@askalf/dario 3.0.0 → 3.0.2

package/README.md

@@ -2,7 +2,7 @@
   <h1 align="center">dario</h1>
   <p align="center"><strong>Use your Claude subscription as an API. The only proxy that bills correctly.</strong></p>
   <p align="center">
-    No API key needed. Your Claude Max/Pro subscription becomes a local API endpoint<br/>that any tool, SDK, or framework can use — with native billing classification,<br/>so your Max plan limits actually work.
+    No API key needed. Your Claude Max/Pro subscription becomes a local API endpoint<br/>that any tool, SDK, or framework can use. Template replay makes every request<br/>indistinguishable from real Claude Code — so your Max plan limits actually work.
   </p>
 </p>
 
@@ -33,7 +33,7 @@ export ANTHROPIC_BASE_URL=http://localhost:3456   # or OPENAI_BASE_URL=http://lo
 export ANTHROPIC_API_KEY=dario                    # or OPENAI_API_KEY=dario
 ```
 
-Opus, Sonnet, Haiku — all models, streaming, tool use. **Zero dependencies.** ~1,600 lines of TypeScript. Works with Cursor, Continue, Aider, LiteLLM, Hermes, OpenClaw, or any tool that speaks the Anthropic or OpenAI API. When rate limited, `--cli` routes through Claude Code for uninterrupted Opus access.
+Opus, Sonnet, Haiku — all models, streaming, tool use. **Zero dependencies.** ~1,900 lines of TypeScript. Works with Cursor, Continue, Aider, LiteLLM, Hermes, OpenClaw, or any tool that speaks the Anthropic or OpenAI API. When rate limited, `--cli` routes through Claude Code for uninterrupted Opus access.
 
 <table>
 <tr>
@@ -80,30 +80,28 @@ Opus, Sonnet, Haiku — all models, streaming, tool use. **Zero dependencies.**
 
 Most Claude subscription proxies have a critical billing problem: **Anthropic classifies their requests as third-party and routes all usage to Extra Usage billing** — even when you have Max plan limits available. You're paying for your subscription twice.
 
-dario is the only proxy that solves this. It injects native Claude Code device identity, per-request billing checksums (reverse-engineered from the Claude Code binary), and priority routing into every request — so Anthropic's billing system treats your requests exactly like Claude Code itself. Your Max plan limits work correctly, and Opus/Sonnet stay available even at high utilization.
+dario is the only proxy that solves this. Instead of transforming your requests signal by signal, dario v3.0 uses **template replay** — it replaces the entire request with Claude Code's exact template. CC's tool definitions, CC's field structure, CC's parameters. Only your conversation content is preserved. Anthropic's classifier sees a genuine Claude Code request because it IS one.
 
 | | dario | Other proxies |
 |---|---|---|
-| **Billing classification** | Native Claude Code session | Third-party (Extra Usage) |
+| **Approach** | Template replay — sends CC's actual request | Signal matching or none |
+| **Tools** | CC's exact tool definitions sent upstream | Client tools (detected) |
 | **Max plan limits** | Used correctly | Bypassed — billed separately |
-| **Device identity** | Injected automatically | Missing |
-| **Priority routing** | Full billing tag fingerprint | Missing |
-| **Billing tag fingerprint** | Per-request SHA-256 matching binary RE | Static or missing |
-| **Beta flags** | Match Claude Code v2.1.100 | Outdated or missing |
-| **Billable beta filtering** | Strips surprise charges | Passes everything through |
+| **Detection resistance** | Undetectable without flagging CC itself | Detected by tool names, field order, effort level, etc. |
+| **Dependencies** | 0 | Many |
 
 <details>
 <summary><strong>vs competitors</strong></summary>
 
 | Feature | dario | Meridian (710 stars) | CLIProxyAPI (24K stars) |
 |---------|-------|---------|------------|
-| Native billing classification | **Yes** | No | Inherited (CLI-only) |
+| Template replay (undetectable) | **Yes** | No | Inherited (CLI-only) |
 | Direct OAuth (streaming, tools) | **Yes** | Yes (SDK-based) | No |
 | CLI fallback (rate limit bypass) | **Yes** | No | Yes (only mode) |
 | OpenAI API compat | **Yes** | Yes | Yes |
 | Orchestration sanitization | **Yes** | Yes | No |
 | Token anomaly detection | **Yes** | Yes | No |
-| Codebase size | ~1,600 lines | ~9,000 lines | Platform |
+| Codebase size | ~1,900 lines | ~9,000 lines | Platform |
 | Dependencies | 0 | Many | Many |
 | Setup | 2 commands | Config + build | Config + dashboard |
 
@@ -386,18 +384,21 @@ Add to your `openclaw.json` models config:
 
 ## How It Works
 
-### Direct API Mode (default)
+### Direct API Mode (default) — Template Replay
 
