@askalf/dario 3.10.3 → 3.11.1

package/dist/analytics.d.ts

@@ -23,6 +23,26 @@ export interface RequestRecord {
     isStream: boolean;
     isOpenAI: boolean;
 }
+/**
+ * The four billing buckets a request can land in, derived from the
+ * `anthropic-ratelimit-unified-representative-claim` response header.
+ *
+ * - `subscription`         — request billed against the user's 5h subscription window (Max/Pro)
+ * - `subscription_fallback` — server-side fallback subscription bucket (rare, still covered)
+ * - `extra_usage`          — overage / pay-as-you-go, paid on top of subscription
+ * - `api`                  — pure API key billing, no subscription involved
+ * - `unknown`              — header absent or unparseable (non-200 responses, stream aborts)
+ *
+ * Exposed in `/analytics` summaries and in verbose per-request logs so
+ * users can see at a glance which bucket their traffic is actually hitting.
+ * See #34 for background.
+ */
+export type BillingBucket = 'subscription' | 'subscription_fallback' | 'extra_usage' | 'api' | 'unknown';
+/**
+ * Map the raw `representative-claim` header value to a human-friendly
+ * billing bucket. Pure function; no state; safe to call from any context.
+ */
+export declare function billingBucketFromClaim(claim: string | null | undefined): BillingBucket;
 export declare class Analytics {
     private records;
     private maxRecords;
@@ -60,27 +80,30 @@ interface PerModelStat {
     avgThinkingTokens: number;
     estimatedCost: number;
 }
+interface WindowStats {
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    totalThinkingTokens: number;
+    estimatedCost: number;
+    avgLatencyMs: number;
+    errorRate: number;
+    claimBreakdown: Record<string, number>;
+    /** Count of requests in each derived billing bucket. See #34. */
+    billingBucketBreakdown: Record<BillingBucket, number>;
+    /**
+     * Percentage of *classified* requests (non-unknown) that hit a
+     * subscription bucket. The headline number for "is dario routing me
+     * through my subscription?" — should be 100% for a clean setup. See #34.
+     */
+    subscriptionPercent: number;
+}
 export interface AnalyticsSummary {
-    window: {
+    window: WindowStats & {
         minutes: number;
         requests: number;
-        totalInputTokens: number;
-        totalOutputTokens: number;
-        totalThinkingTokens: number;
-        estimatedCost: number;
-        avgLatencyMs: number;
-        errorRate: number;
-        claimBreakdown: Record<string, number>;
     };
-    allTime: {
+    allTime: WindowStats & {
         requests: number;
-        totalInputTokens: number;
-        totalOutputTokens: number;
-        totalThinkingTokens: number;
-        estimatedCost: number;
-        avgLatencyMs: number;
-        errorRate: number;
-        claimBreakdown: Record<string, number>;
     };
     perAccount: Record<string, PerAccountStat>;
     perModel: Record<string, PerModelStat>;

