@askalf/dario 3.19.1 → 3.19.3

package/README.md

@@ -11,6 +11,10 @@
   <a href="https://www.npmjs.com/package/@askalf/dario"><img src="https://img.shields.io/npm/dm/@askalf/dario" alt="Downloads"></a>
 </p>
 
+<p align="center">
+  <sub><strong>v4 is not a version bump.</strong> The router was the prerequisite. What comes next uses it as a substrate. — <a href="https://github.com/askalf/dario/discussions/categories/announcements">watch this space</a></sub>
+</p>
+
 ```bash
 npm install -g @askalf/dario && dario proxy
 ```
@@ -312,12 +316,13 @@ The OpenAI-compat backend forwards tool definitions byte-for-byte and doesn't ne
 | Flag / env | Description | Default |
 |---|---|---|
 | `--passthrough` / `--thin` | Thin proxy for the Claude backend — OAuth swap only, no template injection | off |
-| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC's. Required for clients whose tools have fields CC doesn't — see [Custom tool schemas](#custom-tool-schemas). | off |
-| `--hybrid-tools` / `--context-inject` | Remap to CC tools **and** inject request-context values (`sessionId`, `requestId`, `channelId`, `userId`, `timestamp`) into client-declared fields CC's schema doesn't carry. See [Hybrid tool mode](#hybrid-tool-mode). | off |
+| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC's. Required for clients whose tools have fields CC doesn't — see [Custom tool schemas](#custom-tool-schemas). Auto-enabled for Cline / Kilo Code / Roo Code and forks (dario#40 — detected via system-prompt fingerprint). | off (auto for text-tool clients) |
+| `--hybrid-tools` / `--context-inject` | Remap to CC tools **and** inject request-context values (`sessionId`, `requestId`, `channelId`, `userId`, `timestamp`) into client-declared fields CC's schema doesn't carry. See [Hybrid tool mode](#hybrid-tool-mode). Overrides the text-tool auto-detect. | off |
 | `--model=<name>` | Force a model. Shortcuts (`opus`, `sonnet`, `haiku`), full IDs (`claude-opus-4-7`), or a **provider prefix** (`openai:gpt-4o`, `groq:llama-3.3-70b`, `claude:opus`, `local:qwen-coder`) to force the backend server-wide. See [Provider prefix](#provider-prefix). | passthrough |
 | `--port=<n>` | Port to listen on | `3456` |
 | `--host=<addr>` / `DARIO_HOST` | Bind address. Use `0.0.0.0` for LAN, or a specific IP (e.g. a Tailscale interface). When non-loopback, also set `DARIO_API_KEY`. | `127.0.0.1` |
-| `--verbose` / `-v` | Log every request | off |
+| `--verbose` / `-v` | Log every request (one line per request — method + path + billing bucket) | off |
+| `--verbose=2` / `-vv` / `DARIO_LOG_BODIES=1` | Also dump the outbound request body (redacted: bearer tokens, `sk-ant-*` keys, JWTs stripped; capped at 8KB). For wire-level client-compat debugging (dario#40). | off |
 | `DARIO_API_KEY` | If set, all endpoints (except `/health`) require a matching `x-api-key` or `Authorization: Bearer` header. Required when `--host` binds non-loopback. | unset (open) |
 | `DARIO_CORS_ORIGIN` | Override browser CORS origin | `http://localhost:${port}` |
 | `DARIO_NO_BUN` | Disable automatic Bun relaunch | unset |