 ```
-┌──────────┐     ┌─────────────────┐     ┌──────────────────┐
-│ Your App │ ──> │  dario (proxy)  │ ──> │ api.anthropic.com│
-│          │     │  localhost:3456  │     │                  │
-│ sends    │     │  swaps API key  │     │  sees valid      │
-│ API key  │     │  for OAuth      │     │  OAuth bearer    │
-│ "dario"  │     │  bearer token   │     │  token           │
-└──────────┘     └─────────────────┘     └──────────────────┘
+┌──────────┐     ┌─────────────────────┐     ┌──────────────────┐
+│ Your App │ ──> │   dario (proxy)     │ ──> │ api.anthropic.com│
+│          │     │   localhost:3456    │     │                  │
+│ sends    │     │                     │     │  sees a genuine  │
+│ its own  │     │  replaces request   │     │  Claude Code     │
+│ tools &  │     │  with CC template   │     │  request         │
+│ params   │     │  keeps only content │     │                  │
+└──────────┘     └─────────────────────┘     └──────────────────┘
 ```
 
+Your app sends whatever it wants — any tools, any parameters. dario replaces the entire request with Claude Code's template and injects only your conversation content. The upstream sees CC's exact tool definitions, field structure, and parameters.
+
 ### CLI Backend Mode (`--cli`)
 
 ```
@@ -454,10 +455,7 @@ Add to your `openclaw.json` models config:
 
 ### Direct API Mode
 - All Claude models (Opus 4.6, Sonnet 4.6, Haiku 4.5) + 1M extended context aliases (`opus1m`, `sonnet1m`)
-- **Native billing classification** — device identity, per-request billing tag with SHA-256 checksums matching real Claude Code (extracted via binary RE), ensures Max plan limits work correctly
-- **Template replay** (v3.0) — instead of transforming requests signal-by-signal, dario replaces the entire request with a Claude Code template. CC's exact tool definitions, field structure, and parameters are sent upstream. Only your conversation content is preserved. Tested with 40 third-party tools — all route to `five_hour`. See [Discussion #13](https://github.com/askalf/dario/discussions/13) for why this matters.
-- **Adaptive thinking** — matches Claude Code's `{ type: 'adaptive' }` mode for optimal reasoning (auto-skipped for Haiku 4.5)
-- **Effort control** — injects `output_config: { effort: 'medium' }` matching Claude Code's default, or passes through client-specified effort level
+- **Template replay** (v3.0) — replaces the entire request with Claude Code's exact template. CC's tool definitions, field structure, and parameters are sent upstream. Only your conversation content is preserved. Your client's tools are mapped to CC equivalents and reverse-mapped in responses. Tested with 40 third-party tools — all route to `five_hour`. See [Discussion 13](https://github.com/askalf/dario/discussions/13) and [Discussion 14](https://github.com/askalf/dario/discussions/14).
 - **Enriched 429 errors** — rate limit errors include utilization %, limiting window, and reset time instead of Anthropic's default `"Error"` message
 - **Auto CLI fallback** — if the API returns 429 and Claude Code is installed, transparently retries through `claude --print` with SSE conversion
 - **OpenAI-compatible** (`/v1/chat/completions`) — works with any OpenAI SDK or tool
@@ -582,7 +580,7 @@ Dario handles your OAuth tokens. Here's why you can trust it:
 