package/dist/analytics.js

@@ -5,6 +5,24 @@
  * In-memory rolling window; exposed via the /analytics endpoint when
  * pool mode is active.
  */
+/**
+ * Map the raw `representative-claim` header value to a human-friendly
+ * billing bucket. Pure function; no state; safe to call from any context.
+ */
+export function billingBucketFromClaim(claim) {
+    switch (claim) {
+        case 'five_hour':
+            return 'subscription';
+        case 'five_hour_fallback':
+            return 'subscription_fallback';
+        case 'overage':
+            return 'extra_usage';
+        case 'api':
+            return 'api';
+        default:
+            return 'unknown';
+    }
+}
 // Anthropic pricing (per 1M tokens, USD). Not authoritative — used for
 // rough burn-rate display in the /analytics summary.
 const PRICING = {
@@ -74,6 +92,14 @@ export class Analytics {
                 totalInputTokens: 0, totalOutputTokens: 0, totalThinkingTokens: 0,
                 estimatedCost: 0, avgLatencyMs: 0, errorRate: 0,
                 claimBreakdown: {},
+                billingBucketBreakdown: {
+                    subscription: 0,
+                    subscription_fallback: 0,
+                    extra_usage: 0,
+                    api: 0,
+                    unknown: 0,
+                },
+                subscriptionPercent: 0,
             };
         }
         const totalInput = records.reduce((s, r) => s + r.inputTokens, 0);
@@ -83,9 +109,22 @@ export class Analytics {
         const avgLatency = records.reduce((s, r) => s + r.latencyMs, 0) / records.length;
         const errors = records.filter(r => r.status >= 400).length;
         const claims = {};
+        const buckets = {
+            subscription: 0,
+            subscription_fallback: 0,
+            extra_usage: 0,
+            api: 0,
+            unknown: 0,
+        };
         for (const r of records) {
             claims[r.claim] = (claims[r.claim] ?? 0) + 1;
+            buckets[billingBucketFromClaim(r.claim)]++;
         }
+        const subscriptionHits = buckets.subscription + buckets.subscription_fallback;
+        const billedRequests = records.length - buckets.unknown;
+        const subscriptionPct = billedRequests > 0
+            ? Math.round((subscriptionHits / billedRequests) * 10000) / 100
+            : 0;
         return {
             totalInputTokens: totalInput,
             totalOutputTokens: totalOutput,
@@ -94,6 +133,8 @@ export class Analytics {
             avgLatencyMs: Math.round(avgLatency),
             errorRate: Math.round((errors / records.length) * 10000) / 10000,
             claimBreakdown: claims,
+            billingBucketBreakdown: buckets,
+            subscriptionPercent: subscriptionPct,
         };
     }
     perAccountStats(records) {

package/dist/cc-template.d.ts

@@ -2,8 +2,10 @@
  * Claude Code request template.
  *
  * Tool definitions, system prompt, and request structure are loaded from
- * cc-template-data.json and sent verbatim — this gives byte-level fidelity
- * with the shape of a real Claude Code request.
+ * the live fingerprint cache (captured from the user's own CC install at
+ * dario startup) or from the bundled cc-template-data.json snapshot. The
+ * live cache self-heals when Anthropic ships a new CC version — no user
+ * action required. See src/live-fingerprint.ts for the capture pipeline.
  */
 /** CC's exact tool definitions — loaded from the template JSON. */
 export declare const CC_TOOL_DEFINITIONS: {

package/dist/cc-template.js

@@ -2,15 +2,14 @@
  * Claude Code request template.
  *
  * Tool definitions, system prompt, and request structure are loaded from
- * cc-template-data.json and sent verbatim — this gives byte-level fidelity
- * with the shape of a real Claude Code request.
+ * the live fingerprint cache (captured from the user's own CC install at
+ * dario startup) or from the bundled cc-template-data.json snapshot. The
+ * live cache self-heals when Anthropic ships a new CC version — no user
+ * action required. See src/live-fingerprint.ts for the capture pipeline.
  */
-import { readFileSync } from 'node:fs';
-import { join, dirname } from 'node:path';
-import { fileURLToPath } from 'node:url';
-const __dirname = dirname(fileURLToPath(import.meta.url));
-// Load template data at module init — fail fast if missing
-const TEMPLATE = JSON.parse(readFileSync(join(__dirname, 'cc-template-data.json'), 'utf-8'));
+import { loadTemplate } from './live-fingerprint.js';
+// Load template at module init — prefer live cache, fall back to bundled.
+const TEMPLATE = loadTemplate({ silent: true });
 /** CC's exact tool definitions — loaded from the template JSON. */
 export const CC_TOOL_DEFINITIONS = TEMPLATE.tools;
 /** CC's static system prompt (~25KB). */

package/dist/live-fingerprint.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Live fingerprint extraction.
+ *
+ * At dario startup, spawn the user's actual `claude` binary against a
+ * loopback MITM endpoint, capture the outbound /v1/messages request, and
+ * use the captured system prompt / tools / agent identity as the template
+ * replay source — instead of shipping a stale snapshot in
+ * `cc-template-data.json`.
+ *
+ * The bundled snapshot remains as a fallback for users without CC installed
+ * or when live capture fails. Template replay auto-heals on CC updates
+ * without any user action.
+ *
+ * Security: the MITM endpoint only accepts connections from 127.0.0.1 and
+ * only runs long enough to capture a single request. CC's OAuth token
+ * never leaves the machine — we send CC to a loopback URL that CC itself
+ * trusts because we set ANTHROPIC_BASE_URL in the child's environment.
+ */
+export interface TemplateData {
+    _version: string;
+    _captured: string;
+    _source?: 'bundled' | 'live';
+    agent_identity: string;
+    system_prompt: string;
+    tools: Array<{
+        name: string;
+        description: string;
+        input_schema: Record<string, unknown>;
+    }>;
+    tool_names: string[];
+}
+/**
+ * Load the template synchronously. Prefers the live cache (fresh capture
+ * from the user's own CC install) and falls back to the bundled snapshot.
+ *
+ * This is intentionally sync and fast — it runs at module init on every
+ * dario request handler. The actual capture is async and runs in the
+ * background via refreshLiveFingerprintAsync(); its results are written
+ * to the cache file and picked up on the next dario startup.
+ */
+export declare function loadTemplate(_options?: {
+    silent?: boolean;
+}): TemplateData;
+/**
+ * Kick off a background live fingerprint capture. Safe to call on every
+ * dario proxy startup — no-ops if CC isn't installed, if the cache is
+ * already fresh, or if another refresh is in flight. Never throws.
+ *
+ * Result is written to ~/.dario/cc-template.live.json and picked up on
+ * the next dario startup (cc-template.ts loads the cache synchronously
+ * at module init).
+ */
+export declare function refreshLiveFingerprintAsync(options?: {
+    force?: boolean;
+    silent?: boolean;
+    timeoutMs?: number;
+}): Promise<TemplateData | null>;
+interface CapturedRequest {
+    method: string;
+    path: string;
+    headers: Record<string, string>;
+    body: Record<string, unknown>;
+}
+/**
+ * Run a loopback MITM server on a random port, spawn CC with
+ * ANTHROPIC_BASE_URL pointed at it, wait for one request, respond with a
+ * minimal valid SSE stream, and return the captured request.
+ *
+ * Returns null on timeout or spawn failure. Does not throw.
+ */
+export declare function captureLiveTemplateAsync(timeoutMs?: number): Promise<TemplateData | null>;
+/**
+ * Given a captured /v1/messages request body, pull out the fields that
+ * matter for template replay: agent identity, system prompt, tool list,
+ * and CC version (from the billing header or user-agent).
+ */
+export declare function extractTemplate(captured: CapturedRequest): TemplateData | null;
+/**
+ * Test hook: given a captured request object (from a mocked server or a
+ * synthetic fixture), run it through the same extraction path. Exposed so
+ * test/live-fingerprint.mjs doesn't need to spawn a real process.
+ */
+export declare function _extractTemplateForTest(captured: CapturedRequest): TemplateData | null;
+export {};