package/dist/cc-template.d.ts

@@ -49,6 +49,43 @@ export declare const CC_AGENT_IDENTITY: string;
  */
 export declare function orderHeadersForOutbound(headers: Record<string, string>, overrideHeaderOrder?: string[] | undefined): Record<string, string> | Array<[string, string]>;
 export declare function scrubFrameworkIdentifiers(text: string): string;
+/**
+ * Detect text-tool-protocol clients (Cline, Kilo Code, Roo Code and
+ * their forks) by fingerprinting the incoming system prompt.
+ *
+ * These clients ship their own XML-style tool invocation protocol in
+ * the system prompt (`<execute_command>`, `<replace_in_file>`,
+ * `<attempt_completion>`, …) and parse the model's output with a
+ * regex tuned to that exact shape. When dario's default mode
+ * substitutes CC's canonical tools into the `tools` array, the model
+ * correctly emits Anthropic's generic `<function_calls><invoke>`
+ * wrapper — which is well-formed for a CC-tool request but
+ * unparseable for a text-protocol client, so every edit surfaces as
+ * an error in the client UI even though the model produced a valid
+ * response (dario#40, reported by @ringge).
+ *
+ * The fix is preserve-tools behavior: skip the CC tool swap so the
+ * model sees the client's own schema and emits its native XML shape.
+ * Auto-detection saves users from having to discover the
+ * `--preserve-tools` flag exists; the flag is still honored as an
+ * explicit override and `--hybrid-tools` outranks detection.
+ *
+ * Detection must run BEFORE `scrubFrameworkIdentifiers` so brand
+ * names like "Cline" / "Roo" are still present. Tool-protocol
+ * markers are scrub-proof on their own.
+ *
+ * Returns the matched family (`cline` / `kilo` / `roo` / `cline-like`)
+ * or null when no text-tool protocol signature is present.
+ */
+export declare function detectTextToolClient(systemText: string): string | null;
+/**
+ * Flatten an Anthropic-shaped `system` field (string or array of text
+ * blocks) to a single joined string. Skips the billing-tag block so
+ * captured billing metadata isn't conflated with the operator's own
+ * prompt. Used both by the main request-build path (post-scrub) and
+ * by the early text-tool-client detector (pre-scrub).
+ */
+export declare function extractSystemText(clientBody: Record<string, unknown>): string;
 /**
  * Client tool name → CC tool mapping with parameter translation.
  *
@@ -117,6 +154,7 @@ export declare function buildCCRequest(clientBody: Record<string, unknown>, bill
     body: Record<string, unknown>;
     toolMap: Map<string, ToolMapping>;
     unmappedTools: string[];
+    detectedClient?: string;
 };
 /**
  * Reverse-map CC tool calls in a non-streaming response back to the

