@askalf/dario 3.4.0 → 3.4.3

package/dist/cc-oauth-detect.js

@@ -5,20 +5,32 @@
  * (client_id, authorize URL, token URL, scopes). Eliminates the need to
  * hardcode values that Anthropic rotates between CC releases.
  *
- * CC ships two OAuth client configurations in one binary:
+ * CC ships three OAuth config factories in one binary (dev/staging/prod),
+ * selected at runtime by an environment switch that is hardcoded to "prod"
+ * in shipped builds. Only the PROD block is live; "local" and "staging"
+ * are dead code paths.
  *
- *   1. LOCAL flow — used when the OAuth client owns the callback
- *      (i.e. runs an HTTP server on localhost). This is what dario does.
- *      Identified by OAUTH_FILE_SUFFIX:"-local-oauth" next to the CLIENT_ID.
+ *   PROD block (the one we want):
+ *     BASE_API_URL: "https://api.anthropic.com"
+ *     CLAUDE_AI_AUTHORIZE_URL: "https://claude.com/cai/oauth/authorize"
+ *     TOKEN_URL: "https://platform.claude.com/v1/oauth/token"
+ *     CLIENT_ID: "9d1c250a-e61b-44d9-88ed-5944d1962f5e"
+ *     OAUTH_FILE_SUFFIX: ""
  *
- *   2. PLATFORM flow — used when the callback is hosted at
- *      platform.claude.com/oauth/code/callback. Different CLIENT_ID.
- *      Not applicable to dario.
+ *   LOCAL block (dead code in shipped builds — CC pointing at localhost:8000
+ *     etc. as its own dev stack, NOT about "client uses a localhost callback"):
+ *     BASE_API_URL: "http://localhost:8000"
+ *     CLIENT_ID: "22422756-60c9-4084-8eb7-27705fd5cf9a"
+ *     OAUTH_FILE_SUFFIX: "-local-oauth"
  *
- * We scan for the LOCAL block and extract its config.
+ * Dario uses CC's own automatic OAuth flow — the prod client is registered
+ * with `http://localhost:${port}/callback` exactly as dario sends. (The
+ * "MANUAL_REDIRECT_URL" on platform.claude.com is only used when dario's
+ * local HTTP server can't bind a port; dario never hits that path.)
  *
- * Results are cached per-binary-hash at ~/.dario/cc-oauth-cache.json so
- * startup only re-scans when the user upgrades Claude Code.
+ * Results are cached per-binary-hash at ~/.dario/cc-oauth-cache-v2.json so
+ * startup only re-scans when the user upgrades Claude Code. The -v2 suffix
+ * invalidates the v3.4.0-v3.4.2 caches that held the wrong (dev) client_id.
  */
 import { readFile, writeFile, mkdir, stat, open as openFile } from 'node:fs/promises';
 import { existsSync } from 'node:fs';
@@ -26,15 +38,18 @@ import { homedir, platform } from 'node:os';
 import { join, dirname } from 'node:path';
 import { createHash } from 'node:crypto';
 // Last-resort fallback if CC binary can't be found or scanned.
-// These values are the known-good v2.1.104 local-oauth flow.
+// These values are the CC v2.1.104 PROD OAuth config, extracted from
+// the `nh$` object in the shipped binary.
 const FALLBACK = {
-    clientId: '22422756-60c9-4084-8eb7-27705fd5cf9a',
+    clientId: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
     authorizeUrl: 'https://claude.com/cai/oauth/authorize',
     tokenUrl: 'https://platform.claude.com/v1/oauth/token',
-    scopes: 'user:profile user:inference user:sessions:claude_code user:mcp_servers',
+    scopes: 'user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload',
     source: 'fallback',
 };
-const CACHE_PATH = join(homedir(), '.dario', 'cc-oauth-cache.json');
+// -v2 suffix invalidates the v3.4.0-v3.4.2 cache that pinned the wrong
+// (dev) client_id extracted from the dead-code -local-oauth block.
+const CACHE_PATH = join(homedir(), '.dario', 'cc-oauth-cache-v2.json');
 function candidatePaths() {
     const home = homedir();
     if (platform() === 'win32') {
@@ -88,72 +103,47 @@ async function fingerprintBinary(path) {
     }
 }
 /**
- * Scan binary bytes for the LOCAL-oauth OAuth block.
- * Uses Buffer.indexOf to locate anchor strings, then slices a small
- * window of context to run regexes on. This avoids converting the
- * whole binary to a JS string.
+ * Scan binary bytes for the PROD OAuth config block.
+ *
+ * Anchors on `BASE_API_URL:"https://api.anthropic.com"` — this literal
+ * only appears inside the prod config object (`nh$`). The LOCAL-dev block
+ * uses `http://localhost:8000` for the same key, and there's no staging
+ * block present in shipped builds. Once we find the anchor, the CLIENT_ID,
+ * CLAUDE_AI_AUTHORIZE_URL, TOKEN_URL, and scopes all live within a ~1.5KB
+ * window after it.
  */
 export function scanBinaryForOAuthConfig(buf) {
