npm - @askalf/dario - Versions diffs - 3.38.0 → 3.38.1 - Mend

@askalf/dario 3.38.0 → 3.38.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/proxy.js +10 -1
package/package.json +1 -1

package/dist/proxy.js CHANGED Viewed

@@ -2021,10 +2021,19 @@ export async function startProxy(opts = {}) {
                 const res = await fetch(`http://${displayHost}:${port}/health`);
                 const body = await res.json();
                 if (body && (body.status === 'ok' || body.status === 'degraded')) {
+                    // The /health endpoint's `oauth` field is a status enum
+                    // ('healthy' | 'expired' | 'broken' | 'none') — not a token
+                    // and not any kind of credential. CodeQL's clear-text-logging
+                    // heuristic flags any logged field whose key contains "oauth",
+                    // so we whitelist by allow-list rather than disable the rule.
+                    const allowedOauthStatuses = new Set(['healthy', 'expired', 'broken', 'none', 'degraded']);
+                    const rawOauth = typeof body.oauth === 'string' ? body.oauth : '';
+                    const oauthStatusLabel = allowedOauthStatuses.has(rawOauth) ? rawOauth : 'unknown';
+                    const requestsServed = typeof body.requests === 'number' ? body.requests : 0;
                     console.log('');
                     console.log(`  dario — already running on http://${displayHost}:${port}`);
                     console.log('');
-                    console.log(`  OAuth: ${body.oauth ?? 'unknown'}  |  requests served: ${body.requests ?? 0}`);
+                    console.log(`  OAuth: ${oauthStatusLabel}  |  requests served: ${requestsServed}`);
                     console.log('');
                     console.log('  Usage:');
                     console.log(`    ANTHROPIC_BASE_URL=http://${displayHost}:${port}`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.38.0",
+  "version": "3.38.1",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {