@askalf/dario 1.1.3 → 1.2.0

package/README.md

@@ -2,7 +2,7 @@
   <h1 align="center">dario</h1>
   <p align="center"><strong>Use your Claude subscription as an API.</strong></p>
   <p align="center">
-    Two commands. No API key. Your Claude Max/Pro subscription becomes a local API endpoint<br/>that any tool, SDK, or framework can use.
+    One command. No API key. Your Claude Max/Pro subscription becomes a local API endpoint<br/>that any tool, SDK, or framework can use.
   </p>
 </p>
 
@@ -17,8 +17,7 @@
 ---
 
 ```bash
-npx @askalf/dario login   # authenticate with Claude
-npx @askalf/dario proxy   # start local API on :3456
+npx @askalf/dario login   # detects Claude Code credentials, starts proxy
 
 # now use it from anywhere
 export ANTHROPIC_BASE_URL=http://localhost:3456
@@ -33,12 +32,16 @@ That's it. Any tool that speaks the Anthropic API now uses your subscription.
 
 You pay $100-200/mo for Claude Max or Pro. But that subscription only works on claude.ai and Claude Code. If you want to use Claude with **any other tool** — OpenClaw, Cursor, Continue, Aider, your own scripts — you need a separate API key with separate billing.
 
-**Note:** Claude subscriptions have [usage limits](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) that reset on rolling 5-hour and 7-day windows. When exceeded, Opus and Sonnet may return 429 errors while Haiku continues working. Use `--cli` mode to route through Claude Code's binary, which is not affected by these limits.
+**Note:** Claude subscriptions have [usage limits](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) that reset on rolling 5-hour and 7-day windows. When exceeded, Opus and Sonnet may return 429 errors while Haiku continues working. You can check your utilization via Claude Code's `/usage` command or [statusline](https://code.claude.com/docs/en/statusline). Use `--cli` mode to route through Claude Code's binary, which is not affected by these limits.
 
 **dario fixes this.** It creates a local proxy that translates API key auth into your subscription's OAuth tokens — and with `--cli` mode, routes through the Claude Code binary for uninterrupted access.
 
 ## Quick Start
 
+### Prerequisites
+
+[Claude Code](https://docs.anthropic.com/en/docs/claude-code/overview) must be installed and logged in. Dario uses your existing Claude Code credentials — no separate authentication needed.
+
 ### Install
 
 ```bash
@@ -49,7 +52,6 @@ Or use npx (no install needed):
 
 ```bash
 npx @askalf/dario login
-npx @askalf/dario proxy
 ```
 
 ### Login
@@ -58,7 +60,9 @@ npx @askalf/dario proxy
 dario login
 ```
 
-Opens your browser to Claude's OAuth page. Log in, authorize, paste the redirect URL back. Takes 10 seconds.
+If Claude Code is installed and authenticated, dario detects your credentials automatically and starts the proxy. No browser, no OAuth flow, no pasting URLs.
+
+If Claude Code credentials aren't found, dario falls back to a manual OAuth flow.
 
 ### Start the proxy
 
@@ -115,8 +119,6 @@ Backend: Claude CLI (bypasses rate limits)
 Model: claude-opus-4-6 (all requests)
 ```
 
-**Requirements:** Claude Code must be installed (`npm install -g @anthropic-ai/claude-code` or already installed via the desktop app).
-
 **Trade-offs vs direct API mode:**
 
