@askalf/dario 3.4.3 → 3.4.5

package/README.md

@@ -37,7 +37,7 @@ export ANTHROPIC_API_KEY=dario                    # or OPENAI_API_KEY=dario
 
 Opus, Sonnet, Haiku — all models, streaming, tool use. **Zero dependencies.** ~2,000 lines of TypeScript. Works with Cursor, Continue, Aider, LiteLLM, Hermes, OpenClaw, or any tool that speaks the Anthropic or OpenAI API. Auto-launches under [Bun](https://bun.sh) when available for TLS fingerprint fidelity. **Auto-detects OAuth config from your installed CC binary** so dario stays in sync forever — Anthropic can rotate client IDs and dario picks them up on the next run.
 
-dario is built and maintained by [askalf](https://askalf.org) — the open-source foundation of the askalf agent platform. If you need more than a proxy, [see below](#askalf).
+dario is the **per-request layer** — one account, one workload, every request indistinguishable from CC on the wire. Session-level and account-level concerns (multi-account pooling, behavioral-classifier shaping, 24/7 fleets) live a layer above dario, in [askalf](https://askalf.org) — [see below](#askalf). Both are built by the same team on the same OAuth and billing infrastructure.
 
 <table>
 <tr>
@@ -91,7 +91,7 @@ dario is the only proxy that solves this. Instead of transforming your requests
 | **Approach** | Template replay — sends CC's actual request | Signal matching or none |
 | **Tools** | CC's exact tool definitions sent upstream | Client tools (detected) |
 | **Max plan limits** | Used correctly | Bypassed — billed separately |
-| **Detection resistance** | Undetectable without flagging CC itself | Detected by tool names, field order, effort level, etc. |
+| **Detection resistance** | Undetectable at the per-request level without flagging CC itself | Detected by tool names, field order, effort level, etc. |
 | **Dependencies** | 0 | Many |
 
 <details>
@@ -408,13 +408,13 @@ Anthropic periodically rotates the OAuth `client_id`, authorize URL, token URL,
 
 Dario scans the installed CC binary at startup and extracts the current config directly:
 
-- **Anchor**: `OAUTH_FILE_SUFFIX:"-local-oauth"` — the config block CC uses for clients that run their own localhost callback.
-- **Extracted**: `CLIENT_ID`, `CLAUDE_AI_AUTHORIZE_URL`, `TOKEN_URL`, and the full `user:*` scope string.
-- **Cached**: Results stored at `~/.dario/cc-oauth-cache.json` keyed by binary fingerprint (first 64KB sha256 + size + mtime). Cold scan ~500ms, cache hit ~5ms. Re-scans only when CC is upgraded.
-- **Fallback**: If CC is not installed or scanning fails, dario uses known-good hardcoded values. No user action needed.
+- **Anchor**: `BASE_API_URL:"https://api.anthropic.com"` — this literal appears only inside CC's live prod OAuth config block, so the scanner reliably lands in the right object even when the minifier reorders fields across CC releases.
+- **Extracted**: `CLIENT_ID`, `CLAUDE_AI_AUTHORIZE_URL`, `TOKEN_URL`, and the full `user:*` scope string. A defensive check rejects any scan result that matches a known-dead internal client_id.
+- **Cached**: Results stored at `~/.dario/cc-oauth-cache-v2.json` keyed by binary fingerprint (first 64KB sha256 + size + mtime). Cold scan ~500ms, cache hit ~5ms. Re-scans only when CC is upgraded.
+- **Fallback**: If CC is not installed or scanning fails, dario uses the CC 2.1.104 prod config values hardcoded in-tree. No user action needed.
 - **Override**: Set `DARIO_CC_PATH=/path/to/claude` to point dario at a non-standard CC binary location.
 
