@askalf/dario 3.34.1 → 3.35.0

package/dist/cli.js

@@ -26,6 +26,7 @@ import { startProxy, sanitizeError } from './proxy.js';
 import { VALID_EFFORT_VALUES } from './cc-template.js';
 import { listAccountAliases, loadAllAccounts, addAccountViaOAuth, removeAccount, ensureLoginCredentialsInPool, MIGRATED_LOGIN_ALIAS } from './accounts.js';
 import { listBackends, saveBackend, removeBackend } from './openai-backend.js';
+import { parseOutboundProxy, installOutboundProxyWrapper } from './outbound-proxy.js';
 // `args` / `command` at module scope — command handlers below close over
 // `args` to read their own flags. Reading argv is harmless on import; only
 // the handler dispatch at the bottom is gated behind the main-entry check.
@@ -298,6 +299,36 @@ async function proxy() {
     // startup. A bad path fails fast rather than silently degrading to
     // verbatim — same fail-loud philosophy as --strict-tls / --strict-template.
     const systemPrompt = resolveSystemPromptFlag(args, process.env['DARIO_SYSTEM_PROMPT']);
+    // --upstream-proxy=URL / --via=URL (v3.35.0) — route all of dario's
+    // outbound fetch() calls through an HTTP/HTTPS proxy. Pair with the
+    // HTTP-proxy mode of a VPN provider (Mullvad, AirVPN), a corporate
+    // proxy, privoxy/Tor, etc. Localhost calls bypass.
+    //
+    // Requires Bun runtime — Node's built-in fetch ignores the proxy
+    // option silently. SOCKS5 not supported (rejected at parse time).
+    // See docs/vpn-routing.md for the full setup options.
+    const outboundProxyArg = args.find((a) => a.startsWith('--upstream-proxy=')) ?? args.find((a) => a.startsWith('--via='));
+    const outboundProxyRaw = outboundProxyArg
+        ? outboundProxyArg.split('=').slice(1).join('=')
+        : process.env['DARIO_UPSTREAM_PROXY'];
+    let outboundProxy = null;
+    try {
+        outboundProxy = parseOutboundProxy(outboundProxyRaw);
+    }
+    catch (err) {
+        console.error(`[dario] ${err.message}`);
+        process.exit(1);
+    }
+    if (outboundProxy) {
+        try {
+            installOutboundProxyWrapper(outboundProxy);
+        }
+        catch (err) {
+            console.error(`[dario] ${err.message}`);
+            process.exit(1);
+        }
+        console.error(`[dario] Outbound proxy: ${outboundProxy.display} (all upstream fetches routed; localhost bypasses)`);
+    }
     // --passthrough-betas=name1,name2 — operator-pinned beta allow-list.
     // Names listed here are always forwarded to Anthropic regardless of
     // CC's captured set or the client's own beta header; bypasses the
@@ -968,6 +999,20 @@ async function help() {
                              on your account but isn't in the captured
                              template. Env: DARIO_PASSTHROUGH_BETAS.
 
+    --upstream-proxy=URL / --via=URL
+                             Route all of dario's outbound fetch
+                             calls (api.anthropic.com, OpenAI-compat
+                             backends, OAuth) through an HTTP/HTTPS
+                             proxy. Localhost calls bypass. Useful
+                             with a VPN provider's HTTP proxy mode
+                             (Mullvad, AirVPN, corporate proxy,
+                             privoxy/Tor) when you don't want to put
+                             the whole system on a system VPN.
+                             Requires Bun runtime. SOCKS5 not
+                             supported (Bun fetch limitation). See
+                             docs/vpn-routing.md. Env: DARIO_UPSTREAM_PROXY.
+                             (v3.35.0)
+
     --system-prompt=<MODE>   System-prompt mode for outbound CC-shaped
                              requests (v3.34.0). One of:
                                verbatim   — CC unchanged (default)

package/dist/doctor.js

@@ -268,6 +268,32 @@ export async function runChecks(opts = {}) {
         }
     }
     catch { /* never let prompt-mode reporting break the doctor */ }
+    // ---- Outbound proxy mode (v3.35.0)
+    // Surfaces whether `--upstream-proxy` / DARIO_UPSTREAM_PROXY is set.
+    // Doctor runs without a live proxy, so we read the env-var path only
+    // (the CLI flag's effect is in-process and not visible from doctor).
+    // Credentials in the URL are masked; only host:port is shown.
+    try {
+        const rawProxy = process.env['DARIO_UPSTREAM_PROXY'];
+        if (rawProxy && rawProxy.trim() !== '') {
+            let display = rawProxy;
+            try {
+                const u = new URL(rawProxy);
+                if (u.username)
+                    u.username = '***';
+                if (u.password)
+                    u.password = '***';
+                display = u.toString();
+            }
+            catch { /* leave raw if unparseable; CLI will error at startup */ }
+            checks.push({
+                status: 'info',
+                label: 'Outbound proxy',
+                detail: `DARIO_UPSTREAM_PROXY=${display}. Upstream fetches routed via this proxy; localhost calls bypass. Requires Bun runtime. See docs/vpn-routing.md.`,
+            });
+        }
+    }
+    catch { /* never let proxy reporting break the doctor */ }
     // ---- Template drift
     try {
         const drift = detectDrift(CC_TEMPLATE);