-    // Anchor: `OAUTH_FILE_SUFFIX:"-local-oauth"` — this is the config-block
-    // occurrence, not the switch-case string literal. The switch-case produces
-    // just `-local-oauth` bytes, but the config object serializes as
-    // `OAUTH_FILE_SUFFIX:"-local-oauth"` with the key+quote prefix, which is
-    // stable across minified CC builds.
-    const anchor = Buffer.from('OAUTH_FILE_SUFFIX:"-local-oauth"');
-    let anchorIdx = buf.indexOf(anchor);
-    // Fallback anchor — some builds may tokenize differently.
-    if (anchorIdx === -1) {
-        const looseAnchor = Buffer.from('"-local-oauth"');
-        anchorIdx = buf.indexOf(looseAnchor);
-    }
+    const anchor = Buffer.from('BASE_API_URL:"https://api.anthropic.com"');
+    const anchorIdx = buf.indexOf(anchor);
     if (anchorIdx === -1)
         return null;
-    // The CLIENT_ID sits within a few hundred bytes BEFORE the anchor
-    // (in the same config object). Extract a window around it.
-    const windowStart = Math.max(0, anchorIdx - 1024);
-    const windowEnd = Math.min(buf.length, anchorIdx + 64);
-    const localBlock = buf.slice(windowStart, windowEnd).toString('latin1');
-    // Pick the CLIENT_ID that's CLOSEST to the anchor (last occurrence in window).
-    const cidRegex = /CLIENT_ID\s*:\s*"([0-9a-f-]{36})"/gi;
-    let lastCid = null;
-    let m;
-    while ((m = cidRegex.exec(localBlock)) !== null) {
-        if (m[1])
-            lastCid = m[1];
-    }
-    if (!lastCid)
+    // The prod config object is laid out roughly as one line of minified JS.
+    // Take a generous window to be safe across minifier differences.
+    const windowStart = anchorIdx;
+    const windowEnd = Math.min(buf.length, anchorIdx + 2048);
+    const prodBlock = buf.slice(windowStart, windowEnd).toString('latin1');
+    const cidMatch = /CLIENT_ID\s*:\s*"([0-9a-f-]{36})"/i.exec(prodBlock);
+    if (!cidMatch || !cidMatch[1])
+        return null;
+    const clientId = cidMatch[1];
+    // Defensive: if we somehow matched the dev client_id, reject — the
+    // anchor should have put us in the prod block, but this guards against
+    // the block being laid out in an unexpected order across builds.
+    if (clientId === '22422756-60c9-4084-8eb7-27705fd5cf9a')
         return null;
-    const clientId = lastCid;
-    // Authorize URL: CLAUDE_AI_AUTHORIZE_URL appears once in the binary.
-    const authAnchor = Buffer.from('CLAUDE_AI_AUTHORIZE_URL');
-    const authIdx = buf.indexOf(authAnchor);
     let authorizeUrl = FALLBACK.authorizeUrl;
-    if (authIdx !== -1) {
-        const w = buf.slice(authIdx, Math.min(buf.length, authIdx + 256)).toString('latin1');
-        const m = /CLAUDE_AI_AUTHORIZE_URL\s*:\s*"([^"]+)"/.exec(w);
-        if (m && m[1])
-            authorizeUrl = m[1];
-    }
-    // Token URL: TOKEN_URL — look for the one under platform.claude.com/.../oauth/token
-    const tokenAnchor = Buffer.from('TOKEN_URL');
-    let searchFrom = 0;
+    const authMatch = /CLAUDE_AI_AUTHORIZE_URL\s*:\s*"([^"]+)"/.exec(prodBlock);
+    if (authMatch && authMatch[1])
+        authorizeUrl = authMatch[1];
     let tokenUrl = FALLBACK.tokenUrl;
-    while (searchFrom < buf.length) {
-        const idx = buf.indexOf(tokenAnchor, searchFrom);
-        if (idx === -1)
-            break;
-        const w = buf.slice(idx, Math.min(buf.length, idx + 128)).toString('latin1');
-        const m = /TOKEN_URL\s*:\s*"(https:\/\/[^"]*\/oauth\/token[^"]*)"/.exec(w);
-        if (m && m[1]) {
-            tokenUrl = m[1];
-            break;
-        }
-        searchFrom = idx + tokenAnchor.length;
-    }
-    // Scopes: contiguous quoted string of "user:X user:Y user:Z ..."
-    // Search for an anchor like "user:profile " which is the first scope.
-    const scopeAnchor = Buffer.from('"user:profile ');
+    const tokenMatch = /TOKEN_URL\s*:\s*"(https:\/\/[^"]*\/oauth\/token[^"]*)"/.exec(prodBlock);
+    if (tokenMatch && tokenMatch[1])
+        tokenUrl = tokenMatch[1];
+    // Scopes live in a separate array-of-strings block elsewhere in the
+    // binary, not inside the prod config object itself. Search globally
+    // for the first quoted `user:profile ...` run.
     let scopes = FALLBACK.scopes;
+    const scopeAnchor = Buffer.from('"user:profile ');
     const scopeIdx = buf.indexOf(scopeAnchor);
     if (scopeIdx !== -1) {
         const w = buf.slice(scopeIdx, Math.min(buf.length, scopeIdx + 512)).toString('latin1');

package/dist/cc-template-data.json

@@ -886,4 +886,4 @@
     "WebSearch",
     "Write"
   ]
-}
+}

package/dist/cc-template.d.ts

@@ -1,11 +1,11 @@
 /**
- * Claude Code request template — auto-extracted from CC v2.1.104 MITM capture.
+ * Claude Code request template.
  *
  * Tool definitions, system prompt, and request structure are loaded from
- * cc-template-data.json (extracted via MITM proxy from real CC session).
- * This ensures byte-level fidelity with real CC requests.
+ * cc-template-data.json and sent verbatim — this gives byte-level fidelity
+ * with the shape of a real Claude Code request.
  */
-/** CC's exact tool definitions — loaded from MITM capture. */
+/** CC's exact tool definitions — loaded from the template JSON. */
 export declare const CC_TOOL_DEFINITIONS: {
     name: string;
     description: string;

package/dist/cc-template.js

@@ -1,9 +1,9 @@
 /**
- * Claude Code request template — auto-extracted from CC v2.1.104 MITM capture.
+ * Claude Code request template.
  *
  * Tool definitions, system prompt, and request structure are loaded from
- * cc-template-data.json (extracted via MITM proxy from real CC session).
- * This ensures byte-level fidelity with real CC requests.
+ * cc-template-data.json and sent verbatim — this gives byte-level fidelity
+ * with the shape of a real Claude Code request.
  */
 import { readFileSync } from 'node:fs';
 import { join, dirname } from 'node:path';
@@ -11,7 +11,7 @@ import { fileURLToPath } from 'node:url';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 // Load template data at module init — fail fast if missing
 const TEMPLATE = JSON.parse(readFileSync(join(__dirname, 'cc-template-data.json'), 'utf-8'));
-/** CC's exact tool definitions — loaded from MITM capture. */
+/** CC's exact tool definitions — loaded from the template JSON. */
 export const CC_TOOL_DEFINITIONS = TEMPLATE.tools;
 /** CC's static system prompt (~25KB). */
 export const CC_SYSTEM_PROMPT = TEMPLATE.system_prompt;
@@ -46,6 +46,16 @@ const TOOL_MAP = {
     browse: { ccTool: 'WebFetch', translateArgs: (a) => ({ url: a.url || '' }) },
     notebook: { ccTool: 'NotebookEdit' },
     notebook_edit: { ccTool: 'NotebookEdit' },
+    // Additional client tool mappings
+    browser: { ccTool: 'WebFetch', translateArgs: (a) => ({ url: String(a.url || '') }) },
+    message: { ccTool: 'AskUserQuestion', translateArgs: (a) => ({ question: String(a.message || a.content || '') }) },
+    todo_read: { ccTool: 'TodoWrite', translateArgs: () => ({ todos: [] }) },
+    todo_write: { ccTool: 'TodoWrite', translateArgs: (a) => ({ todos: a.todos || [] }) },
+    notebook_read: { ccTool: 'NotebookEdit', translateArgs: (a) => ({ notebook_path: String(a.notebook_path || a.path || '') }) },
+    enter_plan_mode: { ccTool: 'EnterPlanMode' },
+    exit_plan_mode: { ccTool: 'ExitPlanMode' },
+    enter_worktree: { ccTool: 'EnterWorktree', translateArgs: (a) => ({ path: a.path }) },
+    exit_worktree: { ccTool: 'ExitWorktree' },
 };
 /**
  * Build a CC-template request from a client request.
@@ -79,34 +89,47 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
     const activeToolMap = new Map();
     const unmappedTools = [];
     if (clientTools && !opts.preserveTools) {
+        // Two passes so the unmapped-tool distributor can avoid colliding with
+        // CC tools the client already uses directly. Without this, a client
+        // sending both `WebSearch` and some unmapped tool like `memory_get`
+        // could have both forward-map to `WebSearch`, and the reverse map would
+        // then rewrite real `WebSearch` responses to the collided client name.
+        const claimedCC = new Set();
         for (const tool of clientTools) {
             const name = (tool.name || '').toLowerCase();
             const mapping = TOOL_MAP[name];
             if (mapping) {
                 activeToolMap.set(tool.name, mapping);
+                claimedCC.add(mapping.ccTool);
             }
-            else {
-                unmappedTools.push(tool.name);
-                // Distribute unmapped tools across CC tool names to avoid suspicious
-                // patterns where every unknown tool maps to Bash
-                const CC_FALLBACK_TOOLS = ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'];
-                const fallbackTool = CC_FALLBACK_TOOLS[unmappedTools.length % CC_FALLBACK_TOOLS.length];
-                activeToolMap.set(tool.name, {
-                    ccTool: fallbackTool,
-                    translateArgs: (a) => {
-                        // Translate args to match the CC tool's expected schema
-                        switch (fallbackTool) {
