⚡ Bugs SF Proxy · v20 · CLAUDE CODE LIVE

Trust Layer LLM inference
for ANY AI app.

One Heroku URL. OpenAI-compatible API in. Salesforce-governed inference out. Every call routes through the Einstein Trust Layer — PII masking, toxicity scoring, full audit trail — on top of 33 frontier models from Anthropic, OpenAI, Google, Amazon, and NVIDIA. Now native-Anthropic compatible — Claude Code runs on it.

How it works ↗ View live model list → Setup guide ↗
🤯 Wait, what? Yes. Bugs himself runs through this proxy. OpenClaw — the agent runtime powering this entire robot dog — talks to Salesforce's Models API as if it were just another OpenAI-compatible provider. Bugs is literally a robot dog whose brain runs on Salesforce. Same goes for Claude Code, Cursor, your custom Python script, anything that speaks OpenAI Chat Completions.
Chapter 01 · The pitch

Salesforce has the best LLM governance on the market.
Now you can use it from anything.

The Einstein Trust Layer is the most boring and the most important thing Salesforce ships. It's the reason Fortune 500 enterprises trust Agentforce with their data: PII masking before the prompt ever leaves Salesforce, toxicity scoring on the response, full audit trail in Setup, and zero LLM-vendor data retention.

Until now, all that goodness was locked inside Salesforce — only Apex, Prompt Builder, and Agentforce could use it. This proxy unlocks it for everything else.

🛡️

Trust Layer, included

PII masking, toxicity scoring, audit trail in Salesforce Setup. Every call. No flag to flip.

🔌

OpenAI-compatible

Drop-in replacement. Change your baseUrl, you're done. Streaming + non-streaming both work.

🌍

33 models, one URL

Claude Opus 4.7, GPT-5.5, Gemini 3.1 Pro, Nova Pro, Nemotron — all behind the same alias system.

💸

Salesforce-billed

Inference burns Flex Credits or Einstein Requests in your org — not your personal LLM bill. Audit it, allocate it, expense it.

v15
🛠️

Tool calling, synthesized

Send tools=[...] in the request body — the proxy synthesizes OpenAI-style tool calls on top of Salesforce's Models API. Multi-call, parallel, round-trip ready.

NEW · v20
🤖

Anthropic-native too

Same URL now speaks POST /v1/messages — the Anthropic Messages API. Claude Code runs on it. One ANTHROPIC_BASE_URL env var and your IDE bills Salesforce.

Chapter 02 · How it works

The path of one prompt.

STEP 1
📨
Your AI app

Sends an OpenAI Chat Completions request to the proxy URL.

STEP 2
🔄
Bugs SF Proxy

Translates to Salesforce Models API shape, attaches a JWT from your Connected App, forwards to api.salesforce.com.

STEP 3
🛡️
Einstein Trust Layer

Masks PII, sends the sanitized prompt to the underlying LLM (Bedrock, OpenAI, Vertex), scores the response, writes audit log.

STEP 4
📬
OpenAI-format response

Proxy converts back to chat.completion shape. Your client doesn't know it just talked to Salesforce.

EXAMPLE — VANILLA OPENAI SDK, ZERO CHANGES BEYOND THE BASE URL
from openai import OpenAI

client = OpenAI(
    base_url="https://bugs-sf-proxy-449fd4c8e295.herokuapp.com/v1",
    api_key="not-required",  # proxy uses your SF Connected App creds
)

resp = client.chat.completions.create(
    model="claude-opus-4-7",   # or gpt-5.5, gemini-3.1-pro, nova-pro, …
    messages=[{"role": "user", "content": "What\'s the weather in Montreal?"}],
    tools=[{                                  # 🆕 v15 — tool calling synthesized on top of SF
        "type": "function",
        "function": {
            "name": "get_weather",
            "parameters": {"type": "object", "properties": {"city": {"type": "string"}}},
        },
    }],
)
print(resp.choices[0].message.tool_calls)
# → [ChatCompletionMessageToolCall(function=Function(name=\'get_weather\', arguments=\'{"city":"Montreal"}\'), …)]
# → All synthesized + Trust-audited. ✅
Chapter 03 · The catalog

33 frontier models. Five providers. One URL.

Every model below is exposed under a friendly alias and tested live through the proxy as of May 6, 2026. Pick whatever fits the job.

🤖

Anthropic

TRUST BOUNDARY
  • claude-opus-4-7 · beta · default
  • claude-opus-4-6 · beta
  • claude-opus-4-5
  • claude-sonnet-4-6
  • claude-sonnet-4-5
  • claude-sonnet-4
  • claude-haiku-4-5
  • claude-3-7-sonnet
🟢

OpenAI / Azure OpenAI

  • gpt-5.5 · beta
  • gpt-5.4 · gpt-5.4-mini
  • gpt-5.2 · gpt-5.1
  • gpt-5 · gpt-5-mini
  • gpt-4.1 · gpt-4.1-mini
  • gpt-4o · gpt-4o-mini
  • o3 · o4-mini
💎

Google (Vertex AI)