package/dist/live-fingerprint.js

@@ -0,0 +1,369 @@
+/**
+ * Live fingerprint extraction.
+ *
+ * At dario startup, spawn the user's actual `claude` binary against a
+ * loopback MITM endpoint, capture the outbound /v1/messages request, and
+ * use the captured system prompt / tools / agent identity as the template
+ * replay source — instead of shipping a stale snapshot in
+ * `cc-template-data.json`.
+ *
+ * The bundled snapshot remains as a fallback for users without CC installed
+ * or when live capture fails. Template replay auto-heals on CC updates
+ * without any user action.
+ *
+ * Security: the MITM endpoint only accepts connections from 127.0.0.1 and
+ * only runs long enough to capture a single request. CC's OAuth token
+ * never leaves the machine — we send CC to a loopback URL that CC itself
+ * trusts because we set ANTHROPIC_BASE_URL in the child's environment.
+ */
+import { spawn } from 'node:child_process';
+import { createServer } from 'node:http';
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const LIVE_CACHE = join(homedir(), '.dario', 'cc-template.live.json');
+const LIVE_TTL_MS = 24 * 60 * 60 * 1000; // re-extract once a day
+/**
+ * Load the template synchronously. Prefers the live cache (fresh capture
+ * from the user's own CC install) and falls back to the bundled snapshot.
+ *
+ * This is intentionally sync and fast — it runs at module init on every
+ * dario request handler. The actual capture is async and runs in the
+ * background via refreshLiveFingerprintAsync(); its results are written
+ * to the cache file and picked up on the next dario startup.
+ */
+export function loadTemplate(_options) {
+    const cached = readLiveCache();
+    if (cached) {
+        const age = Date.now() - new Date(cached._captured).getTime();
+        if (age < LIVE_TTL_MS) {
+            return cached;
+        }
+        // Stale cache — still better than bundled if bundled is older.
+        // We return the stale live cache and let the background refresh
+        // update it for next startup.
+        return cached;
+    }
+    return loadBundledTemplate();
+}
+/**
+ * Kick off a background live fingerprint capture. Safe to call on every
+ * dario proxy startup — no-ops if CC isn't installed, if the cache is
+ * already fresh, or if another refresh is in flight. Never throws.
+ *
+ * Result is written to ~/.dario/cc-template.live.json and picked up on
+ * the next dario startup (cc-template.ts loads the cache synchronously
+ * at module init).
+ */
+export async function refreshLiveFingerprintAsync(options) {
+    const silent = options?.silent ?? false;
+    const log = (msg) => { if (!silent)
+        console.log(`[dario] ${msg}`); };
+    if (!options?.force) {
+        const cached = readLiveCache();
+        if (cached) {
+            const age = Date.now() - new Date(cached._captured).getTime();
+            if (age < LIVE_TTL_MS)
+                return cached;
+        }
+    }
+    if (!findClaudeBinary())
+        return null;
+    try {
+        const live = await captureLiveTemplateAsync(options?.timeoutMs ?? 10_000);
+        if (!live) {
+            log('live fingerprint refresh: capture returned null (CC did not send a /v1/messages request within the timeout)');
+            return null;
+        }
+        writeLiveCache(live);
+        log(`live fingerprint refreshed from CC ${live._version}`);
+        return live;
+    }
+    catch (err) {
+        log(`live fingerprint refresh failed: ${err.message}`);
+        return null;
+    }
+}
+function loadBundledTemplate() {
+    const data = JSON.parse(readFileSync(join(__dirname, 'cc-template-data.json'), 'utf-8'));
+    data._source = 'bundled';
+    return data;
+}
+function readLiveCache() {
+    if (!existsSync(LIVE_CACHE))
+        return null;
+    try {
+        const data = JSON.parse(readFileSync(LIVE_CACHE, 'utf-8'));
+        if (!data.system_prompt || !Array.isArray(data.tools) || data.tools.length === 0)
+            return null;
+        data._source = 'live';
+        return data;
+    }
+    catch {
+        return null;
+    }
+}
+function writeLiveCache(data) {
+    mkdirSync(dirname(LIVE_CACHE), { recursive: true });
+    writeFileSync(LIVE_CACHE, JSON.stringify(data, null, 2));
+}
+/**
+ * Run a loopback MITM server on a random port, spawn CC with
+ * ANTHROPIC_BASE_URL pointed at it, wait for one request, respond with a
+ * minimal valid SSE stream, and return the captured request.
+ *
+ * Returns null on timeout or spawn failure. Does not throw.
+ */
+export async function captureLiveTemplateAsync(timeoutMs = 10_000) {
+    const captured = await runCapture(timeoutMs);
+    if (!captured)
+        return null;
+    return extractTemplate(captured);
+}
+async function runCapture(timeoutMs) {
+    return new Promise((resolve) => {
+        let captured = null;
+        let settled = false;
+        const settle = (result) => {
+            if (settled)