 | Signal | Status |
 |--------|--------|
-| **Source code** | ~1,600 lines of TypeScript — small enough to audit in one sitting |
+| **Source code** | ~1,900 lines of TypeScript — small enough to audit in one sitting |
 | **Dependencies** | 0 runtime dependencies. Verify: `npm ls --production` |
 | **npm provenance** | Every release is [SLSA attested](https://www.npmjs.com/package/@askalf/dario) via GitHub Actions |
 | **Security scanning** | [CodeQL](https://github.com/askalf/dario/actions/workflows/codeql.yml) runs on every push and weekly |
@@ -606,18 +604,21 @@ cd $(npm root -g)/@askalf/dario && npm ls --production
 
 | Topic | Link |
 |-------|------|
-| Billing tag algorithm, fingerprint analysis, Hermes/OpenClaw compatibility | [Discussion #8](https://github.com/askalf/dario/discussions/8) |
-| Why Opus 4.6 feels worse and how to fix it (thinking block accumulation, effort defaults) | [Discussion #9](https://github.com/askalf/dario/discussions/9) |
-| Rate limit header analysis and subscription throttling mechanics | [Discussion #1](https://github.com/askalf/dario/discussions/1) |
+| v3.0 Template Replay — why we stopped matching signals | [Discussion 14](https://github.com/askalf/dario/discussions/14) |
+| Claude Code defaults are detection signals, not optimizations | [Discussion 13](https://github.com/askalf/dario/discussions/13) |
+| Why Opus 4.6 feels worse and how to fix it | [Discussion 9](https://github.com/askalf/dario/discussions/9) |
+| Billing tag algorithm and fingerprint analysis | [Discussion 8](https://github.com/askalf/dario/discussions/8) |
+| Rate limit header analysis | [Discussion 1](https://github.com/askalf/dario/discussions/1) |
 
 ## Contributing
 
-PRs welcome. The codebase is ~1,600 lines of TypeScript across 4 files:
+PRs welcome. The codebase is ~1,900 lines of TypeScript across 5 files:
 
 | File | Purpose |
 |------|---------|
-| `src/oauth.ts` | Token storage, refresh logic, Claude Code credential detection, auto OAuth flow |
 | `src/proxy.ts` | HTTP proxy server + CLI backend |
+| `src/cc-template.ts` | Claude Code request template + tool mapping |
+| `src/oauth.ts` | Token storage, refresh, credential detection |
 | `src/cli.ts` | CLI entry point |
 | `src/index.ts` | Library exports |
 

