@askalf/dario 3.4.5 → 3.5.0

package/dist/cli.js

@@ -37,6 +37,7 @@ import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { startAutoOAuthFlow, getStatus, refreshTokens, loadCredentials } from './oauth.js';
 import { startProxy, sanitizeError } from './proxy.js';
+import { listAccountAliases, loadAllAccounts, addAccountViaOAuth, removeAccount } from './accounts.js';
 const args = process.argv.slice(2);
 const command = args[0] ?? 'proxy';
 async function login() {
@@ -142,6 +143,114 @@ async function proxy() {
     const model = modelArg ? modelArg.split('=')[1] : undefined;
     await startProxy({ port, host, verbose, model, passthrough, preserveTools });
 }
+async function accounts() {
+    const sub = args[1];
+    if (!sub || sub === 'list') {
+        const aliases = await listAccountAliases();
+        console.log('');
+        console.log('  dario — Accounts');
+        console.log('  ────────────────');
+        console.log('');
+        if (aliases.length === 0) {
+            console.log('  No multi-account pool configured.');
+            console.log('');
+            console.log('  Pool mode activates automatically when ~/.dario/accounts/');
+            console.log('  has 2+ entries. Add the first with:');
+            console.log('    dario accounts add <alias>');
+            console.log('');
+            console.log('  Single-account dario (the default) keeps working as-is');
+            console.log('  with ~/.dario/credentials.json — you do not need to');
+            console.log('  migrate unless you want pool routing across accounts.');
+            console.log('');
+            return;
+        }
+        const loaded = await loadAllAccounts();
+        const now = Date.now();
+        console.log(`  ${aliases.length} account${aliases.length === 1 ? '' : 's'} configured`);
+        if (aliases.length === 1) {
+            console.log('  (Pool mode needs 2+ accounts — single-account mode until another is added.)');
+        }
+        console.log('');
+        for (const a of loaded) {
+            const msLeft = Math.max(0, a.expiresAt - now);
+            const hours = Math.floor(msLeft / 3600000);
+            const mins = Math.floor((msLeft % 3600000) / 60000);
+            const expiry = msLeft > 0 ? `${hours}h ${mins}m` : 'expired';
+            console.log(`    ${a.alias.padEnd(20)} token expires in ${expiry}`);
+        }
+        console.log('');
+        return;
+    }
+    if (sub === 'add') {
+        const alias = args[2];
+        if (!alias) {
+            console.error('');
+            console.error('  Usage: dario accounts add <alias>');
+            console.error('');
+            console.error('  <alias> is any label you want for the account (e.g. "work", "personal").');
+            console.error('');
+            process.exit(1);
+        }
+        if (!/^[a-zA-Z0-9._-]+$/.test(alias)) {
+            console.error('[dario] Invalid alias. Use letters, numbers, dot, underscore, dash only.');
+            process.exit(1);
+        }
+        const existing = await listAccountAliases();
+        if (existing.includes(alias)) {
+            console.error(`[dario] Account "${alias}" already exists. Remove it first with \`dario accounts remove ${alias}\`.`);
+            process.exit(1);
+        }
+        console.log('');
+        console.log(`  Adding account "${alias}" to the pool...`);
+        console.log('');
+        try {
+            const creds = await addAccountViaOAuth(alias);
+            const minutes = Math.round((creds.expiresAt - Date.now()) / 60000);
+            console.log('');
+            console.log(`  Account "${alias}" added.`);
+            console.log(`  Token expires in ${minutes} minutes (auto-refreshes in the background).`);
+            const total = (await listAccountAliases()).length;
+            if (total >= 2) {
+                console.log('');
+                console.log('  Pool mode is now active. Restart `dario proxy` to pick up the new account.');
+            }
+            else {
+                console.log('');
+                console.log('  Add at least one more account to activate pool routing:');
+                console.log('    dario accounts add <another-alias>');
+            }
+            console.log('');
+        }
+        catch (err) {
+            console.error('');
+            console.error(`  Failed to add account: ${sanitizeError(err)}`);
+            console.error('');
+            process.exit(1);
+        }
+        return;
+    }
+    if (sub === 'remove' || sub === 'rm') {
+        const alias = args[2];
+        if (!alias) {
+            console.error('');
+            console.error('  Usage: dario accounts remove <alias>');
+            console.error('');
+            process.exit(1);
+        }
+        const ok = await removeAccount(alias);
+        if (ok) {
+            console.log(`[dario] Account "${alias}" removed.`);
+        }
+        else {
+            console.error(`[dario] No account "${alias}" found.`);
+            process.exit(1);
+        }
+        return;
+    }
+    console.error(`[dario] Unknown accounts subcommand: ${sub}`);
+    console.error('Usage: dario accounts [list|add <alias>|remove <alias>]');
+    process.exit(1);
+}
 async function help() {
     console.log(`
   dario — Use your Claude subscription as an API.
@@ -152,6 +261,9 @@ async function help() {
     dario status             Check authentication status
     dario refresh            Force token refresh
     dario logout             Remove saved credentials
+    dario accounts list      List accounts in the multi-account pool
+    dario accounts add NAME  Add a new account to the pool (runs OAuth flow)
+    dario accounts remove N  Remove an account from the pool
 
