@askalf/dario 3.4.4 → 3.4.6

package/README.md

@@ -1,11 +1,6 @@
 <p align="center">
   <h1 align="center">dario</h1>
-  <p align="center"><strong>Use your Claude subscription as an API. The only proxy that bills correctly.</strong></p>
-  <p align="center">
-    No API key needed. Your Claude Max/Pro subscription becomes a local API endpoint<br/>
-    that any tool, SDK, or framework can use. Template replay makes every request<br/>
-    indistinguishable from real Claude Code — so your Max plan limits actually work.
-  </p>
+  <p align="center"><strong>Use your Claude subscription inside your local tools and scripts — without moving to API billing or rebuilding your workflow around a separate stack.</strong></p>
 </p>
 
 <p align="center">
@@ -18,220 +13,200 @@
 
 <p align="center">
   <a href="#quick-start">Quick Start</a> &bull;
-  <a href="#openai-compatibility">OpenAI Compat</a> &bull;
-  <a href="#usage-examples">Examples</a> &bull;
-  <a href="#askalf">askalf</a> &bull;
+  <a href="#who-this-is-for">Who it's for</a> &bull;
+  <a href="#why-switch">Why switch</a> &bull;
+  <a href="#how-it-works">How it works</a> &bull;
+  <a href="#from-standalone-to-askalf">Standalone → askalf</a> &bull;
   <a href="#trust--transparency">Trust</a> &bull;
   <a href="#faq">FAQ</a>
 </p>
 
 ---
 
-```bash
-npx @askalf/dario login   # detects Claude Code credentials, starts proxy
+## What it is
 
-# now use it from anywhere — Anthropic or OpenAI SDK
-export ANTHROPIC_BASE_URL=http://localhost:3456   # or OPENAI_BASE_URL=http://localhost:3456/v1
-export ANTHROPIC_API_KEY=dario                    # or OPENAI_API_KEY=dario
-```
+dario is a local process that turns your Claude Max or Pro subscription into an API endpoint that any tool on your machine can use. It talks to Anthropic the same way Claude Code does, so your subscription's rate limits are what you spend against — not a separate API billing tier.
 
-Opus, Sonnet, Haiku — all models, streaming, tool use. **Zero dependencies.** ~2,000 lines of TypeScript. Works with Cursor, Continue, Aider, LiteLLM, Hermes, OpenClaw, or any tool that speaks the Anthropic or OpenAI API. Auto-launches under [Bun](https://bun.sh) when available for TLS fingerprint fidelity. **Auto-detects OAuth config from your installed CC binary** so dario stays in sync forever — Anthropic can rotate client IDs and dario picks them up on the next run.
+Install it once, log in once (using your existing Claude Code credentials if you have them), and from that point on every tool that speaks the Anthropic API or the OpenAI chat completions API — Cursor, Continue, Aider, LiteLLM, your own scripts, whatever — can reach Claude through `http://localhost:3456`.
 
-dario is built and maintained by [askalf](https://askalf.org) — the open-source foundation of the askalf agent platform. If you need more than a proxy, [see below](#askalf).
+**Standalone is the default.** You don't need an account anywhere, you don't need to wait for anything, and nothing phones home. Install and run.
 
-<table>
-<tr>
-<td colspan="3" align="center"><br/><strong>Independently reviewed by 3 competing AI companies</strong><br/><br/></td>
-</tr>
-<tr>
-<td width="33%" valign="top">
+**Dario is also the local bridge for [askalf](https://askalf.org).** When your workload outgrows a single subscription — multi-account pooling, session shaping to stay under Anthropic's behavioral classifiers, 24/7 fleets, scheduled workflows — dario is the component that keeps running on your machine and connects to the askalf platform. Same install, same commands, extra capabilities unlocked when you link it. You don't have to use askalf to use dario today, and you won't have to change how you use dario when you join askalf later.
 
-**Grok** (xAI)
+---
 
-*"Dario works great and is safe. Fully functional with OpenClaw / Hermes. Gives you Opus, Sonnet & Haiku using your existing Claude Max/Pro sub. No extra API key or billing needed. Streaming + tools work perfectly. 100% open-source, runs locally only, proper OAuth (PKCE), no telemetry. Highly recommended if you want a clean local proxy."*
+## Who this is for
 
-</td>
-<td width="33%" valign="top">
+**Best fit:**
+- Power users already paying for Claude Max or Pro who want Claude available inside their local stack — editors, terminals, scripts, internal tools — without moving to API billing.
+- Small teams that work in terminals and IDEs, not in hosted agent stacks, and want Claude as a drop-in provider for whatever tools they already use.
+- Anyone who wants Claude Code's billing behavior on their own requests, from their own code.
 
-**Copilot** (Microsoft)
+**Not a fit:**
+- You need vendor-managed production SLAs on every request. Use the Anthropic API directly.
+- You need high-scale agent orchestration, multi-account pooling, or session-level classifier shaping. That's [askalf](https://askalf.org), which dario bridges into.
+- You want a hosted chat UI. Use claude.ai.
 
-*"Verdict: Safe for local use — well-implemented with strong security practices. Minimal attack surface: zero runtime dependencies, PKCE OAuth, localhost-only binding, timing-safe auth, zero telemetry. The main risk vector is operator error rather than code defects."*
+---
 
-</td>
-<td width="33%" valign="top">
+## First use case
 
-**Gemini** (Google)
+> Use Claude in your local automation and developer workflows the way you'd normally reach for an API — but backed by the subscription you already pay for.
 
-*"Highly recommended for personal, local development. Solves a massive pain point for developers by bridging Claude Max/Pro subscriptions with developer IDEs, saving substantial API costs. Modular & lean, modern PKCE auth, SSRF protection, mature CI/CD pipeline with CodeQL and npm provenance attestations."*
+You install dario, point your existing tool at `http://localhost:3456`, and that tool now sees Claude. The tool doesn't know it's going through a proxy; from its perspective dario *is* the Anthropic API. Your subscription handles the billing. Your Max plan limits are what count against usage.
 
-</td>
-</tr>
-<tr>
-<td colspan="3" align="center"><br/><strong>In production</strong><br/><br/></td>
-</tr>
-<tr>
-<td colspan="3" valign="top">
+Flow on a fresh machine:
 
-*"The 429s were driving us crazy running a multi-agent stack on Claude Max. You found the billing tag, fixed the checksum, reverse-engineered the per-request hash from the binary — running clean, zero reclassification."* — [@belangertrading](https://github.com/belangertrading), multi-agent stack on Claude Max
+1. `npm install -g @askalf/dario`
+2. `dario login` — detects your installed Claude Code credentials, or runs its own OAuth flow if you don't have CC installed
+3. `dario proxy` — starts the local server on port 3456
+4. Set two environment variables in the tool you already use:
+   ```bash
+   ANTHROPIC_BASE_URL=http://localhost:3456
+   ANTHROPIC_API_KEY=dario
+   ```
+5. That tool now uses your Claude subscription. Streaming works, tool use works, prompt caching works.
 
-</td>
-</tr>
-</table>
+No separate API key. No Extra Usage charges. No rebuilding your workflow around a new provider.
 
