@askalf/dario 3.19.2 → 3.19.3

package/README.md

@@ -316,12 +316,13 @@ The OpenAI-compat backend forwards tool definitions byte-for-byte and doesn't ne
 | Flag / env | Description | Default |
 |---|---|---|
 | `--passthrough` / `--thin` | Thin proxy for the Claude backend — OAuth swap only, no template injection | off |
-| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC's. Required for clients whose tools have fields CC doesn't — see [Custom tool schemas](#custom-tool-schemas). | off |
-| `--hybrid-tools` / `--context-inject` | Remap to CC tools **and** inject request-context values (`sessionId`, `requestId`, `channelId`, `userId`, `timestamp`) into client-declared fields CC's schema doesn't carry. See [Hybrid tool mode](#hybrid-tool-mode). | off |
+| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC's. Required for clients whose tools have fields CC doesn't — see [Custom tool schemas](#custom-tool-schemas). Auto-enabled for Cline / Kilo Code / Roo Code and forks (dario#40 — detected via system-prompt fingerprint). | off (auto for text-tool clients) |
+| `--hybrid-tools` / `--context-inject` | Remap to CC tools **and** inject request-context values (`sessionId`, `requestId`, `channelId`, `userId`, `timestamp`) into client-declared fields CC's schema doesn't carry. See [Hybrid tool mode](#hybrid-tool-mode). Overrides the text-tool auto-detect. | off |
 | `--model=<name>` | Force a model. Shortcuts (`opus`, `sonnet`, `haiku`), full IDs (`claude-opus-4-7`), or a **provider prefix** (`openai:gpt-4o`, `groq:llama-3.3-70b`, `claude:opus`, `local:qwen-coder`) to force the backend server-wide. See [Provider prefix](#provider-prefix). | passthrough |
 | `--port=<n>` | Port to listen on | `3456` |
 | `--host=<addr>` / `DARIO_HOST` | Bind address. Use `0.0.0.0` for LAN, or a specific IP (e.g. a Tailscale interface). When non-loopback, also set `DARIO_API_KEY`. | `127.0.0.1` |
-| `--verbose` / `-v` | Log every request | off |
+| `--verbose` / `-v` | Log every request (one line per request — method + path + billing bucket) | off |
+| `--verbose=2` / `-vv` / `DARIO_LOG_BODIES=1` | Also dump the outbound request body (redacted: bearer tokens, `sk-ant-*` keys, JWTs stripped; capped at 8KB). For wire-level client-compat debugging (dario#40). | off |
 | `DARIO_API_KEY` | If set, all endpoints (except `/health`) require a matching `x-api-key` or `Authorization: Bearer` header. Required when `--host` binds non-loopback. | unset (open) |
 | `DARIO_CORS_ORIGIN` | Override browser CORS origin | `http://localhost:${port}` |
 | `DARIO_NO_BUN` | Disable automatic Bun relaunch | unset |

package/dist/cc-template.d.ts

@@ -49,6 +49,43 @@ export declare const CC_AGENT_IDENTITY: string;
  */
 export declare function orderHeadersForOutbound(headers: Record<string, string>, overrideHeaderOrder?: string[] | undefined): Record<string, string> | Array<[string, string]>;
 export declare function scrubFrameworkIdentifiers(text: string): string;
+/**
+ * Detect text-tool-protocol clients (Cline, Kilo Code, Roo Code and
+ * their forks) by fingerprinting the incoming system prompt.
+ *
+ * These clients ship their own XML-style tool invocation protocol in
+ * the system prompt (`<execute_command>`, `<replace_in_file>`,
+ * `<attempt_completion>`, …) and parse the model's output with a
+ * regex tuned to that exact shape. When dario's default mode
+ * substitutes CC's canonical tools into the `tools` array, the model
+ * correctly emits Anthropic's generic `<function_calls><invoke>`
+ * wrapper — which is well-formed for a CC-tool request but
+ * unparseable for a text-protocol client, so every edit surfaces as
+ * an error in the client UI even though the model produced a valid
+ * response (dario#40, reported by @ringge).
+ *
+ * The fix is preserve-tools behavior: skip the CC tool swap so the
+ * model sees the client's own schema and emits its native XML shape.
+ * Auto-detection saves users from having to discover the
+ * `--preserve-tools` flag exists; the flag is still honored as an
+ * explicit override and `--hybrid-tools` outranks detection.
+ *
+ * Detection must run BEFORE `scrubFrameworkIdentifiers` so brand
+ * names like "Cline" / "Roo" are still present. Tool-protocol
+ * markers are scrub-proof on their own.
+ *
+ * Returns the matched family (`cline` / `kilo` / `roo` / `cline-like`)
+ * or null when no text-tool protocol signature is present.
+ */
+export declare function detectTextToolClient(systemText: string): string | null;
+/**
+ * Flatten an Anthropic-shaped `system` field (string or array of text
+ * blocks) to a single joined string. Skips the billing-tag block so
+ * captured billing metadata isn't conflated with the operator's own
+ * prompt. Used both by the main request-build path (post-scrub) and
+ * by the early text-tool-client detector (pre-scrub).
+ */
+export declare function extractSystemText(clientBody: Record<string, unknown>): string;
 /**
  * Client tool name → CC tool mapping with parameter translation.
  *
@@ -117,6 +154,7 @@ export declare function buildCCRequest(clientBody: Record<string, unknown>, bill
     body: Record<string, unknown>;
     toolMap: Map<string, ToolMapping>;
     unmappedTools: string[];
+    detectedClient?: string;
 };
 /**
  * Reverse-map CC tool calls in a non-streaming response back to the