package/dist/cc-template.js

@@ -116,6 +116,73 @@ export function scrubFrameworkIdentifiers(text) {
     }
     return result;
 }
+/**
+ * Detect text-tool-protocol clients (Cline, Kilo Code, Roo Code and
+ * their forks) by fingerprinting the incoming system prompt.
+ *
+ * These clients ship their own XML-style tool invocation protocol in
+ * the system prompt (`<execute_command>`, `<replace_in_file>`,
+ * `<attempt_completion>`, …) and parse the model's output with a
+ * regex tuned to that exact shape. When dario's default mode
+ * substitutes CC's canonical tools into the `tools` array, the model
+ * correctly emits Anthropic's generic `<function_calls><invoke>`
+ * wrapper — which is well-formed for a CC-tool request but
+ * unparseable for a text-protocol client, so every edit surfaces as
+ * an error in the client UI even though the model produced a valid
+ * response (dario#40, reported by @ringge).
+ *
+ * The fix is preserve-tools behavior: skip the CC tool swap so the
+ * model sees the client's own schema and emits its native XML shape.
+ * Auto-detection saves users from having to discover the
+ * `--preserve-tools` flag exists; the flag is still honored as an
+ * explicit override and `--hybrid-tools` outranks detection.
+ *
+ * Detection must run BEFORE `scrubFrameworkIdentifiers` so brand
+ * names like "Cline" / "Roo" are still present. Tool-protocol
+ * markers are scrub-proof on their own.
+ *
+ * Returns the matched family (`cline` / `kilo` / `roo` / `cline-like`)
+ * or null when no text-tool protocol signature is present.
+ */
+export function detectTextToolClient(systemText) {
+    if (!systemText)
+        return null;
+    if (/\bYou are Cline\b/.test(systemText))
+        return 'cline';
+    if (/\bYou are Kilo Code\b/.test(systemText))
+        return 'kilo';
+    if (/\bYou are Roo\b/.test(systemText))
+        return 'roo';
+    // Protocol-signature fallback — unique to the Cline family and its
+    // forks; survives a forked system prompt that edited the identity
+    // string out but kept the tool protocol intact.
+    if (/<attempt_completion>/.test(systemText))
+        return 'cline-like';
+    if (/<ask_followup_question>/.test(systemText))
+        return 'cline-like';
+    if (/<<<<<<< SEARCH\b/.test(systemText))
+        return 'cline-like';
+    return null;
+}
+/**
+ * Flatten an Anthropic-shaped `system` field (string or array of text
+ * blocks) to a single joined string. Skips the billing-tag block so
+ * captured billing metadata isn't conflated with the operator's own
+ * prompt. Used both by the main request-build path (post-scrub) and
+ * by the early text-tool-client detector (pre-scrub).
+ */
+export function extractSystemText(clientBody) {
+    const sys = clientBody.system;
+    if (typeof sys === 'string')
+        return sys;
+    if (Array.isArray(sys)) {
+        return sys
+            .filter(b => b.text && !b.text.includes('x-anthropic-billing-header:'))
+            .map(b => b.text)
+            .join('\n\n');
+    }
+    return '';
+}
 /**
  * Map from client-declared field name (lowercase) to the RequestContext
  * key that supplies its value. A field declared on the client's tool
@@ -580,6 +647,16 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     const messages = clientBody.messages || [];
     const clientTools = clientBody.tools;
     const stream = clientBody.stream ?? false;
+    // ── Detect text-tool-protocol clients up-front ──
+    // Cline / Kilo Code / Roo Code (and forks) ship an XML tool-invocation
+    // protocol in the system prompt. Peek at it before scrubbing so the
+    // brand name is still present, decide whether to auto-switch into
+    // preserve-tools behavior below. Explicit --hybrid-tools outranks the
+    // heuristic (operator opt-in wins). dario#40.
+    const rawSystemForDetection = extractSystemText(clientBody);
+    const detectedClient = detectTextToolClient(rawSystemForDetection) ?? undefined;
+    const autoPreserve = Boolean(detectedClient) && !opts.hybridTools;
+    const effectivePreserveTools = Boolean(opts.preserveTools) || autoPreserve;
     // ── Strip thinking from history ──
     for (const msg of messages) {
         if (msg.role === 'assistant' && Array.isArray(msg.content)) {
@@ -622,7 +699,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     // the fingerprint risk on their own account.
     const activeToolMap = new Map();
     const unmappedTools = [];
-    if (clientTools && !opts.preserveTools) {
+    if (clientTools && !effectivePreserveTools) {
         // Two passes so the unmapped-tool distributor can avoid colliding with
         // CC tools the client already uses directly. Without this, a client
         // sending both `WebSearch` and some unmapped tool like `memory_get`
@@ -705,7 +782,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     }
     // ── Remap tool_use and tool_result references in message history ──
     // Skip in preserveTools mode — leave conversation history untouched.
-    if (!opts.preserveTools) {
+    if (!effectivePreserveTools) {
         for (const msg of messages) {
             if (Array.isArray(msg.content)) {
                 for (const block of msg.content) {
@@ -754,18 +831,11 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
         }
     }
     // ── Merge system prompt ──
-    let systemText = '';
-    const sys = clientBody.system;
-    if (typeof sys === 'string') {
-        systemText = sys;
-    }
-    else if (Array.isArray(sys)) {
-        systemText = sys
-            .filter(b => b.text && !b.text.includes('x-anthropic-billing-header:'))
-            .map(b => b.text)
-            .join('\n\n');
-    }
-    systemText = scrubFrameworkIdentifiers(systemText);
+    // rawSystemForDetection holds the same text already used by the
+    // up-front detector above — reuse it here so we don't reparse the
+    // system array a second time per request. Scrub applies at this
+    // point so framework identifiers don't leak upstream.
+    let systemText = scrubFrameworkIdentifiers(rawSystemForDetection);
     // Also scrub framework identifiers from message content text blocks.
     // Clients often inject their product name into user/tool messages as well,
     // and the system-prompt-only scrub used to miss those.
@@ -815,7 +885,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     // preserveTools mode: pass client tools through unchanged (better for real
     // agents with custom schemas, but loses the CC tool fingerprint).
     if (clientTools && clientTools.length > 0) {
-        ccRequest.tools = opts.preserveTools ? clientTools : CC_TOOL_DEFINITIONS;
+        ccRequest.tools = effectivePreserveTools ? clientTools : CC_TOOL_DEFINITIONS;
     }
     // Metadata
     ccRequest.metadata = {
@@ -833,7 +903,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
         ccRequest.output_config = { effort: 'medium' };
     }
     ccRequest.stream = stream;
-    return { body: ccRequest, toolMap: activeToolMap, unmappedTools };
+    return { body: ccRequest, toolMap: activeToolMap, unmappedTools, detectedClient };
 }
 /**
  * Build the CC-name → {clientName, mapping} reverse lookup used by both

package/dist/cli.js

@@ -137,7 +137,14 @@ async function proxy() {
         console.error('[dario] Invalid --host. Must be an IP address or hostname.');
         process.exit(1);
     }
-    const verbose = args.includes('--verbose') || args.includes('-v');
+    // --verbose=2 / -vv / DARIO_LOG_BODIES=1 → emit redacted request bodies
+    // on every POST. -v alone is unchanged (one-line per-request summary).
+    // dario#40 (ringge asked for a body-dump mode when debugging client
+    // compatibility without having to attach a MITM).
+    const verboseBodies = args.includes('-vv')
+        || args.includes('--verbose=2')
+        || process.env.DARIO_LOG_BODIES === '1';
+    const verbose = verboseBodies || args.includes('--verbose') || args.includes('-v');
     const passthrough = args.includes('--passthrough') || args.includes('--thin');
     const preserveTools = args.includes('--preserve-tools') || args.includes('--keep-tools');
     const hybridTools = args.includes('--hybrid-tools') || args.includes('--context-inject');
@@ -147,7 +154,7 @@ async function proxy() {
     }
     const modelArg = args.find(a => a.startsWith('--model='));
     const model = modelArg ? modelArg.split('=')[1] : undefined;
-    await startProxy({ port, host, verbose, model, passthrough, preserveTools, hybridTools });
+    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools });
 }
 async function accounts() {
     const sub = args[1];
@@ -387,6 +394,8 @@ async function help() {
     --host=ADDRESS           Address to bind to (default: 127.0.0.1)
                              Use 0.0.0.0 for LAN; see README for DARIO_API_KEY
     --verbose, -v            Log all requests
+    --verbose=2, -vv         Also dump redacted request bodies
+                             (env: DARIO_LOG_BODIES=1)
 
   Quick start:
     dario login              # auto-detects Claude Code credentials

package/dist/live-fingerprint.js

@@ -513,6 +513,14 @@ export function extractTemplate(captured) {
 const STATIC_HEADER_EXCLUDE = new Set([
     // Auth — never replay across identities
     'authorization',
+    // x-api-key is a CAPTURE ARTIFACT (dario#42). During capture we spawn CC
+    // with ANTHROPIC_API_KEY=sk-dario-fingerprint-capture pointing at a loopback
+    // MITM, so CC emits `x-api-key: sk-dario-fingerprint-capture`. Replaying
+    // that placeholder upstream alongside the real OAuth Bearer used to be a
+    // no-op because Anthropic ignored x-api-key when Authorization was present;
+    // as of 2026-04-17 some account tiers now 401 with "invalid x-api-key" when
+    // both are sent. Never capture it.
+    'x-api-key',
     // Body-framing — computed per request
     'content-type', 'content-length', 'transfer-encoding',
     // Host / connection — managed by the HTTP stack

