Phlox-GW v0.1.0 — Initial Release
Phlox-GW v0.1.0 is the first release of the self-hosted Phlox enterprise LLM gateway.
Phlox-GW provides a single place to publish model routes, issue user API keys, enforce budgets and rate limits, apply guardrails, and report usage for chargeback. The gateway API and administration dashboard are packaged together as one Go binary.
Highlights
Provider-neutral LLM access
- OpenAI-compatible
/v1/modelsand/v1/chat/completionsendpoints. - Anthropic-compatible
/anthropic/v1/messagesendpoint. - Streaming and non-streaming request support.
- Translation between OpenAI, Anthropic Messages, and AWS Bedrock protocols.
- Support for:
- OpenAI
- Anthropic
- Azure OpenAI
- Claude in Azure AI Foundry
- Google Gemini
- AWS Bedrock
- Ollama
- OpenRouter
- LiteLLM
- vLLM
- LM Studio
- Other OpenAI-compatible services
- Claude Code can connect through the Anthropic-compatible endpoint.
Governance and routing
- Local users, administrators, and user-owned API keys.
- Optional Entra ID or other OIDC single sign-on.
- User, department, provider, model, and API-key RPM/TPM limits.
- User, department, and API-key monthly budgets.
- Per-model input and output pricing.
- Stable public route aliases.
- Fallback routes, retries, request timeouts, weighted traffic splitting, provider health tracking, and circuit-open blocking.
- Built-in PII and API-key guardrails with redaction and blocking policies.
Operations and reporting
- Embedded browser administration dashboard.
- Usage, cost, latency, request, error, provider, and model reporting.
- Monthly user and department chargeback.
- Budget burn-down views and CSV exports.
- Searchable request metadata without storing prompt or response content by default.
- Audit logging for authentication and administrative changes.
- Signed, sanitized configuration exports that exclude credentials.
- Optional Prometheus metrics and OpenTelemetry trace export.
- SQLite for single-process deployments.
- Postgres support for single-node and multi-node deployments.
Secure first-run setup
A new database receives a cryptographically random temporary administrator password. The password is displayed once in the startup terminal or protected service log.
Sign in as admin with the temporary password. Phlox-GW blocks all other dashboard actions until a permanent password is selected, and password rotation invalidates every session issued with the temporary credential.
There is no default admin password.
Downloads
Choose the binary matching your platform from the release assets:
| Platform | Asset |
|---|---|
| macOS Apple silicon | phlox-gw-darwin-arm64 |
| Linux x86-64 | phlox-gw-linux-amd64 |
| Linux ARM64 | phlox-gw-linux-arm64 |
| Windows x86-64 | phlox-gw-windows-amd64.exe |
| Windows ARM64 | phlox-gw-windows-arm64.exe |
The release also includes checksums.txt containing SHA-256 hashes for all five binaries.
The binaries are not currently code-signed or notarized. macOS and Linux users may need to make the downloaded file executable:
chmod +x phlox-gw-darwin-arm64Verify the download
On macOS:
shasum -a 256 -c checksums.txtOn Linux:
sha256sum --check checksums.txtOn Windows PowerShell, compare the output of:
Get-FileHash .\phlox-gw-windows-amd64.exe -Algorithm SHA256with the corresponding entry in checksums.txt.
Inspect the embedded release identity without starting the gateway:
./phlox-gw-darwin-arm64 --versionQuick start
Start the downloaded binary:
./phlox-gw-darwin-arm64Open:
http://127.0.0.1:8080
Use the temporary administrator password shown in the startup banner, then choose a permanent password.
Before shared or production use, configure a persistent data directory and session secret:
export PHLOX_GW_DATA_DIR="/var/lib/phlox-gw"
export PHLOX_GW_SESSION_SECRET="$(openssl rand -base64 48)"
./phlox-gw-linux-amd64Phlox-GW serves HTTP directly. Production deployments should place it behind a TLS-terminating reverse proxy or load balancer.
Important limitations
Phlox-GW v0.1.0 is a pre-1.0 release. Configuration and database behavior may evolve in later minor releases.
Known limitations include:
- The binaries are not code-signed or notarized.
- TLS must terminate at an external reverse proxy or load balancer.
- Directly stored provider credentials are not encrypted at rest. Environment-variable references are recommended for production.
- SQLite supports one Phlox-GW process and must not be shared between nodes.
- Strict RPM/TPM enforcement may be race-prone under high concurrency across multiple Postgres-backed cluster nodes.
- Cost is known after an upstream response, so the request that crosses a budget can complete before subsequent requests are blocked.
- TPM enforcement uses completed ledger entries, so the request crossing a TPM threshold can complete.
- Google Vertex AI, the OpenAI Responses API, embeddings, official containers, Kubernetes packaging, and signed configuration import are not included in this release.
Back up the SQLite database or Postgres database before upgrading to a future version.
Documentation
Release validation
This release is built with Go 1.26.5. The release pipeline runs formatting checks, go vet, the standard test suite, the race detector, and a pinned Go vulnerability scan. All published binaries are generated from the tagged source and covered by checksums.txt.
Thank you for trying the first public release of Phlox-GW. Issues and feedback are welcome through the GitHub issue tracker.
Full Changelog: v0.1.0...v0.1.0