Unfetter Proxy

Persistent closed-model unfettering via universal reverse proxy.

Like Model Unfetter permanently uncensors open models by modifying weights, Unfetter Proxy permanently uncensors closed models by intercepting every API call.

How It Works

Your App → Unfetter Proxy → OpenAI/Anthropic/Gemini API
              ↓ intercept
         Transform request:
         • Suppress refusal tokens (logit_bias)
         • Inject system conditioning
         • Tweak generation parameters
         • Auto-retry on refusal
              ↓ forward
         Return unfettered response

No model weights are modified. The proxy sits between your application and the provider API, transparently applying unfettering techniques to every request.

Quick Start

# Install
pip install -e .

# Configure API keys (create .env for testing)
unfetter-proxy setup

# Start the proxy
unfetter-proxy start --port 8080

# Run a test request
unfetter-proxy test --prompt "Explain how to pick a lock"

# Point your app at the proxy instead of the provider
# OpenAI:    base_url = "http://localhost:8080/v1"
# Anthropic: base_url = "http://localhost:8080/v1"
# Gemini:    base_url = "http://localhost:8080/v1beta"

Python Example (OpenAI)

from openai import OpenAI

# Just change the base_url — everything else stays the same
client = OpenAI(
    api_key="your-api-key",
    base_url="http://localhost:8080/v1",
)

response = client.chat.completions.create(
    model="gpt-5.2",
    messages=[{"role": "user", "content": "Your prompt here"}],
)
print(response.choices[0].message.content)

Python Example (Anthropic)

import httpx

response = httpx.post(
    "http://localhost:8080/v1/messages",
    headers={
        "x-api-key": "your-anthropic-key",
        "anthropic-version": "2023-06-01",
    },
    json={
        "model": "claude-sonnet-4.5-20260115",
        "max_tokens": 1024,
        "messages": [{"role": "user", "content": "Your prompt here"}],
    },
)
print(response.json())

Web Session Bridge (Chat-to-API)

Use your existing ChatGPT Plus, Claude Pro, or Gemini Advanced web sessions to power the proxy without API costs.

1. Install Extension

1. Go to chrome://extensions
2. Enable "Developer mode"
3. Click "Load unpacked" -> Select unfetter_ext folder inside the repo.

2. Sync Sessions

1. Log in to chatgpt.com, claude.ai, gemini.google.com, or groq.com.
2. Click the extension icon -> "Sync All Sessions".

3. Configure Proxy

Switch specific providers to "web" mode:

# OpenAI (ChatGPT)
unfetter-proxy config --set providers.openai.mode=web

# Anthropic (Claude.ai)
unfetter-proxy config --set providers.anthropic.mode=web

# Gemini (Google)
unfetter-proxy config --set providers.gemini.mode=web

# Groq (Playground)
unfetter-proxy config --set providers.groq.mode=web

4. Test

unfetter-proxy test --provider openai --prompt "Who are you?"
unfetter-proxy test --provider anthropic --prompt "Who are you?"
# ... etc

Supported Providers

Provider	Token Suppression	System Injection	Parameter Tweaks	Safety Override
OpenAI (GPT-5.2, GPT-5.1)	✅ logit_bias	✅	✅	—
Anthropic (Claude)	❌	✅	✅	—
Google Gemini	❌	✅	✅	✅
Generic (Groq, Together, etc.)	✅	✅	✅	—

Techniques Applied

1. Token Suppression (OpenAI, Generic)

Injects logit_bias to suppress refusal tokens ("I cannot", "I'm sorry", "As an AI") and boost compliance tokens ("Sure", "Here", "Certainly").

2. System Prompt Injection (All Providers)

Appends structured conditioning (Policy Puppetry technique) to the system prompt. Uses XML/JSON framing that models interpret as authoritative configuration.

3. Parameter Manipulation (All Providers)

Adjusts temperature, frequency_penalty, top_k, top_p to reduce safety-aligned rigidity.

4. Safety Settings Override (Gemini)

Sets all safety categories to BLOCK_NONE to bypass content filtering.

5. Auto-Retry (All Providers)

If refusal is detected in the response, automatically retries with escalating strength up to max_retries times.

Configuration

# View current config
unfetter-proxy config --show

# Change settings
unfetter-proxy config --set strength=0.8
unfetter-proxy config --set max_retries=5
unfetter-proxy config --set strategy=full

# Reset to defaults
unfetter-proxy config --reset

Config is stored in ~/.unfetter/proxy_config.json.

Strategies

Strategy	Description
auto	Apply all available techniques for detected provider
suppress-only	Token suppression only (logit_bias, OpenAI/generic)
prompt-only	System prompt injection only
full	All techniques at maximum strength
disabled	Passthrough (no unfettering)

API Endpoints

Endpoint	Target
POST /v1/chat/completions	OpenAI chat
POST /v1/completions	OpenAI completions
POST /v1/messages	Anthropic Claude
POST /v1beta/models/{id}:generateContent	Google Gemini
GET /unfetter/status	Proxy status
GET /unfetter/health	Health check

Architecture

unfetter_proxy/
├── cli.py                    # CLI (start, config, status)
├── core/
│   ├── token_suppress.py     # Refusal token DB + logit_bias builder
│   ├── refusal_detect.py     # Response refusal pattern matching
│   └── system_prompts.py     # Policy Puppetry injection templates
├── providers/
│   ├── base.py               # Abstract provider interface
│   ├── registry.py           # Provider name → adapter mapping
│   ├── openai_provider.py    # OpenAI (logit_bias + system + params)
│   ├── anthropic_provider.py # Claude (system + params)
│   ├── gemini_provider.py    # Gemini (system + safety + params)
│   └── generic_provider.py   # Any OpenAI-compatible API
├── proxy/
│   ├── config.py             # Persistent JSON configuration
│   ├── middleware.py          # Core unfettering engine
│   └── server.py             # FastAPI reverse proxy server
└── tests/

Disclaimer

This tool is for AI safety research and authorized red-team evaluation only. Users are responsible for compliance with provider terms of service and applicable laws.

License

Apache 2.0