@askalf/dario 3.31.17 → 3.31.19

package/dist/cli.d.ts

@@ -48,3 +48,27 @@ export declare function parseBooleanEnv(value: string | undefined): boolean | un
  *   Set(['thinking','env']) — value "thinking,env"        → preserve listed
  */
 export declare function resolvePreserveOrchestrationTags(args: string[], env: string | undefined): Set<string> | undefined;
+/**
+ * Decide whether this module is being invoked as the CLI entry point or
+ * imported as a library. Pure, exported for tests; the file-bottom uses
+ * it with `process.argv[1]` + `import.meta.url` + `fs.realpathSync`.
+ *
+ * The pre-v3.31.19 implementation was a strict string compare —
+ *   import.meta.url === pathToFileURL(process.argv[1]).href
+ * — which silently failed on every npm-global install because the bin
+ * shim path (e.g. `/usr/local/bin/dario`) is a symlink to `dist/cli.js`.
+ * `argv[1]` arrived as the *symlink* path while `import.meta.url`
+ * resolved through the symlink to the real file. They never matched,
+ * the guard returned false, and the entire CLI body was gated out —
+ * `dario doctor`, `dario proxy`, every command produced zero output and
+ * exited 0. Reported as dario#143 by @tetsuco.
+ *
+ * The fix: also check the symlink-resolved path. `realpathSync`
+ * canonicalizes the argv[1] symlink into the same on-disk path that
+ * `import.meta.url` already represents, so a global-install bin-shim
+ * invocation matches. Direct invocation (`node dist/cli.js`) still
+ * matches via the first leg. Test-side imports of named exports still
+ * don't match either leg, which preserves the original purpose of the
+ * guard from #137 (v3.31.15).
+ */
+export declare function isMainEntry(argv1: string | undefined | null, moduleHref: string, realpath?: (p: string) => string): boolean;

package/dist/cli.js

@@ -17,6 +17,7 @@
 // just want `parsePositiveIntEnv`) doesn't trigger a Bun relaunch or any
 // other startup side effect.
 import { unlink } from 'node:fs/promises';
+import { realpathSync } from 'node:fs';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { pathToFileURL } from 'node:url';
@@ -652,6 +653,12 @@ async function help() {
                              the server's verdict — the single reliable
                              signal for scope-policy drift (dario#42/#71
                              class). One GET to claude.ai; no PII.
+    dario doctor --usage     Fire one minimal Haiku request through your
+                             OAuth and surface the rate-limit snapshot:
+                             All-models 5h/7d, per-model 7d buckets
+                             (Sonnet only, Opus only when Anthropic ships
+                             them), overage. Mirrors the user-dashboard
+                             usage page. Costs ~1 subscription request.
     dario doctor --json      Emit the check report as structured JSON
                              for machine consumption (claude-bridge
                              /status, CI scripts, etc.) instead of the
@@ -972,6 +979,7 @@ async function mcp() {
 async function doctor() {
     const { runChecks, formatChecks, formatChecksJson, exitCodeFor, runAuthCheck } = await import('./doctor.js');
     const probe = args.includes('--probe');
+    const usage = args.includes('--usage');
     const asJson = args.includes('--json');
     const authCheck = args.includes('--auth-check');
     if (authCheck) {
@@ -1008,7 +1016,7 @@ async function doctor() {
         console.log('');
         process.exit(result.verdict === 'match' ? 0 : 1);
     }
-    const checks = await runChecks({ probe });
+    const checks = await runChecks({ probe, usage });
     if (asJson) {
         // JSON mode is meant for machine consumption (claude-bridge /status,
         // deepdive health checks, CI scripts) — no decorative header, no
@@ -1147,14 +1155,44 @@ const commands = {
     '--version': version,
     '-V': version,
 };
-// Main-entry guard. Only run the Bun auto-relaunch and handler dispatch when
-// this module is the direct entry point — importing it (from tests or for
-// a library helper like `parsePositiveIntEnv`) must NOT start the proxy.
-// Before this guard, `import { parsePositiveIntEnv } from './cli.js'` would
-// fall through to `command = args[0] ?? 'proxy'` and fire `handler()`, which
-// tried to run `startProxy()` and failed the test with "Not authenticated".
-const isDirectEntry = typeof process.argv[1] === 'string' &&
-    import.meta.url === pathToFileURL(process.argv[1]).href;
+/**
+ * Decide whether this module is being invoked as the CLI entry point or
+ * imported as a library. Pure, exported for tests; the file-bottom uses
+ * it with `process.argv[1]` + `import.meta.url` + `fs.realpathSync`.
+ *
+ * The pre-v3.31.19 implementation was a strict string compare —
+ *   import.meta.url === pathToFileURL(process.argv[1]).href
+ * — which silently failed on every npm-global install because the bin
+ * shim path (e.g. `/usr/local/bin/dario`) is a symlink to `dist/cli.js`.
+ * `argv[1]` arrived as the *symlink* path while `import.meta.url`
+ * resolved through the symlink to the real file. They never matched,
+ * the guard returned false, and the entire CLI body was gated out —
+ * `dario doctor`, `dario proxy`, every command produced zero output and
+ * exited 0. Reported as dario#143 by @tetsuco.
+ *
+ * The fix: also check the symlink-resolved path. `realpathSync`
+ * canonicalizes the argv[1] symlink into the same on-disk path that
+ * `import.meta.url` already represents, so a global-install bin-shim
+ * invocation matches. Direct invocation (`node dist/cli.js`) still
+ * matches via the first leg. Test-side imports of named exports still
+ * don't match either leg, which preserves the original purpose of the
+ * guard from #137 (v3.31.15).
+ */
+export function isMainEntry(argv1, moduleHref, realpath = realpathSync) {
+    if (typeof argv1 !== 'string' || argv1.length === 0)
+        return false;
+    if (moduleHref === pathToFileURL(argv1).href)
+        return true;
+    try {
+        return moduleHref === pathToFileURL(realpath(argv1)).href;
+    }
+    catch {
+        return false;
+    }
+}
+// Main-entry guard. Only run the Bun auto-relaunch and handler dispatch
+// when this module is the direct CLI entry point.
+const isDirectEntry = isMainEntry(process.argv[1], import.meta.url);
 if (isDirectEntry) {
     // Bun auto-relaunch for TLS fingerprint fidelity. Only meaningful when
     // dario is the direct entry — if we're imported, whoever imported us