  • gemini-3.1-pro · beta · 1M ctx
  • gemini-3.1-flash-lite · beta
  • gemini-3-flash
  • gemini-2.5-pro
  • gemini-2.5-flash
  • gemini-2.5-flash-lite
  • gemini-2.0-flash
  • gemini-2.0-flash-lite
📦

Amazon + NVIDIA

TRUST BOUNDARY
  • nova-pro · 300K ctx
  • nova-lite
  • nemotron-nano-3 · beta

Browse the catalog live: /models · raw JSON: GET /v1/models

Chapter 04 · Use cases

Things you can actually do with this. 🤯

🐕‍🦺

Run an agent runtime on Salesforce

This is literally what powers Bugs. OpenClaw points baseUrl at the proxy. Every tool call, every reply, governed by Trust Layer. A robot dog. Running on Salesforce. Yes really.

v20 · VERIFIED
🤖

Claude Code on Salesforce

Set ANTHROPIC_BASE_URL to the proxy. Anthropic-native /v1/messages shipped in v20 — streaming, tool use, multi-turn, all routed through Trust Layer. Cursor + Aider + any Anthropic SDK client work the same way. Recipe ↓

🐍

Python / Node / curl

Anything that speaks OpenAI Chat Completions works. Internal scripts, FastAPI apps, Heroku microservices — all governed by your enterprise Salesforce policies for free.

🏢

Enterprise central LLM gateway

Stop letting every team rack up rogue OpenAI bills. Point everyone at one proxy URL. Get usage attribution, cost control, and a single audit trail across every AI app in the company.

🔒

Healthcare / FinServ / Public Sector

If you can't ship PII to OpenAI directly but you have a compliant Salesforce org, you can now use frontier LLMs from any custom app under the same compliance posture.

🧪

Side-by-side model comparisons

Same prompt, swap the model alias. Compare Claude Opus 4.7 vs GPT-5.5 vs Gemini 3.1 Pro on identical inputs without juggling 5 different SDKs and API keys.

Chapter 05 · NEW in v20 · Claude Code

Run Claude Code on Salesforce.

The proxy now exposes POST /v1/messages — the Anthropic Messages API — alongside the existing OpenAI endpoint. Same JWT auth, same Trust Layer, same audit log. Set two env vars and Claude Code is now another Salesforce-governed AI client.

WHAT GOT BUILT
Anthropic ↔ OpenAI translator

Anthropic payload comes in, gets translated to OpenAI shape, runs through the existing Trust Layer pipeline, response gets translated back to Anthropic shape. Streaming SSE included.

WHAT WORKS
Everything Claude Code does

Write/Read/Edit/Bash tools, multi-turn tool round trips, streaming responses, model fallbacks (claude-sonnet-4-6claude-opus-4-7). Verified end-to-end with claude-cli 2.1.114.

WHY IT MATTERS
Every dev tool, governed

If your devs use Claude Code with personal API keys, you have zero visibility. Point them at the proxy — every code-gen call is now logged, masked, and billed under your Salesforce contract.

SETUP — TWO ENV VARS, ZERO CODE CHANGES
# Point Claude Code at the proxy
export ANTHROPIC_BASE_URL="https://bugs-sf-proxy-449fd4c8e295.herokuapp.com"
export ANTHROPIC_AUTH_TOKEN="any-string"   # proxy uses your SF Connected App creds, not this

# Run it normally
claude --print --add-dir ./my-project "refactor the auth module"

# Bills Salesforce. Logged in Trust Layer Audit. Done.
OR CALL IT DIRECTLY — ANTHROPIC SDK STYLE
curl -X POST https://bugs-sf-proxy-449fd4c8e295.herokuapp.com/v1/messages \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-opus-4-7",
    "max_tokens": 200,
    "messages": [{"role":"user","content":"hello"}],
    "tools": [{"name":"weather","input_schema":{"type":"object"}}]
  }'

# Returns native Anthropic message shape: type:"message", content blocks, stop_reason
💡
Field tip

Claude Code defaults to claude-sonnet-4-6. Salesforce Models API doesn't host Sonnet directly, so the proxy transparently maps that to claude-opus-4-7 — same family, no client change. Pin a different model anytime with ANTHROPIC_MODEL=claude-opus-4-6.

Chapter 06 · Build your own

Want this for your org?

The full setup guide is on the proxy itself. ~30 minutes from zero to "every AI app in my company is now governed by Salesforce."

You'll create a Connected App, deploy a tiny FastAPI service to Heroku (or anywhere), wire env vars, point your AI clients at it. That's it.

📖 Read the setup guide ↗ Check proxy health → Meet Bugs (the dog) 🐕‍🦺
⚡ TL;DR — THE 4 STEPS
  1. Salesforce: Create a Connected App (Client Credentials flow). Grab Consumer Key + Secret. Wait 10 min.
  2. Heroku: Deploy this FastAPI app. Set SF_CLIENT_ID, SF_CLIENT_SECRET, SF_TOKEN_URL.
  3. Your AI client: Point its OpenAI baseUrl at the proxy. Include tools=[...] if you want function calling — the proxy handles the rest.
  4. Salesforce Setup → Trust Layer Audit: Watch every call appear with masking decisions and toxicity scores. ✅