package/dist/proxy.d.ts

@@ -6,6 +6,7 @@ interface ProxyOptions {
     port?: number;
     host?: string;
     verbose?: boolean;
+    verboseBodies?: boolean;
     model?: string;
     passthrough?: boolean;
     preserveTools?: boolean;

package/dist/proxy.js

@@ -363,6 +363,17 @@ export async function startProxy(opts = {}) {
     const host = opts.host ?? process.env.DARIO_HOST ?? DEFAULT_HOST;
     const verbose = opts.verbose ?? false;
     const passthrough = opts.passthrough ?? false;
+    // Text-tool-protocol client families that have already logged a
+    // "detected → auto-enabling preserve-tools" banner this session.
+    // Set once on first sighting per family so the startup log stays
+    // short even under heavy traffic. dario#40.
+    const detectedClientsLogged = new Set();
+    // Body-dump mode: set via --verbose=2 / -vv or DARIO_LOG_BODIES=1.
+    // When on, every request emits a redacted JSON body to stderr so
+    // operators can see exactly what dario forwards upstream. Default
+    // -v stays quiet because bodies can carry file content and tool
+    // output. Reported in dario#40 by @ringge.
+    const verboseBodies = Boolean(opts.verboseBodies) || process.env.DARIO_LOG_BODIES === '1';
     // Multi-provider backends (v3.6.0+). Loaded once at startup; the CLI
     // `dario backend add openai --key=…` writes to ~/.dario/backends/.
     // Routing: a GPT-family model arriving on /v1/chat/completions is
@@ -493,8 +504,17 @@ export async function startProxy(opts = {}) {
     // Excludes auth + body-framing + session-scoped keys by construction (see
     // extractStaticHeaderValues in live-fingerprint.ts). No-op when the loaded
     // template predates v2 or the bundled snapshot is in use.
+    //
+    // `x-api-key` is filtered defensively here too — pre-v3.19.2 captures still
+    // carry `x-api-key: sk-dario-fingerprint-capture` from the MITM spawn env.
+    // Replaying that placeholder alongside a real OAuth Bearer triggers a
+    // "invalid x-api-key" 401 on some account tiers as of 2026-04-17 (dario#42).
+    // The capture filter was updated in v3.19.2 to stop storing it, but the
+    // per-request skip below lets existing caches self-heal without a refresh.
     if (!passthrough && CC_TEMPLATE.header_values) {
         for (const [k, v] of Object.entries(CC_TEMPLATE.header_values)) {
+            if (k.toLowerCase() === 'x-api-key')
+                continue;
             staticHeaders[k] = v;
         }
     }
@@ -507,6 +527,14 @@ export async function startProxy(opts = {}) {
     // is the single-account slot. Reported by @boeingchoco in dario#36 — the
     // retry loop was firing on every POST with hybrid-tools + OC.
     const context1mUnavailable = new Set();
+    // Per-account cache of anthropic-beta flags the upstream has rejected as
+    // "Unexpected value(s)". The live-captured template lifts whatever CC emits
+    // verbatim — including flags gated to higher-tier accounts (e.g.
+    // `afk-mode-2026-01-31` is rejected on Max 5x as of 2026-04-17). On the
+    // first rejection we parse the flag out of the error message, strip it,
+    // retry once, and cache it so subsequent requests on the same account don't
+    // re-pay the 400 round-trip. Keyed by account alias (pool) or `__default__`.
+    const unavailableBetas = new Map();
     const ACCOUNT_KEY_SINGLE = '__default__';
     // Beta flag set — sourced from the live template when the capture recorded
     // one (schema v2+), else falls back to the v2.1.104 bundled default. Same
@@ -514,7 +542,18 @@ export async function startProxy(opts = {}) {
     // never diverge on the wire). Computed once per proxy because it's a
     // function of the loaded template, not of the request.
     const BETA_FALLBACK = 'claude-code-20250219,oauth-2025-04-20,context-1m-2025-08-07,interleaved-thinking-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05,advisor-tool-2026-03-01,effort-2025-11-24';
-    const betaBase = CC_TEMPLATE.anthropic_beta || BETA_FALLBACK;
+    let betaBase = CC_TEMPLATE.anthropic_beta || BETA_FALLBACK;
+    // `oauth-2025-04-20` is CC's OAuth-enablement beta flag. It is NOT present in
+    // the live-captured beta set because dario's fingerprint capture spawns CC
+    // with a placeholder `ANTHROPIC_API_KEY`, and CC only appends the oauth beta