-CC ships **two** OAuth client configurations in one binary — a `-local-oauth` flow (localhost callback) and a platform-hosted flow (`platform.claude.com/oauth/code/callback`). Dario must use the former. The scanner anchors specifically on the local block.
+CC ships three OAuth config factories (`local`, `staging`, `prod`) in one binary, selected at runtime by a function that is hardcoded to `prod` in shipped builds. Only the prod block is live; the other two are dead code paths CC uses when pointing at internal dev/staging infrastructure. The scanner targets the prod block specifically.
 
 End-to-end verification lives at [`test/oauth-detector.mjs`](test/oauth-detector.mjs).
 
@@ -439,8 +439,10 @@ End-to-end verification lives at [`test/oauth-detector.mjs`](test/oauth-detector
 | `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC tools | off |
 | `--model=MODEL` | Force a model (`opus`, `sonnet`, `haiku`, or full ID) | passthrough |
 | `--port=PORT` | Port to listen on | `3456` |
+| `--host=ADDRESS` / `DARIO_HOST` | Bind address. Use `0.0.0.0` to accept LAN connections, or a specific IP to bind selectively (e.g. a Tailscale interface). When non-loopback, also set `DARIO_API_KEY`. | `127.0.0.1` |
 | `--verbose` / `-v` | Log every request | off |
-| `DARIO_API_KEY` | If set, all endpoints (except `/health`) require matching `x-api-key` or `Authorization: Bearer` | unset (open) |
+| `DARIO_API_KEY` | If set, all endpoints (except `/health`) require matching `x-api-key` or `Authorization: Bearer`. **Required** when `--host` binds to anything other than loopback. | unset (open) |
+| `DARIO_CORS_ORIGIN` | Override the browser CORS `Access-Control-Allow-Origin`. Useful for browser-based clients (open-webui, librechat) connecting over a mesh network. | `http://localhost:${port}` |
 | `DARIO_NO_BUN` | Disable automatic Bun relaunch (stay on Node.js) | unset |
 | `DARIO_MIN_INTERVAL_MS` | Minimum ms between requests (rate governor) | `500` |
 | `DARIO_CC_PATH` | Override path to Claude Code binary for OAuth detection | auto-detect |
@@ -506,9 +508,9 @@ curl http://localhost:3456/health
 |---------|---------------------|
 | Credential storage | Reads from Claude Code (`~/.claude/.credentials.json`) or its own store (`~/.dario/credentials.json`) with `0600` permissions |
 | OAuth flow | PKCE (Proof Key for Code Exchange) — no client secret needed |
-| OAuth config source | Auto-detected from local CC binary at runtime; cached at `~/.dario/cc-oauth-cache.json`. Detector reads binary in read-only mode, never modifies it. |
+| OAuth config source | Auto-detected from local CC binary at runtime; cached at `~/.dario/cc-oauth-cache-v2.json`. Detector reads binary in read-only mode, never modifies it. |
 | Token exposure | Tokens never logged; redacted from all error messages. |
-| Network binding | Binds exclusively to `127.0.0.1`. Upstream traffic goes only to `api.anthropic.com` over HTTPS. |
+| Network binding | Binds to `127.0.0.1` by default. Override with `--host` / `DARIO_HOST` for mesh/LAN use; dario refuses to treat non-loopback binds as safe and requires you to set `DARIO_API_KEY` to avoid an unauthenticated LAN-reachable proxy. Upstream traffic goes only to `api.anthropic.com` over HTTPS. |
 | Auth timing | `timingSafeEqual` used for `DARIO_API_KEY` comparison. |
 | SSRF protection | Only `/v1/messages` and `/v1/complete` are proxied upstream — hardcoded allowlist. |
 | Body size | 10MB hard cap per request. 30s read timeout prevents slow-loris. |
@@ -519,11 +521,11 @@ curl http://localhost:3456/health
 
 ## askalf
 
-dario solves the API access problem — your $200/mo subscription, usable everywhere, billed correctly.
+**dario and askalf solve different layers of the same problem.**
 
-But a proxy has a ceiling. Every request still runs on your single account, with your subscription's rate limits, on your machine. When you need to scale beyond that — multiple accounts, persistent browser sessions, desktop control, scheduled workflows, a fleet of agents that can run while you sleep — that's what [askalf](https://askalf.org) is built for.
+dario is the per-request layer: one account, one workload, every request on the wire indistinguishable from Claude Code. It's what you reach for when you want your Max/Pro subscription usable from any tool that speaks the Anthropic or OpenAI API. It does not pool accounts, shape sessions, distribute load, or care about cumulative behavioral signals — those are not per-request concerns, and solving them at the per-request layer is a category error.
 