+                return;
+            settled = true;
+            try {
+                server.close();
+            }
+            catch { /* noop */ }
+            try {
+                child?.kill('SIGTERM');
+            }
+            catch { /* noop */ }
+            resolve(result);
+        };
+        const server = createServer((req, res) => {
+            // Only handle /v1/messages — everything else gets a 404 so CC doesn't
+            // accidentally think /v1/models is live.
+            if (!req.url?.includes('/v1/messages')) {
+                res.writeHead(404, { 'content-type': 'application/json' });
+                res.end('{"type":"error","error":{"type":"not_found_error","message":"not found"}}');
+                return;
+            }
+            const chunks = [];
+            req.on('data', (c) => chunks.push(c));
+            req.on('end', () => {
+                try {
+                    const raw = Buffer.concat(chunks).toString('utf-8');
+                    const body = raw ? JSON.parse(raw) : {};
+                    const headers = {};
+                    for (const [k, v] of Object.entries(req.headers)) {
+                        if (typeof v === 'string')
+                            headers[k] = v;
+                        else if (Array.isArray(v))
+                            headers[k] = v.join(',');
+                    }
+                    captured = {
+                        method: req.method ?? 'POST',
+                        path: req.url ?? '/v1/messages',
+                        headers,
+                        body,
+                    };
+                }
+                catch {
+                    // Captured body was not JSON — leave captured null, respond anyway.
+                }
+                // Send a minimal valid SSE stream so CC doesn't hang retrying.
+                res.writeHead(200, {
+                    'content-type': 'text/event-stream',
+                    'cache-control': 'no-cache',
+                    connection: 'keep-alive',
+                    'anthropic-ratelimit-unified-representative-claim': 'five_hour',
+                    'anthropic-ratelimit-unified-status': 'allowed',
+                    'anthropic-ratelimit-unified-5h-utilization': '0',
+                    'anthropic-ratelimit-unified-7d-utilization': '0',
+                    'anthropic-ratelimit-unified-reset': String(Math.floor(Date.now() / 1000) + 18000),
+                });
+                const sse = [
+                    `event: message_start\ndata: ${JSON.stringify({
+                        type: 'message_start',
+                        message: {
+                            id: 'msg_live_capture',
+                            type: 'message',
+                            role: 'assistant',
+                            model: 'claude-opus-4-5',
+                            content: [],
+                            stop_reason: null,
+                            stop_sequence: null,
+                            usage: { input_tokens: 1, output_tokens: 1 },
+                        },
+                    })}\n\n`,
+                    `event: content_block_start\ndata: ${JSON.stringify({
+                        type: 'content_block_start',
+                        index: 0,
+                        content_block: { type: 'text', text: '' },
+                    })}\n\n`,
+                    `event: content_block_delta\ndata: ${JSON.stringify({
+                        type: 'content_block_delta',
+                        index: 0,
+                        delta: { type: 'text_delta', text: 'ok' },
+                    })}\n\n`,
+                    `event: content_block_stop\ndata: ${JSON.stringify({ type: 'content_block_stop', index: 0 })}\n\n`,
+                    `event: message_delta\ndata: ${JSON.stringify({
+                        type: 'message_delta',
+                        delta: { stop_reason: 'end_turn', stop_sequence: null },
+                        usage: { output_tokens: 1 },
+                    })}\n\n`,
+                    `event: message_stop\ndata: ${JSON.stringify({ type: 'message_stop' })}\n\n`,
+                ].join('');
+                res.end(sse);
+                // Give CC a beat to read the response before we kill it.
+                setTimeout(() => settle(captured), 500);
+            });
+        });
+        server.on('error', () => settle(null));
+        server.listen(0, '127.0.0.1', () => {
+            const address = server.address();
+            if (!address || typeof address === 'string') {
+                settle(null);
+                return;
+            }
+            const url = `http://127.0.0.1:${address.port}`;
+            // Spawn CC with ANTHROPIC_BASE_URL pointed at our MITM.
+            const claudeBin = findClaudeBinary();
+            if (!claudeBin) {
+                settle(null);
+                return;