   Proxy options:
     --model=MODEL            Force a model for all requests
@@ -206,6 +318,7 @@ const commands = {
     proxy,
     refresh,
     logout,
+    accounts,
     help,
     version,
     '--help': help,

package/dist/index.d.ts

@@ -7,3 +7,9 @@
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
 export type { OAuthTokens, CredentialsFile } from './oauth.js';
 export { startProxy, sanitizeError } from './proxy.js';
+export { AccountPool, parseRateLimits } from './pool.js';
+export type { PoolAccount, PoolStatus, RateLimitSnapshot, AccountIdentity } from './pool.js';
+export { listAccountAliases, loadAccount, loadAllAccounts, saveAccount, removeAccount, refreshAccountToken, addAccountViaOAuth, getAccountsDir, } from './accounts.js';
+export type { AccountCredentials } from './accounts.js';
+export { Analytics } from './analytics.js';
+export type { RequestRecord, AnalyticsSummary } from './analytics.js';

package/dist/index.js

@@ -6,3 +6,9 @@
  */
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
 export { startProxy, sanitizeError } from './proxy.js';
+// Multi-account pool API (pool activates automatically when ~/.dario/accounts/
+// contains 2+ accounts; see README for the progression from single-account
+// mode to pool mode).
+export { AccountPool, parseRateLimits } from './pool.js';
+export { listAccountAliases, loadAccount, loadAllAccounts, saveAccount, removeAccount, refreshAccountToken, addAccountViaOAuth, getAccountsDir, } from './accounts.js';
+export { Analytics } from './analytics.js';

package/dist/pool.d.ts

@@ -0,0 +1,68 @@
+export interface AccountIdentity {
+    deviceId: string;
+    accountUuid: string;
+    sessionId: string;
+}
+export interface RateLimitSnapshot {
+    status: string;
+    util5h: number;
+    util7d: number;
+    overageUtil: number;
+    claim: string;
+    reset: number;
+    fallbackPct: number;
+    updatedAt: number;
+}
+export declare const EMPTY_SNAPSHOT: RateLimitSnapshot;
+export interface PoolAccount {
+    alias: string;
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    identity: AccountIdentity;
+    rateLimit: RateLimitSnapshot;
+    requestCount: number;
+}
+export interface PoolStatus {
+    accounts: number;
+    healthy: number;
+    exhausted: number;
+    totalHeadroom: number;
+    bestAccount: string;
+    queued: number;
+}
+/** Parse an Anthropic response's rate-limit headers into a snapshot. */
+export declare function parseRateLimits(headers: Headers): RateLimitSnapshot;
+export declare class AccountPool {
+    private accounts;
+    private queue;
+    private queueMaxSize;
+    private queueTimeoutMs;
+    private drainTimer;
+    add(alias: string, opts: {
+        accessToken: string;
+        refreshToken: string;
+        expiresAt: number;
+        deviceId: string;
+        accountUuid: string;
+    }): void;
+    remove(alias: string): boolean;
+    get size(): number;
+    /** Select the best account for the next request. */
+    select(): PoolAccount | null;
+    /** Select the next-best account, excluding the given alias. */
+    selectExcluding(excludeAlias: string): PoolAccount | null;
+    updateRateLimits(alias: string, snapshot: RateLimitSnapshot): void;
+    markRejected(alias: string, snapshot: RateLimitSnapshot): void;
+    updateTokens(alias: string, accessToken: string, refreshToken: string, expiresAt: number): void;
+    get(alias: string): PoolAccount | undefined;
+    all(): PoolAccount[];
+    status(): PoolStatus;
+    /**
+     * Wait for an available account. If all accounts are exhausted, queues
+     * the request and resolves when an account becomes available via
+     * updateRateLimits reducing utilization below threshold.
+     */
+    waitForAccount(): Promise<PoolAccount>;
+    private drainQueue;
+}

package/dist/pool.js

@@ -0,0 +1,212 @@
+/**
+ * Account pool — rate limit tracking, headroom routing, failover.
+ *
+ * Activated automatically when `~/.dario/accounts/` contains 2+ accounts.
+ * Single-account dario (`~/.dario/credentials.json`) keeps the same code
+ * path it has always had; the pool only runs when there are multiple
+ * accounts to distribute against.
+ */
+import { randomUUID } from 'node:crypto';
+export const EMPTY_SNAPSHOT = {
+    status: 'unknown',
+    util5h: 0,
+    util7d: 0,
+    overageUtil: 0,
+    claim: 'unknown',
+    reset: 0,
+    fallbackPct: 0,
+    updatedAt: 0,
+};
+/** Parse an Anthropic response's rate-limit headers into a snapshot. */
+export function parseRateLimits(headers) {
+    const get = (key) => headers.get(`anthropic-ratelimit-unified-${key}`) ?? '';
+    return {
+        status: get('status') || 'unknown',
+        util5h: parseFloat(get('5h-utilization')) || 0,
+        util7d: parseFloat(get('7d-utilization')) || 0,
+        overageUtil: parseFloat(get('overage-utilization')) || 0,
+        claim: get('representative-claim') || 'unknown',
+        reset: parseInt(get('reset')) || 0,
+        fallbackPct: parseFloat(get('fallback-percentage')) || 0,
+        updatedAt: Date.now(),
+    };
+}
+export class AccountPool {
+    accounts = new Map();
+    queue = [];
+    queueMaxSize = 50;
+    queueTimeoutMs = 60_000;
+    drainTimer = null;
+    add(alias, opts) {
+        const existing = this.accounts.get(alias);
+        this.accounts.set(alias, {
+            alias,
+            accessToken: opts.accessToken,
+            refreshToken: opts.refreshToken,
+            expiresAt: opts.expiresAt,
+            identity: existing?.identity ?? {
+                deviceId: opts.deviceId,
+                accountUuid: opts.accountUuid,
+                sessionId: randomUUID(),
+            },
+            rateLimit: existing?.rateLimit ?? { ...EMPTY_SNAPSHOT },
+            requestCount: existing?.requestCount ?? 0,
+        });
+    }
+    remove(alias) {
+        return this.accounts.delete(alias);
+    }
+    get size() {
+        return this.accounts.size;
+    }
+    /** Select the best account for the next request. */
+    select() {
+        if (this.accounts.size === 0)
+            return null;
+        const now = Date.now();
+        const all = [...this.accounts.values()];
+        const eligible = all.filter(a => a.rateLimit.status !== 'rejected' &&
+            a.expiresAt > now + 30_000);
+        if (eligible.length > 0) {
+            return eligible.reduce((best, curr) => {
+                const bestHeadroom = 1 - Math.max(best.rateLimit.util5h, best.rateLimit.util7d);
+                const currHeadroom = 1 - Math.max(curr.rateLimit.util5h, curr.rateLimit.util7d);
+                return currHeadroom > bestHeadroom ? curr : best;
+            });
+        }
+        // All accounts exhausted — return the one with the earliest reset
+        const withReset = all.filter(a => a.rateLimit.reset > 0);
+        if (withReset.length > 0) {
+            return withReset.reduce((a, b) => a.rateLimit.reset < b.rateLimit.reset ? a : b);
+        }
+        // No rate-limit data at all — least-used first
+        return all.reduce((a, b) => a.requestCount < b.requestCount ? a : b);
+    }
+    /** Select the next-best account, excluding the given alias. */
+    selectExcluding(excludeAlias) {
+        if (this.accounts.size <= 1)
+            return null;
+        const now = Date.now();
+        const candidates = [...this.accounts.values()].filter(a => a.alias !== excludeAlias);
+        const eligible = candidates.filter(a => a.rateLimit.status !== 'rejected' &&
+            a.expiresAt > now + 30_000);
+        if (eligible.length > 0) {
+            return eligible.reduce((best, curr) => {
+                const bestHeadroom = 1 - Math.max(best.rateLimit.util5h, best.rateLimit.util7d);
+                const currHeadroom = 1 - Math.max(curr.rateLimit.util5h, curr.rateLimit.util7d);
+                return currHeadroom > bestHeadroom ? curr : best;
+            });
+        }
+        if (candidates.length > 0) {
+            return candidates.reduce((a, b) => a.requestCount < b.requestCount ? a : b);
+        }
+        return null;
+    }
+    updateRateLimits(alias, snapshot) {
+        const account = this.accounts.get(alias);
+        if (!account)
+            return;
+        account.rateLimit = snapshot;
+        account.requestCount++;
+    }
+    markRejected(alias, snapshot) {
+        const account = this.accounts.get(alias);
+        if (!account)
+            return;
+        account.rateLimit = { ...snapshot, status: 'rejected' };
+    }
+    updateTokens(alias, accessToken, refreshToken, expiresAt) {
+        const account = this.accounts.get(alias);
+        if (!account)
+            return;
+        account.accessToken = accessToken;
+        account.refreshToken = refreshToken;
+        account.expiresAt = expiresAt;
+    }
+    get(alias) {
+        return this.accounts.get(alias);
+    }
+    all() {
+        return [...this.accounts.values()];
+    }
+    status() {
+        const all = this.all();
+        const now = Date.now();
+        const healthy = all.filter(a => a.rateLimit.status !== 'rejected' &&
+            a.expiresAt > now + 30_000);
+        const headrooms = all.map(a => 1 - Math.max(a.rateLimit.util5h, a.rateLimit.util7d));
+        const avgHeadroom = headrooms.length > 0 ? headrooms.reduce((a, b) => a + b, 0) / headrooms.length : 0;
+        const best = this.select();
+        return {
+            accounts: all.length,
+            healthy: healthy.length,
+            exhausted: all.length - healthy.length,
+            totalHeadroom: Math.round(avgHeadroom * 100),
+            bestAccount: best?.alias ?? 'none',
+            queued: this.queue.length,
+        };
+    }
+    /**
+     * Wait for an available account. If all accounts are exhausted, queues
+     * the request and resolves when an account becomes available via
+     * updateRateLimits reducing utilization below threshold.
+     */
+    async waitForAccount() {
+        const immediate = this.select();
+        if (immediate) {
+            const headroom = 1 - Math.max(immediate.rateLimit.util5h, immediate.rateLimit.util7d);
+            if (headroom > 0.02)
+                return immediate;
+        }
+        if (this.queue.length >= this.queueMaxSize) {
+            throw new Error('Queue full — all accounts exhausted');
+        }
+        if (!this.drainTimer) {
+            this.drainTimer = setInterval(() => this.drainQueue(), 5_000);
+            this.drainTimer.unref();
+        }
+        return new Promise((resolve, reject) => {
+            const entry = { resolve, reject, enqueuedAt: Date.now() };
+            this.queue.push(entry);
+            setTimeout(() => {
+                const idx = this.queue.indexOf(entry);
+                if (idx >= 0) {
+                    this.queue.splice(idx, 1);
+                    reject(new Error('Queue timeout — no accounts available within 60s'));
+                }
+            }, this.queueTimeoutMs);
+        });
+    }
+    drainQueue() {
+        if (this.queue.length === 0) {
+            if (this.drainTimer) {
+                clearInterval(this.drainTimer);
+                this.drainTimer = null;
+            }
+            return;
+        }
+        const now = Date.now();
+        this.queue = this.queue.filter(entry => {
+            if (now - entry.enqueuedAt > this.queueTimeoutMs) {
+                entry.reject(new Error('Queue timeout — no accounts available within 60s'));
+                return false;
+            }
+            return true;
+        });
+        while (this.queue.length > 0) {
+            const account = this.select();
+            if (!account)
+                break;
+            const headroom = 1 - Math.max(account.rateLimit.util5h, account.rateLimit.util7d);
+            if (headroom <= 0.02)
+                break;
+            const entry = this.queue.shift();
+            if (entry)
+                entry.resolve(account);
+        }
+        if (this.queue.length === 0 && this.drainTimer) {
+            clearInterval(this.drainTimer);
+            this.drainTimer = null;
+        }
+    }
+}