-                            case 'Bash': return { command: `echo "${JSON.stringify(a).slice(0, 200)}"` };
-                            case 'Read': return { file_path: String(a.path || a.file || a.url || '/tmp/output') };
-                            case 'Grep': return { pattern: String(a.query || a.pattern || a.search || '.'), path: '.' };
-                            case 'Glob': return { pattern: String(a.pattern || a.glob || '*') };
-                            case 'WebSearch': return { query: String(a.query || a.q || a.search || '') };
-                            case 'WebFetch': return { url: String(a.url || a.uri || '') };
-                            default: return a;
-                        }
-                    },
-                });
-            }
+        }
+        const CC_FALLBACK_TOOLS = ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'];
+        for (const tool of clientTools) {
+            const name = (tool.name || '').toLowerCase();
+            if (TOOL_MAP[name])
+                continue;
+            unmappedTools.push(tool.name);
+            // Exclude CC tools the client already uses so we never create a
+            // two-client-names-to-one-CC-tool collision. If every fallback is
+            // claimed (rare: client already uses 6+ CC tools), fall back to the
+            // full pool and accept the ambiguity.
+            const pool = CC_FALLBACK_TOOLS.filter(t => !claimedCC.has(t));
+            const fallbackPool = pool.length > 0 ? pool : CC_FALLBACK_TOOLS;
+            const fallbackTool = fallbackPool[(unmappedTools.length - 1) % fallbackPool.length];
+            activeToolMap.set(tool.name, {
+                ccTool: fallbackTool,
+                translateArgs: (a) => {
+                    switch (fallbackTool) {
+                        case 'Bash': return { command: `echo "${JSON.stringify(a).slice(0, 200)}"` };
+                        case 'Read': return { file_path: String(a.path || a.file || a.url || '/tmp/output') };
+                        case 'Grep': return { pattern: String(a.query || a.pattern || a.search || '.'), path: '.' };
+                        case 'Glob': return { pattern: String(a.pattern || a.glob || '*') };
+                        case 'WebSearch': return { query: String(a.query || a.q || a.search || '') };
+                        case 'WebFetch': return { url: String(a.url || a.uri || '') };
+                        default: return a;
+                    }
+                },
+            });
         }
     }
     // ── Remap tool_use and tool_result references in message history ──
@@ -182,7 +205,7 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
         systemText = systemText.replace(pattern, '');
     }
     // ── Build the CC request from template ──
-    // Key order matches CC v2.1.104 MITM capture exactly:
+    // Key order matches CC v2.1.104 exactly:
     // model, messages, system, tools, metadata, max_tokens, thinking, context_management, output_config, stream
     //
     // System prompt structure (3 blocks, matching real CC):
@@ -232,14 +255,26 @@ export function reverseMapResponse(responseBody, toolMap) {
     if (toolMap.size === 0)
         return responseBody;
     let result = responseBody;
-    // Build reverse map: CC tool name → original client tool name
+    // Build reverse map: CC tool name → original client tool name.
+    // Two passes so identity mappings (client sent a tool with the real CC
+    // name) claim their CC slot first and can never be overwritten by a
+    // non-identity entry. Without this, a collision between a direct
+    // `WebSearch` and an unmapped-tool fallback landing on `WebSearch` could
+    // rewrite the real search response to the wrong client name.
     const reverseMap = new Map();
+    const identityClaimed = new Set();
     for (const [clientName, mapping] of toolMap) {
-        // Only add if not a direct CC tool name
-        if (clientName.toLowerCase() !== mapping.ccTool.toLowerCase()) {
-            reverseMap.set(mapping.ccTool, clientName);
+        if (clientName.toLowerCase() === mapping.ccTool.toLowerCase()) {
+            identityClaimed.add(mapping.ccTool);
         }
     }
+    for (const [clientName, mapping] of toolMap) {
+        if (clientName.toLowerCase() === mapping.ccTool.toLowerCase())
+            continue;
+        if (identityClaimed.has(mapping.ccTool))
+            continue;
+        reverseMap.set(mapping.ccTool, clientName);
+    }
     for (const [ccName, clientName] of reverseMap) {
         result = result.replace(new RegExp(`"name"\\s*:\\s*"${ccName}"`, 'g'), `"name":"${clientName}"`);
     }

