@askalf/dario 3.30.6 → 3.30.8

package/dist/cli.d.ts

@@ -9,4 +9,20 @@
  *   dario refresh   — Force token refresh
  *   dario logout    — Remove saved credentials
  */
-export {};
+/**
+ * Parse a boolean env var. Accepts "1", "true", "yes", "on" (case-insensitive)
+ * as truthy; everything else (including unset) is undefined/false. Exported
+ * for tests. Used by dario#77 DARIO_STRICT_TEMPLATE / DARIO_NO_LIVE_CAPTURE
+ * and any future boolean env mirror.
+ */
+export declare function parseBooleanEnv(value: string | undefined): boolean | undefined;
+/**
+ * Parse --preserve-orchestration-tags (bare or =value) + env mirror.
+ * Exported for tests.
+ * dario#78.
+ *
+ *   undefined              — flag not passed + env unset → strip all (default)
+ *   Set(['*'])             — flag bare OR value "*"      → preserve all
+ *   Set(['thinking','env']) — value "thinking,env"        → preserve listed
+ */
+export declare function resolvePreserveOrchestrationTags(args: string[], env: string | undefined): Set<string> | undefined;

package/dist/cli.js

@@ -229,6 +229,27 @@ async function proxy() {
     const sessionRotateJitterMs = parsePositiveIntFlag('--session-rotate-jitter=');
     const sessionMaxAgeMs = parsePositiveIntFlag('--session-max-age=');
     const sessionPerClient = args.includes('--session-per-client') || undefined;
+    // --preserve-orchestration-tags (bare OR =tag1,tag2,...) — opt-out for
+    // workflows that legitimately need <system-reminder>, <thinking>, etc.
+    // preserved on the wire. Default behaviour unchanged (strip all).
+    // dario#78 (Gemini review push-back). Env mirror:
+    //   DARIO_PRESERVE_ORCHESTRATION_TAGS=*           (preserve all)
+    //   DARIO_PRESERVE_ORCHESTRATION_TAGS=thinking,env (preserve listed)
+    const preserveOrchestrationTags = resolvePreserveOrchestrationTags(args, process.env['DARIO_PRESERVE_ORCHESTRATION_TAGS']);
+    // --no-live-capture / --strict-template — template fail-closed knobs.
+    // Convergent push-back from Grok + GPT in reviews/: drift resilience
+    // should be opt-in-verifiable, not silently best-effort. dario#77.
+    //   --no-live-capture   → skip the background CC capture entirely, use
+    //                         the bundled snapshot; for air-gapped / CI.
+    //   --strict-template   → refuse to start if the loaded template is
+    //                         bundled (no live capture) or drifted from
+    //                         the installed CC; same shape as --strict-tls.
+    const noLiveCapture = args.includes('--no-live-capture')
+        || parseBooleanEnv(process.env['DARIO_NO_LIVE_CAPTURE'])
+        || undefined;
+    const strictTemplate = args.includes('--strict-template')
+        || parseBooleanEnv(process.env['DARIO_STRICT_TEMPLATE'])
+        || undefined;
     // Non-loopback bind without DARIO_API_KEY turns dario into an open
     // OAuth-subscription relay for anyone on the reachable network. Refuse
     // to start rather than rely on the operator to read the startup banner.
@@ -248,7 +269,49 @@ async function proxy() {
         console.error(`[dario] Override (not recommended): pass --unsafe-no-auth if you have out-of-band network controls and accept the risk.`);
         process.exit(1);
     }
-    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools, noAutoDetect, strictTls, pacingMinMs, pacingJitterMs, drainOnClose, sessionIdleRotateMs, sessionRotateJitterMs, sessionMaxAgeMs, sessionPerClient });
+    await startProxy({ port, host, verbose, verboseBodies, model, passthrough, preserveTools, hybridTools, noAutoDetect, strictTls, pacingMinMs, pacingJitterMs, drainOnClose, sessionIdleRotateMs, sessionRotateJitterMs, sessionMaxAgeMs, sessionPerClient, preserveOrchestrationTags, noLiveCapture, strictTemplate });
+}
+/**
+ * Parse a boolean env var. Accepts "1", "true", "yes", "on" (case-insensitive)
+ * as truthy; everything else (including unset) is undefined/false. Exported
+ * for tests. Used by dario#77 DARIO_STRICT_TEMPLATE / DARIO_NO_LIVE_CAPTURE
+ * and any future boolean env mirror.
+ */
+export function parseBooleanEnv(value) {
+    if (value === undefined)
+        return undefined;
+    const normalized = value.trim().toLowerCase();
+    if (normalized === '1' || normalized === 'true' || normalized === 'yes' || normalized === 'on')
+        return true;
+    return undefined;
+}
+/**
+ * Parse --preserve-orchestration-tags (bare or =value) + env mirror.
+ * Exported for tests.
+ * dario#78.
+ *
+ *   undefined              — flag not passed + env unset → strip all (default)
+ *   Set(['*'])             — flag bare OR value "*"      → preserve all
+ *   Set(['thinking','env']) — value "thinking,env"        → preserve listed
+ */
+export function resolvePreserveOrchestrationTags(args, env) {
+    // Explicit --preserve-orchestration-tags=value wins over everything.
+    const withValue = args.find(a => a.startsWith('--preserve-orchestration-tags='));
+    if (withValue)
+        return parsePreserveTagsValue(withValue.split('=').slice(1).join('='));
+    // Bare flag = preserve all.
+    if (args.includes('--preserve-orchestration-tags'))
+        return new Set(['*']);
+    // Env mirror — explicit flag always wins, checked last.
+    if (env !== undefined)
+        return parsePreserveTagsValue(env);
+    return undefined;
+}
+function parsePreserveTagsValue(value) {
+    const trimmed = value.trim();
+    if (trimmed === '' || trimmed === '*')
+        return new Set(['*']);
+    return new Set(trimmed.split(',').map(s => s.trim()).filter(Boolean));
 }
 function parsePositiveIntFlag(prefix) {
     const found = args.find(a => a.startsWith(prefix));
@@ -561,6 +624,30 @@ async function help() {
                              header) its own rotated session id.
                              Default: off (single session across all
                              clients, v3.27 behaviour). (v3.28)
+    --preserve-orchestration-tags[=TAG,TAG]
+                             Opt specific orchestration wrapper tags
+                             (<system-reminder>, <env>, <thinking>,
+                             etc.) out of the scrub. Bare flag =
+                             preserve all. Value form = preserve only
+                             those listed; everything else is still
+                             stripped. Default: strip every tag in
+                             ORCHESTRATION_TAG_NAMES. Env mirror:
+                             DARIO_PRESERVE_ORCHESTRATION_TAGS=*
+                             or =tag1,tag2. (v3.30.7, dario#78)
+    --no-live-capture        Skip the background live-fingerprint
+                             refresh entirely. dario uses the bundled
+                             snapshot and will NOT spawn the installed
+                             Claude Code binary. For air-gapped /
+                             reproducible-build / CI-harness runs.
+                             Env: DARIO_NO_LIVE_CAPTURE=1.
+                             (v3.30.8, dario#77)
+    --strict-template        Refuse to start if the loaded template
+                             is the bundled snapshot (no live capture
+                             ever succeeded) or drifts from the
+                             installed CC version. Same philosophy
+                             as --strict-tls: make the unsafe state
+                             require intent. Env: DARIO_STRICT_TEMPLATE=1.
+                             (v3.30.8, dario#77)
     --port=PORT              Port to listen on (default: 3456)
     --host=ADDRESS           Address to bind to (default: 127.0.0.1)
                              Use 0.0.0.0 for LAN; see README for DARIO_API_KEY