 ---
 
-## Why dario
-
-Most Claude subscription proxies have a critical billing problem: **Anthropic classifies their requests as third-party and routes all usage to Extra Usage billing** — even when you have Max plan limits available. You're paying for your subscription twice.
-
-dario is the only proxy that solves this. Instead of transforming your requests signal by signal, dario uses **template replay** — it replaces the entire request with Claude Code's exact template. 25 tool definitions, 25KB system prompt, exact field order, exact beta headers, exact metadata structure. Only your conversation content is preserved. When Bun is installed, dario auto-relaunches under Bun for TLS fingerprint fidelity matching CC's runtime. Anthropic's classifier sees a genuine Claude Code request because it IS one.
-
-| | dario | Other proxies |
-|---|---|---|
-| **Approach** | Template replay — sends CC's actual request | Signal matching or none |
-| **Tools** | CC's exact tool definitions sent upstream | Client tools (detected) |
-| **Max plan limits** | Used correctly | Bypassed — billed separately |
-| **Detection resistance** | Undetectable without flagging CC itself | Detected by tool names, field order, effort level, etc. |
-| **Dependencies** | 0 | Many |
-
-<details>
-<summary><strong>vs competitors</strong></summary>
+## Why switch
 
-| Feature | dario | Meridian | CLIProxyAPI |
-|---------|-------|---------|------------|
-| Template replay (undetectable) | **Yes** | No | No |
-| Direct OAuth (streaming, tools) | **Yes** | Yes (SDK-based) | No |
-| OpenAI API compat | **Yes** | Yes | Yes |
-| Orchestration sanitization | **Yes** | Yes | No |
-| Token anomaly detection | **Yes** | Yes | No |
-| Codebase size | ~2,000 lines | ~9,000 lines | Platform |
-| Dependencies | 0 | Many | Many |
-| Setup | 2 commands | Config + build | Config + dashboard |
+**Use dario if** you already pay for Claude Max or Pro and you want Claude inside the tools you already use, without paying API rates for every request or routing your work through a second hosted stack.
 
-</details>
+**Use the Anthropic API directly if** you need platform-native primitives, vendor-managed production usage, high-scale control, or SLAs your subscription tier doesn't cover. Dario isn't trying to replace the API — it's trying to unlock the subscription you already bought.
 
-## The Problem
+**Use dario + askalf if** you're running multi-agent workloads, hitting session-level rate limits that a single account can't clear, or need a 24/7 fleet. Dario keeps running on your machine as the local bridge; askalf adds multi-account pooling, session shaping, and the platform pieces a single-subscription proxy can't deliver. See [below](#from-standalone-to-askalf).
 
-You pay $100-200/mo for Claude Max or Pro. But that subscription only works on claude.ai and Claude Code. If you want to use Claude with **any other tool** — Cursor, Continue, Aider, your own scripts — you need a separate API key with separate billing.
+**Don't use dario if** you want a subprocess bridge that shells out to `claude --print` under the hood. Those tools (openclaw-claude-bridge and similar) work well for single-team single-machine workloads that can accept a one-subscription rate ceiling and a one-machine deployment. Dario is the API-path alternative, which trades that simplicity for pooling-friendly behavior on the wire. Different tradeoffs, different tool.
 
-**dario fixes this.** It creates a local proxy that translates API key auth into your subscription's OAuth tokens. Your subscription handles the billing. No API key needed.
-
-**Note:** Claude subscriptions have [usage limits](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) that reset on rolling 5-hour and 7-day windows. You can check your utilization via Claude Code's `/usage` command or the [statusline](https://code.claude.com/docs/en/statusline).
+---
 
 ## Quick Start
 
-### Prerequisites
+```bash
+# Install
+npm install -g @askalf/dario
 
-[Claude Code](https://docs.anthropic.com/en/docs/claude-code/overview) installed and logged in (recommended). Dario detects your existing Claude Code credentials automatically and also auto-extracts the current OAuth client config from the installed CC binary so dario stays in sync with whatever CC version you have, even when Anthropic rotates client IDs.
+# Log in (detects Claude Code credentials if installed)
+dario login
 
-If Claude Code isn't installed, dario runs its own OAuth flow — opens your browser, you authorize, done.
+# Start the proxy
+dario proxy
 
-### Install
+# Anthropic SDK
+export ANTHROPIC_BASE_URL=http://localhost:3456
+export ANTHROPIC_API_KEY=dario
 
-```bash
-npm install -g @askalf/dario
+# or OpenAI-compatible tools
+export OPENAI_BASE_URL=http://localhost:3456/v1
+export OPENAI_API_KEY=dario
 ```
 
-Or use npx (no install needed):
+Opus, Sonnet, Haiku — all models, streaming, tool use, prompt caching, extended thinking. **Zero runtime dependencies.** ~2,000 lines of TypeScript. Auto-launches under [Bun](https://bun.sh) when available for TLS fingerprint fidelity with Claude Code's runtime. **Auto-detects OAuth config from your installed CC binary** so dario stays in sync forever — Anthropic can rotate client IDs and dario picks them up on the next run.
 
-```bash
-npx @askalf/dario login
-```
+---
 
-### Login
+## How It Works
 
-```bash
-dario login
-```
+Dario has two modes: **direct API mode** (the default) and **passthrough mode** (`--passthrough`).
 
-- **With Claude Code installed:** Detects your credentials automatically and starts the proxy. No browser needed.
-- **Without Claude Code:** Opens your browser to Claude's OAuth page. Authorize, and dario captures the token automatically via a local callback server. Then run `dario proxy` to start the server.
+### Direct API Mode — Template Replay
 
-### Start the proxy
+This is the mode you want for almost every case. Dario takes each request you send it and replaces it with a Claude Code request: same 25 tool definitions, same 25KB system prompt, same field order, same beta headers, same metadata structure, same device identity. Only your conversation content is preserved. Anthropic's classifier sees what looks like a Claude Code session because, from the wire up, it *is* one — and that's what keeps your usage on subscription billing instead of Extra Usage.
 
-```bash
-dario proxy
 ```
-
+┌───────────┐     ┌─────────────────────┐     ┌──────────────────┐
+│ Your App  │ ──> │   dario (proxy)     │ ──> │ api.anthropic.com│
+│           │     │   localhost:3456    │     │                  │
+│ sends     │     │                     │     │  sees a genuine  │
+│ its own   │     │  replaces request   │     │  Claude Code     │
+│ tools &   │     │  with CC template   │     │  request         │
+│ params    │     │  keeps only content │     │                  │
+└───────────┘     └─────────────────────┘     └──────────────────┘
 ```
-dario — http://localhost:3456
 
-Your Claude subscription is now an API.
+The details that matter:
 
-Usage:
-  ANTHROPIC_BASE_URL=http://localhost:3456
-  ANTHROPIC_API_KEY=dario
+- **Billing tag** reconstructed using CC's own algorithm extracted from the binary: `x-anthropic-billing-header: cc_version=<version>.<build_tag>; cc_entrypoint=cli; cch=<5-char-hex>;` where `build_tag = SHA-256(seed + chars[4,7,20] of user message + version).slice(0,3)`.
+- **Beta set** — CC's exact beta list in CC's order, minus any beta that would require Extra Usage to be enabled on your account.
+- **OAuth config** auto-detected from the installed CC binary at startup. When Anthropic rotates `client_id`, authorize URL, or scopes, dario picks up the new values on the next run without needing a new release. Falls back to hardcoded CC 2.1.104 prod values if CC isn't installed. Cache at `~/.dario/cc-oauth-cache-v3.json`, keyed by binary fingerprint.
+- **Session ID** rotates per request via `x-claude-code-session-id`, matching how `claude --print` behaves. A persistent session ID across rapid requests is a behavioral signal.
+- **Framework scrub** — framework identifiers and known fingerprint tokens (`OpenClaw`, `sessions_*` tool prefixes, orchestration tags, etc.) are stripped from both the system prompt and message content before the request goes upstream.
+- **Bun auto-relaunch** — when Bun is installed, dario relaunches under it so its TLS fingerprint matches CC's runtime. Without Bun, dario runs on Node.js and works fine; the TLS fingerprint is the only difference.
 
-Auth: open (no DARIO_API_KEY set)
-OAuth: healthy (expires in 11h 42m)
-Model: passthrough (client decides)
-```
+### Passthrough Mode — `--passthrough`
 
-### Use it
+For tools that need exact Anthropic protocol fidelity with nothing injected. This mode does an OAuth token swap and nothing else: no billing tag, no template, no device identity.
 