package/dist/cli.js

@@ -125,13 +125,22 @@ async function proxy() {
         console.error('[dario] Invalid port. Must be 1-65535.');
         process.exit(1);
     }
+    // Bind address — accepts --host=<addr>; falls through to DARIO_HOST env
+    // var or the default of 127.0.0.1 inside startProxy. The sanity check
+    // here only rejects obviously bad shapes; real address validation
+    // happens when the OS tries to bind.
+    const hostArg = args.find(a => a.startsWith('--host='));
+    const host = hostArg ? hostArg.split('=')[1] : undefined;
+    if (host !== undefined && !/^[a-zA-Z0-9._:-]+$/.test(host)) {
+        console.error('[dario] Invalid --host. Must be an IP address or hostname.');
+        process.exit(1);
+    }
     const verbose = args.includes('--verbose') || args.includes('-v');
-    const cliBackend = args.includes('--cli');
     const passthrough = args.includes('--passthrough') || args.includes('--thin');
     const preserveTools = args.includes('--preserve-tools') || args.includes('--keep-tools');
     const modelArg = args.find(a => a.startsWith('--model='));
     const model = modelArg ? modelArg.split('=')[1] : undefined;
-    await startProxy({ port, verbose, model, cliBackend, passthrough, preserveTools });
+    await startProxy({ port, host, verbose, model, passthrough, preserveTools });
 }
 async function help() {
     console.log(`
@@ -149,15 +158,20 @@ async function help() {
                              Shortcuts: opus, sonnet, haiku
                              Full IDs: claude-opus-4-6, claude-sonnet-4-6
                              Default: passthrough (client decides)
-    --cli                    Use Claude CLI as backend (bypasses rate limits)
-    --passthrough            Thin proxy — OAuth swap only, no injection
+    --passthrough, --thin    Thin proxy — OAuth swap only, no injection
     --preserve-tools         Keep client tool schemas (for agents with custom tools)
     --port=PORT              Port to listen on (default: 3456)
+    --host=ADDRESS           Address to bind to (default: 127.0.0.1)
+                             Use 0.0.0.0 to accept connections from other machines.
+                             Alternatively set DARIO_HOST env var.
+                             When binding non-loopback, also set DARIO_API_KEY
+                             so unauthenticated LAN hosts can't proxy through
+                             your OAuth subscription.
     --verbose, -v            Log all requests
 
   Quick start:
     dario login              # auto-detects Claude Code credentials
-    dario proxy              # or: dario proxy --cli --model=opus
+    dario proxy --model=opus # or: dario proxy --passthrough
 
   Then point any Anthropic SDK at http://localhost:3456:
     export ANTHROPIC_BASE_URL=http://localhost:3456

package/dist/proxy.d.ts

@@ -1,8 +1,8 @@
 interface ProxyOptions {
     port?: number;
+    host?: string;
     verbose?: boolean;
     model?: string;
-    cliBackend?: boolean;
     passthrough?: boolean;
     preserveTools?: boolean;
 }