package/dist/proxy.d.ts

@@ -3,8 +3,29 @@ export declare function parseProviderPrefix(model: string): {
     provider: 'openai' | 'claude';
     model: string;
 } | null;
-/** Strip orchestration tags from all messages in a request body. */
-export declare function sanitizeMessages(body: Record<string, unknown>): void;
+export declare const ORCHESTRATION_TAG_NAMES: string[];
+/**
+ * Build the regex list that actually strips orchestration tags.
+ *
+ * `preserveTags` selects which tags to KEEP in the outbound body.
+ *   undefined       → strip every tag in ORCHESTRATION_TAG_NAMES (default)
+ *   Set(['*'])      → preserve all tags (strip none)
+ *   Set(['thinking']) → strip everything except `<thinking>...</thinking>`
+ *
+ * Each tag produces two patterns — the wrapper form (`<tag>...</tag>`) and
+ * the self-closing form (`<tag ... />`) — so callers that emit either shape
+ * get the same treatment.
+ *
+ * dario#78 (Gemini review push-back).
+ */
+export declare function buildOrchestrationPatterns(preserveTags?: Set<string>): RegExp[];
+/**
+ * Strip orchestration tags from all messages in a request body.
+ *
+ * Pass `preserveTags` (a Set of tag names, or `Set(['*'])` for all) to
+ * opt any tag out of the scrub. dario#78.
+ */
+export declare function sanitizeMessages(body: Record<string, unknown>, preserveTags?: Set<string>): void;
 interface ProxyOptions {
     port?: number;
     host?: string;
@@ -23,6 +44,27 @@ interface ProxyOptions {
     sessionRotateJitterMs?: number;
     sessionMaxAgeMs?: number;
     sessionPerClient?: boolean;
+    /**
+     * Opt specific orchestration tags out of the scrub. Undefined = strip all
+     * (default, v3.30 and earlier behaviour). Set(['*']) = preserve all.
+     * Set(['thinking','env']) = strip everything except those two. dario#78.
+     */
+    preserveOrchestrationTags?: Set<string>;
+    /**
+     * Skip the background live-fingerprint refresh entirely. Use the bundled
+     * snapshot even when a live capture would have been possible. For
+     * air-gapped / reproducible-build / CI-harness operators who want no
+     * subprocess capture of the installed CC binary. dario#77.
+     */
+    noLiveCapture?: boolean;
+    /**
+     * Fail-closed mode for the template. If the loaded template is the
+     * bundled snapshot (live capture has never been run or failed), or if
+     * it's a live cache that drifts from the installed CC, refuse to start
+     * rather than silently serve the stale shape. Same philosophy as
+     * --strict-tls. dario#77.
+     */
+    strictTemplate?: boolean;
 }
 export declare function sanitizeError(err: unknown): string;
 /**

