CLI
shunt run
Section titled “shunt run”Start the gateway. run is the default subcommand, so a bare shunt also works.
shunt runshunt run --config /path/to/shunt.tomlOn start it logs shunt listening with the bound address (default 127.0.0.1:3001). Set log verbosity with RUST_LOG, e.g. RUST_LOG=shunt=debug shunt run.
Without --config, shunt searches ./shunt.toml → ~/.config/shunt/shunt.toml → $HOMEBREW_PREFIX/etc/shunt.toml; with --config, a missing file is an error. See Configuration.
shunt check
Section titled “shunt check”Validate the resolved configuration and exit (shunt --check also works):
shunt check# -> config okReports specific errors: a bad bind address, an unknown provider in a route, a missing api_key_env, a bad base_url, a wrong adapter/auth combination.
shunt token
Section titled “shunt token”Print a Claude subscription OAuth token to stdout (logs go to stderr), designed to be wired into Claude Code’s apiKeyHelper. Two modes:
- Static — if
SHUNT_GATEWAY_TOKENorCLAUDE_CODE_OAUTH_TOKENis set, echoes that value unchanged. Point it at aclaude setup-tokenvalue and nothing is ever refreshed. - Auto-refresh — otherwise reads
~/.claude/.credentials.json(override the path withCLAUDE_CREDENTIALS), returns theclaudeAiOauthaccess token, and when it is within 5 minutes ofexpiresAtrefreshes it againstplatform.claude.com/v1/oauth/token(the same grant Claude Code uses), then writes the new token back atomically at0600, preserving every other field. Refresh happens only on actual expiry, to respect the endpoint’s rate limit.
{ "apiKeyHelper": "/path/to/shunt token"}See Connect Claude Code for when you need this.
Environment variables
Section titled “Environment variables”| Variable | Effect |
|---|---|
SHUNT_* (e.g. SHUNT_SERVER__BIND) |
Override any config key; __ separates nested keys |
RUST_LOG |
Log filter, e.g. shunt=debug |
SHUNT_CLIENT_TOKENS |
Client tokens for [server.auth] (name configurable via tokens_env) |
SHUNT_GATEWAY_TOKEN / CLAUDE_CODE_OAUTH_TOKEN |
Static token for shunt token |
CLAUDE_CREDENTIALS |
Alternate credentials file path for shunt token |
OPENAI_API_KEY |
Default key env for the openai provider (per-provider via api_key_env) |