+    // when it's actually using an OAuth bearer token. The proxy always uses
+    // OAuth upstream, so the flag is required — force it in if the captured
+    // template didn't carry it. As of 2026-04-17 some account tiers (Max 20x,
+    // Pro) return `authentication_error: invalid x-api-key` without this flag
+    // even when a valid Bearer is sent (dario#42).
+    if (!passthrough && !betaBase.split(',').includes('oauth-2025-04-20')) {
+        betaBase = betaBase ? `${betaBase},oauth-2025-04-20` : 'oauth-2025-04-20';
+    }
     const betaWithoutContext1m = betaBase.split(',').filter((t) => t !== 'context-1m-2025-08-07').join(',');
     // Rate governor — minimum 500ms between requests. Fast enough for agents,
     // slow enough to not look like a scripted flood of identical traffic.
@@ -940,10 +979,22 @@ export async function startProxy(opts = {}) {
                         const bodyIdentity = poolAccount
                             ? poolAccount.identity
                             : { deviceId: identity.deviceId, accountUuid: identity.accountUuid, sessionId: SESSION_ID };
-                        const { body: ccBody, toolMap } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, {
+                        const { body: ccBody, toolMap, detectedClient } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, {
                             preserveTools: opts.preserveTools ?? false,
                             hybridTools: opts.hybridTools ?? false,
                         });
+                        // Log the auto-preserve-tools switch once per text-tool
+                        // client family. Skip when the operator already opted into
+                        // --preserve-tools or --hybrid-tools — they know what they
+                        // picked and don't need a "hey, we heuristically agree"
+                        // line on every new client seen. dario#40.
+                        if (detectedClient
+                            && !opts.preserveTools
+                            && !opts.hybridTools
+                            && !detectedClientsLogged.has(detectedClient)) {
+                            detectedClientsLogged.add(detectedClient);
+                            console.log(`[dario] detected ${detectedClient}-style text-tool protocol — auto-enabling preserve-tools for this client (pass --hybrid-tools to override, --preserve-tools to silence)`);
+                        }
                         // Store tool map for response reverse-mapping
                         ccToolMap = toolMap;
                         // Replace request body entirely with CC template
@@ -959,6 +1010,20 @@ export async function startProxy(opts = {}) {
                 const modelInfo = modelOverride ? ` (model: ${modelOverride})` : '';
                 console.log(`[dario] #${requestCount} ${req.method} ${urlPath}${modelInfo}`);
             }
+            // Body dump — -vv / DARIO_LOG_BODIES=1. Runs on the outbound
+            // body after the template build so operators see what actually
+            // lands on the wire. sanitizeError's redaction strips bearer
+            // tokens, sk-ant-* keys, and JWT triples in case any leaked
+            // into the body (e.g. user pasted a curl). 8KB cap because the
+            // CC system prompt alone is 25KB and dumping it every request
+            // buries the useful content. dario#40.
+            if (verboseBodies && finalBody) {
+                const rendered = finalBody.toString('utf8');
+                const capped = rendered.length > 8192
+                    ? rendered.slice(0, 8192) + `\n[...truncated ${rendered.length - 8192} bytes]`
+                    : rendered;
+                console.log(`[dario] #${requestCount} request body:\n${sanitizeError(capped)}`);
+            }
             // Beta headers
             const clientBeta = req.headers['anthropic-beta'];
             let beta;
@@ -985,6 +1050,14 @@ export async function startProxy(opts = {}) {
                     if (filtered)
                         beta += ',' + filtered;
                 }
+                // Strip any beta flags the upstream has previously rejected on this
+                // account so we don't re-pay the 400 round-trip (dario#42 afk-mode
+                // fallout: captured templates carry tier-gated flags whose availability
