Providers

Back to home

V1 Honesty: OffRouter routes delegated work. It does not replace your harness's primary model call.

Provider Order

OffRouter uses this priority:

  1. Apply hard policy filters: profile allowlist, work-profile deny rules, provider deny rules, task capability requirements, privacy constraints, and cost constraints.
  2. Use healthy subscription-backed capacity first.
  3. Use local/private runtime capacity when policy or the task calls for local execution, low cost, or private capacity.
  4. Use user-provided API keys only as explicit and audited fallback.

Subscription-Backed Capacity

Use the provider's official login or account surface. OffRouter does not scrape credentials from another tool or private store.

[providers.claude-subscription]
enabled = true

[providers.codex-subscription]
enabled = true

[providers.gemini-subscription]
enabled = true

Add to ~/.offrouter/config.toml under an allowlisted personal profile.

Local Runtime Capacity

Local runtimes are useful for sensitive prompts, low-cost background work, and offline tests.

export OLLAMA_HOST=http://127.0.0.1:11434
[providers.ollama]
enabled = true

For MLX-like local runtimes, bind to localhost and add the matching provider id.

API-Key Fallback

API keys are fallback capacity, not the first route. Use them only when:

The CLI detects these env vars by name only (never prints values):

ANTHROPIC_API_KEY
OPENAI_API_KEY
OPENROUTER_API_KEY
XAI_API_KEY
GOOGLE_API_KEY
GEMINI_API_KEY
OFFROUTER_API_KEY

Example profile with fallback enabled:

id = "claude-personal"
subscription_first = true
allow_api_key_fallback = true

Keep API keys in your shell, OS secret store, or provider-supported auth surface. Do not put secret values in config files.

Verify

offrouter doctor --json
offrouter status --providers --json