package/dist/outbound-proxy.d.ts

@@ -0,0 +1,35 @@
+export interface OutboundProxyConfig {
+    /** Original URL string supplied by the user. Passed verbatim to fetch's `proxy` option. */
+    url: string;
+    /** Parsed scheme — http or https. SOCKS rejected at parse time. */
+    scheme: 'http' | 'https';
+    /** Sanitized URL for logging — credentials redacted. */
+    display: string;
+}
+/**
+ * Parse and validate an outbound-proxy URL. Returns null for empty/undefined
+ * input (no proxy configured). Throws with a clear message on:
+ *   - URL parse failure
+ *   - SOCKS scheme (unsupported by Bun fetch)
+ *   - Other unsupported schemes
+ */
+export declare function parseOutboundProxy(raw: string | undefined): OutboundProxyConfig | null;
+/**
+ * Heuristic check: does this URL target localhost / loopback?
+ * Used to skip the proxy wrapper for self-targeting fetches (doctor
+ * pings the local server, etc.). Lenient on parse errors — anything
+ * unparseable returns false (proxied as a bare hostname, conservatively).
+ */
+export declare function isLocalhostUrl(input: unknown): boolean;
+/**
+ * Install a global fetch wrapper that adds `{ proxy }` to outbound
+ * (non-localhost) calls. Idempotent over a single dario startup —
+ * called once from cli.ts before startProxy.
+ *
+ * Refuses to install on non-Bun runtimes because Node's built-in fetch
+ * silently ignores the proxy option, which would yield false-success
+ * behavior (requests appearing to route through the proxy when they
+ * actually go direct). Better to fail loud at startup than fail silent
+ * at request time.
+ */
+export declare function installOutboundProxyWrapper(config: OutboundProxyConfig): void;