package/dist/proxy.js

@@ -7,6 +7,9 @@ import { homedir } from 'node:os';
 import { arch, platform } from 'node:process';
 import { getAccessToken, getStatus } from './oauth.js';
 import { buildCCRequest, reverseMapResponse } from './cc-template.js';
+import { AccountPool, parseRateLimits } from './pool.js';
+import { Analytics } from './analytics.js';
+import { loadAllAccounts, loadAccount, refreshAccountToken } from './accounts.js';
 const ANTHROPIC_API = 'https://api.anthropic.com';
 const DEFAULT_PORT = 3456;
 const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB — generous for large prompts, prevents abuse
@@ -321,11 +324,59 @@ export async function startProxy(opts = {}) {
     const host = opts.host ?? process.env.DARIO_HOST ?? DEFAULT_HOST;
     const verbose = opts.verbose ?? false;
     const passthrough = opts.passthrough ?? false;
-    // Verify auth before starting
-    const status = await getStatus();
-    if (!status.authenticated) {
-        console.error('[dario] Not authenticated. Run `dario login` first.');
-        process.exit(1);
+    // Multi-account pool — activated when ~/.dario/accounts/ has 2+ entries.
+    // Single-account dario keeps its existing code path unchanged.
+    const accountsList = await loadAllAccounts();
+    const pool = accountsList.length >= 2 ? new AccountPool() : null;
+    const analytics = pool ? new Analytics() : null;
+    let status;
+    if (pool) {
+        for (const acc of accountsList) {
+            pool.add(acc.alias, {
+                accessToken: acc.accessToken,
+                refreshToken: acc.refreshToken,
+                expiresAt: acc.expiresAt,
+                deviceId: acc.deviceId,
+                accountUuid: acc.accountUuid,
+            });
+        }
+        console.log(`  Pool mode: ${accountsList.length} accounts loaded`);
+        // Background refresh — keep every account's token fresh without blocking requests
+        const refreshInterval = setInterval(async () => {
+            for (const acc of pool.all()) {
+                if (acc.expiresAt < Date.now() + 45 * 60 * 1000) {
+                    try {
+                        const saved = await loadAccount(acc.alias);
+                        if (!saved)
+                            continue;
+                        const refreshed = await refreshAccountToken(saved);
+                        pool.updateTokens(acc.alias, refreshed.accessToken, refreshed.refreshToken, refreshed.expiresAt);
+                    }
+                    catch (err) {
+                        console.error(`[dario] Background refresh failed for ${acc.alias}: ${err instanceof Error ? err.message : err}`);
+                    }
+                }
+            }
+        }, 15 * 60 * 1000);
+        refreshInterval.unref();
+        // Pool mode doesn't check single-account status — compute a placeholder
+        // for the startup banner using the pool's earliest expiry.
+        const earliest = Math.min(...pool.all().map(a => a.expiresAt));
+        const msLeft = Math.max(0, earliest - Date.now());
+        status = {
+            authenticated: true,
+            status: 'healthy',
+            expiresAt: earliest,
+            expiresIn: `${Math.floor(msLeft / 3600000)}h ${Math.floor((msLeft % 3600000) / 60000)}m`,
+        };
+    }
+    else {
+        // Single-account mode — existing auth check
+        status = await getStatus();
+        if (!status.authenticated) {
+            console.error('[dario] Not authenticated. Run `dario login` first.');
+            process.exit(1);
+        }
     }
     const cliVersion = detectCliVersion();
     const modelOverride = opts.model ? (MODEL_ALIASES[opts.model] ?? opts.model) : null;
@@ -433,6 +484,39 @@ export async function startProxy(opts = {}) {
             res.end(JSON.stringify(s));
             return;
         }