 | | Direct API (default) | CLI Backend (`--cli`) |
@@ -249,7 +251,7 @@ ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario your-tool-here
 └──────────┘     └─────────────────┘     └──────────────────┘
 ```
 
-1. **`dario login`** — Standard PKCE OAuth flow. Opens Claude's auth page in your browser. You authorize, dario stores the tokens locally in `~/.dario/credentials.json`. No server involved, no secrets leave your machine.
+1. **`dario login`** — Detects your existing Claude Code credentials (`~/.claude/.credentials.json`) and starts the proxy automatically. If Claude Code isn't installed, falls back to a manual PKCE OAuth flow.
 
 2. **`dario proxy`** — Starts an HTTP server on localhost that implements the Anthropic Messages API. In direct mode, it swaps your API key for an OAuth bearer token. In CLI mode, it routes through the Claude Code binary.
 
@@ -259,7 +261,7 @@ ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario your-tool-here
 
 | Command | Description |
 |---------|-------------|
-| `dario login` | Authenticate with your Claude account |
+| `dario login` | Detect credentials and start proxy |
 | `dario proxy` | Start the local API proxy |
 | `dario status` | Check if your token is healthy |
 | `dario refresh` | Force an immediate token refresh |
@@ -319,7 +321,7 @@ curl http://localhost:3456/health
 
 | Concern | How dario handles it |
 |---------|---------------------|
-| Credential storage | `~/.dario/credentials.json` with `0600` permissions (owner-only) |
+| Credential storage | Uses Claude Code's credentials or `~/.dario/credentials.json` with `0600` permissions |
 | OAuth flow | PKCE (Proof Key for Code Exchange) — no client secret needed |
 | Token transmission | OAuth tokens never leave localhost. Only forwarded to `api.anthropic.com` over HTTPS |
 | Network exposure | Proxy binds to `127.0.0.1` only — not accessible from other machines |
@@ -331,7 +333,7 @@ curl http://localhost:3456/health
 ## FAQ
 
 **Does this violate Anthropic's terms of service?**
-Dario uses the same public OAuth client ID and PKCE flow that Claude Code uses. It authenticates you as you, with your subscription, through Anthropic's official OAuth endpoints. The `--cli` mode literally uses Claude Code itself as the backend.
+Dario uses your existing Claude Code credentials with the same OAuth tokens. It authenticates you as you, with your subscription, through Anthropic's official API. The `--cli` mode literally uses Claude Code itself as the backend.
 
 **What subscription plans work?**
 Claude Max and Claude Pro. Any plan that lets you use Claude Code.
@@ -339,17 +341,20 @@ Claude Max and Claude Pro. Any plan that lets you use Claude Code.
 **Does it work with Claude Team / Enterprise?**
 Should work if your plan includes Claude Code access. Not tested yet — please open an issue with results.
 
+**Do I need Claude Code installed?**
+Yes. Dario reads your Claude Code credentials for authentication. Run `claude` to install and log in, then `dario login` picks up your credentials automatically.
+
 **What happens when my token expires?**
-Dario auto-refreshes tokens 30 minutes before expiry. You should never see an auth error in normal use. If something goes wrong, `dario refresh` forces an immediate refresh, or `dario login` to re-authenticate.
+Dario auto-refreshes tokens 30 minutes before expiry. You should never see an auth error in normal use. If something goes wrong, `dario refresh` forces an immediate refresh.
 
 **I'm getting rate limited on Opus. What do I do?**
 Use `--cli` mode: `dario proxy --cli`. This routes through the Claude Code binary, which continues working when direct API calls are rate limited. You can also enable [extra usage](https://support.claude.com/en/articles/12429409-manage-extra-usage-for-paid-claude-plans) in your Anthropic account settings to extend your limits at API rates.
 
 **What are the usage limits?**
-Claude subscriptions have rolling 5-hour and 7-day usage windows shared across claude.ai and Claude Code. See [Anthropic's docs](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) for details. Check your current status with `echo "hi" | ANTHROPIC_LOG=debug claude --print --model claude-haiku-4-5 2>&1 | grep ratelimit`.
+Claude subscriptions have rolling 5-hour and 7-day usage windows shared across claude.ai and Claude Code. See [Anthropic's docs](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) for details. In Claude Code, use `/usage` to check your current limits, or configure the [statusline](https://code.claude.com/docs/en/statusline) to show real-time 5h and 7d utilization percentages.
 
 **Can I run this on a server?**
-Dario binds to localhost by default. For server use, you'd need to handle the initial browser-based login on a machine with a browser, then copy `~/.dario/credentials.json` to your server. Auto-refresh will keep it alive from there.