 ```bash
-# Set these two env vars — every Anthropic SDK respects them
-export ANTHROPIC_BASE_URL=http://localhost:3456
-export ANTHROPIC_API_KEY=dario
-
-# Now any tool just works
-openclaw start
-aider --model claude-opus-4-6
-continue  # in VS Code, set base URL in config
-python my_script.py
+dario proxy --passthrough
 ```
 
-## Passthrough Mode
+Use it when the upstream tool already builds a Claude-Code-shaped request on its own and you just need the token auth.
 
-For tools that need exact Anthropic protocol fidelity with zero modification, use `--passthrough` (alias: `--thin`). This does OAuth swap only — no billing tag, no template replay, no device identity, no extra beta flags. Note: most tools (including Hermes and OpenClaw) work better through default mode, which handles billing classification automatically.
+### Detection scope
 
-```bash
-dario proxy --passthrough               # Thin proxy, zero injection
-dario proxy --thin --model=opus         # Thin proxy + model override
-```
+Dario is a **per-request layer**. Every request it sends upstream is designed to be indistinguishable from a Claude Code request, and the per-request scrubbing hardened in v3.4.5 makes that meaningfully harder to fingerprint than it was when v3.0 first shipped. What dario cannot do at the per-request level is defend against Anthropic's session-level and account-level classifiers — those operate on cumulative per-OAuth behavioral aggregates (token throughput, conversation depth, streaming duration, inter-arrival timing) and no amount of per-request hardening reaches them. That's a different problem at a different layer, and it's [askalf](https://askalf.org)'s job rather than dario's. See the [FAQ entry](#faq) for the full explanation.
 
-## Model Selection
+---
 
-Force a specific model for all requests — useful when your tool doesn't let you configure the model:
+## From standalone to askalf
 
-```bash
-dario proxy --model=opus      # Force Opus 4.6
-dario proxy --model=sonnet    # Force Sonnet 4.6
-dario proxy --model=haiku     # Force Haiku 4.5
-dario proxy                   # Passthrough (client decides)
-```
+Dario is fully useful on its own. You don't need an account, you don't need to wait for anything, and the standalone mode is and will remain the default.
 
-Full model IDs also work: `--model=claude-opus-4-6`
+When your workload grows past what a single Claude subscription can hold, dario is also the local-edge component of the [askalf](https://askalf.org) platform. Same binary, same commands, same local proxy — linking to askalf adds what a per-request layer alone can't deliver:
 
-## OpenAI Compatibility
+| | dario standalone | dario + askalf |
+|---|---|---|
+| **Accounts** | 1 (yours) | Pool of 2–20+ |
+| **Rate limits** | Your subscription's 5h / 7d windows | Distributed across the pool, near-zero 429s |
+| **Session shaping** | Per-request scrub | Per-session cumulative tracking, rotation, classifier avoidance |
+| **Browser / desktop control** | No | Yes — full computer use |
+| **Scheduling** | No | Cron, webhooks, triggers |
+| **Persistent memory** | No | Per-agent context and state |
+| **Hosted dashboard** | No | Yes |
+| **Local proxy component** | dario | dario |
 
-Dario implements `/v1/chat/completions` — any tool built for the OpenAI API works with your Claude subscription. No code changes needed.
+When the askalf bridge endpoint is live, a single command (`dario link`) will pair this local instance with your askalf account and the extra capabilities unlock in place. Until then, standalone is the only mode that runs — nothing to wait for to use dario as it is today.
 
-```bash
-dario proxy --model=opus
+**[Join the askalf waitlist →](https://askalf.org)**
 
-export OPENAI_BASE_URL=http://localhost:3456/v1
-export OPENAI_API_KEY=dario
+Dario will always be open-source and free. askalf is the hosted tier for teams who need the layer above.
 
-# Cursor, Continue, LiteLLM, any OpenAI SDK — all work
-```
+---
 
-Use `--model=opus` to force the model regardless of what the client sends. Or pass `claude-opus-4-6` as the model name directly — Claude model names work as-is.
+## Commands
 
-## Usage Examples
+| Command | Description |
+|---------|-------------|
+| `dario login` | Log in (detects CC credentials or runs its own OAuth flow) |
+| `dario proxy` | Start the local API proxy on port 3456 |
+| `dario status` | Show OAuth token health and expiry |
+| `dario refresh` | Force an immediate token refresh |
+| `dario logout` | Delete stored credentials |
+| `dario help` | Full command reference |
 
-### curl
+### Proxy options
 
-```bash
-curl http://localhost:3456/v1/messages \
-  -H "Content-Type: application/json" \
-  -H "anthropic-version: 2023-06-01" \
-  -d '{
-    "model": "claude-opus-4-6",
-    "max_tokens": 1024,
-    "messages": [{"role": "user", "content": "Hello!"}]
-  }'
-```
+| Flag / env | Description | Default |
+|---|---|---|
+| `--passthrough` / `--thin` | Thin proxy — OAuth swap only, no template injection | off |
+| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC tools | off |
+| `--model=<name>` | Force a model (`opus`, `sonnet`, `haiku`, or full ID) | passthrough |
+| `--port=<n>` | Port to listen on | `3456` |
+| `--host=<addr>` / `DARIO_HOST` | Bind address. Use `0.0.0.0` for LAN, or a specific IP (e.g. a Tailscale interface). When non-loopback, also set `DARIO_API_KEY`. | `127.0.0.1` |
+| `--verbose` / `-v` | Log every request | off |
+| `DARIO_API_KEY` | If set, all endpoints (except `/health`) require a matching `x-api-key` or `Authorization: Bearer` header. Required when `--host` binds non-loopback. | unset (open) |
+| `DARIO_CORS_ORIGIN` | Override the browser CORS `Access-Control-Allow-Origin`. Useful for browser clients reaching dario over a mesh network. | `http://localhost:${port}` |
+| `DARIO_NO_BUN` | Disable automatic Bun relaunch | unset |
+| `DARIO_MIN_INTERVAL_MS` | Minimum ms between requests (rate governor) | `500` |
+| `DARIO_CC_PATH` | Override path to the Claude Code binary for OAuth detection | auto-detect |
+
+---
+
+## Usage
 
 ### Python
 
@@ -240,15 +215,15 @@ import anthropic
 
 client = anthropic.Anthropic(
     base_url="http://localhost:3456",
-    api_key="dario"
+    api_key="dario",
 )
 
-message = client.messages.create(
+msg = client.messages.create(
     model="claude-opus-4-6",
     max_tokens=1024,
-    messages=[{"role": "user", "content": "Hello!"}]
+    messages=[{"role": "user", "content": "Hello!"}],
 )
-print(message.content[0].text)
+print(msg.content[0].text)
 ```
 