+            }
+            try {
+                child = spawn(claudeBin, ['--print', '-p', 'hi'], {
+                    env: {
+                        ...process.env,
+                        ANTHROPIC_BASE_URL: url,
+                        ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY ?? 'sk-dario-fingerprint-capture',
+                        // Prevent CC from launching its own interactive UI or OAuth flow.
+                        CLAUDE_NONINTERACTIVE: '1',
+                    },
+                    stdio: ['ignore', 'ignore', 'ignore'],
+                    windowsHide: true,
+                });
+                child.on('error', () => settle(null));
+                child.on('exit', () => {
+                    // Give the server a brief moment to finish reading the body in case
+                    // exit and request-end race.
+                    setTimeout(() => settle(captured), 200);
+                });
+            }
+            catch {
+                settle(null);
+                return;
+            }
+        });
+        let child;
+        // Hard timeout.
+        setTimeout(() => settle(captured), timeoutMs);
+    });
+}
+function findClaudeBinary() {
+    // Honor an explicit override first — useful for tests and for users on
+    // non-standard installs.
+    if (process.env.DARIO_CLAUDE_BIN)
+        return process.env.DARIO_CLAUDE_BIN;
+    // Try the obvious name. On Windows spawn resolves `.cmd` shims
+    // automatically when shell:true, but we don't want shell:true for
+    // safety. The `where` / `which` probe handles Windows via PATHEXT.
+    const candidates = process.platform === 'win32'
+        ? ['claude.cmd', 'claude.exe', 'claude']
+        : ['claude'];
+    for (const name of candidates) {
+        if (existsOnPath(name))
+            return name;
+    }
+    return null;
+}
+function existsOnPath(name) {
+    const pathEnv = process.env.PATH ?? '';
+    const sep = process.platform === 'win32' ? ';' : ':';
+    const dirs = pathEnv.split(sep).filter(Boolean);
+    for (const d of dirs) {
+        try {
+            if (existsSync(join(d, name)))
+                return true;
+        }
+        catch { /* noop */ }
+    }
+    return false;
+}
+/**
+ * Given a captured /v1/messages request body, pull out the fields that
+ * matter for template replay: agent identity, system prompt, tool list,
+ * and CC version (from the billing header or user-agent).
+ */
+export function extractTemplate(captured) {
+    const body = captured.body;
+    const systemBlocks = body.system;
+    if (!Array.isArray(systemBlocks) || systemBlocks.length < 2)
+        return null;
+    // CC's system is a 3-block structure:
+    //   [0] billing tag (no cache_control, tiny)
+    //   [1] agent identity ("You are Claude Code..."), cache_control 1h
+    //   [2] system prompt (~25KB), cache_control 1h
+    // Billing tag is per-request — we never cache it. Identity + prompt are
+    // what we want.
+    const agentIdentity = pickTextBlock(systemBlocks[1]);
+    const systemPrompt = pickTextBlock(systemBlocks[2]);
+    if (!agentIdentity || !systemPrompt)
+        return null;
+    const tools = Array.isArray(body.tools)
+        ? body.tools
+            .filter((t) => typeof t.name === 'string')
+            .map((t) => ({
+            name: t.name,
+            description: t.description ?? '',
+            input_schema: t.input_schema ?? {},
+        }))
+        : [];
+    if (tools.length === 0)
+        return null;
+    const version = extractCCVersion(captured.headers) ?? 'unknown';
+    return {
+        _version: version,
+        _captured: new Date().toISOString(),
+        _source: 'live',
+        agent_identity: agentIdentity,
+        system_prompt: systemPrompt,
+        tools,
+        tool_names: tools.map((t) => t.name),
+    };
+}
+function pickTextBlock(block) {
+    if (!block || typeof block !== 'object')
+        return null;
+    const b = block;
+    if (b.type === 'text' && typeof b.text === 'string')
+        return b.text;
+    return null;
+}
+function extractCCVersion(headers) {
+    // Preferred: x-anthropic-billing-header carries cc_version=X.Y.Z
+    const billing = headers['x-anthropic-billing-header'];
+    if (billing) {
+        const m = /cc_version=([\w.\-]+)/.exec(billing);
+        if (m)
+            return m[1];
+    }
+    // Fallback: user-agent often carries claude-cli/X.Y.Z
+    const ua = headers['user-agent'];
+    if (ua) {
+        const m = /claude-cli\/([\w.\-]+)/.exec(ua);
+        if (m)
+            return m[1];
+    }
+    return null;
+}
+/**
+ * Test hook: given a captured request object (from a mocked server or a
+ * synthetic fixture), run it through the same extraction path. Exposed so
+ * test/live-fingerprint.mjs doesn't need to spawn a real process.
+ */
+export function _extractTemplateForTest(captured) {
+    return extractTemplate(captured);
+}