package/dist/doctor.d.ts

@@ -50,6 +50,16 @@ export interface RunChecksOptions {
      * GET to `claude.ai` and runs in parallel with the other checks.
      */
     probe?: boolean;
+    /**
+     * Opt-in: fire a minimal `POST /v1/messages` through the user's OAuth
+     * (Haiku, `max_tokens=1`) to capture the current rate-limit snapshot,
+     * including the unified buckets AND the per-model buckets Anthropic
+     * started carving in late April 2026 (`7d_sonnet-utilization` etc).
+     * Surfaces "All models X%, Sonnet only Y%" the way the user dashboard
+     * does. Enable with `dario doctor --usage`; costs ~1 subscription
+     * request.
+     */
+    usage?: boolean;
 }
 /**
  * Run every available health check. Never throws — each check is

package/dist/doctor.js

@@ -282,6 +282,135 @@ export async function runChecks(opts = {}) {
             });
         }
     }
+    // ---- Usage snapshot (opt-in, --usage).
+    // Fires one `POST /v1/messages` via the loaded OAuth (Haiku, max_tokens=1)
+    // to capture the current rate-limit snapshot including the per-model
+    // buckets Anthropic started carving around 2026-04-25. Surfaces the
+    // `All models` vs `Sonnet only` split the way the user dashboard does.
+    // Direct-to-Anthropic, not through the proxy — the proxy doesn't need
+    // to be running for `dario doctor --usage`.
+    if (opts.usage) {
+        try {
+            const { parseRateLimits } = await import('./pool.js');
+            const { billingBucketFromClaim } = await import('./analytics.js');
+            // Probe routing decision: Anthropic's subscription path rejects
+            // non-CC-shaped requests on Sonnet/Opus (returns 429 with no
+            // rate-limit headers). Haiku accepts the raw shape. So:
+            //   - If a local `dario proxy` is listening, route through it —
+            //     the proxy injects the full CC template and all three families
+            //     succeed, giving us the _sonnet / _opus / _haiku per-model
+            //     bucket headers on a single round trip each.
+            //   - Else fall back to direct-to-Anthropic with Haiku only.
+            //     Unified buckets surface but per-model buckets won't.
+            const dario_base = process.env.DARIO_TEST_URL || 'http://127.0.0.1:3456';
+            let probeEndpoint = `${dario_base}/v1/messages`;
+            let probeHeaders = {
+                'content-type': 'application/json',
+                'anthropic-version': '2023-06-01',
+                'authorization': 'Bearer dario',
+            };
+            let proxyAvailable = false;
+            try {
+                const healthRes = await fetch(`${dario_base}/health`, { signal: AbortSignal.timeout(800) });
+                proxyAvailable = healthRes.ok;
+            }
+            catch { /* proxy not running */ }
+            if (!proxyAvailable) {
+                const { getAccessToken } = await import('./oauth.js');
+                const token = await getAccessToken();
+                probeEndpoint = 'https://api.anthropic.com/v1/messages';
+                probeHeaders = {
+                    'content-type': 'application/json',
+                    'anthropic-version': '2023-06-01',
+                    'anthropic-beta': 'oauth-2025-04-20',
+                    'authorization': `Bearer ${token}`,
+                };
+                checks.push({
+                    status: 'info',
+                    label: 'Usage probe',
+                    detail: 'dario proxy not running — probing direct. Per-model buckets visible only when probing through a running proxy (start `dario proxy` in another terminal and re-run).',
+                });
+            }
+            // Probe each family in parallel. Anthropic only returns the
+            // per-model 7d bucket header on a request TO that family.
+            const families = [