 ### TypeScript / Node.js
@@ -261,222 +236,64 @@ const client = new Anthropic({
   apiKey: "dario",
 });
 
-const message = await client.messages.create({
+const msg = await client.messages.create({
   model: "claude-opus-4-6",
   max_tokens: 1024,
   messages: [{ role: "user", content: "Hello!" }],
 });
 ```
 
-### Streaming
+### OpenAI-compatible (Cursor, Continue, LiteLLM, Aider, …)
+
+```bash
+export OPENAI_BASE_URL=http://localhost:3456/v1
+export OPENAI_API_KEY=dario
+```
+
+Any tool that accepts an OpenAI base URL works as-is. Claude model names pass through directly; GPT-style names (`gpt-4`, `gpt-5.4`, etc.) map to their closest Claude equivalents so tools with hardcoded OpenAI model lists work without code changes.
+
+### curl
 
 ```bash
 curl http://localhost:3456/v1/messages \
   -H "Content-Type: application/json" \
   -H "anthropic-version: 2023-06-01" \
-  -d '{
-    "model": "claude-opus-4-6",
-    "max_tokens": 1024,
-    "stream": true,
-    "messages": [{"role": "user", "content": "Write a haiku about APIs"}]
-  }'
+  -d '{"model":"claude-opus-4-6","max_tokens":1024,"messages":[{"role":"user","content":"Hello!"}]}'
 ```
 
-### With Other Tools
+### Streaming, tool use, prompt caching, extended thinking
 
-```bash
-# Cursor / Continue / any OpenAI-compatible tool
-OPENAI_BASE_URL=http://localhost:3456/v1 OPENAI_API_KEY=dario cursor
+All supported in both Anthropic and OpenAI SSE formats. Tool-use streaming emits `input_json_delta` events. Prompt caching works as-is. Extended thinking is routed through `reasoning_effort` in OpenAI format or the native `thinking` field in Anthropic format.
 
-# Aider
-ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario aider --model claude-opus-4-6
+### Library mode
 
-# Any tool that uses ANTHROPIC_BASE_URL
-ANTHROPIC_BASE_URL=http://localhost:3456 ANTHROPIC_API_KEY=dario your-tool-here
-```
-
-### Hermes
+Dario is also importable:
 
-Add to `~/.hermes/config.yaml`:
+```typescript
+import { startProxy, getAccessToken, getStatus } from "@askalf/dario";
 
-```yaml
-model:
-  base_url: "http://localhost:3456/v1"
-  api_key: "dario"
-  default: claude-opus-4-6
+await startProxy({ port: 3456, verbose: true });
+const token = await getAccessToken();
+const status = await getStatus();
 ```
 
-### OpenClaw
+### Health check
 
-Add to your `openclaw.json` models config:
+```bash
+curl http://localhost:3456/health
+```
 
 ```json
 {
-  "models": {
-    "providers": {
-      "anthropic": {
-        "baseUrl": "http://127.0.0.1:3456",
-        "apiKey": "dario",
-        "api": "anthropic-messages",
-        "models": [
-          {
-            "id": "claude-sonnet-4-6",
-            "name": "claude-sonnet-4-6",
-            "contextWindow": 1000000,
-            "maxTokens": 64000,
-            "input": ["text"],
-            "reasoning": true
-          },
-          {
-            "id": "claude-opus-4-6",
-            "name": "claude-opus-4-6",
-            "contextWindow": 1000000,
-            "maxTokens": 64000,
-            "input": ["text"],
-            "reasoning": true
-          }
-        ]
-      }
-    }
-  }
+  "status": "ok",
+  "oauth": "healthy",
+  "expiresIn": "11h 42m",
+  "requests": 47
 }
 ```
 
-**Note:** Use `http://127.0.0.1:3456` without `/v1` — OpenClaw adds the path itself.
-
----
-
-## How It Works
-
-### Direct API Mode (default) — Template Replay
-
-```
-┌───────────┐     ┌─────────────────────┐     ┌──────────────────┐
-│ Your App  │ ──> │   dario (proxy)     │ ──> │ api.anthropic.com│
-│           │     │   localhost:3456    │     │                  │
-│ sends     │     │                     │     │  sees a genuine  │
-│ its own   │     │  replaces request   │     │  Claude Code     │
-│ tools &   │     │  with CC template   │     │  request         │
-│ params    │     │  keeps only content │     │                  │
-└───────────┘     └─────────────────────┘     └──────────────────┘
-```
-
-Your app sends whatever it wants — any tools, any parameters. dario replaces the entire request with Claude Code's template and injects only your conversation content. The upstream sees CC's exact tool definitions, field structure, and parameters.
-
-### Passthrough Mode (`--passthrough`)
-
-```
-┌───────────┐     ┌─────────────────┐     ┌──────────────────┐
-│ Your App  │ ──> │  dario (proxy)  │ ──> │ api.anthropic.com│
-│           │     │  localhost:3456 │     │                  │
-│ sends     │     │  swaps API key  │     │  sees valid      │
-│ API       │     │  for OAuth      │     │  OAuth bearer    │
-│ request   │     │  nothing else   │     │  token           │
-└───────────┘     └─────────────────┘     └──────────────────┘
-```
-
-### What dario actually sends upstream
-
-In direct mode, every request dario sends to Anthropic is a genuine Claude Code request. Key fields injected or enforced:
-
-**Billing tag** — reconstructed using Claude Code's own algorithm extracted from the CC binary:
-```
-x-anthropic-billing-header: cc_version=<version>.<build_tag>; cc_entrypoint=cli; cch=<5-char-hex>;
-```
-The build tag is `SHA-256(seed + chars[4,7,20] of user message + version).slice(0,3)`. The `cch` is a fresh random 5-char hex per request. Both were extracted via MITM capture.
-
-**Beta set** — exactly 8 betas from CC, in CC's order:
-```
-claude-code-20250219, oauth-2025-04-20, context-1m-2025-08-07,
-interleaved-thinking-2025-05-14, context-management-2025-06-27,
-prompt-caching-scope-2026-01-05, advisor-tool-2026-03-01, effort-2025-11-24
-```
-
-**Request headers** — CC's exact Stainless SDK headers, including `x-stainless-runtime-version: v24.3.0` (the Node.js compat version CC reports when running on Bun), `x-app: cli`, `user-agent: claude-cli/<version>`, `anthropic-dangerous-direct-browser-access: true`.
-
-**Upstream URL** — `api.anthropic.com/v1/messages?beta=true`, matching CC's own request format.
-
-**Device identity** — `metadata.user_id` loaded from `~/.claude/.claude.json`. Without this, Anthropic classifies the request as third-party and routes it to Extra Usage billing instead of the Max plan allocation.
-
-**Session ID** — rotates per request via `x-claude-code-session-id`. A persistent session ID across many rapid requests is a behavioral detection signal; CC `--print` creates a new session each invocation.
-
-**Rate governor** — 500ms minimum between requests (configurable via `DARIO_MIN_INTERVAL_MS`). Configurable for agent workloads that need tighter pacing.
-
-### OAuth Config Auto-Detection
-
-Anthropic periodically rotates the OAuth `client_id`, authorize URL, token URL, and scopes that Claude Code uses. Historically this caused `"Invalid client id"` errors until a new dario release shipped.
-
-Dario scans the installed CC binary at startup and extracts the current config directly:
-
-- **Anchor**: `BASE_API_URL:"https://api.anthropic.com"` — this literal appears only inside CC's live prod OAuth config block, so the scanner reliably lands in the right object even when the minifier reorders fields across CC releases.
-- **Extracted**: `CLIENT_ID`, `CLAUDE_AI_AUTHORIZE_URL`, `TOKEN_URL`, and the full `user:*` scope string. A defensive check rejects any scan result that matches a known-dead internal client_id.
-- **Cached**: Results stored at `~/.dario/cc-oauth-cache-v2.json` keyed by binary fingerprint (first 64KB sha256 + size + mtime). Cold scan ~500ms, cache hit ~5ms. Re-scans only when CC is upgraded.
-- **Fallback**: If CC is not installed or scanning fails, dario uses the CC 2.1.104 prod config values hardcoded in-tree. No user action needed.
-- **Override**: Set `DARIO_CC_PATH=/path/to/claude` to point dario at a non-standard CC binary location.
-
-CC ships three OAuth config factories (`local`, `staging`, `prod`) in one binary, selected at runtime by a function that is hardcoded to `prod` in shipped builds. Only the prod block is live; the other two are dead code paths CC uses when pointing at internal dev/staging infrastructure. The scanner targets the prod block specifically.
-
-End-to-end verification lives at [`test/oauth-detector.mjs`](test/oauth-detector.mjs).
-
 ---
 