package/dist/cc-template.js

@@ -116,6 +116,73 @@ export function scrubFrameworkIdentifiers(text) {
     }
     return result;
 }
+/**
+ * Detect text-tool-protocol clients (Cline, Kilo Code, Roo Code and
+ * their forks) by fingerprinting the incoming system prompt.
+ *
+ * These clients ship their own XML-style tool invocation protocol in
+ * the system prompt (`<execute_command>`, `<replace_in_file>`,
+ * `<attempt_completion>`, …) and parse the model's output with a
+ * regex tuned to that exact shape. When dario's default mode
+ * substitutes CC's canonical tools into the `tools` array, the model
+ * correctly emits Anthropic's generic `<function_calls><invoke>`
+ * wrapper — which is well-formed for a CC-tool request but
+ * unparseable for a text-protocol client, so every edit surfaces as
+ * an error in the client UI even though the model produced a valid
+ * response (dario#40, reported by @ringge).
+ *
+ * The fix is preserve-tools behavior: skip the CC tool swap so the
+ * model sees the client's own schema and emits its native XML shape.
+ * Auto-detection saves users from having to discover the
+ * `--preserve-tools` flag exists; the flag is still honored as an
+ * explicit override and `--hybrid-tools` outranks detection.
+ *
+ * Detection must run BEFORE `scrubFrameworkIdentifiers` so brand
+ * names like "Cline" / "Roo" are still present. Tool-protocol
+ * markers are scrub-proof on their own.
+ *
+ * Returns the matched family (`cline` / `kilo` / `roo` / `cline-like`)
+ * or null when no text-tool protocol signature is present.
+ */
+export function detectTextToolClient(systemText) {
+    if (!systemText)
+        return null;
+    if (/\bYou are Cline\b/.test(systemText))
+        return 'cline';
+    if (/\bYou are Kilo Code\b/.test(systemText))
+        return 'kilo';
+    if (/\bYou are Roo\b/.test(systemText))
+        return 'roo';
+    // Protocol-signature fallback — unique to the Cline family and its
+    // forks; survives a forked system prompt that edited the identity
+    // string out but kept the tool protocol intact.
+    if (/<attempt_completion>/.test(systemText))
+        return 'cline-like';
+    if (/<ask_followup_question>/.test(systemText))
+        return 'cline-like';
+    if (/<<<<<<< SEARCH\b/.test(systemText))
+        return 'cline-like';
+    return null;
+}
+/**
+ * Flatten an Anthropic-shaped `system` field (string or array of text
+ * blocks) to a single joined string. Skips the billing-tag block so
+ * captured billing metadata isn't conflated with the operator's own
+ * prompt. Used both by the main request-build path (post-scrub) and
+ * by the early text-tool-client detector (pre-scrub).
+ */
+export function extractSystemText(clientBody) {
+    const sys = clientBody.system;
+    if (typeof sys === 'string')
+        return sys;
+    if (Array.isArray(sys)) {
+        return sys
+            .filter(b => b.text && !b.text.includes('x-anthropic-billing-header:'))
+            .map(b => b.text)
+            .join('\n\n');
+    }
+    return '';
+}
 /**
  * Map from client-declared field name (lowercase) to the RequestContext
  * key that supplies its value. A field declared on the client's tool
@@ -580,6 +647,16 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     const messages = clientBody.messages || [];
     const clientTools = clientBody.tools;
     const stream = clientBody.stream ?? false;
+    // ── Detect text-tool-protocol clients up-front ──
+    // Cline / Kilo Code / Roo Code (and forks) ship an XML tool-invocation
+    // protocol in the system prompt. Peek at it before scrubbing so the
+    // brand name is still present, decide whether to auto-switch into
+    // preserve-tools behavior below. Explicit --hybrid-tools outranks the
+    // heuristic (operator opt-in wins). dario#40.
+    const rawSystemForDetection = extractSystemText(clientBody);
+    const detectedClient = detectTextToolClient(rawSystemForDetection) ?? undefined;
+    const autoPreserve = Boolean(detectedClient) && !opts.hybridTools;
+    const effectivePreserveTools = Boolean(opts.preserveTools) || autoPreserve;
     // ── Strip thinking from history ──
     for (const msg of messages) {
         if (msg.role === 'assistant' && Array.isArray(msg.content)) {
@@ -622,7 +699,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     // the fingerprint risk on their own account.
     const activeToolMap = new Map();
     const unmappedTools = [];
-    if (clientTools && !opts.preserveTools) {
+    if (clientTools && !effectivePreserveTools) {
         // Two passes so the unmapped-tool distributor can avoid colliding with
         // CC tools the client already uses directly. Without this, a client
         // sending both `WebSearch` and some unmapped tool like `memory_get`
@@ -705,7 +782,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     }
     // ── Remap tool_use and tool_result references in message history ──
     // Skip in preserveTools mode — leave conversation history untouched.
-    if (!opts.preserveTools) {
+    if (!effectivePreserveTools) {
         for (const msg of messages) {
             if (Array.isArray(msg.content)) {
                 for (const block of msg.content) {
@@ -754,18 +831,11 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
         }
     }
     // ── Merge system prompt ──
-    let systemText = '';
-    const sys = clientBody.system;
-    if (typeof sys === 'string') {
-        systemText = sys;
-    }
-    else if (Array.isArray(sys)) {
-        systemText = sys
-            .filter(b => b.text && !b.text.includes('x-anthropic-billing-header:'))
-            .map(b => b.text)
-            .join('\n\n');
-    }
-    systemText = scrubFrameworkIdentifiers(systemText);
+    // rawSystemForDetection holds the same text already used by the
+    // up-front detector above — reuse it here so we don't reparse the
+    // system array a second time per request. Scrub applies at this
+    // point so framework identifiers don't leak upstream.
+    let systemText = scrubFrameworkIdentifiers(rawSystemForDetection);
     // Also scrub framework identifiers from message content text blocks.
     // Clients often inject their product name into user/tool messages as well,
     // and the system-prompt-only scrub used to miss those.
@@ -815,7 +885,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     // preserveTools mode: pass client tools through unchanged (better for real
     // agents with custom schemas, but loses the CC tool fingerprint).
     if (clientTools && clientTools.length > 0) {
-        ccRequest.tools = opts.preserveTools ? clientTools : CC_TOOL_DEFINITIONS;
+        ccRequest.tools = effectivePreserveTools ? clientTools : CC_TOOL_DEFINITIONS;
     }
     // Metadata
     ccRequest.metadata = {
@@ -833,7 +903,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
         ccRequest.output_config = { effort: 'medium' };
     }
     ccRequest.stream = stream;
-    return { body: ccRequest, toolMap: activeToolMap, unmappedTools };
+    return { body: ccRequest, toolMap: activeToolMap, unmappedTools, detectedClient };
 }
 /**
  * Build the CC-name → {clientName, mapping} reverse lookup used by both