package/dist/proxy.js

@@ -8,7 +8,7 @@ import { arch, platform } from 'node:process';
 import { getAccessToken, getStatus } from './oauth.js';
 import { buildCCRequest, reverseMapResponse, createStreamingReverseMapper } from './cc-template.js';
 import { AccountPool, parseRateLimits } from './pool.js';
-import { Analytics } from './analytics.js';
+import { Analytics, billingBucketFromClaim } from './analytics.js';
 import { loadAllAccounts, loadAccount, refreshAccountToken } from './accounts.js';
 import { getOpenAIBackend, isOpenAIModel, forwardToOpenAI } from './openai-backend.js';
 const ANTHROPIC_API = 'https://api.anthropic.com';
@@ -1039,7 +1039,13 @@ export async function startProxy(opts = {}) {
                     else {
                         overagePct = 'n/a';
                     }
-                    console.log(`[dario] #${requestCount} billing: ${billingClaim} (overage: ${overagePct})`);
+                    // Show the derived billing bucket as the headline, with the raw
+                    // claim value in parens so power users still see the header as-is.
+                    // See #34 — users want "am I actually on subscription?" answered
+                    // at a glance instead of having to memorize that `five_hour` means
+                    // "yes, subscription."
+                    const bucket = billingBucketFromClaim(billingClaim);
+                    console.log(`[dario] #${requestCount} billing: ${bucket} (${billingClaim}, overage: ${overagePct})`);
                 }
                 else if (verbose) {
                     console.log(`[dario] #${requestCount} billing: headers absent (status=${upstream.status})`);
@@ -1243,6 +1249,11 @@ export async function startProxy(opts = {}) {
         }
         process.exit(1);
     });
+    // Kick off a live fingerprint refresh in the background. Re-captures the
+    // user's own CC binary request shape and updates ~/.dario/cc-template.live.json
+    // for the next startup. No-op if CC isn't installed or the cache is fresh.
+    // Never blocks proxy startup; never throws.
+    void import('./live-fingerprint.js').then(({ refreshLiveFingerprintAsync }) => refreshLiveFingerprintAsync({ silent: false }).catch(() => { }));
     server.listen(port, host, () => {
         const modeLine = passthrough
             ? 'Mode: passthrough (OAuth swap only, no injection)'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.10.3",
+  "version": "3.11.1",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/failover-429.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/live-fingerprint.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",