-## Commands
-
-| Command | Description |
-|---------|-------------|
-| `dario login` | Detect credentials and start proxy |
-| `dario proxy` | Start the local API proxy |
-| `dario status` | Check if your token is healthy |
-| `dario refresh` | Force an immediate token refresh |
-| `dario logout` | Delete stored credentials |
-| `dario help` | Show usage information |
-
-### Proxy Options
-
-| Flag/Env | Description | Default |
-|----------|-------------|---------|
-| `--passthrough` / `--thin` | Thin proxy — OAuth swap only, no injection | off |
-| `--preserve-tools` / `--keep-tools` | Keep client tool schemas instead of remapping to CC tools | off |
-| `--model=MODEL` | Force a model (`opus`, `sonnet`, `haiku`, or full ID) | passthrough |
-| `--port=PORT` | Port to listen on | `3456` |
-| `--host=ADDRESS` / `DARIO_HOST` | Bind address. Use `0.0.0.0` to accept LAN connections, or a specific IP to bind selectively (e.g. a Tailscale interface). When non-loopback, also set `DARIO_API_KEY`. | `127.0.0.1` |
-| `--verbose` / `-v` | Log every request | off |
-| `DARIO_API_KEY` | If set, all endpoints (except `/health`) require matching `x-api-key` or `Authorization: Bearer`. **Required** when `--host` binds to anything other than loopback. | unset (open) |
-| `DARIO_CORS_ORIGIN` | Override the browser CORS `Access-Control-Allow-Origin`. Useful for browser-based clients (open-webui, librechat) connecting over a mesh network. | `http://localhost:${port}` |
-| `DARIO_NO_BUN` | Disable automatic Bun relaunch (stay on Node.js) | unset |
-| `DARIO_MIN_INTERVAL_MS` | Minimum ms between requests (rate governor) | `500` |
-| `DARIO_CC_PATH` | Override path to Claude Code binary for OAuth detection | auto-detect |
-
-## Supported Features
-
-### Direct API Mode
-- All Claude models (Opus 4.6, Sonnet 4.6, Haiku 4.5) + 1M extended context aliases (`opus1m`, `sonnet1m`)
-- **Template replay** — replaces the entire request with Claude Code's exact template. 25 tool definitions, 25KB system prompt, exact body key order, exact beta headers (model-conditional), exact metadata structure. Client tools are mapped to CC equivalents and reverse-mapped in responses. Template data stored as JSON for easy updates.
-- **`--preserve-tools` mode** — opt-out of CC tool schema replacement for agent frameworks that rely on their own custom tool definitions. Default mode still remaps for maximum detection resistance.
-- **OAuth auto-detect** — scans the installed CC binary for OAuth config at startup. Stays in sync with whatever CC version you have; falls back to known-good hardcoded values if no binary is found. Override with `DARIO_CC_PATH`.
-- **Bun auto-relaunch** — auto-detects Bun and relaunches under it for TLS fingerprint fidelity. CC runs on Bun; Node.js has a different TLS fingerprint visible at the network level.
-- **Session ID rotation** — each request gets a fresh session ID via `x-claude-code-session-id`, matching CC behavior.
-- **Rate governor** — configurable minimum interval between requests via `DARIO_MIN_INTERVAL_MS`.
-- **Enriched 429 errors** — rate limit errors include utilization %, limiting window, and reset time instead of Anthropic's default `"Error"` message.
-- **Auto-retry on long-context errors** — when Anthropic returns 400 or 429 with `"long context beta is not yet available"` or `"Extra usage is required"`, dario transparently retries without the `context-1m-2025-08-07` beta flag.
-- **OpenAI-compatible** (`/v1/chat/completions`) — works with any OpenAI SDK or tool.
-- Streaming and non-streaming (both Anthropic and OpenAI SSE formats, including tool_use streaming).
-- Tool use / function calling.
-- System prompts and multi-turn conversations.
-- Prompt caching and extended thinking.
-- **Billable beta filtering** — strips `extended-cache-ttl` from client betas (the only beta requiring Extra Usage enabled on the account).
-- **Beta deduplication** — client-provided betas are deduplicated against the base set before appending.
-- **Orchestration tag sanitization** — strips agent-injected XML (`<system-reminder>`, `<env>`, `<task_metadata>`, etc.) before forwarding.
-- **Token anomaly detection** — warns on context spike (>60% input growth) or output explosion (>2x previous).
-- Concurrency control (max 10 concurrent upstream requests).
-- CORS enabled (works from browser apps on localhost).
-
-### Passthrough Mode
-- All Claude models with native streaming and tool use.
-- OAuth token swap only — no billing tag, no template injection, no device identity.
-- Minimal beta flags (`oauth-2025-04-20` + client betas only).
-- For tools that need exact Anthropic protocol fidelity with zero modification.
-
 ## Endpoints
 
 | Path | Description |
@@ -487,179 +304,100 @@ End-to-end verification lives at [`test/oauth-detector.mjs`](test/oauth-detector
 | `GET /health` | Proxy health + OAuth status + request count |
 | `GET /status` | Detailed OAuth token status |
 
