npm - @askalf/dario - Versions diffs - 1.0.5 → 1.0.7 - Mend

@askalf/dario 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js CHANGED Viewed

@@ -119,6 +119,10 @@ async function logout() {
 async function proxy() {
     const portArg = args.find(a => a.startsWith('--port='));
     const port = portArg ? parseInt(portArg.split('=')[1]) : 3456;
+    if (isNaN(port) || port < 1 || port > 65535) {
+        console.error('[dario] Invalid port. Must be 1-65535.');
+        process.exit(1);
+    }
     const verbose = args.includes('--verbose') || args.includes('-v');
     await startProxy({ port, verbose });
 }
@@ -176,6 +180,7 @@ if (!handler) {
     process.exit(1);
 }
 handler().catch(err => {
-    console.error('Fatal error:', err);
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error('Fatal error:', msg.replace(/sk-ant-[a-zA-Z0-9_-]+/g, '[REDACTED]'));
     process.exit(1);
 });

package/dist/oauth.d.ts CHANGED Viewed

@@ -30,6 +30,7 @@ export declare function exchangeCode(code: string, codeVerifier: string): Promis
 /**
  * Refresh the access token using the refresh token.
  * Retries with exponential backoff on transient failures.
+ * Uses a mutex to prevent concurrent refresh races.
  */
 export declare function refreshTokens(): Promise<OAuthTokens>;
 /**

package/dist/oauth.js CHANGED Viewed

@@ -15,6 +15,12 @@ const OAUTH_TOKEN_URL = 'https://platform.claude.com/v1/oauth/token';
 const OAUTH_REDIRECT_URI = 'https://platform.claude.com/oauth/code/callback';
 // Refresh 30 min before expiry
 const REFRESH_BUFFER_MS = 30 * 60 * 1000;
+// In-memory credential cache — avoids disk reads on every request
+let credentialsCache = null;
+let credentialsCacheTime = 0;
+const CACHE_TTL_MS = 10_000; // Re-read from disk every 10s at most
+// Mutex to prevent concurrent refresh races
+let refreshInProgress = null;
 function base64url(buf) {
     return buf.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
 }
@@ -27,9 +33,20 @@ function getCredentialsPath() {
     return join(homedir(), '.dario', 'credentials.json');
 }
 export async function loadCredentials() {
+    // Return cached if fresh
+    if (credentialsCache && Date.now() - credentialsCacheTime < CACHE_TTL_MS) {
+        return credentialsCache;
+    }
     try {
         const raw = await readFile(getCredentialsPath(), 'utf-8');
-        return JSON.parse(raw);
+        const parsed = JSON.parse(raw);
+        // Validate structure
+        if (!parsed?.claudeAiOauth?.accessToken || !parsed?.claudeAiOauth?.refreshToken) {
+            return null;
+        }
+        credentialsCache = parsed;
+        credentialsCacheTime = Date.now();
+        return credentialsCache;
     }
     catch {
         return null;
@@ -48,6 +65,9 @@ async function saveCredentials(creds) {
         await chmod(path, 0o600);
     }
     catch { /* Windows ignores file modes */ }
+    // Invalidate cache so next read picks up the new tokens
+    credentialsCache = creds;
+    credentialsCacheTime = Date.now();
 }
 /**
  * Start the OAuth flow. Returns the authorization URL and PKCE state
@@ -103,8 +123,21 @@ export async function exchangeCode(code, codeVerifier) {
 /**
  * Refresh the access token using the refresh token.
  * Retries with exponential backoff on transient failures.
+ * Uses a mutex to prevent concurrent refresh races.
  */
 export async function refreshTokens() {
+    // Prevent concurrent refreshes — if one is already in progress, wait for it
+    if (refreshInProgress)
+        return refreshInProgress;
+    refreshInProgress = doRefreshTokens();
+    try {
+        return await refreshInProgress;
+    }
+    finally {
+        refreshInProgress = null;
+    }
+}
+async function doRefreshTokens() {
     const creds = await loadCredentials();
     if (!creds?.claudeAiOauth?.refreshToken) {
         throw new Error('No refresh token available. Run `dario login` first.');