+                // we only learn at request time).
+                const rejectedSet = unavailableBetas.get(acctKey);
+                if (rejectedSet && rejectedSet.size > 0) {
+                    beta = beta.split(',').filter((t) => t.length > 0 && !rejectedSet.has(t)).join(',');
+                }
             }
             // Rate governor — prevent inhuman request cadence
             const now = Date.now();
@@ -1086,7 +1159,56 @@ export async function startProxy(opts = {}) {
                     const isLongContextError = peekedBody.includes('long context')
                         || peekedBody.includes('Extra usage is required')
                         || peekedBody.includes('long_context');
-                    if (isLongContextError) {
+                    // Detect "Unexpected value(s) `flag-name` for the `anthropic-beta` header"
+                    // — the upstream's way of saying this account tier doesn't have the
+                    // flag. Parse out the offending tokens (there can be more than one),
+                    // cache them, strip, and retry.
+                    const betaRejectedFlags = [];
+                    if (upstream.status === 400 && peekedBody.includes('anthropic-beta')) {
+                        const re = /Unexpected value\(s\)\s+((?:`[^`]+`(?:\s*,\s*)?)+)\s+for the `anthropic-beta` header/;
+                        const m = peekedBody.match(re);
+                        if (m) {
+                            for (const tok of m[1].matchAll(/`([^`]+)`/g))
+                                betaRejectedFlags.push(tok[1]);
+                        }
+                    }
+                    if (betaRejectedFlags.length > 0) {
+                        const acctKey = poolAccount?.alias ?? ACCOUNT_KEY_SINGLE;
+                        let set = unavailableBetas.get(acctKey);
+                        if (!set) {
+                            set = new Set();
+                            unavailableBetas.set(acctKey, set);
+                        }
+                        const newFlags = [];
+                        for (const f of betaRejectedFlags) {
+                            if (!set.has(f)) {
+                                set.add(f);
+                                newFlags.push(f);
+                            }
+                        }
+                        if (verbose && newFlags.length > 0)
+                            console.log(`[dario] #${requestCount} anthropic-beta rejected (${newFlags.join(',')}) — retrying without (cached for session)`);
+                        const reducedBeta = beta.split(',').filter((t) => t.length > 0 && !set.has(t)).join(',');
+                        const retryHeaders = { ...headers, 'anthropic-beta': reducedBeta };
+                        const retry = await fetch(targetBase, {
+                            method: req.method ?? 'POST',
+                            headers: passthrough ? retryHeaders : orderHeadersForOutbound(retryHeaders),
+                            body: finalBody ? new Uint8Array(finalBody) : undefined,
+                            signal: upstreamAbort.signal,
+                        });
+                        upstream = retry;
+                        peekedBody = null;
+                        if (pool && poolAccount) {
+                            const retrySnapshot = parseRateLimits(upstream.headers);
+                            if (upstream.status === 429) {
+                                pool.markRejected(poolAccount.alias, retrySnapshot);
+                            }
+                            else {
+                                pool.updateRateLimits(poolAccount.alias, retrySnapshot);
+                            }
+                        }
+                    }
+                    else if (isLongContextError) {
                         // Cache the rejection so future requests on this account skip
                         // context-1m up front instead of re-paying the 400/429 round-trip.
                         const acctKey = poolAccount?.alias ?? ACCOUNT_KEY_SINGLE;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.19.1",
+  "version": "3.19.3",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/ && node -e \"require('fs').mkdirSync('dist/shim',{recursive:true})\" && cp src/shim/runtime.cjs dist/shim/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",