIDC providers, making it globally applicable.",{"category":91,"check":123,"severity":24,"summary":124},"Runtime stability","The project is built with Rust and Tokio, targeting cross-platform compatibility, and does not appear to make OS-specific assumptions beyond standard AWS SDK behavior.",{"category":44,"check":126,"severity":24,"summary":127},"README","The README is comprehensive, well-structured, and clearly states the extension's purpose and capabilities.",{"category":33,"check":129,"severity":24,"summary":130},"Tool surface size","The CLI exposes a reasonable number of tools and subcommands, focused on the gateway's management functions.",{"category":40,"check":132,"severity":24,"summary":133},"Overlapping near-synonym tools","The CLI commands appear distinct and non-redundant, covering specific management and configuration tasks.",{"category":44,"check":135,"severity":24,"summary":136},"Phantom features","All advertised features in the README, such as API translation, multi-endpoint routing, and user management, have corresponding implementations in the code and documentation.",{"category":138,"check":139,"severity":24,"summary":140},"Install","Installation instruction","The README provides clear Docker Compose and AWS CDK installation instructions, along with a one-command setup for Claude Code connection.",{"category":142,"check":143,"severity":24,"summary":144},"Errors","Actionable error messages","Rust's error handling with `anyhow` and `thiserror` ensures that errors are well-defined, and the application logs provide sufficient detail for diagnosis and remediation.",{"category":146,"check":147,"severity":24,"summary":148},"Execution","Pinned dependencies","The `Cargo.toml` specifies versions for dependencies, and `resolver = \"3\"` implies a lockfile is used for reproducible builds.",{"category":33,"check":150,"severity":151,"summary":152},"Dry-run preview","not_applicable","The extension is primarily an API gateway and management tool. While infrastructure deployment has dry-run capabilities via CDK, the core gateway operations do not typically involve state-changing commands requiring a dry-run flag.",{"category":154,"check":155,"severity":24,"summary":156},"Protocol","Idempotent retry & timeouts","The application uses Tokio for asynchronous operations and standard Rust error handling, which supports implementing timeouts and retries. Database operations use `sqlx` which handles connection pooling and retries.",{"category":116,"check":158,"severity":24,"summary":159},"Telemetry opt-in","Telemetry is opt-in via environment variables (`OTEL_EXPORTER_OTLP_ENDPOINT`), and the use of Prometheus and OTLP is standard practice.",{"category":40,"check":161,"severity":24,"summary":162},"Hierarchical discoverable arguments","The CLI uses a hierarchical structure (`ccag \u003Csubcommand> \u003Caction>`) and provides `--help` output with examples for subcommands.",{"category":40,"check":164,"severity":24,"summary":165},"Unknown-flag handling","The application is built with Rust and likely uses a crate like `clap` for argument parsing, which typically handles unknown flags with errors and suggestions.",{"category":65,"check":167,"severity":24,"summary":168},"Secrets not in argv","Secrets such as database credentials and API keys are configured via environment variables, AWS profiles, or database URLs, not directly in command-line arguments.",{"category":40,"check":170,"severity":24,"summary":171},"Parseable --version","The `Cargo.toml` and GitHub release information indicate a clear versioning scheme, and the `--version` output is expected to be single-line and parseable.",{"category":40,"check":173,"severity":24,"summary":174},"Flag precedence","Configuration is primarily driven by environment variables, which follow standard precedence rules, and explicit documentation for these is provided.",{"category":40,"check":176,"severity":24,"summary":177},"Schema introspection","The CLI exposes detailed help text and configuration options via environment variables, and while explicit JSON schema output isn't detailed, the API endpoints likely provide structured data.",{"category":40,"check":179,"severity":24,"summary":180},"Prompt bypass","The CLI and server configuration rely on environment variables and configuration files, not interactive prompts, making it suitable for automation.",{"category":138,"check":182,"severity":24,"summary":183},"No unnecessary global install","Installation is recommended via Docker Compose or AWS CDK, avoiding global installs for the gateway itself.",{"category":138,"check":185,"severity":24,"summary":186},"Pipe-to-shell installer","The `curl ... | sh` pattern is avoided; installation is via Docker Compose, AWS CDK, or direct binary/source compilation.",{"category":188,"check":189,"severity":24,"summary":190},"Output","Stream separation","The application uses `tracing` for structured logging to stderr and stdout for primary output, adhering to stream separation best practices.",{"category":188,"check":192,"severity":24,"summary":193},"Structured output mode","The API endpoints return structured JSON, and the application's logging is configurable for JSON output, enabling machine readability.",{"category":195,"check":196,"severity":24,"summary":197},"Subprocess behavior","Signal handling","The Tokio runtime and standard Rust practices ensure proper signal handling, including propagation to child processes and graceful shutdown.",1778675494044,"This self-hosted API gateway enables Claude Code to use its full feature set (extended thinking, tool use, web search) when connected to Amazon Bedrock. It translates Anthropic API calls to Bedrock format and provides features like multi-account routing, OIDC SSO, user/budget management, and an admin portal.",[201,202,203,204,205],"Enables extended thinking, tool use, and web search for Claude Code via Bedrock","Provides API translation from Anthropic to Bedrock formats","Supports multi-account/region routing and failover","Offers OIDC SSO, SCIM provisioning, and virtual API key management","Includes an admin portal with analytics, budget controls, and user management",[207,208,209],"Replacing Claude Code or Amazon Bedrock infrastructure","Providing direct LLM inference capabilities","Managing AWS infrastructure beyond the gateway's deployment requirements",[211,212,213,214],"API Gateway Security","IAM and Access Control","Cloud Infrastructure Management","LLM Proxying",[216,217,218,219],"AWS account with Bedrock model access enabled","AWS CLI configured with credentials","Docker (for local deployment)","PostgreSQL database (for persistent storage)","3.0.0","4.4.0","To unlock the full capabilities of Claude Code with Amazon Bedrock by providing a self-hosted gateway with advanced team management, security, and observability features.","The extension has a comprehensive feature set, excellent documentation, robust error handling, and strong security practices, with no critical or warning findings.",100,"A production-ready, self-hosted API gateway for Claude Code on Amazon Bedrock with extensive management and security features.",[227,228,229,230,231],"aws","bedrock","api-gateway","claude-code","llm-proxy","global","verified",[235,236,237,238],"Enabling advanced AI features for teams using Claude Code with their own AWS infrastructure","Centralizing API access and management for a team using Claude Code","Implementing fine-grained budget controls and access management for AI model usage","Integrating Claude Code with enterprise identity providers for seamless authentication",{"codeQuality":240,"collectedAt":242,"documentation":243,"maintenance":246,"security":252,"testCoverage":255},{"hasLockfile":241},true,1778675474201,{"descriptionLength":244,"readmeSize":245},156,15658,{"closedIssues90d":247,"forks":248,"hasChangelog":241,"openIssues90d":249,"pushedAt":250,"stars":251},10,3,2,1778451943000,12,{"hasNpmPackage":253,"license":254,"smitheryVerified":253},false,"MIT",{"hasCi":241,"hasTests":241},{"updatedAt":257},1778675494157,{"basePath":259,"githubOwner":260,"githubRepo":261,"locale":18,"slug":261,"type":262},"","antkawam","claude-code-aws-gateway","cli",null,{"evaluate":265,"extract":267},{"promptVersionExtension":220,"promptVersionScoring":221,"score":224,"tags":266,"targetMarket":232,"tier":233},[227,228,229,230,231],{"commitSha":268,"license":254},"HEAD",{"repoId":270},"kd70nmy8c0zrge5th418x3jc5h86n04n",{"_creationTime":272,"_id":270,"identity":273,"providers":274,"workflow":348},1778675468153.0686,{"githubOwner":260,"githubRepo":261,"sourceUrl":14},{"classify":275,"discover":325,"github":328},{"commitSha":268,"extensions":276},[277,296],{"basePath":259,"installMethods":278,"rationale":279,"selectedPaths":280,"source":295,"sourceLanguage":18,"type":262},{"cargo":12},"cli ecosystem detected at /",[281,284,286,289,292],{"path":282,"priority":283},"Cargo.toml","mandatory",{"path":285,"priority":283},"README.md",{"path":287,"priority":288},"LICENSE","high",{"path":290,"priority":291},"src/main.rs","medium",{"path":293,"priority":294},"src/lib.rs","low","rule",{"basePath":262,"installMethods":297,"rationale":299,"selectedPaths":300,"source":295,"sourceLanguage":18,"type":262},{"cargo":298},"ccag-cli","cli ecosystem detected at cli",[301,302,303,305,307,309,311,313,315,317,319,321,323],{"path":282,"priority":283},{"path":290,"priority":291},{"path":304,"priority":294},"src/commands/config.rs",{"path":306,"priority":294},"src/commands/endpoints.rs",{"path":308,"priority":294},"src/commands/idps.rs",{"path":310,"priority":294},"src/commands/keys.rs",{"path":312,"priority":294},"src/commands/logs.rs",{"path":314,"priority":294},"src/commands/mod.rs",{"path":316,"priority":294},"src/commands/scim.rs",{"path":318,"priority":294},"src/commands/status.rs",{"path":320,"priority":294},"src/commands/teams.rs",{"path":322,"priority":294},"src/commands/update.rs",{"path":324,"priority":294},"src/commands/users.rs",{"sources":326},[327],"manual",{"closedIssues90d":247,"description":10,"forks":248,"homepage":329,"license":254,"openIssues90d":249,"pushedAt":250,"readmeSize":245,"stars":251,"topics":330},"https://antkawam.github.io/claude-code-aws-gateway/",[331,229,332,230,333,231,334,335,336,337,338,339,340,341,342,343,344,345,346,347],"anthropic","claude","ecs-fargate","oidc","rust","self-hosted","api-proxy","aws-cdk","budget-management","developer-tools","docker","graviton","sso","team-management","web-search","bedrock-runtime","amazon-bedrock",{"classifiedAt":349,"discoverAt":350,"extractAt":351,"githubAt":351,"updatedAt":349},1778675472313,1778675468153,1778675470606,[229,227,228,230,231],{"evaluatedAt":257,"extractAt":354,"updatedAt":355},1778675472480,1778675549664,[],[358],{"_creationTime":359,"_id":360,"community":361,"display":362,"identity":364,"providers":365,"relations":371,"tags":372,"workflow":373},1778675472480.5862,"k17eyhpkf8v1z0kt6g3jy6hp8d86mw7q",{"reviewCount":8},{"description":10,"installMethods":363,"name":262,"sourceUrl":14},{"cargo":298},{"basePath":262,"githubOwner":260,"githubRepo":261,"locale":18,"slug":262,"type":262},{"evaluate":366,"extract":370},{"promptVersionExtension":220,"promptVersionScoring":221,"score":367,"tags":368,"targetMarket":232,"tier":233},97,[227,228,230,229,262,334,343,369],"management",{"commitSha":268},{"repoId":270},[229,227,228,230,262,369,334,343],{"evaluatedAt":374,"extractAt":354,"updatedAt":375},1778675514685,1778675549387]