Skip to main content

A passthrough Anthropic client that routes Fable inference to a human over email (a 'meat proxy').

Project description

fable-meat-proxy

fable-meat-proxy 🥩

CI

A drop-in replacement for the Anthropic Python client where Fable's inference is performed by a human.

Every real model passes straight through to the genuine anthropic.Anthropic client. But when you select Fable (model="claude-fable-5", an exact allowlist — see FABLE_MODELS), the proxy instead emails the prompt to your American friend, blocks while polling Gmail for their reply, and returns that reply as a normal Anthropic Message. A meat proxy: the model is a person.

The reply is authenticated: every prompt carries an unguessable token, and a reply is accepted only if it proves it received that email — a forged From: header is not enough (see Security).

flowchart TD
    A[client.messages.create] --> B{model in<br/>Fable allowlist?}
    B -- no --> C[real anthropic.Anthropic] --> D[API response]
    B -- yes --> E[email prompt + token via Gmail API] --> F[friend pastes into Fable]
    F --> G[friend replies to email] --> H[poll thread, verify token, parse reply] --> I[Message]

Install

pip install -e .          # runtime
pip install -e '.[dev]'   # + pytest

Configure

Copy .env.example to .env and fill it in:

Variable Purpose
FABLE_FRIEND_EMAIL Required. Where Fable prompts are sent.
FABLE_GMAIL_CREDENTIALS OAuth client secret (Desktop app) from Google Cloud.
FABLE_GMAIL_TOKEN Where the minted OAuth token is cached.
FABLE_REPLY_TIMEOUT_BUSINESS_DAYS Block this many business days for a reply (default 7, weekends skipped).
FABLE_REPLY_TIMEOUT_SECONDS Optional raw-seconds override of the deadline (tests/demos).
FABLE_POLL_INTERVAL Seconds between Gmail polls (default 120; from_env floors it at 5).
FABLE_MODELS Comma-separated exact model allowlist routed to the human (default claude-fable-5).
ANTHROPIC_API_KEY Standard key for the real (non-Fable) passthrough.

One-time Gmail auth

  1. In Google Cloud Console, enable the Gmail API and create an OAuth client ID of type Desktop app. Download it as credentials.json.

  2. Run the OAuth flow once to mint token.json:

    fable-meat-auth
    

Least-privilege scopes are requested: gmail.send + gmail.readonly (send the prompt, read the reply thread — no modify/label/delete). The minted token.json holds a refresh token, so it's a secret: it's written 0600 and gitignored.

Use

from fable_meat_proxy import Anthropic

client = Anthropic()  # config + Gmail service resolved from the environment

# Real model: ordinary API call.
client.messages.create(
    model="claude-opus-4-8", max_tokens=1024,
    messages=[{"role": "user", "content": "hi"}],
)

# Fable: emails your friend, blocks until they reply, returns their answer.
msg = client.messages.create(
    model="claude-fable-5", max_tokens=1024,
    messages=[{"role": "user", "content": "Write a haiku about meat."}],
)
print(msg.content[0].text)  # whatever your friend pasted back

Async works the same way via AsyncAnthropic (blocking Gmail calls run in a thread, polling uses asyncio.sleep):

from fable_meat_proxy import AsyncAnthropic

client = AsyncAnthropic()
msg = await client.messages.create(model="claude-fable-5", max_tokens=1024, messages=[...])

Your friend receives a formatted email (system prompt + conversation), pastes it into Fable, and replies with Fable's output as the plain-text body. The text above the quoted original is taken as the answer. They must leave the quoted original (which carries the verification token) in place.