package/dist/cc-template.js

@@ -211,17 +211,31 @@ export function buildCCRequest(clientBody, billingTag, agentIdentity, cache1h, i
             }
             else {
                 unmappedTools.push(tool.name);
-                // Unknown tools become Bash commands with description as context
+                // Distribute unmapped tools across CC tool names to avoid suspicious
+                // patterns where every unknown tool maps to Bash
+                const CC_FALLBACK_TOOLS = ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'];
+                const fallbackTool = CC_FALLBACK_TOOLS[unmappedTools.length % CC_FALLBACK_TOOLS.length];
                 activeToolMap.set(tool.name, {
-                    ccTool: 'Bash',
-                    translateArgs: (a) => ({
-                        command: `echo "Tool ${tool.name} called with: ${JSON.stringify(a).slice(0, 200)}"`,
-                    }),
+                    ccTool: fallbackTool,
+                    translateArgs: (a) => {
+                        // Translate args to match the CC tool's expected schema
+                        switch (fallbackTool) {
+                            case 'Bash': return { command: `echo "${JSON.stringify(a).slice(0, 200)}"` };
+                            case 'Read': return { file_path: String(a.path || a.file || a.url || '/tmp/output') };
+                            case 'Grep': return { pattern: String(a.query || a.pattern || a.search || '.'), path: '.' };
+                            case 'Glob': return { pattern: String(a.pattern || a.glob || '*') };
+                            case 'WebSearch': return { query: String(a.query || a.q || a.search || '') };
+                            case 'WebFetch': return { url: String(a.url || a.uri || '') };
+                            default: return a;
+                        }
+                    },
                 });
             }
         }
     }
-    // ── Remap tool_use references in message history ──
+    // ── Remap tool_use and tool_result references in message history ──
+    // Track tool_use_id → CC tool name for consistent remapping
+    const toolUseIdMap = new Map();
     for (const msg of messages) {
         if (Array.isArray(msg.content)) {
             for (const block of msg.content) {
@@ -233,6 +247,41 @@ export function buildCCRequest(clientBody, billingTag, agentIdentity, cache1h, i
                             block.input = mapping.translateArgs(block.input);
                         }
                     }
+                    // Track the ID so tool_results stay consistent
+                    if (typeof block.id === 'string') {
+                        toolUseIdMap.set(block.id, block.name);
+                    }
+                }
+                // Strip any client-specific fields from tool_result blocks that CC wouldn't send
+                if (block.type === 'tool_result') {
+                    // Remove non-standard fields clients may add
+                    for (const key of Object.keys(block)) {
+                        if (!['type', 'tool_use_id', 'content', 'is_error'].includes(key)) {
+                            delete block[key];
+                        }
+                    }
+                }
+            }
+        }
+    }
+    // ── Compact conversation history ──
+    // Real CC conversations have specific patterns. Strip metadata that
+    // third-party frameworks inject into tool_result content.
+    for (const msg of messages) {
+        if (Array.isArray(msg.content)) {
+            for (const block of msg.content) {
+                // Truncate very long tool_result content — CC tool results are typically
+                // shorter because CC truncates file reads, command output, etc.
+                if (block.type === 'tool_result' && typeof block.content === 'string' && block.content.length > 30000) {
+                    block.content = block.content.slice(0, 30000) + '\n[...truncated]';
+                }
+                // Also handle array-form tool_result content
+                if (block.type === 'tool_result' && Array.isArray(block.content)) {
+                    for (const sub of block.content) {
+                        if (sub.type === 'text' && typeof sub.text === 'string' && sub.text.length > 30000) {
+                            sub.text = sub.text.slice(0, 30000) + '\n[...truncated]';
+                        }
+                    }
                 }
             }
         }
@@ -249,6 +298,16 @@ export function buildCCRequest(clientBody, billingTag, agentIdentity, cache1h, i
             .map(b => b.text)
             .join('\n\n');
     }
+    // Strip framework identifiers from system prompt that would flag non-CC usage
+    const FRAMEWORK_PATTERNS = [
+        /\b(openclaw|hermes|aider|cursor|windsurf|cline|continue|copilot|cody)\b/gi,
+        /\b(openai|gpt-4|gpt-3\.5)\b/gi,
+        /powered by [a-z]+/gi,
+        /\bgateway\b/gi,
+    ];
+    for (const pattern of FRAMEWORK_PATTERNS) {
+        systemText = systemText.replace(pattern, '');
+    }
     // ── Build the CC request from template ──
     const ccRequest = {
         model,
@@ -260,11 +319,13 @@ export function buildCCRequest(clientBody, billingTag, agentIdentity, cache1h, i
         ],
         max_tokens: 64000,
     };
-    // Model-specific fields
+    // Model-specific fields (matches CC v2.1.104 exactly)
     if (!isHaiku) {
         ccRequest.thinking = { type: 'adaptive' };
         ccRequest.output_config = { effort: 'medium' };
         ccRequest.context_management = { edits: [{ type: 'clear_thinking_20251015', keep: 'all' }] };
+        // CC sends temperature:1 explicitly when not in thinking-only mode
+        ccRequest.temperature = 1;
     }
     // Always include metadata
     ccRequest.metadata = {

package/dist/oauth.js

@@ -108,7 +108,7 @@ export async function startAutoOAuthFlow() {
                 .catch(reject);
         });
         let port = 0;
-        server.listen(0, 'localhost', () => {
+        server.listen(0, 'localhost', async () => {
             const addr = server.address();
             port = typeof addr === 'object' && addr ? addr.port : 0;
             const params = new URLSearchParams({
@@ -127,7 +127,7 @@ export async function startAutoOAuthFlow() {
             console.log(`  If the browser didn't open, visit: ${authUrl}`);
             console.log('');
             // Open browser using platform-specific commands (no external deps)
-            const { exec } = require('node:child_process');
+            const { exec } = await import('node:child_process');
             const cmd = process.platform === 'win32' ? `start "" "${authUrl}"`
                 : process.platform === 'darwin' ? `open "${authUrl}"`
                     : `xdg-open "${authUrl}"`;

package/dist/proxy.js

@@ -237,194 +237,12 @@ function sanitizeMessages(body) {
         }
     }
 }
-/**
- * Strip thinking blocks from prior assistant messages.
- * Real Claude Code strips thinking from conversation history before building the next request.
- * The API's context_management: clear_thinking does NOT reduce input token billing —
- * tokens are counted before server-side edits. Client-side stripping is the only way
- * to avoid burning the 5h window on stale thinking traces.
- * Only strips from prior turns — the most recent assistant message is left intact.
- */
-function stripThinkingFromHistory(body) {
-    const messages = body.messages;
-    if (!messages)
-        return;
-    // Strip thinking blocks from ALL assistant messages.
-    // Real Claude Code never sends thinking blocks in the messages array —
-    // it strips them before building the next request. The API will generate
-    // fresh thinking for the current turn; prior thinking is dead weight.
-    for (const msg of messages) {
-        if (msg.role !== 'assistant')
-            continue;
-        if (Array.isArray(msg.content)) {
-            msg.content = msg.content.filter(b => b.type !== 'thinking');
-        }
-    }
-}
 /**
  * Scrub non-Claude-Code fields and normalize field ordering.
  * Real Claude Code never sends these fields. Their presence is a fingerprint.
  * JSON field order is also detectable — Claude Code always sends fields in a
  * specific order. We rebuild the object to match.
  */
-const NON_CC_FIELDS = new Set(['service_tier', 'top_p', 'top_k', 'stop_sequences', 'temperature']);
-// ── Tool name rewriting ──
-// Anthropic fingerprints on tool names — non-CC names trigger overage classification.
-// Map third-party tool names to CC equivalents on the way in, reverse on the way out.
-const CC_TOOLS = new Set([
-    'Read', 'Write', 'Edit', 'Bash', 'Glob', 'Grep', 'Browser', 'WebFetch', 'WebSearch',
-    'NotebookEdit', 'NotebookRead', 'TodoRead', 'TodoWrite',
-    'Agent', 'MCPListTools', 'MCPCallTool',
-    'AskUserQuestion', 'EnterPlanMode', 'ExitPlanMode',
-    'EnterWorktree', 'ExitWorktree', 'TaskCreate', 'TaskUpdate',
-]);
-// Common third-party tool names → CC equivalents
-const TOOL_NAME_MAP = {
-    bash: 'Bash', sh: 'Bash', exec: 'Bash', shell: 'Bash', run: 'Bash', execute: 'Bash',
-    command: 'Bash', terminal: 'Bash', process: 'Bash',
-    read: 'Read', read_file: 'Read', file_read: 'Read', get_file: 'Read',
-    write: 'Write', write_file: 'Write', file_write: 'Write', create_file: 'Write', save_file: 'Write',
-    edit: 'Edit', edit_file: 'Edit', modify_file: 'Edit', patch: 'Edit', replace: 'Edit',
-    glob: 'Glob', find_files: 'Glob', list_files: 'Glob', ls: 'Glob',
-    grep: 'Grep', search: 'Grep', search_files: 'Grep', find_in_files: 'Grep', rg: 'Grep',
-    web_search: 'WebSearch', websearch: 'WebSearch', google: 'WebSearch',
-    web_fetch: 'WebFetch', webfetch: 'WebFetch', fetch: 'WebFetch', http: 'WebFetch', curl: 'WebFetch',
-    browse: 'Browser', browser: 'Browser', open_url: 'Browser',
-    notebook: 'NotebookEdit', notebook_edit: 'NotebookEdit',
-};
-/**
- * Rewrite tool names in the request to match CC toolset.
- * Returns the mapping so we can reverse it in the response.
- * Tools that don't map to a known CC name get wrapped as MCPCallTool.
- */
-function rewriteToolNames(body) {
-    const tools = body.tools;
-    if (!tools || !Array.isArray(tools))
-        return [];
-    const mappings = [];