package/dist/proxy.js

@@ -190,38 +190,66 @@ function filterBillableBetas(betas) {
 }
 // Orchestration tags injected by agents (Aider, Cursor, OpenCode, etc.)
 // that confuse Claude when passed through. Strip before forwarding.
-const ORCHESTRATION_TAG_NAMES = [
+export const ORCHESTRATION_TAG_NAMES = [
     'system-reminder', 'env', 'system_information', 'current_working_directory',
     'operating_system', 'default_shell', 'home_directory', 'task_metadata',
     'directories', 'thinking',
     'agent_persona', 'agent_context', 'tool_context', 'persona', 'tool_call',
 ];
-const ORCHESTRATION_PATTERNS = ORCHESTRATION_TAG_NAMES.flatMap(tag => [
-    new RegExp(`<${tag}\\b[^>]*>[\\s\\S]*?<\\/${tag}>`, 'gi'),
-    new RegExp(`<${tag}\\b[^>]*\\/>`, 'gi'),
-]);
+/**
+ * Build the regex list that actually strips orchestration tags.
+ *
+ * `preserveTags` selects which tags to KEEP in the outbound body.
+ *   undefined       → strip every tag in ORCHESTRATION_TAG_NAMES (default)
+ *   Set(['*'])      → preserve all tags (strip none)
+ *   Set(['thinking']) → strip everything except `<thinking>...</thinking>`
+ *
+ * Each tag produces two patterns — the wrapper form (`<tag>...</tag>`) and
+ * the self-closing form (`<tag ... />`) — so callers that emit either shape
+ * get the same treatment.
+ *
+ * dario#78 (Gemini review push-back).
+ */
+export function buildOrchestrationPatterns(preserveTags) {
+    if (preserveTags?.has('*'))
+        return [];
+    const effective = preserveTags
+        ? ORCHESTRATION_TAG_NAMES.filter(tag => !preserveTags.has(tag))
+        : ORCHESTRATION_TAG_NAMES;
+    return effective.flatMap(tag => [
+        new RegExp(`<${tag}\\b[^>]*>[\\s\\S]*?<\\/${tag}>`, 'gi'),
+        new RegExp(`<${tag}\\b[^>]*\\/>`, 'gi'),
+    ]);
+}
+const ORCHESTRATION_PATTERNS_DEFAULT = buildOrchestrationPatterns();
 /** Strip orchestration wrapper tags from message content. */
-function sanitizeContent(text) {
+function sanitizeContent(text, patterns) {
     let result = text;
-    for (const pattern of ORCHESTRATION_PATTERNS) {
+    for (const pattern of patterns) {
         pattern.lastIndex = 0;
         result = result.replace(pattern, '');
     }
     return result.replace(/\n{3,}/g, '\n\n').trim();
 }
-/** Strip orchestration tags from all messages in a request body. */
-export function sanitizeMessages(body) {
+/**
+ * Strip orchestration tags from all messages in a request body.
+ *
+ * Pass `preserveTags` (a Set of tag names, or `Set(['*'])` for all) to
+ * opt any tag out of the scrub. dario#78.
+ */
+export function sanitizeMessages(body, preserveTags) {
     const messages = body.messages;
     if (!messages)
         return;
+    const patterns = preserveTags === undefined ? ORCHESTRATION_PATTERNS_DEFAULT : buildOrchestrationPatterns(preserveTags);
     for (const msg of messages) {
         if (typeof msg.content === 'string') {
-            msg.content = sanitizeContent(msg.content);
+            msg.content = sanitizeContent(msg.content, patterns);
         }
         else if (Array.isArray(msg.content)) {
             for (const block of msg.content) {
                 if (typeof block === 'object' && block && 'text' in block && typeof block.text === 'string') {
-                    block.text = sanitizeContent(block.text);
+                    block.text = sanitizeContent(block.text, patterns);
                 }
             }
             // Drop text blocks that became empty after orchestration-tag scrubbing.
@@ -876,7 +904,7 @@ export async function startProxy(opts = {}) {
                 try {
                     const parsed = JSON.parse(body.toString());
                     // Strip orchestration tags from messages (Aider, Cursor, etc.)
-                    sanitizeMessages(parsed);
+                    sanitizeMessages(parsed, opts.preserveOrchestrationTags);
                     const result = isOpenAI ? openaiToAnthropic(parsed, modelOverride) : (modelOverride ? { ...parsed, model: modelOverride } : parsed);
                     const r = result;
                     requestModel = (r.model || '').toLowerCase();
@@ -1612,6 +1640,23 @@ export async function startProxy(opts = {}) {