package/dist/cli.js

@@ -137,7 +137,14 @@ async function proxy() {
         console.error('[dario] Invalid --host. Must be an IP address or hostname.');
         process.exit(1);
     }
-    const verbose = args.includes('--verbose') || args.includes('-v');
+    // --verbose=2 / -vv / DARIO_LOG_BODIES=1 → emit redacted request bodies
+    // on every POST. -v alone is unchanged (one-line per-request summary).
+    // dario#40 (ringge asked for a body-dump mode when debugging client
+    // compatibility without having to attach a MITM).
+    const verboseBodies = args.includes('-vv')
+        || args.includes('--verbose=2')
+        || process.env.DARIO_LOG_BODIES === '1';
+    const verbose = verboseBodies || args.includes('--verbose') || args.includes('-v');
     const passthrough = args.includes('--passthrough') || args.includes('--thin');
     const preserveTools = args.includes('--preserve-tools') || args.includes('--keep-tools');
     const hybridTools = args.includes('--hybrid-tools') || args.includes('--context-inject');
@@ -147,7 +154,7 @@ async function proxy() {
     }
     const modelArg = args.find(a => a.startsWith('--model='));
     const model = modelArg ? modelArg.split('=')[1] : undefined;
-    await startProxy({ port, host, verbose, model, passthrough, preserveTools, hybridTools });
+    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools });
 }
 async function accounts() {
     const sub = args[1];
@@ -387,6 +394,8 @@ async function help() {
     --host=ADDRESS           Address to bind to (default: 127.0.0.1)
                              Use 0.0.0.0 for LAN; see README for DARIO_API_KEY
     --verbose, -v            Log all requests
+    --verbose=2, -vv         Also dump redacted request bodies
+                             (env: DARIO_LOG_BODIES=1)
 