-**askalf** is the agent platform built on top of the same OAuth and billing infrastructure that powers dario:
+**askalf** is the layer above that: multi-account pooling behind one endpoint, session and workload shaping to stay under Anthropic's session-level classifiers, persistent browser and desktop sessions, scheduling, and a hosted fleet that runs 24/7. Built on the same OAuth and billing infrastructure as dario.
 
 | | dario | askalf |
 |---|---|---|
@@ -571,18 +573,21 @@ Optional but recommended. If [Bun](https://bun.sh) is installed, dario auto-rela
 Dario auto-refreshes tokens 30 minutes before expiry. You should never see an auth error in normal use. If something goes wrong, `dario refresh` forces an immediate refresh.
 
 **What happens when Anthropic rotates the OAuth client_id or URL?**
-Dario auto-detects OAuth config from your installed Claude Code binary. When CC ships a new version with rotated values, dario picks them up on the next startup — no dario release needed. The detector is cached at `~/.dario/cc-oauth-cache.json` and only re-scans when the binary fingerprint changes. If CC isn't installed, dario falls back to known-good hardcoded values.
+Dario auto-detects OAuth config from your installed Claude Code binary. When CC ships a new version with rotated values, dario picks them up on the next startup — no dario release needed. The detector is cached at `~/.dario/cc-oauth-cache-v2.json` and only re-scans when the binary fingerprint changes. If CC isn't installed, dario falls back to hardcoded CC 2.1.104 prod values.
 
 **I'm hitting rate limits. What do I do?**
 Claude subscriptions have rolling 5-hour and 7-day usage windows. Check your utilization with Claude Code's `/usage` command or the [statusline](https://code.claude.com/docs/en/statusline). Rate limit errors from dario include utilization percentages and reset times so you can see exactly when capacity returns.
 
+**My multi-agent workload is getting reclassified to overage even though dario template-replays per request. Why?**
+Because reclassification at high agent volume is not a per-request problem. Anthropic's classifier operates on cumulative per-OAuth-session behavioral aggregates — token throughput, conversation depth, streaming duration, inter-arrival timing, thinking-block volume. Dario can make each individual request indistinguishable from Claude Code and still hit this wall on a long-running agent session, because the wall isn't at the request level. Thorough diagnostic work on this was contributed by [@belangertrading](https://github.com/belangertrading) in [#23](https://github.com/askalf/dario/issues/23), including the per-request v3.4.3 hardening that landed as a result. For the session-layer shaping itself — multi-account pooling, session rotation, workload distribution that keeps any single account from concentrating the behavioral signal — that's what [askalf](https://askalf.org) is built for. Different layer, different tool.
+
 If you're running a multi-agent workload and consistently hitting limits, [askalf](https://askalf.org) distributes load across multiple accounts automatically.
 
 **What are the usage limits?**
 Claude subscriptions have rolling 5-hour and 7-day usage windows shared across claude.ai and Claude Code. See [Anthropic's docs](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) for details.
 
 **Can I run this on a server?**
-Dario binds to localhost by default. For server use, handle the initial login on a machine with a browser, then copy `~/.claude/.credentials.json` (or `~/.dario/credentials.json`) to your server. Auto-refresh will keep it alive from there.
+Dario binds to localhost by default. For server use, handle the initial login on a machine with a browser, then copy `~/.claude/.credentials.json` (or `~/.dario/credentials.json`) to your server. Auto-refresh will keep it alive from there. If you want dario reachable from other machines on the same LAN or a Tailscale mesh, pass `--host=0.0.0.0` (or a specific interface IP) and set `DARIO_API_KEY` to gate access.
 