package/dist/proxy.js CHANGED Viewed

@@ -8,12 +8,37 @@
  * No API key needed — your Claude subscription pays for it.
  */
 import { createServer } from 'node:http';
+import { randomUUID } from 'node:crypto';
+import { execSync } from 'node:child_process';
+import { arch, platform, version as nodeVersion } from 'node:process';
 import { getAccessToken, getStatus } from './oauth.js';
 const ANTHROPIC_API = 'https://api.anthropic.com';
 const DEFAULT_PORT = 3456;
 const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB — generous for large prompts, prevents abuse
+const UPSTREAM_TIMEOUT_MS = 300_000; // 5 min — matches Anthropic SDK default
 const LOCALHOST = '127.0.0.1';
 const CORS_ORIGIN = 'http://localhost';
+// Detect installed Claude Code version at startup
+function detectClaudeVersion() {
+    try {
+        const out = execSync('claude --version', { timeout: 5000, stdio: 'pipe' }).toString().trim();
+        const match = out.match(/^([\d.]+)/);
+        return match?.[1] ?? '2.1.96';
+    }
+    catch {
+        return '2.1.96';
+    }
+}
+function getOsName() {
+    const p = platform;
+    if (p === 'win32')
+        return 'Windows';
+    if (p === 'darwin')
+        return 'MacOS';
+    return 'Linux';
+}
+// Persistent session ID per proxy lifetime (like Claude Code does per session)
+const SESSION_ID = randomUUID();
 function sanitizeError(err) {
     const msg = err instanceof Error ? err.message : String(err);
     // Never leak tokens in error messages
@@ -28,6 +53,7 @@ export async function startProxy(opts = {}) {
         console.error('[dario] Not authenticated. Run `dario login` first.');
         process.exit(1);
     }
+    const cliVersion = detectClaudeVersion();
     let requestCount = 0;
     let tokenCostEstimate = 0;
     const server = createServer(async (req, res) => {
@@ -105,7 +131,12 @@ export async function startProxy(opts = {}) {
             const targetUrl = targetBase;
             // Merge any client-provided beta flags with the required oauth flag
             const clientBeta = req.headers['anthropic-beta'];
-            const betaFlags = new Set(['oauth-2025-04-20']);
+            const betaFlags = new Set([
+                'oauth-2025-04-20',
+                'interleaved-thinking-2025-05-14',
+                'prompt-caching-scope-2026-01-05',
+                'claude-code-20250219',
+            ]);
             if (clientBeta) {
                 for (const flag of clientBeta.split(',')) {
                     const trimmed = flag.trim();
@@ -114,16 +145,30 @@ export async function startProxy(opts = {}) {
                 }
             }
             const headers = {
+                'accept': 'application/json',
                 'Authorization': `Bearer ${accessToken}`,
                 'Content-Type': 'application/json',
                 'anthropic-version': req.headers['anthropic-version'] || '2023-06-01',
                 'anthropic-beta': [...betaFlags].join(','),
+                'anthropic-dangerous-direct-browser-access': 'true',
+                'user-agent': `claude-cli/${cliVersion} (external, cli)`,
                 'x-app': 'cli',
+                'x-claude-code-session-id': SESSION_ID,
+                'x-client-request-id': randomUUID(),
+                'x-stainless-arch': arch,
+                'x-stainless-lang': 'js',
+                'x-stainless-os': getOsName(),
+                'x-stainless-package-version': '0.81.0',
+                'x-stainless-retry-count': '0',
+                'x-stainless-runtime': 'node',
+                'x-stainless-runtime-version': nodeVersion,
+                'x-stainless-timeout': '600',
             };
             const upstream = await fetch(targetUrl, {
                 method: req.method ?? 'POST',
                 headers,
                 body: body.length > 0 ? body : undefined,
+                signal: AbortSignal.timeout(UPSTREAM_TIMEOUT_MS),
                 // @ts-expect-error — duplex needed for streaming
                 duplex: 'half',
             });
@@ -187,7 +232,7 @@ export async function startProxy(opts = {}) {
     server.listen(port, LOCALHOST, () => {
         const oauthLine = `OAuth: ${status.status} (expires in ${status.expiresIn})`;
         console.log('');
-        console.log(`  dario v1.0.0 — http://localhost:${port}`);
+        console.log(`  dario — http://localhost:${port}`);
         console.log('');
         console.log('  Your Claude subscription is now an API.');
         console.log('');
@@ -199,7 +244,7 @@ export async function startProxy(opts = {}) {
         console.log('');
     });
     // Periodic token refresh (every 15 minutes)
-    setInterval(async () => {
+    const refreshInterval = setInterval(async () => {
         try {
             const s = await getStatus();
             if (s.status === 'expiring') {
@@ -211,4 +256,14 @@ export async function startProxy(opts = {}) {
             console.error('[dario] Background refresh error:', err instanceof Error ? err.message : err);
         }
     }, 15 * 60 * 1000);
+    // Graceful shutdown
+    const shutdown = () => {
+        console.log('\n[dario] Shutting down...');
+        clearInterval(refreshInterval);
+        server.close(() => process.exit(0));
+        // Force exit after 5s if connections don't close
+        setTimeout(() => process.exit(0), 5000).unref();
+    };
+    process.on('SIGINT', shutdown);
+    process.on('SIGTERM', shutdown);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "Use your Claude subscription as an API. Two commands, no API key. OAuth bridge for Claude Max/Pro.",
   "type": "module",
   "bin": {