@askalf/dario 3.19.5 → 3.20.1

package/dist/cc-template.d.ts

@@ -150,6 +150,7 @@ export declare function buildCCRequest(clientBody: Record<string, unknown>, bill
 }, opts?: {
     preserveTools?: boolean;
     hybridTools?: boolean;
+    noAutoDetect?: boolean;
 }): {
     body: Record<string, unknown>;
     toolMap: Map<string, ToolMapping>;

package/dist/cc-template.js

@@ -653,8 +653,15 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     // brand name is still present, decide whether to auto-switch into
     // preserve-tools behavior below. Explicit --hybrid-tools outranks the
     // heuristic (operator opt-in wins). dario#40.
+    //
+    // `noAutoDetect` skips the detector entirely — operators who want the
+    // full CC fingerprint restored (tools array included) even when their
+    // client is Cline/Kilo/Roo can opt out. They keep explicit control via
+    // --preserve-tools per session. dario#40 (ringge's fingerprint concern).
     const rawSystemForDetection = extractSystemText(clientBody);
-    const detectedClient = detectTextToolClient(rawSystemForDetection) ?? undefined;
+    const detectedClient = opts.noAutoDetect
+        ? undefined
+        : (detectTextToolClient(rawSystemForDetection) ?? undefined);
     const autoPreserve = Boolean(detectedClient) && !opts.hybridTools;
     const effectivePreserveTools = Boolean(opts.preserveTools) || autoPreserve;
     // ── Strip thinking from history ──

package/dist/cli.js

@@ -35,7 +35,7 @@ if (!('Bun' in globalThis) && !process.env.DARIO_NO_BUN) {
 import { unlink } from 'node:fs/promises';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
-import { startAutoOAuthFlow, getStatus, refreshTokens, loadCredentials } from './oauth.js';
+import { startAutoOAuthFlow, startManualOAuthFlow, detectHeadlessEnvironment, getStatus, refreshTokens, loadCredentials } from './oauth.js';
 import { startProxy, sanitizeError } from './proxy.js';
 import { listAccountAliases, loadAllAccounts, addAccountViaOAuth, removeAccount } from './accounts.js';
 import { listBackends, saveBackend, removeBackend } from './openai-backend.js';
@@ -46,6 +46,7 @@ async function login() {
     console.log('  dario — Claude Login');
     console.log('  ───────────────────');
     console.log('');
+    const manualFlag = args.includes('--manual') || args.includes('--headless');
     // Check for existing credentials (Claude Code or dario's own)
     const creds = await loadCredentials();
     if (creds?.claudeAiOauth?.accessToken && creds.claudeAiOauth.expiresAt > Date.now()) {
@@ -79,8 +80,21 @@ async function login() {
         console.log('  No Claude Code credentials found. Starting OAuth flow...');
         console.log('');
     }
+    // If the user didn't explicitly pick `--manual`, surface a hint when
+    // heuristics suggest the local-callback flow won't work (SSH session,
+    // container). We don't auto-flip — false positives would be more
+    // annoying than false negatives — but the hint keeps users from
+    // waiting for a browser redirect that can't land.
+    if (!manualFlag) {
+        const reason = detectHeadlessEnvironment();
+        if (reason) {
+            console.log(`  Note: ${reason}. If the browser redirect doesn't land,`);
+            console.log('  re-run with: dario login --manual');
+            console.log('');
+        }
+    }
     try {
-        const tokens = await startAutoOAuthFlow();
+        const tokens = manualFlag ? await startManualOAuthFlow() : await startAutoOAuthFlow();
         const expiresIn = Math.round((tokens.expiresAt - Date.now()) / 60000);
         console.log('  Login successful!');
         console.log(`  Token expires in ${expiresIn} minutes (auto-refreshes).`);
@@ -89,9 +103,15 @@ async function login() {
         console.log('');
     }
     catch (err) {
+        const msg = sanitizeError(err);
         console.error('');
-        console.error(`  Login failed: ${sanitizeError(err)}`);
-        console.error('  Try again with `dario login`.');
+        console.error(`  Login failed: ${msg}`);
+        if (!manualFlag && /callback server|EADDRINUSE|bind|timed out/i.test(msg)) {
+            console.error('  Hint: try `dario login --manual` for headless / container setups.');
+        }
+        else {
+            console.error('  Try again with `dario login`.');
+        }
         process.exit(1);
     }
 }
@@ -175,9 +195,14 @@ async function proxy() {
         console.error('[dario] --preserve-tools and --hybrid-tools are mutually exclusive. Pick one.');
         process.exit(1);
     }
+    // Opt-out for v3.19.3's text-tool-client auto-detection. Operators who
+    // want the full CC fingerprint restored (tools array included) even
+    // when Cline/Kilo/Roo is detected can pass --no-auto-detect; they keep
+    // explicit control with --preserve-tools per session. dario#40 (ringge).
+    const noAutoDetect = args.includes('--no-auto-detect') || args.includes('--no-auto-preserve');
     const modelArg = args.find(a => a.startsWith('--model='));
     const model = modelArg ? modelArg.split('=')[1] : undefined;
-    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools });
+    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools, noAutoDetect });
 }
 async function accounts() {
     const sub = args[1];
@@ -384,7 +409,10 @@ async function help() {
   dario — Use your Claude subscription as an API.
 
   Usage:
-    dario login              Detect credentials + start proxy (or run OAuth)
+    dario login [--manual]   Detect credentials + start proxy (or run OAuth)
+                             --manual (alias: --headless) for container / SSH
+                             setups — prints an authorize URL and reads the
+                             code you paste back instead of a local redirect
     dario proxy [options]    Start the API proxy server
     dario status             Check authentication status
     dario refresh            Force token refresh
@@ -413,6 +441,11 @@ async function help() {
                              Loses subscription routing; use for custom agents
     --hybrid-tools           Remap to CC tools, inject sessionId/requestId/etc.
                              Keeps subscription routing for custom agents
+    --no-auto-detect         Disable Cline/Kilo/Roo auto-preserve-tools
+                             (v3.19.3 behavior). Keeps CC fingerprint
+                             intact even when a text-tool client is
+                             detected; use --preserve-tools per session
+                             when edits are needed. (dario#40)
     --port=PORT              Port to listen on (default: 3456)
     --host=ADDRESS           Address to bind to (default: 127.0.0.1)
                              Use 0.0.0.0 for LAN; see README for DARIO_API_KEY

package/dist/oauth.d.ts

@@ -19,6 +19,59 @@ export declare function loadCredentials(): Promise<CredentialsFile | null>;
  * Opens browser, captures the authorization code automatically.
  */
 export declare function startAutoOAuthFlow(): Promise<OAuthTokens>;
+/**
+ * Build the authorize URL used by the manual / headless flow. Exported
+ * so tests can assert the shape (code=true, MANUAL_REDIRECT_URI, PKCE)
+ * without exercising the full interactive flow.
+ */
+export declare function buildManualAuthorizeUrl(cfg: {
+    clientId: string;
+    authorizeUrl: string;
+    scopes: string;
+}, codeChallenge: string, state: string): string;
+/**
+ * Parse whatever the user pastes back from Anthropic's success page.
+ *
+ * The success page renders the authorization code and state joined with
+ * a `#` (the fragment-identifier convention CC itself uses for its
+ * `claude setup-token` flow), so the happy-path paste is `code#state`.
+ * Some browsers / copy UIs strip the fragment, so we also accept a bare
+ * code. When state is present, callers should verify it matches the
+ * state they generated; when absent, callers can prompt separately or
+ * accept the trade-off (code + PKCE + client_id are still verified on
+ * the token exchange).
+ */
+export declare function parseManualPaste(input: string): {
+    code: string;
+    state: string | null;
+};
+/**
+ * Heuristic for "dario is probably running somewhere the local-callback
+ * OAuth flow won't work because the browser is on a different host."
+ * Returns a short reason string when the heuristic fires, null otherwise.
+ *
+ * Callers use this to *offer* `--manual` to the user, never to force it —
+ * false positives are more annoying than false negatives (the user can
+ * always opt in explicitly).
+ */
+export declare function detectHeadlessEnvironment(): string | null;
+/**
+ * Manual / headless OAuth flow (dario #43).
+ *
+ * Mirrors Claude Code's own `claude setup-token` flow: asks Anthropic to
+ * display the authorization code as text instead of redirecting to a
+ * local callback server, then reads the code the user copies back.
+ * Works for container installs (browser on host, dario in container),
+ * SSH installs (no browser on the remote box), and any other setup
+ * where a localhost redirect can't reach the dario process.
+ *
+ * Security posture is unchanged from the auto flow: PKCE + client_id +
+ * single-use code + server-side code expiry. State parameter is
+ * verified when the pasted input includes it; bare-code pastes still
+ * exchange because state isn't load-bearing for the token endpoint
+ * (it's CSRF protection for a redirect we don't have here).
+ */
+export declare function startManualOAuthFlow(): Promise<OAuthTokens>;
 /**
  * Refresh the access token using the refresh token.
  * Retries with exponential backoff on transient failures.