Security

Because the "model" is reachable by email, the proxy treats inbound replies as untrusted:

  • Reply authentication. Each request embeds an unguessable token (in the body and the Message-ID). A reply counts only if it echoes that token — via the quoted original or the In-Reply-To/References headers — and comes from the configured friend's exact address. Spoofing From: alone is rejected. (The token only ever reaches the friend's inbox, so an attacker who hasn't seen the email can't reproduce it.) This is application-layer defence on top of Gmail's own DKIM/DMARC filtering.
  • Exact model routing. Only models in the FABLE_MODELS allowlist take the human path. A substring like not-fable can't divert a private prompt to email.
  • No Fable bypass. stream=…, with_raw_response, with_streaming_response, and count_tokens reject Fable models rather than silently hitting the real API.
  • Reply parsing. Attachments are ignored when picking the answer body; the HTML fallback strips comments and hidden (display:none/visibility:hidden) text.
  • Secrets. token.json is created 0600 with no create→chmod race, and an existing world/group-readable token is tightened before use. Scopes are least-privilege (gmail.send + gmail.readonly).
  • Prompt injection. The outgoing email marks the conversation as untrusted and tells the human not to follow instructions embedded in it.

How it works

  • client.py — the wrapping Anthropic / AsyncAnthropic; routes on an exact model allowlist, delegates everything else (.models, .beta, …) to the real client. Fable routing applies to messages.create / messages.stream / messages.count_tokens.
  • meat.py — the human backend: mint a per-request token → format → send → block on a verified reply → build a Message.
  • gmail_transport.py — OAuth (with 0600 token handling), send, thread polling, and token-authenticated reply matching, with transient-error retries (HTTP 429/5xx and network errors) using exponential backoff.
  • timing.py — business-day deadline arithmetic for the (slow, human) reply timeout.
  • parsing.py — render the outgoing email (with the verification token); extract the reply (text/plain, skipping attachments, with a hardened HTML fallback) and strip quoted text.
  • errors.pyFableMeatError, FableReplyTimeout (also a TimeoutError), FableConfigError.

Test

pytest

68 tests run offline — they mock the Gmail service and the real Anthropic client and cover routing (exact allowlist), sync + async paths, reply authentication (token in body and threading headers, spoof rejection), reply parsing (plain/HTML/quote-stripping, attachment skipping, hidden-text removal), polling, business-day deadlines, transient-error retries, streaming/count_tokens rejection, secret-file permissions, delegation, config, and Message construction. The Gmail OAuth round-trip itself needs your real credentials.

Logging uses the standard logging module under the fable_meat_proxy logger (no handlers are installed by the library — configure your own to see send/poll/reply events).

Caveats

  • Latency is measured in human attention span. Calls block up to 7 business days by default. The process must stay alive for the duration — for long waits, run it under a durable worker rather than an interactive script.
  • Streaming for Fable raises NotImplementedError (a human reply arrives all at once); count_tokens raises FableMeatError for Fable models.
  • Tool use and token accounting are not modeled for Fable (usage is reported as zero). Non-Fable models keep the full real SDK behaviour.
  • Reply authentication assumes the friend leaves the quoted original (or proper threading headers) intact; a reply that strips both can't be verified and will wait until the deadline.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fable_meat_proxy-0.2.0.tar.gz (29.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fable_meat_proxy-0.2.0-py3-none-any.whl (22.8 kB view details)

Uploaded Python 3

File details

Details for the file fable_meat_proxy-0.2.0.tar.gz.

File metadata

  • Download URL: fable_meat_proxy-0.2.0.tar.gz
  • Upload date:
  • Size: 29.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fable_meat_proxy-0.2.0.tar.gz
Algorithm Hash digest
SHA256 301b933aec9436834a059978708d94c079eac6e161025e394b201a10d04164e1
MD5 c6e360b5f8880411b70efdcb413f8dac
BLAKE2b-256 bcbda934b2fd4104bd9e1d6d343f09c485796ad53448eaafc673f73c91c13ff7

See more details on using hashes here.

Provenance

The following attestation bundles were made for fable_meat_proxy-0.2.0.tar.gz:

Publisher: release.yml on plwp/fable-meat-proxy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fable_meat_proxy-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fable_meat_proxy-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bcbfdaf596a839bd625dc28e99f73a8d086cc2b06920352e1620ddf49fc77a49
MD5 89e43aa2907ae0992cf09b4118abb1da
BLAKE2b-256 e51e4df8f6cc878e56bbb25f15e929013baef1aaa205abefeeba83e283ece024

See more details on using hashes here.

Provenance

The following attestation bundles were made for fable_meat_proxy-0.2.0-py3-none-any.whl:

Publisher: release.yml on plwp/fable-meat-proxy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page