# Grok 4.20 Web Proxy — Future Work

**Status**: Parked. Revisit when xAI API access is granted or if a specific use case demands 4.20.

## Problem

Grok 4.20 (multi-agent, 4 specialized sub-agents) is only available on grok.com for SuperGrok subscribers. It is **not on the xAI API** — confirmed by `/v1/models` listing (2026-03-04). No hidden model ID, no beta flag.

Unlike OpenAI/Anthropic where subscription models are also on the API (same endpoint, different auth), xAI runs grok.com and api.x.ai as **separate backends**. The web UI routes 4.20 through `promptingBackend: "CHAT"` while other models use `"GIX"`.

## What We Found

### Model IDs (from grok.com HTML source)

| modelId | name | modelMode | backend |
|---------|------|-----------|---------|
| `grok-3-fast` | Grok 3 Fast | `MODEL_MODE_FAST` | GIX |
| `grok-4` | Grok 4 (Expert) | `MODEL_MODE_EXPERT` | GIX |
| **`grok-420`** | **Grok 4.20 (Beta)** | **`MODEL_MODE_GROK_420`** | **CHAT** |
| `grok-4-auto` | Grok 4 Auto | `MODEL_MODE_AUTO` | GIX |
| `grok-4-1-thinking-1129` | Grok 4.20 (hidden) | hidden | — |

### Endpoint

```
POST https://grok.com/rest/app-chat/conversations/new
POST https://grok.com/rest/app-chat/conversations/{conversationId}/responses
```

### Request Body (key fields)

```json
{
    "modelName": "grok-420",
    "modelMode": "MODEL_MODE_GROK_420",
    "message": "your prompt here",
    "temporary": true,
    "disableSearch": false,
    "enableImageGeneration": false,
    "isReasoning": false,
    "disableMemory": true,
    "isAsyncChat": false
}
```

### Auth

- Session cookies from logged-in SuperGrok account
- Anti-bot: requires `x-statsig-id` (generated from SVG challenge), `x-xai-request-id`, `traceparent`, `baggage`, `sentry-trace` headers
- Bare fetch from grok.com page returns 403 without these headers

### Response Format

NDJSON stream, one JSON object per line:

```json
{"result": {"response": {"token": "Hello"}, ...}}
{"result": {"response": {"modelResponse": {"message": "full response", "responseId": "..."}}}}
{"result": {"conversation": {"conversationId": "..."}}}
```

## Reference Implementation

[realasfngl/Grok-Api](https://github.com/realasfngl/Grok-Api) — Python wrapper using `curl_cffi` for TLS fingerprinting + anti-bot challenge solving. Supports `grok-4` (expert) and `grok-4-mini-thinking-tahoe` but not yet `grok-420`. Key modules:

- `core/grok.py` — session management, challenge solving, request construction
- `core/reverse/xctid.py` — `x-statsig-id` signature generation from SVG challenges
- `core/reverse/anon.py` — anonymous key generation + challenge signing
- `core/headers.py` — browser-mimicking header ordering

## Why Not Build It Now

1. **Anti-bot fragility**: xAI rotates challenge signatures with each deploy. The `x-statsig-id` generation requires parsing JS chunks from grok.com — these chunk hashes change frequently.
2. **Cookie expiry**: Session cookies expire, requiring periodic re-auth.
3. **TLS fingerprinting**: xAI checks TLS fingerprints. Requires `curl_cffi` with `impersonate="chrome136"` — standard `httpx`/`requests` get blocked.
4. **Rate limits unknown**: Web interface may have aggressive per-user rate limits unsuitable for batch work.
5. **API access imminent**: xAI has an [early access form](https://forms.gle/kLfpuZJFUmSRBKA8A) and lists 4.20 as "coming soon" to the API.

## When to Revisit

- xAI grants API early access (check email / console.x.ai)
- A specific use case needs 4.20's multi-agent architecture (65% hallucination reduction, 4-agent debate)
- xAI publishes `grok-420` on `/v1/models`

## Quick Start If We Do Build It

1. Clone `realasfngl/Grok-Api`, update model mapping to add `grok-420` / `MODEL_MODE_GROK_420`
2. Add SuperGrok cookie auth path (currently anonymous-only)
3. Wrap in an OpenAI-compatible proxy (FastAPI, port 8121)
4. Add to litellm as custom provider or use `openai/` prefix pointing at localhost proxy