package/dist/oauth.js

@@ -5,11 +5,18 @@
  * Handles authorization, token exchange, storage, and auto-refresh.
  */
 import { randomBytes, createHash } from 'node:crypto';
+import { existsSync, readFileSync } from 'node:fs';
 import { readFile, writeFile, mkdir, rename } from 'node:fs/promises';
 import { execFile } from 'node:child_process';
 import { dirname, join } from 'node:path';
 import { homedir, platform } from 'node:os';
 import { detectCCOAuthConfig } from './cc-oauth-detect.js';
+// Manual-flow redirect URI. Anthropic's authorize endpoint special-cases
+// this value (also baked into CC as MANUAL_REDIRECT_URL) to render the
+// authorization code + state on a copy-paste success page instead of
+// redirecting back to a localhost callback. Used by startManualOAuthFlow
+// for container / headless / SSH installs where a local bind won't work.
+const MANUAL_REDIRECT_URI = 'https://platform.claude.com/oauth/code/callback';
 // OAuth config is auto-detected at runtime from the installed Claude Code
 // binary. This eliminates the "Anthropic rotated the client_id again" class
 // of bugs — dario stays in sync with whatever CC version the user has
@@ -293,6 +300,153 @@ async function exchangeCodeWithRedirect(code, codeVerifier, state, port) {
     await saveCredentials({ claudeAiOauth: tokens });
     return tokens;
 }
+/**
+ * Build the authorize URL used by the manual / headless flow. Exported
+ * so tests can assert the shape (code=true, MANUAL_REDIRECT_URI, PKCE)
+ * without exercising the full interactive flow.
+ */
+export function buildManualAuthorizeUrl(cfg, codeChallenge, state) {
+    const params = new URLSearchParams({
+        code: 'true',
+        client_id: cfg.clientId,
+        response_type: 'code',
+        redirect_uri: MANUAL_REDIRECT_URI,
+        scope: cfg.scopes,
+        code_challenge: codeChallenge,
+        code_challenge_method: 'S256',
+        state,
+    });
+    return `${cfg.authorizeUrl}?${params.toString()}`;
+}
+/**
+ * Parse whatever the user pastes back from Anthropic's success page.
+ *
+ * The success page renders the authorization code and state joined with
+ * a `#` (the fragment-identifier convention CC itself uses for its
+ * `claude setup-token` flow), so the happy-path paste is `code#state`.
+ * Some browsers / copy UIs strip the fragment, so we also accept a bare
+ * code. When state is present, callers should verify it matches the
+ * state they generated; when absent, callers can prompt separately or
+ * accept the trade-off (code + PKCE + client_id are still verified on
+ * the token exchange).
+ */
+export function parseManualPaste(input) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        return { code: '', state: null };
+    const hashIdx = trimmed.indexOf('#');
+    if (hashIdx === -1)
+        return { code: trimmed, state: null };
+    return {
+        code: trimmed.slice(0, hashIdx).trim(),
+        state: trimmed.slice(hashIdx + 1).trim(),
+    };
+}
+/**
+ * Heuristic for "dario is probably running somewhere the local-callback
+ * OAuth flow won't work because the browser is on a different host."
+ * Returns a short reason string when the heuristic fires, null otherwise.
+ *
+ * Callers use this to *offer* `--manual` to the user, never to force it —
+ * false positives are more annoying than false negatives (the user can
+ * always opt in explicitly).
+ */
+export function detectHeadlessEnvironment() {
+    if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION) {
+        return 'SSH session detected';
+    }
+    try {
+        if (existsSync('/.dockerenv')) {
+            return 'container detected (/.dockerenv)';
+        }
+        if (existsSync('/proc/1/cgroup')) {
+            const cg = readFileSync('/proc/1/cgroup', 'utf-8');
+            if (/\b(docker|containerd|lxc|kubepods)\b/.test(cg)) {
+                return 'container detected (cgroup)';
+            }
+        }
+    }
+    catch { /* best-effort — /proc is Linux-only, absence is fine */ }
+    return null;
+}
+/**
+ * Manual / headless OAuth flow (dario #43).
+ *
+ * Mirrors Claude Code's own `claude setup-token` flow: asks Anthropic to
+ * display the authorization code as text instead of redirecting to a
+ * local callback server, then reads the code the user copies back.
+ * Works for container installs (browser on host, dario in container),