   Quick start:
     dario login              # auto-detects Claude Code credentials

package/dist/proxy.d.ts

@@ -6,6 +6,7 @@ interface ProxyOptions {
     port?: number;
     host?: string;
     verbose?: boolean;
+    verboseBodies?: boolean;
     model?: string;
     passthrough?: boolean;
     preserveTools?: boolean;

package/dist/proxy.js

@@ -363,6 +363,17 @@ export async function startProxy(opts = {}) {
     const host = opts.host ?? process.env.DARIO_HOST ?? DEFAULT_HOST;
     const verbose = opts.verbose ?? false;
     const passthrough = opts.passthrough ?? false;
+    // Text-tool-protocol client families that have already logged a
+    // "detected → auto-enabling preserve-tools" banner this session.
+    // Set once on first sighting per family so the startup log stays
+    // short even under heavy traffic. dario#40.
+    const detectedClientsLogged = new Set();
+    // Body-dump mode: set via --verbose=2 / -vv or DARIO_LOG_BODIES=1.
+    // When on, every request emits a redacted JSON body to stderr so
+    // operators can see exactly what dario forwards upstream. Default
+    // -v stays quiet because bodies can carry file content and tool
+    // output. Reported in dario#40 by @ringge.
+    const verboseBodies = Boolean(opts.verboseBodies) || process.env.DARIO_LOG_BODIES === '1';
     // Multi-provider backends (v3.6.0+). Loaded once at startup; the CLI
     // `dario backend add openai --key=…` writes to ~/.dario/backends/.
     // Routing: a GPT-family model arriving on /v1/chat/completions is
@@ -968,10 +979,22 @@ export async function startProxy(opts = {}) {
                         const bodyIdentity = poolAccount
                             ? poolAccount.identity
                             : { deviceId: identity.deviceId, accountUuid: identity.accountUuid, sessionId: SESSION_ID };
-                        const { body: ccBody, toolMap } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, {
+                        const { body: ccBody, toolMap, detectedClient } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, {
                             preserveTools: opts.preserveTools ?? false,
                             hybridTools: opts.hybridTools ?? false,
                         });
+                        // Log the auto-preserve-tools switch once per text-tool
+                        // client family. Skip when the operator already opted into
+                        // --preserve-tools or --hybrid-tools — they know what they
+                        // picked and don't need a "hey, we heuristically agree"
+                        // line on every new client seen. dario#40.
+                        if (detectedClient
+                            && !opts.preserveTools
+                            && !opts.hybridTools
+                            && !detectedClientsLogged.has(detectedClient)) {
+                            detectedClientsLogged.add(detectedClient);
+                            console.log(`[dario] detected ${detectedClient}-style text-tool protocol — auto-enabling preserve-tools for this client (pass --hybrid-tools to override, --preserve-tools to silence)`);
+                        }
                         // Store tool map for response reverse-mapping
                         ccToolMap = toolMap;
                         // Replace request body entirely with CC template
@@ -987,6 +1010,20 @@ export async function startProxy(opts = {}) {
                 const modelInfo = modelOverride ? ` (model: ${modelOverride})` : '';
                 console.log(`[dario] #${requestCount} ${req.method} ${urlPath}${modelInfo}`);
             }
+            // Body dump — -vv / DARIO_LOG_BODIES=1. Runs on the outbound
+            // body after the template build so operators see what actually
+            // lands on the wire. sanitizeError's redaction strips bearer
+            // tokens, sk-ant-* keys, and JWT triples in case any leaked
+            // into the body (e.g. user pasted a curl). 8KB cap because the
+            // CC system prompt alone is 25KB and dumping it every request
+            // buries the useful content. dario#40.
+            if (verboseBodies && finalBody) {
+                const rendered = finalBody.toString('utf8');
+                const capped = rendered.length > 8192
+                    ? rendered.slice(0, 8192) + `\n[...truncated ${rendered.length - 8192} bytes]`
+                    : rendered;
+                console.log(`[dario] #${requestCount} request body:\n${sanitizeError(capped)}`);
+            }
             // Beta headers
             const clientBeta = req.headers['anthropic-beta'];
             let beta;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.19.2",
+  "version": "3.19.3",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/ && node -e \"require('fs').mkdirSync('dist/shim',{recursive:true})\" && cp src/shim/runtime.cjs dist/shim/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",