@codefacility/bridge

Local bridge that lets the CodeFacility web app verify AI CLI tools installed on your machine.

Why it exists

Browsers cannot run shell commands. This bridge runs as a tiny local HTTP server on 127.0.0.1:7325 — reachable only from your machine — and checks whether CLIs like claude, codex, and gemini are installed and authenticated.

Usage

npx @seventysixty/codefacility-bridge

Run this once in any terminal. Keep it running while you use CodeFacility. Stop it with Ctrl+C.

Security

• Loopback only — binds to 127.0.0.1, never 0.0.0.0. External machines cannot connect.
• Origin allowlist — only accepts HTTP requests from codefacility.vercel.app and localhost dev servers.
• No arbitrary execution — the provider list and CLI commands are hardcoded. No user input is ever used to construct a shell command.
• execFile not exec — no shell is spawned; shell injection is not possible.
• No dependencies — uses only Node.js built-in modules.
• No writes, no outbound calls — reads credential files and environment variables only.

API

GET /health

{ "status": "ok", "version": "1.0.0" }

POST /cli-verify

// Request
{ "provider": "anthropic" }

// Response
{ "installed": true, "authenticated": true, "version": "1.0.5" }
{ "installed": true, "authenticated": false }
{ "installed": false, "authenticated": false }

Supported provider IDs: anthropic, openai, google, mistral, xai

How authentication is detected

The bridge checks two things (no API calls are made):

1. Credential files — known config/credential file locations for each CLI
2. Environment variables — e.g. ANTHROPIC_API_KEY, OPENAI_API_KEY

| Provider | CLI | Credential paths checked | |----------|-----|--------------------------| | Anthropic | claude | ~/.claude/.credentials.json | | OpenAI | codex | ~/.codex/config.json, OPENAI_API_KEY | | Google | gemini | ~/.gemini/credentials.json, GOOGLE_API_KEY | | Mistral | mistral | ~/.mistral/credentials.json, MISTRAL_API_KEY | | xAI | xai | ~/.xai/credentials.json, XAI_API_KEY |