+Dario binds to localhost by default. For server use, you'd need to handle the initial Claude Code login on a machine with a browser, then copy `~/.claude/.credentials.json` to your server. Auto-refresh will keep it alive from there.
 
 **Why "dario"?**
 Named after [Dario Amodei](https://en.wikipedia.org/wiki/Dario_Amodei), CEO of Anthropic.
@@ -381,7 +386,7 @@ PRs welcome. The codebase is ~700 lines of TypeScript across 4 files:
 
 | File | Purpose |
 |------|---------|
-| `src/oauth.ts` | PKCE flow, token storage, refresh logic |
+| `src/oauth.ts` | Token storage, refresh logic, Claude Code credential detection |
 | `src/proxy.ts` | HTTP proxy server + CLI backend |
 | `src/cli.ts` | CLI entry point |
 | `src/index.ts` | Library exports |

package/dist/cli.js

@@ -10,7 +10,7 @@
  *   dario logout    — Remove saved credentials
  */
 import { createInterface } from 'node:readline';
-import { unlink } from 'node:fs/promises';
+import { readFile, unlink } from 'node:fs/promises';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { startOAuthFlow, exchangeCode, getStatus, refreshTokens } from './oauth.js';
@@ -28,8 +28,26 @@ function ask(question) {
 }
 async function login() {
     console.log('');
-    console.log('  dario — Claude OAuth Login');
-    console.log('  ─────────────────────────');
+    console.log('  dario — Claude Login');
+    console.log('  ───────────────────');
+    console.log('');
+    // Check if Claude Code credentials exist
+    const ccPath = join(homedir(), '.claude', '.credentials.json');
+    try {
+        const raw = await readFile(ccPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed?.claudeAiOauth?.accessToken && parsed?.claudeAiOauth?.refreshToken) {
+            const expiresAt = parsed.claudeAiOauth.expiresAt;
+            if (expiresAt > Date.now()) {
+                console.log('  Found Claude Code credentials. Starting proxy...');
+                console.log('');
+                await proxy();
+                return;
+            }
+        }
+    }
+    catch { /* no Claude Code credentials, fall through to OAuth */ }
+    console.log('  No Claude Code credentials found. Starting OAuth flow...');
     console.log('');
     const { authUrl, codeVerifier } = startOAuthFlow();
     console.log('  Step 1: Open this URL in your browser:');

package/dist/oauth.js

@@ -8,9 +8,9 @@ import { randomBytes, createHash } from 'node:crypto';
 import { readFile, writeFile, mkdir, chmod, rename } from 'node:fs/promises';
 import { dirname, join } from 'node:path';
 import { homedir } from 'node:os';
-// Claude CLI's public OAuth client (PKCE, no secret needed)
+// Claude Code's public OAuth client (PKCE, no secret needed)
 const OAUTH_CLIENT_ID = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
-const OAUTH_AUTHORIZE_URL = 'https://claude.ai/oauth/authorize';
+const OAUTH_AUTHORIZE_URL = 'https://platform.claude.com/oauth/authorize';
 const OAUTH_TOKEN_URL = 'https://platform.claude.com/v1/oauth/token';
 const OAUTH_REDIRECT_URI = 'https://platform.claude.com/oauth/code/callback';
 // Refresh 30 min before expiry
@@ -29,31 +29,34 @@ function generatePKCE() {
     const codeChallenge = base64url(createHash('sha256').update(codeVerifier).digest());
     return { codeVerifier, codeChallenge };
 }
-function getCredentialsPath() {
+function getDarioCredentialsPath() {
     return join(homedir(), '.dario', 'credentials.json');
 }
+function getClaudeCodeCredentialsPath() {
+    return join(homedir(), '.claude', '.credentials.json');
+}
 export async function loadCredentials() {
     // Return cached if fresh
     if (credentialsCache && Date.now() - credentialsCacheTime < CACHE_TTL_MS) {
         return credentialsCache;
     }
-    try {
-        const raw = await readFile(getCredentialsPath(), 'utf-8');
-        const parsed = JSON.parse(raw);
-        // Validate structure
-        if (!parsed?.claudeAiOauth?.accessToken || !parsed?.claudeAiOauth?.refreshToken) {
-            return null;
+    // Try dario's own credentials first, then fall back to Claude Code's
+    for (const path of [getDarioCredentialsPath(), getClaudeCodeCredentialsPath()]) {
+        try {
+            const raw = await readFile(path, 'utf-8');
+            const parsed = JSON.parse(raw);
+            if (parsed?.claudeAiOauth?.accessToken && parsed?.claudeAiOauth?.refreshToken) {
+                credentialsCache = parsed;
+                credentialsCacheTime = Date.now();
+                return credentialsCache;
+            }
         }
-        credentialsCache = parsed;
-        credentialsCacheTime = Date.now();
-        return credentialsCache;
-    }
-    catch {
-        return null;
+        catch { /* try next */ }
     }
+    return null;
 }
 async function saveCredentials(creds) {