 **Why "dario"?**
 Named after [Dario Amodei](https://en.wikipedia.org/wiki/Dario_Amodei), CEO of Anthropic.
@@ -622,7 +627,7 @@ Dario handles your OAuth tokens. Here's why you can trust it:
 | **npm provenance** | Every release is [SLSA attested](https://www.npmjs.com/package/@askalf/dario) via GitHub Actions |
 | **Security scanning** | [CodeQL](https://github.com/askalf/dario/actions/workflows/codeql.yml) runs on every push and weekly |
 | **Credential handling** | Tokens never logged, redacted from errors, stored with 0600 permissions |
-| **Network scope** | Binds to 127.0.0.1 only. Upstream traffic goes exclusively to `api.anthropic.com` over HTTPS |
+| **Network scope** | Binds to 127.0.0.1 by default; `--host` / `DARIO_HOST` allows LAN/mesh exposure with `DARIO_API_KEY` gating. Upstream traffic goes exclusively to `api.anthropic.com` over HTTPS |
 | **No telemetry** | Zero analytics, tracking, or data collection of any kind |
 | **Audit trail** | [CHANGELOG.md](CHANGELOG.md) documents every release |
 | **Branch protection** | CI must pass before merge. CODEOWNERS enforces review |
@@ -673,7 +678,7 @@ npm run dev   # runs with tsx (no build needed)
 | Who | Contributions |
 |-----|---------------|
 | [@GodsBoy](https://github.com/GodsBoy) | Proxy authentication, token redaction, error sanitization ([#2](https://github.com/askalf/dario/pull/2)) |
-| [@belangertrading](https://github.com/belangertrading) | Billing classification investigation ([#4](https://github.com/askalf/dario/issues/4)), billing reclassification root cause ([#7](https://github.com/askalf/dario/issues/7)) |
+| [@belangertrading](https://github.com/belangertrading) | Billing classification investigation ([#4](https://github.com/askalf/dario/issues/4)), cache_control fingerprinting ([#6](https://github.com/askalf/dario/issues/6)), billing reclassification root cause ([#7](https://github.com/askalf/dario/issues/7)), OAuth client_id discovery ([#12](https://github.com/askalf/dario/issues/12)), multi-agent session-level billing analysis ([#23](https://github.com/askalf/dario/issues/23)) |
 
 ## License
 

package/dist/cc-oauth-detect.js

@@ -44,12 +44,23 @@ const FALLBACK = {
     clientId: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
     authorizeUrl: 'https://claude.com/cai/oauth/authorize',
     tokenUrl: 'https://platform.claude.com/v1/oauth/token',
-    scopes: 'user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload',
+    // Scopes are the full `n36` union from the CC binary, which is the value
+    // sent during a normal `claude login` (non-setup-token) flow. In CC's
+    // source: `let D = f ? [TI] : n36` where `f = inferenceOnly` (true only
+    // for `claude setup-token`). Normal interactive login uses the 6-scope
+    // union including `org:create_api_key` — even though that scope is named
+    // "Console-only" by convention, CC's own login flow requests it up front.
+    // Earlier dario versions (3.2.7 through 3.4.3) dropped `org:create_api_key`
+    // from the list based on a misread of the name; the dev-only client_id
+    // was lenient enough to accept the shorter list, the prod client_id is not.
+    scopes: 'org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload',
     source: 'fallback',
 };
-// -v2 suffix invalidates the v3.4.0-v3.4.2 cache that pinned the wrong
-// (dev) client_id extracted from the dead-code -local-oauth block.
-const CACHE_PATH = join(homedir(), '.dario', 'cc-oauth-cache-v2.json');
+// -v3 suffix invalidates v3.4.3 caches that were populated with the wrong
+// 4-scope list (the scanner's regex matched a help-message string literal
+// in the CC binary instead of the real scope array). See the scanner's
+// scope handling below for why scope detection is no longer attempted.
+const CACHE_PATH = join(homedir(), '.dario', 'cc-oauth-cache-v3.json');
 function candidatePaths() {
     const home = homedir();
     if (platform() === 'win32') {
@@ -139,19 +150,22 @@ export function scanBinaryForOAuthConfig(buf) {
     const tokenMatch = /TOKEN_URL\s*:\s*"(https:\/\/[^"]*\/oauth\/token[^"]*)"/.exec(prodBlock);
     if (tokenMatch && tokenMatch[1])
         tokenUrl = tokenMatch[1];
-    // Scopes live in a separate array-of-strings block elsewhere in the
-    // binary, not inside the prod config object itself. Search globally
-    // for the first quoted `user:profile ...` run.
-    let scopes = FALLBACK.scopes;
-    const scopeAnchor = Buffer.from('"user:profile ');
-    const scopeIdx = buf.indexOf(scopeAnchor);
-    if (scopeIdx !== -1) {
-        const w = buf.slice(scopeIdx, Math.min(buf.length, scopeIdx + 512)).toString('latin1');
-        const m = /"(user:profile(?:\s+user:[a-z_:]+)+)"/.exec(w);
-        if (m && m[1])
-            scopes = m[1];
-    }
-    return { clientId, authorizeUrl, tokenUrl, scopes };
+    // Scopes are NOT detected from the binary. Previous versions of this
+    // scanner anchored on `"user:profile ` and regex-captured the first
+    // contiguous quoted run of scopes, but that anchor matches an error/help
+    // message string literal (used by `claude setup-token` error output) that
+    // contains only 4 of the 6 actual scopes. The real scope array is stored
+    // as a constant-reference array — `dY8 = [B9H, TI, "user:sessions:...", ...]`
+    // — where the first two elements are minified variable references, not
+    // literal strings, so no regex can reliably extract the full list. And the
+    // runtime-computed union `n36` only exists after `Array.from(new Set(...))`
+    // executes, which we can't evaluate from a static scan.
+    //
+    // Given that scopes rarely change across CC releases (Anthropic adds or
+    // removes maybe one per major version), hardcoding them in FALLBACK is
+    // more reliable than scanning. If Anthropic changes the scope list, the
+    // fix is a one-line FALLBACK update in a dario release.
+    return { clientId, authorizeUrl, tokenUrl, scopes: FALLBACK.scopes };
 }
 async function loadCache() {
     try {

package/dist/cc-template.d.ts

@@ -15,6 +15,7 @@ export declare const CC_TOOL_DEFINITIONS: {
 export declare const CC_SYSTEM_PROMPT: string;
 /** CC's agent identity string. */
 export declare const CC_AGENT_IDENTITY: string;
+export declare function scrubFrameworkIdentifiers(text: string): string;
 /** Client tool name → CC tool mapping with parameter translation. */
 interface ToolMapping {
     ccTool: string;

package/dist/cc-template.js

@@ -17,6 +17,28 @@ export const CC_TOOL_DEFINITIONS = TEMPLATE.tools;
 export const CC_SYSTEM_PROMPT = TEMPLATE.system_prompt;
 /** CC's agent identity string. */
 export const CC_AGENT_IDENTITY = TEMPLATE.agent_identity;
+// Framework identifiers that would flag non-CC usage. Stripped from the system
+// prompt and from message content text blocks before the request goes upstream.
+const FRAMEWORK_PATTERNS = [
+    // Compound/hyphenated patterns run first so their halves can't be eaten
+    // by the simpler word-level patterns below.
+    /\b(roo[- ]?cline|big[- ]?agi|claude[- ]?bridge)\b/gi,
+    /\b(openclaw|hermes|aider|cursor|windsurf|cline|continue|copilot|cody)\b/gi,
+    /\b(librechat|typingmind)\b/gi,
+    /\b(openai|gpt-4|gpt-3\.5)\b/gi,
+    /powered by [a-z]+/gi,
+    /\bgateway\b/gi,
+    // OC's sessions_* tool-name prefix — flagged as a fingerprint in dario#23.
+    /\bsessions_[a-z_]+\b/gi,
+];
+export function scrubFrameworkIdentifiers(text) {
+    let result = text;
+    for (const pattern of FRAMEWORK_PATTERNS) {
+        pattern.lastIndex = 0;
+        result = result.replace(pattern, '');
+    }
+    return result;
+}
 const TOOL_MAP = {
     // Direct maps
     bash: { ccTool: 'Bash', translateArgs: (a) => ({ command: a.cmd || a.command || a.c || '' }) },
@@ -194,15 +216,31 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
             .map(b => b.text)
             .join('\n\n');
     }
-    // Strip framework identifiers from system prompt that would flag non-CC usage
-    const FRAMEWORK_PATTERNS = [
-        /\b(openclaw|hermes|aider|cursor|windsurf|cline|continue|copilot|cody)\b/gi,
-        /\b(openai|gpt-4|gpt-3\.5)\b/gi,
-        /powered by [a-z]+/gi,
-        /\bgateway\b/gi,
-    ];
-    for (const pattern of FRAMEWORK_PATTERNS) {
-        systemText = systemText.replace(pattern, '');
+    systemText = scrubFrameworkIdentifiers(systemText);
+    // Also scrub framework identifiers from message content text blocks.
+    // Clients often inject their product name into user/tool messages as well,
+    // and the system-prompt-only scrub used to miss those.
+    for (const msg of messages) {
+        if (typeof msg.content === 'string') {
+            msg.content = scrubFrameworkIdentifiers(msg.content);
+        }
+        else if (Array.isArray(msg.content)) {
+            for (const block of msg.content) {
+                if (block.type === 'text' && typeof block.text === 'string') {
+                    block.text = scrubFrameworkIdentifiers(block.text);
+                }
+                if (block.type === 'tool_result' && typeof block.content === 'string') {
+                    block.content = scrubFrameworkIdentifiers(block.content);
+                }
+                if (block.type === 'tool_result' && Array.isArray(block.content)) {
+                    for (const sub of block.content) {
+                        if (sub.type === 'text' && typeof sub.text === 'string') {
+                            sub.text = scrubFrameworkIdentifiers(sub.text);
+                        }
+                    }
+                }
+            }
+        }
     }
     // ── Build the CC request from template ──
     // Key order matches CC v2.1.104 exactly:

package/dist/proxy.js

@@ -147,6 +147,7 @@ const ORCHESTRATION_TAG_NAMES = [
     'system-reminder', 'env', 'system_information', 'current_working_directory',
     'operating_system', 'default_shell', 'home_directory', 'task_metadata',
     'directories', 'thinking',
+    'agent_persona', 'agent_context', 'tool_context', 'persona', 'tool_call',
 ];
 const ORCHESTRATION_PATTERNS = ORCHESTRATION_TAG_NAMES.flatMap(tag => [
     new RegExp(`<${tag}\\b[^>]*>[\\s\\S]*?<\\/${tag}>`, 'gi'),
@@ -459,6 +460,10 @@ export async function startProxy(opts = {}) {
         }
         // Proxy to Anthropic (with concurrency control)
         await semaphore.acquire();
+        // Hoisted so the finally block can clean up whatever was set.
+        let upstreamTimeout = null;
+        let onClientClose = null;
+        let upstreamAbortReason = null;
         try {
             const accessToken = await getAccessToken();
             // Read request body with size limit and timeout (prevents slow-loris)
@@ -562,11 +567,33 @@ export async function startProxy(opts = {}) {
                 // CC sends 600 on first request per session. With rotation, every request is "first"
                 'x-stainless-timeout': '600',
             };
+            // Client-disconnect abort: if the client drops the connection before
+            // we've finished sending the response, we abort the upstream fetch so
+            // Anthropic stops generating (and billing) a response nobody will
+            // read. Also carries the 5-minute upstream timeout via the same
+            // controller, so a single signal covers both cancellation reasons.
+            const upstreamAbort = new AbortController();
+            upstreamTimeout = setTimeout(() => {
+                if (!upstreamAbort.signal.aborted) {
+                    upstreamAbortReason = 'timeout';
+                    upstreamAbort.abort();
+                }
+            }, UPSTREAM_TIMEOUT_MS);
+            onClientClose = () => {
+                // 'close' fires on both normal teardown and client disconnect.
+                // We only want to abort if we haven't finished our response yet —
+                // normal teardown happens AFTER res.writableEnded becomes true.
+                if (!res.writableEnded && !upstreamAbort.signal.aborted) {
+                    upstreamAbortReason = 'client_closed';
+                    upstreamAbort.abort();
+                }
+            };
+            req.on('close', onClientClose);
             let upstream = await fetch(targetBase, {
                 method: req.method ?? 'POST',
                 headers,
                 body: finalBody ? new Uint8Array(finalBody) : undefined,
-                signal: AbortSignal.timeout(UPSTREAM_TIMEOUT_MS),
+                signal: upstreamAbort.signal,
             });
             // Auto-retry without context-1m if it triggers a long-context billing error.
             // Anthropic returns this as either 400 ("long context beta is not yet available
@@ -590,7 +617,7 @@ export async function startProxy(opts = {}) {
                         method: req.method ?? 'POST',
                         headers: retryHeaders,
                         body: finalBody ? new Uint8Array(finalBody) : undefined,
-                        signal: AbortSignal.timeout(UPSTREAM_TIMEOUT_MS),
+                        signal: upstreamAbort.signal,
                     });
                     // Use the retry response from here on — peeked body is now stale
                     upstream = retry;
@@ -750,12 +777,42 @@ export async function startProxy(opts = {}) {
             }
         }
         catch (err) {
-            // Log full error server-side, return generic message to client
-            console.error('[dario] Proxy error:', sanitizeError(err));
-            res.writeHead(502, JSON_HEADERS);
-            res.end(JSON.stringify({ error: 'Proxy error', message: 'Failed to reach upstream API' }));
+            // Differentiate the three failure modes so each gets the right
+            // response (and so we don't spam logs when clients simply drop).
+            if (upstreamAbortReason === 'client_closed') {
+                if (verbose)
+                    console.log(`[dario] #${requestCount} aborted (client disconnected)`);
+            }
+            else if (upstreamAbortReason === 'timeout') {
+                console.error(`[dario] #${requestCount} upstream timeout after ${UPSTREAM_TIMEOUT_MS / 1000}s`);
+                if (!res.headersSent) {
+                    res.writeHead(504, JSON_HEADERS);
+                    res.end(JSON.stringify({ error: 'Upstream timeout', message: `Anthropic did not respond within ${UPSTREAM_TIMEOUT_MS / 1000}s` }));
+                }
+                else if (!res.writableEnded) {
+                    res.end();
+                }
+            }
+            else {
+                // Log full error server-side, return generic message to client
+                console.error('[dario] Proxy error:', sanitizeError(err));
+                if (!res.headersSent) {
+                    res.writeHead(502, JSON_HEADERS);
+                    res.end(JSON.stringify({ error: 'Proxy error', message: 'Failed to reach upstream API' }));
+                }
+                else if (!res.writableEnded) {
+                    res.end();
+                }
+            }
         }
         finally {
+            // Always clean up the upstream-abort plumbing if it was set up. The
+            // setup happens after the body-read phase, so on fast-path errors
+            // (413, body read timeout) these may still be null — guard accordingly.
+            if (upstreamTimeout !== null)
+                clearTimeout(upstreamTimeout);
+            if (onClientClose !== null)
+                req.off('close', onClientClose);
             semaphore.release();
         }
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.4.3",
+  "version": "3.4.5",
   "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
   "type": "module",
   "bin": {