-## Health Check
-
-```bash
-curl http://localhost:3456/health
-```
-
-```json
-{
-  "status": "ok",
-  "oauth": "healthy",
-  "expiresIn": "11h 42m",
-  "requests": 47
-}
-```
-
-## Security
-
-| Concern | How dario handles it |
-|---------|---------------------|
-| Credential storage | Reads from Claude Code (`~/.claude/.credentials.json`) or its own store (`~/.dario/credentials.json`) with `0600` permissions |
-| OAuth flow | PKCE (Proof Key for Code Exchange) — no client secret needed |
-| OAuth config source | Auto-detected from local CC binary at runtime; cached at `~/.dario/cc-oauth-cache-v2.json`. Detector reads binary in read-only mode, never modifies it. |
-| Token exposure | Tokens never logged; redacted from all error messages. |
-| Network binding | Binds to `127.0.0.1` by default. Override with `--host` / `DARIO_HOST` for mesh/LAN use; dario refuses to treat non-loopback binds as safe and requires you to set `DARIO_API_KEY` to avoid an unauthenticated LAN-reachable proxy. Upstream traffic goes only to `api.anthropic.com` over HTTPS. |
-| Auth timing | `timingSafeEqual` used for `DARIO_API_KEY` comparison. |
-| SSRF protection | Only `/v1/messages` and `/v1/complete` are proxied upstream — hardcoded allowlist. |
-| Body size | 10MB hard cap per request. 30s read timeout prevents slow-loris. |
-| Token refresh | Auto-refreshes 30 minutes before expiry. Refresh tokens rotate on each use. Mutex prevents concurrent refresh races. |
-| Telemetry | None. Zero analytics, tracking, or data collection of any kind. |
-
 ---
 
-## askalf
-
-dario solves the API access problem — your $200/mo subscription, usable everywhere, billed correctly.
-
-But a proxy has a ceiling. Every request still runs on your single account, with your subscription's rate limits, on your machine. When you need to scale beyond that — multiple accounts, persistent browser sessions, desktop control, scheduled workflows, a fleet of agents that can run while you sleep — that's what [askalf](https://askalf.org) is built for.
+## Trust & Transparency
 
-**askalf** is the agent platform built on top of the same OAuth and billing infrastructure that powers dario:
+Dario handles your OAuth tokens. Here's why you can trust it:
 
-| | dario | askalf |
-|---|---|---|
-| **What it is** | Local proxy, single account | Hosted agent fleet, multi-account |
-| **Rate limits** | Your subscription's limits | Distributed across fleet, near-zero 429s |
-| **Browser / desktop** | No | Yes — full computer use |
-| **Scheduling** | No | Yes — cron, webhooks, triggers |
-| **Persistent memory** | No | Yes — per-agent memory and context |
-| **Custom tools** | Via `--preserve-tools` | Native MCP tool server |
-| **Setup** | 2 commands | Waitlist → dashboard |
+| Signal | Status |
+|---|---|
+| **Source code** | ~2,000 lines of TypeScript across 7 files — small enough to audit in one sitting |
+| **Dependencies** | 0 runtime dependencies. Verify: `npm ls --production` |
+| **npm provenance** | Every release is [SLSA-attested](https://www.npmjs.com/package/@askalf/dario) via GitHub Actions |
+| **Security scanning** | [CodeQL](https://github.com/askalf/dario/actions/workflows/codeql.yml) runs on every push and weekly |
+| **Credential handling** | Tokens never logged, redacted from errors, stored with `0600` permissions |
+| **OAuth flow** | PKCE (Proof Key for Code Exchange) — no client secret |
+| **Network scope** | Binds to `127.0.0.1` by default. `--host` allows LAN/mesh with `DARIO_API_KEY` gating. Upstream traffic goes only to `api.anthropic.com` over HTTPS |
+| **SSRF protection** | Only `/v1/messages` and `/v1/complete` proxy upstream — hardcoded allowlist |
+| **Telemetry** | None. Zero analytics, tracking, or data collection |
+| **Audit trail** | [CHANGELOG.md](CHANGELOG.md) documents every release |
 
-If you're running multi-agent workflows, hitting rate limits on Claude Max, or want agents that run 24/7 without babysitting, **[join the waitlist at askalf.org](https://askalf.org)**.
+Verify the npm tarball matches this repo:
 
-dario will always be open-source and free. askalf is the hosted tier for teams who need more.
+```bash
+npm audit signatures
+npm view @askalf/dario dist.integrity
+cd $(npm root -g)/@askalf/dario && npm ls --production
+```
 
 ---
 
 ## FAQ
 
 **Does this violate Anthropic's terms of service?**
-Dario uses your existing Claude Code credentials with the same OAuth tokens. It authenticates you as you, with your subscription, through Anthropic's official API.
+Dario uses your existing Claude Code credentials with the same OAuth tokens CC uses. It authenticates you as you, with your subscription, through Anthropic's official API endpoints.
 
 **What subscription plans work?**
 Claude Max and Claude Pro. Any plan that lets you use Claude Code.
 
-**Does it work with Claude Team / Enterprise?**
-Should work if your plan includes Claude Code access. Not tested yet — please open an issue with results.
+**Does it work with Team / Enterprise?**
+Should work if your plan includes Claude Code access. Not widely tested yet — open an issue with results.
 
 **Do I need Claude Code installed?**
-Recommended but not required. If Claude Code is installed and logged in, `dario login` picks up your credentials automatically. Without Claude Code, dario runs its own OAuth flow to authenticate directly.
+Recommended, not required. With CC installed, `dario login` picks up your credentials automatically. Without CC, dario runs its own OAuth flow against Anthropic's authorize endpoint.
 
-**First time setup — account priming**
-If dario is the first thing you use with a new Claude account, run a few real Claude Code commands first to establish a session baseline:
+**Do I need Bun?**
+Optional, recommended. Dario auto-relaunches under Bun when it's available so the TLS fingerprint matches CC's runtime. Without Bun, dario runs on Node.js and works fine; the TLS fingerprint is the only difference. Install: `curl -fsSL https://bun.sh/install | bash`.
+
+**First time setup on a fresh account.**
+If dario is the first thing you run against a brand-new Claude account, prime the account with a few real Claude Code commands first:
 ```bash
 claude --print "hello"
 claude --print "hello"
-claude --print "hello"
 ```
-This primes the account with legitimate Claude Code sessions. Then start dario normally. Without priming, new accounts may see billing classification issues on first use.
-
-**Do I need Bun installed?**
-Optional but recommended. If [Bun](https://bun.sh) is installed, dario auto-relaunches under it for TLS fingerprint fidelity with Claude Code's runtime. Without Bun, dario runs on Node.js and works fine — the TLS fingerprint is the only difference. Install Bun: `curl -fsSL https://bun.sh/install | bash`
+This establishes a session baseline. Without priming, brand-new accounts occasionally see billing classification issues on first use.
 
