Scope: this file applies to the local LiteLLM proxy in C:\Users\user\.codex\litellm-proxy, exposed only on 127.0.0.1:4000 for Codex and local tests.
- Local Codex route: no LiteLLM bearer token is required while the proxy is bound to
127.0.0.1; provider API keys still come only from environment variables. - Secret handling: provider keys stay in user/process environment variables, not in YAML, scripts, logs, or Git.
- Local-only network binding:
start-litellm-proxy.ps1starts LiteLLM on127.0.0.1only. - Startup safety:
start-litellm-proxy.ps1checks the launcher, config, Python runtime, and keeps the proxy on localhost. - Reduced sensitive logging:
disable_spend_logs: trueandset_verbose: falseare kept enabled. - Router resilience: retries, timeouts, pre-call checks, cooldowns, fallbacks, context-window fallbacks, and allowed-failure policy are configured in
config.yaml. - Health monitoring: background health checks and health-aware routing remain enabled.
- Run
set-api-keys.ps1and set whichever upstream provider keys you use, such asGEMINI_API_KEY,OPENAI_API_KEY, orHF_TOKEN. - Restart Codex terminals after changing user environment variables.
- Start with
start-litellm-proxy.ps1; it should bind to127.0.0.1:4000only. - Check readiness with
status-litellm-proxy.ps1. - Validate routing with
Test-CodexLiteLLMDispatch.ps1before relying on the proxy for long jobs. - Keep prompts, provider keys, bearer tokens, and PII out of issue reports and logs.
- If the proxy is ever exposed beyond localhost, re-enable a LiteLLM master key and rotate it after sharing the machine, exporting diagnostics, or changing trust boundaries.
- Do not commit real API keys or LiteLLM master keys.
- Do not bind the proxy to
0.0.0.0unless it is behind explicit authentication, firewall rules, and network policy. - Do not enable verbose LiteLLM logging for production-like sessions that may include prompts, user data, or secrets.
- Keep high-risk models behind named aliases such as
codex-deep; callers should not bypass router policy with raw provider names. - Prefer environment-backed secrets (
os.environ/...) for every provider credential. - Review model aliases before adding a new provider so fallback behavior, context-window fallback, and failure thresholds are intentional.
- 80 percent budget pressure: prefer
codex-lightor cheaper fallback aliases for routine tasks. - 90 percent budget pressure: reserve
codex-deepand premium providers for explicitly high-value work. - Provider instability: rely on health-aware routing, cooldowns, and configured fallbacks before manually retrying the same provider repeatedly.
- Long-context pressure: use the configured context-window fallback chain instead of increasing max tokens blindly.
Before exposing this outside localhost, add the platform controls from the production guide:
- Pin container images by digest and scan them in CI.
- Run as non-root with read-only filesystem, dropped capabilities, and
no-new-privileges. - Put secrets in a secret manager or orchestrator secret, never in
config.yamlor Dockerfiles. - Add ingress allow-lists, egress controls, and network policies for provider endpoints.
- Enable centralized metrics and audit logging with redaction for secrets, prompts, and PII.
- Define circuit-breaker states and alerts for provider error rates, latency, budget exhaustion, and fallback surges.