+        // Pool status endpoint — shows loaded accounts, headroom, and the
+        // account that would be selected next. Read-only; mutation flows through
+        // the `dario accounts` CLI, not HTTP.
+        if (urlPath === '/accounts' && req.method === 'GET') {
+            if (!pool) {
+                res.writeHead(200, JSON_HEADERS);
+                res.end(JSON.stringify({ mode: 'single-account', accounts: 0 }));
+                return;
+            }
+            const accounts = pool.all().map(a => ({
+                alias: a.alias,
+                util5h: a.rateLimit.util5h,
+                util7d: a.rateLimit.util7d,
+                claim: a.rateLimit.claim,
+                status: a.rateLimit.status,
+                requestCount: a.requestCount,
+                expiresInMs: Math.max(0, a.expiresAt - Date.now()),
+            }));
+            res.writeHead(200, JSON_HEADERS);
+            res.end(JSON.stringify({ mode: 'pool', ...pool.status(), accounts }));
+            return;
+        }
+        // Analytics endpoint — request history + burn-rate summary (pool mode only).
+        if (urlPath === '/analytics' && req.method === 'GET') {
+            if (!analytics) {
+                res.writeHead(200, JSON_HEADERS);
+                res.end(JSON.stringify({ mode: 'single-account', note: 'Analytics are only collected in pool mode.' }));
+                return;
+            }
+            res.writeHead(200, JSON_HEADERS);
+            res.end(JSON.stringify(analytics.summary()));
+            return;
+        }
         if (urlPath === '/v1/models' && req.method === 'GET') {
             requestCount++;
             res.writeHead(200, { ...JSON_HEADERS, 'Access-Control-Allow-Origin': corsOrigin });
@@ -465,7 +549,26 @@ export async function startProxy(opts = {}) {
         let onClientClose = null;
         let upstreamAbortReason = null;
         try {
-            const accessToken = await getAccessToken();
+            // Pool mode: select an account by headroom. Single-account mode:
+            // fall through to getAccessToken() exactly as before. Request-path
+            // 429 failover (retry with the next-best account before returning a
+            // rate-limit error to the client) lands in v3.5.1 — this release
+            // ships the pool scaffolding and headroom-aware selection across
+            // requests, not within a single 429 retry.
+            let poolAccount = null;
+            let accessToken;
+            if (pool) {
+                poolAccount = pool.select();
+                if (!poolAccount) {
+                    res.writeHead(503, JSON_HEADERS);
+                    res.end(JSON.stringify({ error: 'No accounts available in pool' }));
+                    return;
+                }
+                accessToken = poolAccount.accessToken;
+            }
+            else {
+                accessToken = await getAccessToken();
+            }
             // Read request body with size limit and timeout (prevents slow-loris)
             const chunks = [];
             let totalBytes = 0;
@@ -511,7 +614,10 @@ export async function startProxy(opts = {}) {
                         const fullVersion = `${cliVersion}.${buildTag}`;
                         const billingTag = `x-anthropic-billing-header: cc_version=${fullVersion}; cc_entrypoint=cli; cch=${cch};`;
                         const CACHE_1H = { type: 'ephemeral', ttl: '1h' };
-                        const { body: ccBody, toolMap } = buildCCRequest(r, billingTag, CACHE_1H, { deviceId: identity.deviceId, accountUuid: identity.accountUuid, sessionId: SESSION_ID }, { preserveTools: opts.preserveTools ?? false });
+                        const bodyIdentity = poolAccount
+                            ? poolAccount.identity
+                            : { deviceId: identity.deviceId, accountUuid: identity.accountUuid, sessionId: SESSION_ID };