 **What happens when my token expires?**
-Dario auto-refreshes tokens 30 minutes before expiry. You should never see an auth error in normal use. If something goes wrong, `dario refresh` forces an immediate refresh.
+Dario auto-refreshes tokens 30 minutes before expiry. `dario refresh` forces an immediate refresh if something goes wrong.
 
 **What happens when Anthropic rotates the OAuth client_id or URL?**
-Dario auto-detects OAuth config from your installed Claude Code binary. When CC ships a new version with rotated values, dario picks them up on the next startup — no dario release needed. The detector is cached at `~/.dario/cc-oauth-cache-v2.json` and only re-scans when the binary fingerprint changes. If CC isn't installed, dario falls back to hardcoded CC 2.1.104 prod values.
+Dario auto-detects OAuth config from your installed Claude Code binary. When CC ships a new version with rotated values, dario picks them up on the next run — no dario release needed. Cache at `~/.dario/cc-oauth-cache-v3.json`, keyed by the CC binary fingerprint. If CC isn't installed, dario falls back to hardcoded CC 2.1.104 prod values.
 
 **I'm hitting rate limits. What do I do?**
-Claude subscriptions have rolling 5-hour and 7-day usage windows. Check your utilization with Claude Code's `/usage` command or the [statusline](https://code.claude.com/docs/en/statusline). Rate limit errors from dario include utilization percentages and reset times so you can see exactly when capacity returns.
-
-If you're running a multi-agent workload and consistently hitting limits, [askalf](https://askalf.org) distributes load across multiple accounts automatically.
+Claude subscriptions have rolling 5-hour and 7-day usage windows. Check utilization with Claude Code's `/usage` command or the [statusline](https://code.claude.com/docs/en/statusline). Dario's rate-limit errors include utilization percentages and reset times so you can see exactly when capacity returns.
 
-**What are the usage limits?**
-Claude subscriptions have rolling 5-hour and 7-day usage windows shared across claude.ai and Claude Code. See [Anthropic's docs](https://support.claude.com/en/articles/11647753-how-do-usage-and-length-limits-work) for details.
-
-**Can I run this on a server?**
-Dario binds to localhost by default. For server use, handle the initial login on a machine with a browser, then copy `~/.claude/.credentials.json` (or `~/.dario/credentials.json`) to your server. Auto-refresh will keep it alive from there. If you want dario reachable from other machines on the same LAN or a Tailscale mesh, pass `--host=0.0.0.0` (or a specific interface IP) and set `DARIO_API_KEY` to gate access.
+**My multi-agent workload is getting reclassified to overage even though dario template-replays per request. Why?**
+Because reclassification at high agent volume is not a per-request problem. Anthropic's classifier operates on cumulative per-OAuth-session behavioral aggregates — token throughput, conversation depth, streaming duration, inter-arrival timing, thinking-block volume. Dario can make each individual request indistinguishable from Claude Code and still hit this wall on a long-running agent session, because the wall isn't at the request level. Thorough diagnostic work on this was contributed by [@belangertrading](https://github.com/belangertrading) in [#23](https://github.com/askalf/dario/issues/23), including the per-request v3.4.3 and v3.4.5 hardening that landed as a result. For the session-layer shaping itself — multi-account pooling, session rotation, workload distribution that keeps any single account from concentrating the behavioral signal — that's what [askalf](https://askalf.org) is built for. Different layer, different tool.
 
 **Why "dario"?**
-Named after [Dario Amodei](https://en.wikipedia.org/wiki/Dario_Amodei), CEO of Anthropic.
-
-## Programmatic API
-
-Use dario as a library in your own Node.js app:
-
-```typescript
-import { startProxy, getAccessToken, getStatus } from "@askalf/dario";
-
-// Start the proxy programmatically
-await startProxy({ port: 3456, verbose: true });
-
-// Passthrough mode (OAuth swap only, no injection)
-await startProxy({ port: 3456, passthrough: true });
+It's a name, not an acronym. Don't overthink it.
 
-// Preserve-tools mode (keep client tool schemas)
-await startProxy({ port: 3456, preserveTools: true });
-
-// Or just get a raw access token
-const token = await getAccessToken();
-
-// Check token health
-const status = await getStatus();
-console.log(status.expiresIn); // "11h 42m"
-```
-
-## Trust & Transparency
-
-Dario handles your OAuth tokens. Here's why you can trust it:
-
-| Signal | Status |
-|--------|--------|
-| **Source code** | ~2,000 lines of TypeScript — small enough to audit in one sitting |
-| **Dependencies** | 0 runtime dependencies. Verify: `npm ls --production` |
-| **npm provenance** | Every release is [SLSA attested](https://www.npmjs.com/package/@askalf/dario) via GitHub Actions |
-| **Security scanning** | [CodeQL](https://github.com/askalf/dario/actions/workflows/codeql.yml) runs on every push and weekly |
-| **Credential handling** | Tokens never logged, redacted from errors, stored with 0600 permissions |
-| **Network scope** | Binds to 127.0.0.1 by default; `--host` / `DARIO_HOST` allows LAN/mesh exposure with `DARIO_API_KEY` gating. Upstream traffic goes exclusively to `api.anthropic.com` over HTTPS |
-| **No telemetry** | Zero analytics, tracking, or data collection of any kind |
-| **Audit trail** | [CHANGELOG.md](CHANGELOG.md) documents every release |
-| **Branch protection** | CI must pass before merge. CODEOWNERS enforces review |
+---
 
-Verify the npm package matches this repo:
+## Technical Deep Dives
 
-```bash
-# Check provenance attestation
-npm audit signatures 2>/dev/null; npm view @askalf/dario dist.integrity
+Longer-form writing on how dario works and why it works that way:
 
-# Check dependency tree (should be minimal)
-cd $(npm root -g)/@askalf/dario && npm ls --production
-```
+- [v3.0 Template Replay — why we stopped matching signals](https://github.com/askalf/dario/discussions/14)
+- [Claude Code defaults are detection signals, not optimizations](https://github.com/askalf/dario/discussions/13)
+- [Why Opus feels worse through other proxies and how to fix it](https://github.com/askalf/dario/discussions/9)
+- [Billing tag algorithm and fingerprint analysis](https://github.com/askalf/dario/discussions/8)
+- [Rate limit header analysis](https://github.com/askalf/dario/discussions/1)
 
-## Technical Deep Dives
-
-| Topic | Link |
-|-------|------|
-| v3.0 Template Replay — why we stopped matching signals | [Discussion 14](https://github.com/askalf/dario/discussions/14) |
-| Claude Code defaults are detection signals, not optimizations | [Discussion 13](https://github.com/askalf/dario/discussions/13) |
-| Why Opus feels worse through other proxies and how to fix it | [Discussion 9](https://github.com/askalf/dario/discussions/9) |
-| Billing tag algorithm and fingerprint analysis | [Discussion 8](https://github.com/askalf/dario/discussions/8) |
-| Rate limit header analysis | [Discussion 1](https://github.com/askalf/dario/discussions/1) |
+---
 