+ * SSH installs (no browser on the remote box), and any other setup
+ * where a localhost redirect can't reach the dario process.
+ *
+ * Security posture is unchanged from the auto flow: PKCE + client_id +
+ * single-use code + server-side code expiry. State parameter is
+ * verified when the pasted input includes it; bare-code pastes still
+ * exchange because state isn't load-bearing for the token endpoint
+ * (it's CSRF protection for a redirect we don't have here).
+ */
+export async function startManualOAuthFlow() {
+    const { codeVerifier, codeChallenge } = generatePKCE();
+    const state = base64url(randomBytes(16));
+    const cfg = await getOAuthConfig();
+    const authUrl = buildManualAuthorizeUrl(cfg, codeChallenge, state);
+    console.log('');
+    console.log('  Open this URL in any browser (on any machine):');
+    console.log('');
+    console.log(`    ${authUrl}`);
+    console.log('');
+    console.log('  After you approve, Anthropic will display an authorization code.');
+    console.log('  Paste it below (format: "code#state" or just the code).');
+    console.log('');
+    const pasted = await readLineFromStdin('  Code: ');
+    const { code, state: returnedState } = parseManualPaste(pasted);
+    if (!code) {
+        throw new Error('No authorization code entered. Re-run `dario login --manual`.');
+    }
+    if (returnedState && returnedState !== state) {
+        throw new Error('State mismatch — the pasted code is from a different login attempt. Re-run `dario login --manual` and paste the most recent code.');
+    }
+    return exchangeCodeManual(code, codeVerifier, state);
+}
+async function exchangeCodeManual(code, codeVerifier, state) {
+    const cfg = await getOAuthConfig();
+    const res = await fetch(cfg.tokenUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            grant_type: 'authorization_code',
+            client_id: cfg.clientId,
+            code,
+            redirect_uri: MANUAL_REDIRECT_URI,
+            code_verifier: codeVerifier,
+            state,
+        }),
+        signal: AbortSignal.timeout(30000),
+    });
+    if (!res.ok) {
+        const body = await res.text().catch(() => '');
+        throw new Error(`Token exchange failed (HTTP ${res.status}): ${body.slice(0, 200)}`);
+    }
+    const data = await res.json();
+    const tokens = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+        scopes: data.scope?.split(' ') || ['user:inference'],
+    };
+    await saveCredentials({ claudeAiOauth: tokens });
+    return tokens;
+}
+async function readLineFromStdin(prompt) {
+    const { createInterface } = await import('node:readline/promises');
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    try {
+        return (await rl.question(prompt)).trim();
+    }
+    finally {
+        rl.close();
+    }
+}
 /**
  * Refresh the access token using the refresh token.
  * Retries with exponential backoff on transient failures.

package/dist/proxy.d.ts

@@ -11,6 +11,7 @@ interface ProxyOptions {
     passthrough?: boolean;
     preserveTools?: boolean;
     hybridTools?: boolean;
+    noAutoDetect?: boolean;
 }
 export declare function sanitizeError(err: unknown): string;
 export declare function startProxy(opts?: ProxyOptions): Promise<void>;

package/dist/proxy.js

@@ -982,6 +982,7 @@ export async function startProxy(opts = {}) {
                         const { body: ccBody, toolMap, detectedClient } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, {
                             preserveTools: opts.preserveTools ?? false,
                             hybridTools: opts.hybridTools ?? false,
+                            noAutoDetect: opts.noAutoDetect ?? false,
                         });
                         // Log the auto-preserve-tools switch once per text-tool
                         // client family. Skip when the operator already opted into

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.19.5",
+  "version": "3.20.1",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/ && node -e \"require('fs').mkdirSync('dist/shim',{recursive:true})\" && cp src/shim/runtime.cjs dist/shim/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/drift-detection.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs && node test/manual-oauth-flow.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",