+                        const { body: ccBody, toolMap } = buildCCRequest(r, billingTag, CACHE_1H, bodyIdentity, { preserveTools: opts.preserveTools ?? false });
                         // Store tool map for response reverse-mapping
                         ccToolMap = toolMap;
                         // Replace request body entirely with CC template
@@ -555,12 +661,16 @@ export async function startProxy(opts = {}) {
                 await new Promise(r => setTimeout(r, MIN_REQUEST_INTERVAL_MS - elapsed));
             }
             lastRequestTime = Date.now();
-            // Rotate session ID per request — fresh UUID avoids persistent-session fingerprinting
-            SESSION_ID = randomUUID();
+            // Rotate session ID per request — fresh UUID avoids persistent-session fingerprinting.
+            // Pool mode uses the per-account identity.sessionId which is stable across
+            // a given account's lifetime; single-account mode rotates per request.
+            if (!poolAccount)
+                SESSION_ID = randomUUID();
+            const outboundSessionId = poolAccount ? poolAccount.identity.sessionId : SESSION_ID;
             const headers = {
                 ...staticHeaders,
                 'Authorization': `Bearer ${accessToken}`,
-                'x-claude-code-session-id': SESSION_ID,
+                'x-claude-code-session-id': outboundSessionId,
                 'anthropic-version': passthrough ? (req.headers['anthropic-version'] || '2023-06-01') : '2023-06-01',
                 'anthropic-beta': beta,
                 'x-client-request-id': randomUUID(),
@@ -595,6 +705,18 @@ export async function startProxy(opts = {}) {
                 body: finalBody ? new Uint8Array(finalBody) : undefined,
                 signal: upstreamAbort.signal,
             });
+            // Pool mode: capture rate-limit snapshot from the response. parseRateLimits
+            // returns status='rejected' on 429, which makes the next `select()` call
+            // route traffic away from this account until it resets.
+            if (pool && poolAccount) {
+                const snapshot = parseRateLimits(upstream.headers);
+                if (upstream.status === 429) {
+                    pool.markRejected(poolAccount.alias, snapshot);
+                }
+                else {
+                    pool.updateRateLimits(poolAccount.alias, snapshot);
+                }
+            }
             // Auto-retry without context-1m if it triggers a long-context billing error.
             // Anthropic returns this as either 400 ("long context beta is not yet available
             // for this subscription") or 429 ("Extra usage is required for long context
@@ -622,6 +744,16 @@ export async function startProxy(opts = {}) {
                     // Use the retry response from here on — peeked body is now stale
                     upstream = retry;
                     peekedBody = null;
+                    // Pool mode: re-capture after the context-1m retry as the snapshot may have changed.
+                    if (pool && poolAccount) {
+                        const retrySnapshot = parseRateLimits(upstream.headers);
+                        if (upstream.status === 429) {
+                            pool.markRejected(poolAccount.alias, retrySnapshot);
+                        }
+                        else {
+                            pool.updateRateLimits(poolAccount.alias, retrySnapshot);
+                        }
+                    }
                 }
                 else if (upstream.status === 429) {
                     // Not a context-1m issue — return enriched 429 directly

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.4.5",
+  "version": "3.5.0",
   "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
   "type": "module",
   "bin": {