 ## Contributing
 
 PRs welcome. The codebase is ~2,000 lines of TypeScript across 7 files:
 
 | File | Purpose |
-|------|---------|
+|---|---|
 | `src/proxy.ts` | HTTP proxy server, rate governor, billing tag, response forwarding |
-| `src/cc-template.ts` | Template engine, tool mapping, orchestration sanitization |
+| `src/cc-template.ts` | Template engine, tool mapping, orchestration & framework scrubbing |
 | `src/cc-template-data.json` | CC request template data (25 tools, 25KB system prompt) |
-| `src/cc-oauth-detect.ts` | Auto-detect OAuth config from the installed CC binary |
-| `src/oauth.ts` | Token storage, PKCE flow, auto-refresh, credential detection |
+| `src/cc-oauth-detect.ts` | OAuth config auto-detection from the installed CC binary |
+| `src/oauth.ts` | Token storage, PKCE flow, auto-refresh |
 | `src/cli.ts` | CLI entry point, command routing, Bun auto-relaunch |
 | `src/index.ts` | Library exports |
 
@@ -667,15 +405,20 @@ PRs welcome. The codebase is ~2,000 lines of TypeScript across 7 files:
 git clone https://github.com/askalf/dario
 cd dario
 npm install
-npm run dev   # runs with tsx (no build needed)
+npm run dev   # runs with tsx, no build step
 ```
 
+---
+
 ## Contributors
 
 | Who | Contributions |
-|-----|---------------|
+|---|---|
 | [@GodsBoy](https://github.com/GodsBoy) | Proxy authentication, token redaction, error sanitization ([#2](https://github.com/askalf/dario/pull/2)) |
-| [@belangertrading](https://github.com/belangertrading) | Billing classification investigation ([#4](https://github.com/askalf/dario/issues/4)), billing reclassification root cause ([#7](https://github.com/askalf/dario/issues/7)) |
+| [@belangertrading](https://github.com/belangertrading) | Billing classification investigation ([#4](https://github.com/askalf/dario/issues/4)), cache_control fingerprinting ([#6](https://github.com/askalf/dario/issues/6)), billing reclassification root cause ([#7](https://github.com/askalf/dario/issues/7)), OAuth client_id discovery ([#12](https://github.com/askalf/dario/issues/12)), multi-agent session-level billing analysis ([#23](https://github.com/askalf/dario/issues/23)) |
+| [@nathan-widjaja](https://github.com/nathan-widjaja) | README positioning rewrite structure ([#21](https://github.com/askalf/dario/issues/21)) |
+
+---
 
 ## License
 

package/dist/cc-template.d.ts

@@ -15,6 +15,7 @@ export declare const CC_TOOL_DEFINITIONS: {
 export declare const CC_SYSTEM_PROMPT: string;
 /** CC's agent identity string. */
 export declare const CC_AGENT_IDENTITY: string;
+export declare function scrubFrameworkIdentifiers(text: string): string;
 /** Client tool name → CC tool mapping with parameter translation. */
 interface ToolMapping {
     ccTool: string;

package/dist/cc-template.js

@@ -17,6 +17,28 @@ export const CC_TOOL_DEFINITIONS = TEMPLATE.tools;
 export const CC_SYSTEM_PROMPT = TEMPLATE.system_prompt;
 /** CC's agent identity string. */
 export const CC_AGENT_IDENTITY = TEMPLATE.agent_identity;
+// Framework identifiers that would flag non-CC usage. Stripped from the system
+// prompt and from message content text blocks before the request goes upstream.
+const FRAMEWORK_PATTERNS = [
+    // Compound/hyphenated patterns run first so their halves can't be eaten
+    // by the simpler word-level patterns below.
+    /\b(roo[- ]?cline|big[- ]?agi|claude[- ]?bridge)\b/gi,
+    /\b(openclaw|hermes|aider|cursor|windsurf|cline|continue|copilot|cody)\b/gi,
+    /\b(librechat|typingmind)\b/gi,
+    /\b(openai|gpt-4|gpt-3\.5)\b/gi,
+    /powered by [a-z]+/gi,
+    /\bgateway\b/gi,
+    // OC's sessions_* tool-name prefix — flagged as a fingerprint in dario#23.
+    /\bsessions_[a-z_]+\b/gi,
+];
+export function scrubFrameworkIdentifiers(text) {
+    let result = text;
+    for (const pattern of FRAMEWORK_PATTERNS) {
+        pattern.lastIndex = 0;
+        result = result.replace(pattern, '');
+    }
+    return result;
+}
 const TOOL_MAP = {
     // Direct maps
     bash: { ccTool: 'Bash', translateArgs: (a) => ({ command: a.cmd || a.command || a.c || '' }) },
@@ -194,15 +216,31 @@ export function buildCCRequest(clientBody, billingTag, cache1h, identity, opts =
             .map(b => b.text)
             .join('\n\n');
     }
-    // Strip framework identifiers from system prompt that would flag non-CC usage
-    const FRAMEWORK_PATTERNS = [
-        /\b(openclaw|hermes|aider|cursor|windsurf|cline|continue|copilot|cody)\b/gi,
-        /\b(openai|gpt-4|gpt-3\.5)\b/gi,
-        /powered by [a-z]+/gi,
-        /\bgateway\b/gi,
-    ];
-    for (const pattern of FRAMEWORK_PATTERNS) {
-        systemText = systemText.replace(pattern, '');
+    systemText = scrubFrameworkIdentifiers(systemText);
+    // Also scrub framework identifiers from message content text blocks.
+    // Clients often inject their product name into user/tool messages as well,
+    // and the system-prompt-only scrub used to miss those.
+    for (const msg of messages) {
+        if (typeof msg.content === 'string') {
+            msg.content = scrubFrameworkIdentifiers(msg.content);
+        }
+        else if (Array.isArray(msg.content)) {
+            for (const block of msg.content) {
+                if (block.type === 'text' && typeof block.text === 'string') {
+                    block.text = scrubFrameworkIdentifiers(block.text);
+                }
+                if (block.type === 'tool_result' && typeof block.content === 'string') {
+                    block.content = scrubFrameworkIdentifiers(block.content);
+                }
+                if (block.type === 'tool_result' && Array.isArray(block.content)) {
+                    for (const sub of block.content) {
+                        if (sub.type === 'text' && typeof sub.text === 'string') {
+                            sub.text = scrubFrameworkIdentifiers(sub.text);
+                        }
+                    }
+                }
+            }
+        }
     }
     // ── Build the CC request from template ──
     // Key order matches CC v2.1.104 exactly:

package/dist/proxy.js

@@ -147,6 +147,7 @@ const ORCHESTRATION_TAG_NAMES = [
     'system-reminder', 'env', 'system_information', 'current_working_directory',
     'operating_system', 'default_shell', 'home_directory', 'task_metadata',
     'directories', 'thinking',
+    'agent_persona', 'agent_context', 'tool_context', 'persona', 'tool_call',
 ];
 const ORCHESTRATION_PATTERNS = ORCHESTRATION_TAG_NAMES.flatMap(tag => [
     new RegExp(`<${tag}\\b[^>]*>[\\s\\S]*?<\\/${tag}>`, 'gi'),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.4.4",
+  "version": "3.4.6",
   "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
   "type": "module",
   "bin": {