@askalf/dario 2.2.4 → 2.3.0

package/README.md

@@ -44,21 +44,21 @@ Opus, Sonnet, Haiku — all models, streaming, tool use. Works with Cursor, Cont
 
 **Grok** (xAI)
 
-*"Highly recommended if you want a clean local proxy. 100% open-source, runs locally only, proper OAuth, no telemetry."*
+*"Dario works great and is safe. Fully functional with OpenClaw / Hermes. Gives you Opus 4.6, Sonnet & Haiku using your existing Claude Max/Pro sub. No extra API key or billing needed. Streaming + tools work perfectly. 100% open-source (~1100 lines TS), runs locally only, proper OAuth (PKCE), no telemetry. Highly recommended if you want a clean local proxy."*
 
 </td>
 <td width="33%" valign="top">
 
 **Copilot** (Microsoft)
 
-*"Safe for local use — well-implemented with strong security practices. The main risk vector is operator error rather than code defects."*
+*"Verdict: Safe for local use — well-implemented with strong security practices. Minimal attack surface: 1 production dependency, PKCE OAuth, localhost-only binding, timing-safe auth, zero telemetry. The main risk vector is operator error rather than code defects."*
 
 </td>
 <td width="33%" valign="top">
 
 **Gemini** (Google)
 
-*"Highly recommended. Solves a massive pain point for developers. Modular & lean, modern PKCE auth, mature CI/CD pipeline."*
+*"Highly recommended for personal, local development. Solves a massive pain point for developers by bridging Claude Max/Pro subscriptions with developer IDEs, saving substantial API costs. Modular & lean (~1100 lines), modern PKCE auth, SSRF protection, mature CI/CD pipeline with CodeQL and npm provenance attestations."*
 
 </td>
 </tr>

package/dist/proxy.js

@@ -8,7 +8,30 @@ const DEFAULT_PORT = 3456;
 const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB — generous for large prompts, prevents abuse
 const UPSTREAM_TIMEOUT_MS = 300_000; // 5 min — matches Anthropic SDK default
 const BODY_READ_TIMEOUT_MS = 30_000; // 30s — prevents slow-loris on body reads
+const MAX_CONCURRENT = 10; // Max concurrent upstream requests
 const LOCALHOST = '127.0.0.1';
+// Simple semaphore for concurrency control
+class Semaphore {
+    max;
+    queue = [];
+    active = 0;
+    constructor(max) {
+        this.max = max;
+    }
+    async acquire() {
+        if (this.active < this.max) {
+            this.active++;
+            return;
+        }
+        return new Promise(resolve => { this.queue.push(() => { this.active++; resolve(); }); });
+    }
+    release() {
+        this.active--;
+        const next = this.queue.shift();
+        if (next)
+            next();
+    }
+}
 // Detect installed Claude Code version at startup
 function detectClaudeVersion() {
     try {
@@ -76,6 +99,9 @@ function anthropicToOpenai(body) {
     };
 }
 /** Translate Anthropic SSE → OpenAI SSE. */
+// Track tool call state across stream chunks
+let _streamToolIndex = 0;
+let _streamToolId = '';
 function translateStreamChunk(line) {
     if (!line.startsWith('data: '))
         return null;
@@ -84,13 +110,33 @@ function translateStreamChunk(line) {
         return 'data: [DONE]\n\n';
     try {
         const e = JSON.parse(json);
+        const ts = Math.floor(Date.now() / 1000);
+        if (e.type === 'content_block_start') {
+            const block = e.content_block;
+            if (block?.type === 'tool_use' && block.name) {
+                _streamToolId = block.id ?? `call_${_streamToolIndex}`;
+                return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: ts, model: 'claude', choices: [{ index: 0, delta: { tool_calls: [{ index: _streamToolIndex, id: _streamToolId, type: 'function', function: { name: block.name, arguments: '' } }] }, finish_reason: null }] })}\n\n`;
+            }
+        }
         if (e.type === 'content_block_delta') {
             const d = e.delta;
             if (d?.type === 'text_delta' && d.text)
-                return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: Math.floor(Date.now() / 1000), model: 'claude', choices: [{ index: 0, delta: { content: d.text }, finish_reason: null }] })}\n\n`;
+                return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: ts, model: 'claude', choices: [{ index: 0, delta: { content: d.text }, finish_reason: null }] })}\n\n`;
+            if (d?.type === 'input_json_delta' && d.partial_json)
+                return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: ts, model: 'claude', choices: [{ index: 0, delta: { tool_calls: [{ index: _streamToolIndex, function: { arguments: d.partial_json } }] }, finish_reason: null }] })}\n\n`;
+        }
+        if (e.type === 'content_block_stop') {
+            if (_streamToolId) {
+                _streamToolIndex++;
+                _streamToolId = '';
+            }
+            return null;
+        }
+        if (e.type === 'message_stop') {
+            _streamToolIndex = 0;
+            _streamToolId = '';
+            return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: ts, model: 'claude', choices: [{ index: 0, delta: {}, finish_reason: 'stop' }] })}\n\ndata: [DONE]\n\n`;
         }
-        if (e.type === 'message_stop')
-            return `data: ${JSON.stringify({ id: 'chatcmpl-dario', object: 'chat.completion.chunk', created: Math.floor(Date.now() / 1000), model: 'claude', choices: [{ index: 0, delta: {}, finish_reason: 'stop' }] })}\n\ndata: [DONE]\n\n`;
     }
     catch { }
     return null;
@@ -229,6 +275,7 @@ export async function startProxy(opts = {}) {
     };
     const useCli = opts.cliBackend ?? false;
     let requestCount = 0;
+    const semaphore = new Semaphore(MAX_CONCURRENT);
     // Optional proxy authentication — pre-encode key buffer for performance
     const apiKey = process.env.DARIO_API_KEY;
     const apiKeyBuf = apiKey ? Buffer.from(apiKey) : null;
@@ -320,7 +367,8 @@ export async function startProxy(opts = {}) {
             res.end(ERR_METHOD);
             return;
         }
-        // Proxy to Anthropic
+        // Proxy to Anthropic (with concurrency control)
+        await semaphore.acquire();
         try {
             const accessToken = await getAccessToken();
             // Read request body with size limit and timeout (prevents slow-loris)
@@ -385,7 +433,7 @@ export async function startProxy(opts = {}) {
             }
             if (verbose) {
                 const modelInfo = modelOverride ? ` (model: ${modelOverride})` : '';
-                console.log(`[dario] #${requestCount} ${req.method} ${req.url}${modelInfo}`);
+                console.log(`[dario] #${requestCount} ${req.method} ${urlPath}${modelInfo}`);
             }
             // Merge client beta flags with defaults
             const clientBeta = req.headers['anthropic-beta'];
@@ -491,6 +539,9 @@ export async function startProxy(opts = {}) {
             res.writeHead(502, JSON_HEADERS);
             res.end(JSON.stringify({ error: 'Proxy error', message: 'Failed to reach upstream API' }));
         }
+        finally {
+            semaphore.release();
+        }
     });
     server.on('error', (err) => {
         if (err.code === 'EADDRINUSE') {
@@ -548,7 +599,7 @@ export async function startProxy(opts = {}) {
     const refreshInterval = setInterval(async () => {
         try {
             const s = await getStatus();
-            if (s.status === 'expiring') {
+            if (s.status === 'expiring' || s.status === 'expired') {
                 console.log('[dario] Token expiring, refreshing...');
                 await getAccessToken(); // triggers refresh
             }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "2.2.4",
+  "version": "2.3.0",
   "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
   "type": "module",
   "bin": {