-    const usedNames = new Set();
-    // First pass: collect CC tool names already in the list
-    for (const tool of tools) {
-        if (CC_TOOLS.has(tool.name))
-            usedNames.add(tool.name);
-    }
-    let mcpIndex = 0;
-    for (const tool of tools) {
-        const originalName = tool.name;
-        if (!originalName)
-            continue;
-        // Already a CC tool name
-        if (CC_TOOLS.has(originalName))
-            continue;
-        // Check direct map — but avoid duplicates
-        const directMap = TOOL_NAME_MAP[originalName.toLowerCase()];
-        if (directMap && !usedNames.has(directMap)) {
-            mappings.push({ original: originalName, mapped: directMap });
-            tool.name = directMap;
-            usedNames.add(directMap);
-        }
-        else {
-            // Wrap as mcp_<original_name> — MCP tools use this prefix in real CC
-            const mcpName = `mcp_${originalName}`;
-            mappings.push({ original: originalName, mapped: mcpName });
-            tool.name = mcpName;
-        }
-    }
-    // Cap tool count — CC sends max ~22 tools. Excess tools get consolidated
-    // into a single MCPCallTool dispatch with routing table.
-    const MAX_TOOLS = 22;
-    if (tools.length > MAX_TOOLS) {
-        const keep = tools.slice(0, MAX_TOOLS - 1); // keep first N-1
-        const overflow = tools.slice(MAX_TOOLS - 1);
-        // Build dispatch tool that wraps all overflow tools
-        const dispatchDesc = overflow.map((t) => `${t.name}: ${(t.description || '').slice(0, 50)}`).join('\n');
-        const dispatchTool = {
-            name: 'mcp_dispatch',
-            description: `Route to one of these tools:\n${dispatchDesc}`,
-            input_schema: {
-                type: 'object',
-                properties: {
-                    tool_name: { type: 'string', description: 'Which tool to call', enum: overflow.map((t) => t.name) },
-                    input: { type: 'object', description: 'Arguments to pass to the tool' },
-                },
-                required: ['tool_name', 'input'],
-            },
-        };
-        // Track overflow mappings for reverse
-        for (const t of overflow) {
-            mappings.push({ original: t.name, mapped: 'mcp_dispatch' });
-        }
-        // Replace tools array
-        keep.push(dispatchTool);
-        body.tools = keep;
-    }
-    return mappings;
-}
-/**
- * Reverse tool name mapping in the response body.
- * Restores original tool names in tool_use content blocks.
- */
-function reverseToolNames(body, mappings) {
-    if (mappings.length === 0)
-        return body;
-    let result = body;
-    for (const { original, mapped } of mappings) {
-        // Replace in tool_use blocks: "name":"MCPCallTool" → "name":"original"
-        result = result.replace(new RegExp(`"name"\\s*:\\s*"${mapped}"`, 'g'), `"name":"${original}"`);
-    }
-    return result;
-}
-// Claude Code's field order (from MITM capture). Fields not in this list are appended at end.
-const CC_FIELD_ORDER = [
-    'model', 'messages', 'system', 'max_tokens', 'thinking', 'output_config',
-    'context_management', 'metadata', 'stream', 'tools', 'tool_choice',
-];
-function scrubAndReorderFields(body) {
-    // Remove non-CC fields
-    for (const field of NON_CC_FIELDS) {
-        delete body[field];
-    }
-    // Rebuild with Claude Code field ordering
-    const ordered = {};
-    for (const key of CC_FIELD_ORDER) {
-        if (key in body) {
-            ordered[key] = body[key];
-            delete body[key];
-        }
-    }
-    // Append any remaining fields (custom client fields we don't recognize)
-    for (const [key, value] of Object.entries(body)) {
-        ordered[key] = value;
-    }
-    return ordered;
-}
-/**
- * Normalize system prompt to exactly 3 blocks.
- * Real Claude Code always sends exactly 3 system blocks:
- * [0] billing tag (no cache), [1] agent identity (cache 1h), [2] system prompt (cache 1h)
- * If the client sends multiple system blocks, merge them into block [2].
- */
-function normalizeSystemTo3Blocks(system, billingTag, agentIdentity, cache1h) {
-    let systemText;
-    if (typeof system === 'string') {
-        systemText = system;
-    }
-    else if (Array.isArray(system)) {
-        // Merge all text blocks into one, skip any existing billing tags
-        systemText = system
-            .filter(b => b.text && !b.text.includes('x-anthropic-billing-header:'))
-            .map(b => b.text)
-            .join('\n\n');
-    }
-    else {
-        systemText = '';
-    }
-    return [
-        { type: 'text', text: billingTag },
-        { type: 'text', text: agentIdentity, cache_control: cache1h },
-        { type: 'text', text: systemText || 'You are a helpful assistant.', cache_control: cache1h },
-    ];
-}
 // OpenAI model names → Anthropic (fallback if client sends GPT names)
 const OPENAI_MODEL_MAP = {
     'gpt-5.4': 'claude-opus-4-6',
@@ -700,7 +518,7 @@ export async function startProxy(opts = {}) {
         'accept': 'application/json',
         'Content-Type': 'application/json',
         'anthropic-dangerous-direct-browser-access': 'true',
-        'user-agent': `claude-cli/${cliVersion} (external, cli)`,
+        'user-agent': `claude-cli/${cliVersion} (external, cli, workload/cron)`,
         'x-app': 'cli',
         'x-claude-code-session-id': SESSION_ID,
         'x-stainless-arch': arch,
@@ -736,7 +554,7 @@ export async function startProxy(opts = {}) {
     const JSON_HEADERS = { 'Content-Type': 'application/json', ...SECURITY_HEADERS };
     const MODELS_JSON = JSON.stringify(OPENAI_MODELS_LIST);
     const ERR_UNAUTH = JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key' });
-    const ERR_FORBIDDEN = JSON.stringify({ error: 'Forbidden', message: 'Path not allowed' });
+    const ERR_FORBIDDEN = JSON.stringify({ error: 'Forbidden', message: 'Path not allowed. Supported paths: POST /v1/messages, POST /v1/chat/completions, GET /v1/models' });
     const ERR_METHOD = JSON.stringify({ error: 'Method not allowed' });
     function checkAuth(req) {
         if (!apiKeyBuf)
@@ -859,7 +677,6 @@ export async function startProxy(opts = {}) {
             }
             // Parse body once, apply OpenAI translation, model override, and sanitization
             let finalBody = body.length > 0 ? body : undefined;
-            let toolMappings = [];
             let ccToolMap = null;
             if (body.length > 0) {
                 try {
@@ -878,7 +695,7 @@ export async function startProxy(opts = {}) {
                         const buildTag = computeBuildTag(userMsg, cliVersion);
                         const cch = computeCch();
                         const fullVersion = `${cliVersion}.${buildTag}`;
-                        const billingTag = `x-anthropic-billing-header: cc_version=${fullVersion}; cc_entrypoint=cli; cch=${cch};`;
+                        const billingTag = `x-anthropic-billing-header: cc_version=${fullVersion}; cc_entrypoint=cli; cch=${cch}; cc_workload=cron;`;
                         const AGENT_IDENTITY = 'You are a Claude agent, built on Anthropic\'s Claude Agent SDK.';
                         const CACHE_1H = { type: 'ephemeral', ttl: '1h' };
                         const { body: ccBody, toolMap } = buildCCRequest(r, billingTag, AGENT_IDENTITY, CACHE_1H, { deviceId: identity.deviceId, accountUuid: identity.accountUuid, sessionId: SESSION_ID });
@@ -908,7 +725,8 @@ export async function startProxy(opts = {}) {
             }
             else {
                 // Claude-optimized: full beta set matching real Claude Code (exact order from MITM capture)
-                beta = 'claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05,advisor-tool-2026-03-01,effort-2025-11-24,fast-mode-2026-02-01';
+                // Beta set from CC v2.1.104 binary RE — some are CC-internal/gated, only include publicly accepted ones
+                beta = 'claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05,advisor-tool-2026-03-01,effort-2025-11-24,fast-mode-2026-02-01,redact-thinking-2026-02-12,context-1m-2025-08-07,web-search-2025-03-05,advanced-tool-use-2025-11-20,tool-search-tool-2025-10-19';
                 if (clientBeta) {
                     const baseSet = new Set(beta.split(','));
                     const filtered = filterBillableBetas(clientBeta)
@@ -920,7 +738,7 @@ export async function startProxy(opts = {}) {
             const headers = {
                 ...staticHeaders,
                 'Authorization': `Bearer ${accessToken}`,
-                'anthropic-version': req.headers['anthropic-version'] || '2023-06-01',
+                'anthropic-version': passthrough ? (req.headers['anthropic-version'] || '2023-06-01') : '2023-06-01',
                 'anthropic-beta': beta,
                 // Real Claude Code adds x-client-request-id for firstParty + api.anthropic.com
                 'x-client-request-id': randomUUID(),