     if (drift.drifted) {
         console.log(`[dario] ⚠  template drift: ${drift.message}`);
     }
+    // Strict-template fail-closed mode. Template must be from a live capture
+    // (not the bundled snapshot) and must not have drifted from the installed
+    // CC. Operator opts in via --strict-template / DARIO_STRICT_TEMPLATE=1.
+    // Same philosophy as --strict-tls: make the unsafe state require intent.
+    // dario#77.
+    if (opts.strictTemplate) {
+        if (CC_TEMPLATE._source === 'bundled') {
+            console.error(`[dario] Refusing to start proxy in --strict-template mode: template source is 'bundled' (no live capture available).`);
+            console.error(`[dario] Fix: run \`claude --print hello\` once so dario can capture the live template, then retry. Or drop --strict-template if the bundled fingerprint is acceptable for this run.`);
+            process.exit(1);
+        }
+        if (drift.drifted) {
+            console.error(`[dario] Refusing to start proxy in --strict-template mode: template drift detected (${drift.message}).`);
+            console.error(`[dario] Fix: rm ~/.dario/cc-template.live.json and retry (the next capture will be against your current CC), or drop --strict-template if the drift is acceptable.`);
+            process.exit(1);
+        }
+    }
     // Compat check: is the installed CC inside the range this dario
     // release has been tested against? Only log when non-OK so the happy
     // path stays quiet. `unknown` (no CC on PATH) is also quiet — bundled
@@ -1633,7 +1678,16 @@ export async function startProxy(opts = {}) {
     // user's own CC binary request shape and updates ~/.dario/cc-template.live.json
     // for the next startup. No-op if CC isn't installed or the cache is fresh.
     // Never blocks proxy startup; never throws.
-    void import('./live-fingerprint.js').then(({ refreshLiveFingerprintAsync }) => refreshLiveFingerprintAsync({ silent: false, force: drift.drifted }).catch(() => { }));
+    //
+    // Skipped entirely under --no-live-capture / DARIO_NO_LIVE_CAPTURE=1 —
+    // the operator has opted into a bundled-only shape (air-gapped runs,
+    // reproducible-build CI, deliberate pinning). dario#77.
+    if (!opts.noLiveCapture) {
+        void import('./live-fingerprint.js').then(({ refreshLiveFingerprintAsync }) => refreshLiveFingerprintAsync({ silent: false, force: drift.drifted }).catch(() => { }));
+    }
+    else {
+        console.log('[dario] --no-live-capture: background live fingerprint refresh skipped; using bundled template.');
+    }
     server.listen(port, host, () => {
         const modeLine = passthrough
             ? 'Mode: passthrough (OAuth swap only, no injection)'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.30.6",
+  "version": "3.30.8",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/ && node -e \"require('fs').mkdirSync('dist/shim',{recursive:true})\" && cp src/shim/runtime.cjs dist/shim/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/proxy-body-order.mjs && node test/runtime-fingerprint.mjs && node test/pacing.mjs && node test/stream-drain.mjs && node test/subagent.mjs && node test/mcp-protocol.mjs && node test/mcp-tools.mjs && node test/mcp-e2e.mjs && node test/session-rotation.mjs && node test/drift-detection.mjs && node test/cc-authorize-probe-classifier.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs && node test/manual-oauth-flow.mjs && node test/scrub-template.mjs && node test/sanitize-messages.mjs && node test/platform-tools.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/proxy-body-order.mjs && node test/runtime-fingerprint.mjs && node test/pacing.mjs && node test/stream-drain.mjs && node test/subagent.mjs && node test/mcp-protocol.mjs && node test/mcp-tools.mjs && node test/mcp-e2e.mjs && node test/session-rotation.mjs && node test/drift-detection.mjs && node test/cc-authorize-probe-classifier.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs && node test/manual-oauth-flow.mjs && node test/scrub-template.mjs && node test/sanitize-messages.mjs && node test/platform-tools.mjs && node test/strict-template-flags.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",