-    const path = getCredentialsPath();
+    const path = getDarioCredentialsPath();
     await mkdir(dirname(path), { recursive: true });
     // Write atomically: write to temp file, then rename
     const tmpPath = `${path}.tmp.${Date.now()}`;
@@ -76,13 +79,14 @@ export function startOAuthFlow() {
     const { codeVerifier, codeChallenge } = generatePKCE();
     const state = base64url(randomBytes(16));
     const params = new URLSearchParams({
-        response_type: 'code',
+        code: 'true',
         client_id: OAUTH_CLIENT_ID,
+        response_type: 'code',
         redirect_uri: OAUTH_REDIRECT_URI,
-        scope: 'user:inference user:profile',
-        state,
+        scope: 'org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload',
         code_challenge: codeChallenge,
         code_challenge_method: 'S256',
+        state,
     });
     return {
         authUrl: `${OAUTH_AUTHORIZE_URL}?${params.toString()}`,

package/dist/proxy.js

@@ -265,6 +265,7 @@ export async function startProxy(opts = {}) {
                 'interleaved-thinking-2025-05-14',
                 'prompt-caching-scope-2026-01-05',
                 'claude-code-20250219',
+                'context-management-2025-06-27',
             ]);
             if (clientBeta) {
                 for (const flag of clientBeta.split(',')) {
@@ -280,6 +281,7 @@ export async function startProxy(opts = {}) {
                 'anthropic-version': req.headers['anthropic-version'] || '2023-06-01',
                 'anthropic-beta': [...betaFlags].join(','),
                 'anthropic-dangerous-direct-browser-access': 'true',
+                'anthropic-client-platform': 'cli',
                 'user-agent': `claude-cli/${cliVersion} (external, cli)`,
                 'x-app': 'cli',
                 'x-claude-code-session-id': SESSION_ID,
@@ -307,11 +309,11 @@ export async function startProxy(opts = {}) {
                 'Content-Type': contentType || 'application/json',
                 'Access-Control-Allow-Origin': CORS_ORIGIN,
             };
-            // Forward rate limit headers
-            for (const h of ['x-ratelimit-limit-requests', 'x-ratelimit-limit-tokens', 'x-ratelimit-remaining-requests', 'x-ratelimit-remaining-tokens', 'request-id']) {
-                const v = upstream.headers.get(h);
-                if (v)
-                    responseHeaders[h] = v;
+            // Forward rate limit headers (including unified subscription headers)
+            for (const [key, value] of upstream.headers.entries()) {
+                if (key.startsWith('x-ratelimit') || key.startsWith('anthropic-ratelimit') || key === 'request-id') {
+                    responseHeaders[key] = value;
+                }
             }
             requestCount++;
             res.writeHead(upstream.status, responseHeaders);
@@ -382,6 +384,33 @@ export async function startProxy(opts = {}) {
         console.log(`  ${modelLine}`);
         console.log('');
     });
+    // Session presence heartbeat — registers this proxy as an active Claude Code session
+    // Claude Code sends this every 5 seconds; the server uses it for priority routing
+    const clientId = randomUUID();
+    const connectedAt = new Date().toISOString();
+    let lastPresencePulse = 0;
+    const presenceInterval = setInterval(async () => {
+        const now = Date.now();
+        if (now - lastPresencePulse < 5000)
+            return;
+        lastPresencePulse = now;
+        try {
+            const token = await getAccessToken();
+            const presenceUrl = `${ANTHROPIC_API}/v1/code/sessions/${SESSION_ID}/client/presence`;
+            await fetch(presenceUrl, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                    'Content-Type': 'application/json',
+                    'anthropic-version': '2023-06-01',
+                    'anthropic-client-platform': 'cli',
+                },
+                body: JSON.stringify({ client_id: clientId, connected_at: connectedAt }),
+                signal: AbortSignal.timeout(5000),
+            }).catch(() => { });
+        }
+        catch { /* presence is best-effort */ }
+    }, 5000);
     // Periodic token refresh (every 15 minutes)
     const refreshInterval = setInterval(async () => {
         try {
@@ -398,6 +427,7 @@ export async function startProxy(opts = {}) {
     // Graceful shutdown
     const shutdown = () => {
         console.log('\n[dario] Shutting down...');
+        clearInterval(presenceInterval);
         clearInterval(refreshInterval);
         server.close(() => process.exit(0));
         // Force exit after 5s if connections don't close

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "description": "Use your Claude subscription as an API. Two commands, no API key. OAuth bridge for Claude Max/Pro.",
   "type": "module",
   "bin": {