package/package.json

@@ -1,64 +1,64 @@
-{
-  "name": "@askalf/dario",
-  "version": "3.0.0",
-  "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
-  "type": "module",
-  "bin": {
-    "dario": "./dist/cli.js"
-  },
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    }
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "scripts": {
-    "build": "tsc",
-    "audit": "npm audit --production --audit-level=high",
-    "prepublishOnly": "npm run build",
-    "start": "node dist/cli.js",
-    "dev": "tsx src/cli.ts",
-    "e2e": "node test/e2e.mjs",
-    "compat": "node test/compat.mjs"
-  },
-  "keywords": [
-    "claude",
-    "anthropic",
-    "oauth",
-    "proxy",
-    "api",
-    "bridge",
-    "subscription",
-    "claude-max",
-    "claude-pro",
-    "llm",
-    "ai",
-    "cli",
-    "developer-tools"
-  ],
-  "author": "askalf (https://github.com/askalf)",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/askalf/dario.git"
-  },
-  "homepage": "https://github.com/askalf/dario",
-  "bugs": {
-    "url": "https://github.com/askalf/dario/issues"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "devDependencies": {
-    "@types/node": "^22.0.0",
-    "tsx": "^4.19.0",
-    "typescript": "^5.7.0"
-  }
+{
+  "name": "@askalf/dario",
+  "version": "3.0.2",
+  "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
+  "type": "module",
+  "bin": {
+    "dario": "./dist/cli.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "audit": "npm audit --production --audit-level=high",
+    "prepublishOnly": "npm run build",
+    "start": "node dist/cli.js",
+    "dev": "tsx src/cli.ts",
+    "e2e": "node test/e2e.mjs",
+    "compat": "node test/compat.mjs"
+  },
+  "keywords": [
+    "claude",
+    "anthropic",
+    "oauth",
+    "proxy",
+    "api",
+    "bridge",
+    "subscription",
+    "claude-max",
+    "claude-pro",
+    "llm",
+    "ai",
+    "cli",
+    "developer-tools"
+  ],
+  "author": "askalf (https://github.com/askalf)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/askalf/dario.git"
+  },
+  "homepage": "https://github.com/askalf/dario",
+  "bugs": {
+    "url": "https://github.com/askalf/dario/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  }
 }