package/dist/outbound-proxy.js

@@ -0,0 +1,142 @@
+// Optional outbound-proxy routing for upstream API calls. Behind
+// `--upstream-proxy=URL` / `--via=URL` / `DARIO_UPSTREAM_PROXY`, dario
+// routes all of its outbound fetch() calls — `api.anthropic.com`,
+// configured OpenAI-compat backends, OAuth flows, drift checks, doctor
+// probes — through the supplied proxy. Localhost-bound fetches bypass
+// it (the inbound HTTP server is unaffected; this only wraps egress).
+//
+// Use case: security-conscious users who want dario's upstream traffic
+// routed through their VPN provider's HTTP proxy endpoint without
+// putting the entire host on a system-level VPN. Pair with the HTTP
+// proxy mode of Mullvad / AirVPN / a local privoxy-on-Tor / corporate
+// proxy infrastructure / Cloudflare WARP via gateway / etc.
+//
+// Runtime constraints:
+//   - Requires Bun. Bun's fetch implements the `proxy` option natively;
+//     Node's built-in fetch (undici-backed) ignores it silently and
+//     would yield a misleading "looks like it's working" failure mode.
+//     dario already auto-relaunches under Bun when available; if the
+//     user is on Node and sets this flag, refuse to start with a clear
+//     "install Bun" message.
+//   - HTTP/HTTPS proxies only. SOCKS5 is not supported by Bun 1.3.x's
+//     fetch (`UnsupportedProxyProtocol`). Most VPN providers expose an
+//     HTTP proxy endpoint alongside their SOCKS5 one (Mullvad, AirVPN);
+//     point the flag at that.
+//
+// Wire-fidelity note: the proxy sits *outside* the TLS session — TLS
+// to api.anthropic.com terminates at Anthropic, not at the proxy.
+// Bun's BoringSSL ClientHello is preserved end-to-end. The only thing
+// the proxy can see in HTTPS-CONNECT mode is the destination hostname
+// (via SNI) and the byte timing.
+/**
+ * Parse and validate an outbound-proxy URL. Returns null for empty/undefined
+ * input (no proxy configured). Throws with a clear message on:
+ *   - URL parse failure
+ *   - SOCKS scheme (unsupported by Bun fetch)
+ *   - Other unsupported schemes
+ */
+export function parseOutboundProxy(raw) {
+    if (!raw || raw.trim() === '')
+        return null;
+    let parsed;
+    try {
+        parsed = new URL(raw);
+    }
+    catch {
+        throw new Error(`--upstream-proxy: ${JSON.stringify(raw)} is not a valid URL. Expected http://host:port or https://host:port.`);
+    }
+    const scheme = parsed.protocol.replace(/:$/, '').toLowerCase();
+    if (scheme === 'socks5' || scheme === 'socks5h' || scheme === 'socks4' || scheme === 'socks4a' || scheme === 'socks') {
+        throw new Error(`--upstream-proxy: SOCKS5 is not supported by the underlying fetch runtime (Bun 1.3.x). ` +
+            `Use the HTTP proxy endpoint of your VPN provider instead — e.g. Mullvad / AirVPN / corporate proxy / privoxy-on-Tor all expose http://host:port. ` +
+            `If your provider only exposes SOCKS5, run a local SOCKS-to-HTTP bridge (privoxy with forward-socks5) and point dario at the HTTP side.`);
+    }
+    if (scheme !== 'http' && scheme !== 'https') {
+        throw new Error(`--upstream-proxy: unsupported scheme ${JSON.stringify(scheme)}. Use http:// or https://.`);
+    }
+    // Sanitize for logging: hide username/password if embedded in URL.
+    const display = (() => {
+        if (!parsed.username && !parsed.password)
+            return parsed.toString();
+        const safe = new URL(parsed.toString());
+        if (safe.username)
+            safe.username = '***';
+        if (safe.password)
+            safe.password = '***';
+        return safe.toString();
+    })();
+    return { url: parsed.toString(), scheme: scheme, display };
+}
+/**
+ * Heuristic check: does this URL target localhost / loopback?
+ * Used to skip the proxy wrapper for self-targeting fetches (doctor
+ * pings the local server, etc.). Lenient on parse errors — anything
+ * unparseable returns false (proxied as a bare hostname, conservatively).
+ */
+export function isLocalhostUrl(input) {
+    if (input === null || input === undefined)
+        return false;
+    let urlStr;
+    if (typeof input === 'string') {
+        urlStr = input;
+    }
+    else if (input instanceof URL) {
+        urlStr = input.toString();
+    }
+    else if (typeof input === 'object' && 'url' in input) {
+        const u = input.url;
+        urlStr = typeof u === 'string' ? u : '';
+    }
+    else {
+        return false;
+    }
+    if (!urlStr)
+        return false;
+    try {
+        const parsed = new URL(urlStr);
+        // URL.hostname for IPv6 includes the brackets ([::1]); strip for matching.
+        const host = parsed.hostname.toLowerCase().replace(/^\[|\]$/g, '');
+        if (host === 'localhost' || host === '127.0.0.1' || host === '::1')
+            return true;
+        if (host.endsWith('.localhost'))
+            return true;
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Install a global fetch wrapper that adds `{ proxy }` to outbound
+ * (non-localhost) calls. Idempotent over a single dario startup —
+ * called once from cli.ts before startProxy.
+ *
+ * Refuses to install on non-Bun runtimes because Node's built-in fetch
+ * silently ignores the proxy option, which would yield false-success
+ * behavior (requests appearing to route through the proxy when they
+ * actually go direct). Better to fail loud at startup than fail silent
+ * at request time.
+ */
+export function installOutboundProxyWrapper(config) {
+    const isBun = typeof globalThis.Bun !== 'undefined';
+    if (!isBun) {
+        throw new Error(`--upstream-proxy requires the Bun runtime. Node's built-in fetch ignores the \`proxy\` option silently — ` +
+            `the flag would appear to work while requests actually went direct. Install Bun (https://bun.sh) and re-run; ` +
+            `dario auto-relaunches under Bun when available, or you can run \`bun run\` directly.`);
+    }
+    const originalFetch = globalThis.fetch;
+    // Wrap. Localhost targets bypass the proxy (loopback shouldn't tunnel).
+    // The wrapper preserves originalFetch's behavior for everything else
+    // and adds the `proxy` field. Bun honors it; the rest of the args
+    // (headers, body, signal, dispatcher, etc.) pass through unchanged.
+    const wrapped = ((input, init) => {
+        if (isLocalhostUrl(input)) {
+            return originalFetch(input, init);
+        }
+        // Use a typed cast — Bun's fetch options include `proxy`, but TS's
+        // standard fetch types don't.
+        const bunInit = { ...(init || {}), proxy: config.url };
+        return originalFetch(input, bunInit);
+    });
+    globalThis.fetch = wrapped;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.34.1",
+  "version": "3.35.0",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {