@askalf/dario 1.2.1 → 2.1.0

package/README.md

@@ -16,9 +16,9 @@
 
 <p align="center">
   <a href="#quick-start">Quick Start</a> &bull;
-  <a href="#how-it-works">How It Works</a> &bull;
-  <a href="#usage-examples">Examples</a> &bull;
+  <a href="#openai-compatibility">OpenAI Compat</a> &bull;
   <a href="#cli-backend">CLI Backend</a> &bull;
+  <a href="#usage-examples">Examples</a> &bull;
   <a href="#faq">FAQ</a>
 </p>
 
@@ -157,6 +157,21 @@ Combine with `--cli` for rate-limit-proof Opus:
 dario proxy --cli --model=opus
 ```
 
+## OpenAI Compatibility
+
+Dario implements `/v1/chat/completions` — any tool built for the OpenAI API works with your Claude subscription. No code changes needed.
+
+```bash
+dario proxy --model=opus
+
+export OPENAI_BASE_URL=http://localhost:3456/v1
+export OPENAI_API_KEY=dario
+
+# Cursor, Continue, LiteLLM, any OpenAI SDK — all work
+```
+
+Use `--model=opus` to force the model regardless of what the client sends. Or pass `claude-opus-4-6` as the model name directly — Claude model names work as-is.
+
 ## Usage Examples
 
 ### curl
@@ -290,7 +305,8 @@ ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario your-tool-here
 
 ### Direct API Mode
 - All Claude models (Opus 4.6, Sonnet 4.6, Haiku 4.5)
-- Streaming and non-streaming
+- **OpenAI-compatible** (`/v1/chat/completions`) — works with any OpenAI SDK or tool
+- Streaming and non-streaming (both Anthropic and OpenAI SSE formats)
 - Tool use / function calling
 - System prompts and multi-turn conversations
 - Prompt caching and extended thinking
@@ -307,7 +323,9 @@ ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario your-tool-here
 
 | Path | Description |
 |------|-------------|
-| `POST /v1/messages` | Anthropic Messages API (main endpoint) |
+| `POST /v1/messages` | Anthropic Messages API |
+| `POST /v1/chat/completions` | OpenAI-compatible Chat API |
+| `GET /v1/models` | Model list (works with both SDKs) |
 | `GET /health` | Proxy health + OAuth status + request count |
 | `GET /status` | Detailed OAuth token status |
 

package/dist/cli.js

@@ -13,9 +13,9 @@ import { readFile, unlink } from 'node:fs/promises';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { startAutoOAuthFlow, getStatus, refreshTokens } from './oauth.js';
-import { startProxy } from './proxy.js';
+import { startProxy, sanitizeError } from './proxy.js';
 const args = process.argv.slice(2);
-const command = args[0] ?? (process.stdin.isTTY ? 'proxy' : 'proxy');
+const command = args[0] ?? 'proxy';
 async function login() {
     console.log('');
     console.log('  dario — Claude Login');
@@ -50,7 +50,7 @@ async function login() {
     }
     catch (err) {
         console.error('');
-        console.error(`  Login failed: ${err instanceof Error ? err.message : err}`);
+        console.error(`  Login failed: ${sanitizeError(err)}`);
         console.error('  Try again with `dario login`.');
         process.exit(1);
     }
@@ -89,7 +89,7 @@ async function refresh() {
         console.log(`[dario] Token refreshed. Expires in ${expiresIn} minutes.`);
     }
     catch (err) {
-        console.error(`[dario] Refresh failed: ${err instanceof Error ? err.message : err}`);
+        console.error(`[dario] Refresh failed: ${sanitizeError(err)}`);
         process.exit(1);
     }
 }
@@ -172,7 +172,6 @@ if (!handler) {
     process.exit(1);
 }
 handler().catch(err => {
-    const msg = err instanceof Error ? err.message : String(err);
-    console.error('Fatal error:', msg.replace(/sk-ant-[a-zA-Z0-9_-]+/g, '[REDACTED]'));
+    console.error('Fatal error:', sanitizeError(err));
     process.exit(1);
 });

package/dist/index.d.ts

@@ -6,4 +6,4 @@
  */
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
 export type { OAuthTokens, CredentialsFile } from './oauth.js';
-export { startProxy } from './proxy.js';
+export { startProxy, sanitizeError } from './proxy.js';

package/dist/index.js

@@ -5,4 +5,4 @@
  * instead of running the CLI.
  */
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
-export { startProxy } from './proxy.js';
+export { startProxy, sanitizeError } from './proxy.js';

package/dist/proxy.d.ts

@@ -13,5 +13,6 @@ interface ProxyOptions {
     model?: string;
     cliBackend?: boolean;
 }
+export declare function sanitizeError(err: unknown): string;
 export declare function startProxy(opts?: ProxyOptions): Promise<void>;
 export {};

package/dist/proxy.js

@@ -8,7 +8,7 @@
  * No API key needed — your Claude subscription pays for it.
  */
 import { createServer } from 'node:http';
-import { randomUUID } from 'node:crypto';
+import { randomUUID, timingSafeEqual } from 'node:crypto';
 import { execSync, spawn } from 'node:child_process';
 import { arch, platform, version as nodeVersion } from 'node:process';
 import { getAccessToken, getStatus } from './oauth.js';
@@ -17,7 +17,6 @@ const DEFAULT_PORT = 3456;
 const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB — generous for large prompts, prevents abuse
 const UPSTREAM_TIMEOUT_MS = 300_000; // 5 min — matches Anthropic SDK default
 const LOCALHOST = '127.0.0.1';
-const CORS_ORIGIN = 'http://localhost';
 // Detect installed Claude Code version at startup
 function detectClaudeVersion() {
     try {
@@ -55,10 +54,139 @@ const MODEL_ALIASES = {
     'sonnet': 'claude-sonnet-4-6',
     'haiku': 'claude-haiku-4-5',
 };
-function sanitizeError(err) {
+// OpenAI model name → Anthropic model name
+const OPENAI_MODEL_MAP = {
+    'gpt-4.1': 'claude-opus-4-6',
+    'gpt-4.1-mini': 'claude-sonnet-4-6',
+    'gpt-4.1-nano': 'claude-haiku-4-5',
+    'gpt-4o': 'claude-opus-4-6',
+    'gpt-4o-mini': 'claude-haiku-4-5',
+    'gpt-4-turbo': 'claude-opus-4-6',
+    'gpt-4': 'claude-opus-4-6',
+    'gpt-3.5-turbo': 'claude-haiku-4-5',
+    'o3': 'claude-opus-4-6',
+    'o3-mini': 'claude-sonnet-4-6',
+    'o4-mini': 'claude-sonnet-4-6',
+    'o1': 'claude-opus-4-6',
+    'o1-mini': 'claude-sonnet-4-6',
+    'o1-pro': 'claude-opus-4-6',
+};
+/**
+ * Translate OpenAI chat completion request → Anthropic Messages request.
+ */
+function openaiToAnthropic(body, modelOverride) {
+    const messages = body.messages;
+    if (!messages)
+        return body;
+    // Extract system messages
+    const systemMessages = messages.filter(m => m.role === 'system');
+    const nonSystemMessages = messages.filter(m => m.role !== 'system');
+    // Map model name
+    const requestModel = String(body.model || '');
+    const model = modelOverride || OPENAI_MODEL_MAP[requestModel] || requestModel;
+    const result = {
+        model,
+        messages: nonSystemMessages.map(m => ({
+            role: m.role === 'assistant' ? 'assistant' : 'user',
+            content: m.content,
+        })),
+        max_tokens: body.max_tokens ?? body.max_completion_tokens ?? 8192,
+    };
+    if (systemMessages.length > 0) {
+        result.system = systemMessages.map(m => typeof m.content === 'string' ? m.content : JSON.stringify(m.content)).join('\n');
+    }
+    if (body.stream)
+        result.stream = true;
+    if (body.temperature != null)
+        result.temperature = body.temperature;
+    if (body.top_p != null)
+        result.top_p = body.top_p;
+    if (body.stop)
+        result.stop_sequences = Array.isArray(body.stop) ? body.stop : [body.stop];
+    return result;
+}
+/**
+ * Translate Anthropic Messages response → OpenAI chat completion response.
+ */
+function anthropicToOpenai(body) {
+    const content = body.content;
+    const text = content?.find(c => c.type === 'text')?.text ?? '';
+    const usage = body.usage;
+    return {
+        id: `chatcmpl-${(body.id || '').replace('msg_', '')}`,
+        object: 'chat.completion',
+        created: Math.floor(Date.now() / 1000),
+        model: body.model,
+        choices: [{
+                index: 0,
+                message: { role: 'assistant', content: text },
+                finish_reason: body.stop_reason === 'end_turn' ? 'stop' : body.stop_reason === 'max_tokens' ? 'length' : 'stop',
+            }],
+        usage: {
+            prompt_tokens: usage?.input_tokens ?? 0,
+            completion_tokens: usage?.output_tokens ?? 0,
+            total_tokens: (usage?.input_tokens ?? 0) + (usage?.output_tokens ?? 0),
+        },
+    };
+}
+/**
+ * Translate Anthropic SSE stream → OpenAI SSE stream.
+ */
+function translateStreamChunk(line) {
+    if (!line.startsWith('data: '))
+        return null;
+    const json = line.slice(6).trim();
+    if (json === '[DONE]')
+        return 'data: [DONE]\n\n';
+    try {
+        const event = JSON.parse(json);
+        if (event.type === 'content_block_delta') {
+            const delta = event.delta;
+            if (delta?.type === 'text_delta' && delta.text) {
+                return `data: ${JSON.stringify({
+                    id: 'chatcmpl-dario',
+                    object: 'chat.completion.chunk',
+                    created: Math.floor(Date.now() / 1000),
+                    model: 'claude',
+                    choices: [{ index: 0, delta: { content: delta.text }, finish_reason: null }],
+                })}\n\n`;
+            }
+        }
+        if (event.type === 'message_stop') {
+            return `data: ${JSON.stringify({
+                id: 'chatcmpl-dario',
+                object: 'chat.completion.chunk',
+                created: Math.floor(Date.now() / 1000),
+                model: 'claude',
+                choices: [{ index: 0, delta: {}, finish_reason: 'stop' }],
+            })}\n\ndata: [DONE]\n\n`;
+        }
+    }
+    catch { /* skip unparseable */ }
+    return null;
+}
+/**
+ * OpenAI-compatible models list.
+ */
+function openaiModelsList() {
+    const models = ['claude-opus-4-6', 'claude-sonnet-4-6', 'claude-haiku-4-5'];
+    return {
+        object: 'list',
+        data: models.map(id => ({
+            id,
+            object: 'model',
+            created: 1700000000,
+            owned_by: 'anthropic',
+        })),
+    };
+}
+export function sanitizeError(err) {
     const msg = err instanceof Error ? err.message : String(err);
-    // Never leak tokens in error messages
-    return msg.replace(/sk-ant-[a-zA-Z0-9_-]+/g, '[REDACTED]');
+    // Never leak tokens, JWTs, or bearer values in error messages
+    return msg
+        .replace(/sk-ant-[a-zA-Z0-9_-]+/g, '[REDACTED]')
+        .replace(/eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g, '[REDACTED_JWT]')
+        .replace(/Bearer\s+[a-zA-Z0-9_-]+/gi, 'Bearer [REDACTED]');
 }
 /**
  * CLI Backend: route requests through `claude --print` instead of direct API.
@@ -164,11 +292,28 @@ export async function startProxy(opts = {}) {
     const useCli = opts.cliBackend ?? false;
     let requestCount = 0;
     let tokenCostEstimate = 0;
+    // Optional proxy authentication
+    const apiKey = process.env.DARIO_API_KEY;
+    const corsOrigin = `http://localhost:${port}`;
+    function checkAuth(req) {
+        if (!apiKey)
+            return true; // no key set = open access
+        const provided = req.headers['x-api-key']
+            || req.headers.authorization?.replace(/^Bearer\s+/i, '');
+        if (!provided)
+            return false;
+        try {
+            return timingSafeEqual(Buffer.from(provided), Buffer.from(apiKey));
+        }
+        catch {
+            return false;
+        }
+    }
     const server = createServer(async (req, res) => {
         // CORS preflight
         if (req.method === 'OPTIONS') {
             res.writeHead(204, {
-                'Access-Control-Allow-Origin': CORS_ORIGIN,
+                'Access-Control-Allow-Origin': corsOrigin,
                 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
                 'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-api-key, anthropic-version, anthropic-beta',
                 'Access-Control-Max-Age': '86400',
@@ -190,6 +335,12 @@ export async function startProxy(opts = {}) {
             }));
             return;
         }
+        // Auth gate — everything below health requires auth when DARIO_API_KEY is set
+        if (!checkAuth(req)) {
+            res.writeHead(401, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key' }));
+            return;
+        }
         // Status endpoint
         if (urlPath === '/status') {
             const s = await getStatus();
@@ -197,20 +348,28 @@ export async function startProxy(opts = {}) {
             res.end(JSON.stringify(s));
             return;
         }
+        // OpenAI-compatible models list
+        if (urlPath === '/v1/models' && req.method === 'GET') {
+            requestCount++;
+            res.writeHead(200, { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': corsOrigin });
+            res.end(JSON.stringify(openaiModelsList()));
+            return;
+        }
+        // Detect OpenAI-format requests
+        const isOpenAI = urlPath === '/v1/chat/completions';
         // Allowlisted API paths — only these are proxied (prevents SSRF)
         const allowedPaths = {
             '/v1/messages': `${ANTHROPIC_API}/v1/messages`,
-            '/v1/models': `${ANTHROPIC_API}/v1/models`,
             '/v1/complete': `${ANTHROPIC_API}/v1/complete`,
         };
-        const targetBase = allowedPaths[urlPath];
+        const targetBase = isOpenAI ? `${ANTHROPIC_API}/v1/messages` : allowedPaths[urlPath];
         if (!targetBase) {
             res.writeHead(403, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ error: 'Forbidden', message: 'Path not allowed' }));
             return;
         }
-        // Only allow POST (Messages API) and GET (models)
-        if (req.method !== 'POST' && req.method !== 'GET') {
+        // Only allow POST (Messages/Chat API) and GET (models)
+        if (req.method !== 'POST') {
             res.writeHead(405, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ error: 'Method not allowed' }));
             return;
@@ -238,14 +397,23 @@ export async function startProxy(opts = {}) {
                 requestCount++;
                 res.writeHead(cliResult.status, {
                     'Content-Type': cliResult.contentType,
-                    'Access-Control-Allow-Origin': CORS_ORIGIN,
+                    'Access-Control-Allow-Origin': corsOrigin,
                 });
                 res.end(cliResult.body);
                 return;
             }
-            // Override model in request body if --model flag was set
+            // Translate OpenAI → Anthropic format if needed
             let finalBody = body.length > 0 ? body : undefined;
-            if (modelOverride && body.length > 0) {
+            if (isOpenAI && body.length > 0) {
+                try {
+                    const parsed = JSON.parse(body.toString());
+                    const translated = openaiToAnthropic(parsed, modelOverride);
+                    finalBody = Buffer.from(JSON.stringify(translated));
+                }
+                catch { /* not JSON, send as-is */ }
+            }
+            else if (modelOverride && body.length > 0) {
+                // Override model in request body if --model flag was set
                 try {
                     const parsed = JSON.parse(body.toString());
                     parsed.model = modelOverride;
@@ -308,7 +476,7 @@ export async function startProxy(opts = {}) {
             // Forward response headers
             const responseHeaders = {
                 'Content-Type': contentType || 'application/json',
-                'Access-Control-Allow-Origin': CORS_ORIGIN,
+                'Access-Control-Allow-Origin': corsOrigin,
             };
             // Forward rate limit headers (including unified subscription headers)
             for (const [key, value] of upstream.headers.entries()) {
@@ -321,12 +489,33 @@ export async function startProxy(opts = {}) {
             if (isStream && upstream.body) {
                 // Stream SSE chunks through
                 const reader = upstream.body.getReader();
+                const decoder = new TextDecoder();
                 try {
+                    let buffer = '';
                     while (true) {
                         const { done, value } = await reader.read();
                         if (done)
                             break;
-                        res.write(value);
+                        if (isOpenAI) {
+                            // Translate Anthropic SSE → OpenAI SSE
+                            buffer += decoder.decode(value, { stream: true });
+                            const lines = buffer.split('\n');
+                            buffer = lines.pop() ?? '';
+                            for (const line of lines) {
+                                const translated = translateStreamChunk(line);
+                                if (translated)
+                                    res.write(translated);
+                            }
+                        }
+                        else {
+                            res.write(value);
+                        }
+                    }
+                    // Flush remaining buffer
+                    if (isOpenAI && buffer.trim()) {
+                        const translated = translateStreamChunk(buffer);
+                        if (translated)
+                            res.write(translated);
                     }
                 }
                 catch (err) {
@@ -338,7 +527,19 @@ export async function startProxy(opts = {}) {
             else {
                 // Buffer and forward
                 const responseBody = await upstream.text();
-                res.end(responseBody);
+                if (isOpenAI && upstream.status >= 200 && upstream.status < 300) {
+                    // Translate Anthropic response → OpenAI format
+                    try {
+                        const parsed = JSON.parse(responseBody);
+                        res.end(JSON.stringify(anthropicToOpenai(parsed)));
+                    }
+                    catch {
+                        res.end(responseBody);
+                    }
+                }
+                else {
+                    res.end(responseBody);
+                }
                 // Quick token estimate for logging
                 if (verbose && responseBody) {
                     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "1.2.1",
+  "version": "2.1.0",
   "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
   "type": "module",
   "bin": {