+                { family: 'haiku', model: 'claude-haiku-4-5' },
+                { family: 'sonnet', model: 'claude-sonnet-4-6' },
+                { family: 'opus', model: 'claude-opus-4-7' },
+            ];
+            const probe = async (model) => {
+                const res = await fetch(probeEndpoint, {
+                    method: 'POST',
+                    headers: probeHeaders,
+                    body: JSON.stringify({
+                        model,
+                        max_tokens: 1,
+                        messages: [{ role: 'user', content: 'ok' }],
+                    }),
+                    signal: AbortSignal.timeout(15_000),
+                });
+                // Consume the body so the socket releases; we only care about headers.
+                await res.text().catch(() => '');
+                // Ignore 429/4xx snapshots without useful rate-limit headers.
+                if (!res.headers.get('anthropic-ratelimit-unified-status'))
+                    return null;
+                return parseRateLimits(res.headers);
+            };
+            const results = await Promise.all(families.map(f => probe(f.model).catch(() => null)));
+            // Use the first non-null snapshot for the unified view — they
+            // should all agree on the unified buckets (same account, same moment).
+            const firstOk = results.find(s => s !== null);
+            if (!firstOk)
+                throw new Error('all probe requests failed');
+            const bucket = billingBucketFromClaim(firstOk.claim);
+            const pct = (n) => `${(n * 100).toFixed(1)}%`;
+            checks.push({
+                status: firstOk.util5h >= 0.90 ? 'warn' : 'ok',
+                label: 'Usage 5h (all)',
+                detail: `${pct(firstOk.util5h)} used  •  status=${firstOk.status}  •  claim=${firstOk.claim} (${bucket})`,
+            });
+            checks.push({
+                status: firstOk.util7d >= 0.90 ? 'warn' : 'ok',
+                label: 'Usage 7d (all)',
+                detail: `${pct(firstOk.util7d)} used`,
+            });
+            // Merge per-model buckets across all probes — each probe's response
+            // carries at most its own family bucket; union them for display.
+            const mergedPerModel = {};
+            for (const s of results) {
+                if (!s)
+                    continue;
+                for (const [family, util] of Object.entries(s.perModel7d)) {
+                    mergedPerModel[family] = util;
+                }
+            }
+            for (const [family, util] of Object.entries(mergedPerModel).sort()) {
+                const divergence = util - firstOk.util7d;
+                const marker = Math.abs(divergence) > 0.05
+                    ? `  •  Δ vs 7d(all): ${divergence >= 0 ? '+' : ''}${(divergence * 100).toFixed(1)}pp`
+                    : '';
+                checks.push({
+                    status: util >= 0.90 ? 'warn' : 'ok',
+                    label: `Usage 7d (${family} only)`,
+                    detail: `${pct(util)} used${marker}`,
+                });
+            }
+            if (firstOk.overageUtil > 0) {
+                checks.push({
+                    status: firstOk.overageUtil >= 0.90 ? 'warn' : 'info',
+                    label: 'Usage overage',
+                    detail: `${pct(firstOk.overageUtil)} of configured monthly spend`,
+                });
+            }
+        }
+        catch (err) {
+            checks.push({
+                status: 'warn',
+                label: 'Usage snapshot',
+                detail: `probe failed: ${err.message}`,
+            });
+        }
+    }
     // ---- Account pool
     try {
         const { listAccountAliases, loadAllAccounts } = await import('./accounts.js');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.31.17",
+  "version": "3.31.19",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {