@askalf/dario 3.4.6 → 3.6.0

package/dist/analytics.js

@@ -0,0 +1,198 @@
+/**
+ * Token analytics — per-request billing tracking, utilization trends,
+ * window exhaustion predictions, cost estimation.
+ *
+ * In-memory rolling window; exposed via the /analytics endpoint when
+ * pool mode is active.
+ */
+// Anthropic pricing (per 1M tokens, USD). Not authoritative — used for
+// rough burn-rate display in the /analytics summary.
+const PRICING = {
+    'claude-opus-4-6': { input: 15, output: 75, cacheRead: 1.5, cacheCreate: 18.75 },
+    'claude-sonnet-4-6': { input: 3, output: 15, cacheRead: 0.3, cacheCreate: 3.75 },
+    'claude-haiku-4-5': { input: 0.8, output: 4, cacheRead: 0.08, cacheCreate: 1 },
+};
+function estimateCost(record) {
+    const p = PRICING[record.model] ?? PRICING['claude-sonnet-4-6'];
+    return ((record.inputTokens * p.input) +
+        (record.outputTokens * p.output) +
+        (record.cacheReadTokens * p.cacheRead) +
+        (record.cacheCreateTokens * p.cacheCreate)) / 1_000_000;
+}
+export class Analytics {
+    records = [];
+    maxRecords;
+    constructor(maxRecords = 10_000) {
+        this.maxRecords = maxRecords;
+    }
+    record(r) {
+        this.records.push(r);
+        if (this.records.length > this.maxRecords) {
+            this.records = this.records.slice(-this.maxRecords);
+        }
+    }
+    /** Parse usage from a non-streaming Anthropic response body. */
+    static parseUsage(body) {
+        const u = body.usage;
+        const content = body.content;
+        const thinkingChars = content
+            ?.filter(b => b.type === 'thinking')
+            .reduce((s, b) => s + (b.thinking?.length ?? 0), 0) ?? 0;
+        const thinkingTokens = Math.round(thinkingChars / 4);
+        return {
+            inputTokens: u?.input_tokens ?? 0,
+            outputTokens: u?.output_tokens ?? 0,
+            cacheReadTokens: u?.cache_read_input_tokens ?? 0,
+            cacheCreateTokens: u?.cache_creation_input_tokens ?? 0,
+            thinkingTokens,
+            model: body.model ?? 'unknown',
+        };
+    }
+    summary(windowMinutes = 60) {
+        const cutoff = Date.now() - windowMinutes * 60_000;
+        const recent = this.records.filter(r => r.timestamp >= cutoff);
+        const allTime = this.records;
+        return {
+            window: {
+                minutes: windowMinutes,
+                requests: recent.length,
+                ...this.computeStats(recent),
+            },
+            allTime: {
+                requests: allTime.length,
+                ...this.computeStats(allTime),
+            },
+            perAccount: this.perAccountStats(recent),
+            perModel: this.perModelStats(recent),
+            utilization: this.utilizationTrend(recent),
+            predictions: this.predict(recent),
+        };
+    }
+    computeStats(records) {
+        if (records.length === 0) {
+            return {
+                totalInputTokens: 0, totalOutputTokens: 0, totalThinkingTokens: 0,
+                estimatedCost: 0, avgLatencyMs: 0, errorRate: 0,
+                claimBreakdown: {},
+            };
+        }
+        const totalInput = records.reduce((s, r) => s + r.inputTokens, 0);
+        const totalOutput = records.reduce((s, r) => s + r.outputTokens, 0);
+        const totalThinking = records.reduce((s, r) => s + r.thinkingTokens, 0);
+        const cost = records.reduce((s, r) => s + estimateCost(r), 0);
+        const avgLatency = records.reduce((s, r) => s + r.latencyMs, 0) / records.length;
+        const errors = records.filter(r => r.status >= 400).length;
+        const claims = {};
+        for (const r of records) {
+            claims[r.claim] = (claims[r.claim] ?? 0) + 1;
+        }
+        return {
+            totalInputTokens: totalInput,
+            totalOutputTokens: totalOutput,
+            totalThinkingTokens: totalThinking,
+            estimatedCost: Math.round(cost * 10000) / 10000,
+            avgLatencyMs: Math.round(avgLatency),
+            errorRate: Math.round((errors / records.length) * 10000) / 10000,
+            claimBreakdown: claims,
+        };
+    }
+    perAccountStats(records) {
+        const grouped = {};
+        for (const r of records) {
+            (grouped[r.account] ??= []).push(r);
+        }
+        const result = {};
+        for (const [account, recs] of Object.entries(grouped)) {
+            const last = recs[recs.length - 1];
+            result[account] = {
+                requests: recs.length,
+                inputTokens: recs.reduce((s, r) => s + r.inputTokens, 0),
+                outputTokens: recs.reduce((s, r) => s + r.outputTokens, 0),
+                estimatedCost: Math.round(recs.reduce((s, r) => s + estimateCost(r), 0) * 10000) / 10000,
+                currentUtil5h: last.util5h,
+                currentUtil7d: last.util7d,
+                lastClaim: last.claim,
+            };
+        }
+        return result;
+    }
+    perModelStats(records) {
+        const grouped = {};
+        for (const r of records) {
+            (grouped[r.model] ??= []).push(r);
+        }
+        const result = {};
+        for (const [model, recs] of Object.entries(grouped)) {
+            result[model] = {
+                requests: recs.length,
+                avgInputTokens: Math.round(recs.reduce((s, r) => s + r.inputTokens, 0) / recs.length),
+                avgOutputTokens: Math.round(recs.reduce((s, r) => s + r.outputTokens, 0) / recs.length),
+                avgThinkingTokens: Math.round(recs.reduce((s, r) => s + r.thinkingTokens, 0) / recs.length),
+                estimatedCost: Math.round(recs.reduce((s, r) => s + estimateCost(r), 0) * 10000) / 10000,
+            };
+        }
+        return result;
+    }
+    utilizationTrend(records) {
+        if (records.length === 0)
+            return [];
+        const bucketMs = 5 * 60_000;
+        const buckets = new Map();
+        for (const r of records) {
+            const key = Math.floor(r.timestamp / bucketMs) * bucketMs;
+            const existing = buckets.get(key);
+            if (existing) {
+                existing.push(r);
+            }
+            else {
+                buckets.set(key, [r]);
+            }
+        }
+        return [...buckets.entries()]
+            .sort(([a], [b]) => a - b)
+            .map(([ts, recs]) => ({
+            timestamp: ts,
+            avgUtil5h: Math.round(recs.reduce((s, r) => s + r.util5h, 0) / recs.length * 100) / 100,
+            avgUtil7d: Math.round(recs.reduce((s, r) => s + r.util7d, 0) / recs.length * 100) / 100,
+            requests: recs.length,
+        }));
+    }
+    predict(records) {
+        if (records.length < 3) {
+            return { estimatedExhaustionMinutes: null, tokenBurnRate: 0, costBurnRate: 0 };
+        }
+        const sorted = [...records].sort((a, b) => a.timestamp - b.timestamp);
+        const first = sorted[0];
+        const last = sorted[sorted.length - 1];
+        const durationMin = (last.timestamp - first.timestamp) / 60_000;
+        if (durationMin < 1) {
+            return { estimatedExhaustionMinutes: null, tokenBurnRate: 0, costBurnRate: 0 };
+        }
+        const totalTokens = sorted.reduce((s, r) => s + r.inputTokens + r.outputTokens, 0);
+        const totalCost = sorted.reduce((s, r) => s + estimateCost(r), 0);
+        const tokenBurnRate = totalTokens / durationMin;
+        const costBurnRate = (totalCost / durationMin) * 60;
+        const currentUtil = last.util5h;
+        if (currentUtil >= 0.95) {
+            return {
+                estimatedExhaustionMinutes: 0,
+                tokenBurnRate: Math.round(tokenBurnRate),
+                costBurnRate: Math.round(costBurnRate * 100) / 100,
+            };
+        }
+        const utilGrowthRate = (last.util5h - first.util5h) / durationMin;
+        if (utilGrowthRate <= 0) {
+            return {
+                estimatedExhaustionMinutes: null,
+                tokenBurnRate: Math.round(tokenBurnRate),
+                costBurnRate: Math.round(costBurnRate * 100) / 100,
+            };
+        }
+        const minutesToExhaustion = (1.0 - currentUtil) / utilGrowthRate;
+        return {
+            estimatedExhaustionMinutes: Math.round(minutesToExhaustion),
+            tokenBurnRate: Math.round(tokenBurnRate),
+            costBurnRate: Math.round(costBurnRate * 100) / 100,
+        };
+    }
+}

package/dist/cli.js

@@ -37,6 +37,8 @@ import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { startAutoOAuthFlow, getStatus, refreshTokens, loadCredentials } from './oauth.js';
 import { startProxy, sanitizeError } from './proxy.js';
+import { listAccountAliases, loadAllAccounts, addAccountViaOAuth, removeAccount } from './accounts.js';
+import { listBackends, saveBackend, removeBackend } from './openai-backend.js';
 const args = process.argv.slice(2);
 const command = args[0] ?? 'proxy';
 async function login() {
@@ -142,6 +144,204 @@ async function proxy() {
     const model = modelArg ? modelArg.split('=')[1] : undefined;
     await startProxy({ port, host, verbose, model, passthrough, preserveTools });
 }
+async function accounts() {
+    const sub = args[1];
+    if (!sub || sub === 'list') {
+        const aliases = await listAccountAliases();
+        console.log('');
+        console.log('  dario — Accounts');
+        console.log('  ────────────────');
+        console.log('');
+        if (aliases.length === 0) {
+            console.log('  No multi-account pool configured.');
+            console.log('');
+            console.log('  Pool mode activates automatically when ~/.dario/accounts/');
+            console.log('  has 2+ entries. Add the first with:');
+            console.log('    dario accounts add <alias>');
+            console.log('');
+            console.log('  Single-account dario (the default) keeps working as-is');
+            console.log('  with ~/.dario/credentials.json — you do not need to');
+            console.log('  migrate unless you want pool routing across accounts.');
+            console.log('');
+            return;
+        }
+        const loaded = await loadAllAccounts();
+        const now = Date.now();
+        console.log(`  ${aliases.length} account${aliases.length === 1 ? '' : 's'} configured`);
+        if (aliases.length === 1) {
+            console.log('  (Pool mode needs 2+ accounts — single-account mode until another is added.)');
+        }
+        console.log('');
+        for (const a of loaded) {
+            const msLeft = Math.max(0, a.expiresAt - now);
+            const hours = Math.floor(msLeft / 3600000);
+            const mins = Math.floor((msLeft % 3600000) / 60000);
+            const expiry = msLeft > 0 ? `${hours}h ${mins}m` : 'expired';
+            console.log(`    ${a.alias.padEnd(20)} token expires in ${expiry}`);
+        }
+        console.log('');
+        return;
+    }
+    if (sub === 'add') {
+        const alias = args[2];
+        if (!alias) {
+            console.error('');
+            console.error('  Usage: dario accounts add <alias>');
+            console.error('');
+            console.error('  <alias> is any label you want for the account (e.g. "work", "personal").');
+            console.error('');
+            process.exit(1);
+        }
+        if (!/^[a-zA-Z0-9._-]+$/.test(alias)) {
+            console.error('[dario] Invalid alias. Use letters, numbers, dot, underscore, dash only.');
+            process.exit(1);
+        }
+        const existing = await listAccountAliases();
+        if (existing.includes(alias)) {
+            console.error(`[dario] Account "${alias}" already exists. Remove it first with \`dario accounts remove ${alias}\`.`);
+            process.exit(1);
+        }
+        console.log('');
+        console.log(`  Adding account "${alias}" to the pool...`);
+        console.log('');
+        try {
+            const creds = await addAccountViaOAuth(alias);
+            const minutes = Math.round((creds.expiresAt - Date.now()) / 60000);
+            console.log('');
+            console.log(`  Account "${alias}" added.`);
+            console.log(`  Token expires in ${minutes} minutes (auto-refreshes in the background).`);
+            const total = (await listAccountAliases()).length;
+            if (total >= 2) {
+                console.log('');
+                console.log('  Pool mode is now active. Restart `dario proxy` to pick up the new account.');
+            }
+            else {
+                console.log('');
+                console.log('  Add at least one more account to activate pool routing:');
+                console.log('    dario accounts add <another-alias>');
+            }
+            console.log('');
+        }
+        catch (err) {
+            console.error('');
+            console.error(`  Failed to add account: ${sanitizeError(err)}`);
+            console.error('');
+            process.exit(1);
+        }
+        return;
+    }
+    if (sub === 'remove' || sub === 'rm') {
+        const alias = args[2];
+        if (!alias) {
+            console.error('');
+            console.error('  Usage: dario accounts remove <alias>');
+            console.error('');
+            process.exit(1);
+        }
+        const ok = await removeAccount(alias);
+        if (ok) {
+            console.log(`[dario] Account "${alias}" removed.`);
+        }
+        else {
+            console.error(`[dario] No account "${alias}" found.`);
+            process.exit(1);
+        }
+        return;
+    }
+    console.error(`[dario] Unknown accounts subcommand: ${sub}`);
+    console.error('Usage: dario accounts [list|add <alias>|remove <alias>]');
+    process.exit(1);
+}
+async function backend() {
+    const sub = args[1];
+    if (!sub || sub === 'list') {
+        const all = await listBackends();
+        console.log('');
+        console.log('  dario — Backends');
+        console.log('  ────────────────');
+        console.log('');
+        if (all.length === 0) {
+            console.log('  No secondary backends configured.');
+            console.log('');
+            console.log('  Dario\'s Claude subscription path runs unchanged. To add an');
+            console.log('  OpenAI-compat backend (OpenAI, OpenRouter, Groq, local LiteLLM,');
+            console.log('  etc.), run:');
+            console.log('    dario backend add openai --key=sk-...');
+            console.log('    dario backend add openai --key=sk-... --base-url=https://api.groq.com/openai/v1');
+            console.log('');
+            return;
+        }
+        console.log(`  ${all.length} backend${all.length === 1 ? '' : 's'} configured`);
+        console.log('');
+        for (const b of all) {
+            const redacted = b.apiKey.length > 8
+                ? `${b.apiKey.slice(0, 3)}...${b.apiKey.slice(-4)}`
+                : '***';
+            console.log(`    ${b.name.padEnd(16)} ${b.provider.padEnd(10)} ${b.baseUrl.padEnd(40)} ${redacted}`);
+        }
+        console.log('');
+        return;
+    }
+    if (sub === 'add') {
+        const name = args[2];
+        if (!name || name.startsWith('--')) {
+            console.error('');
+            console.error('  Usage: dario backend add <name> --key=<api-key> [--base-url=<url>]');
+            console.error('');
+            console.error('  Examples:');
+            console.error('    dario backend add openai --key=sk-proj-...');
+            console.error('    dario backend add groq   --key=gsk_... --base-url=https://api.groq.com/openai/v1');
+            console.error('    dario backend add openrouter --key=sk-or-... --base-url=https://openrouter.ai/api/v1');
+            console.error('');
+            process.exit(1);
+        }
+        if (!/^[a-zA-Z0-9._-]+$/.test(name)) {
+            console.error('[dario] Invalid backend name. Use letters, numbers, dot, underscore, dash only.');
+            process.exit(1);
+        }
+        const keyArg = args.find(a => a.startsWith('--key='));
+        const baseUrlArg = args.find(a => a.startsWith('--base-url='));
+        const apiKey = keyArg ? keyArg.split('=').slice(1).join('=') : '';
+        const baseUrl = baseUrlArg ? baseUrlArg.split('=').slice(1).join('=') : 'https://api.openai.com/v1';
+        if (!apiKey) {
+            console.error('[dario] --key=<api-key> is required.');
+            process.exit(1);
+        }
+        const creds = {
+            provider: 'openai', // v3.6.0: only openai-compat backends are supported
+            name,
+            apiKey,
+            baseUrl,
+        };
+        await saveBackend(creds);
+        console.log('');
+        console.log(`  Backend "${name}" added (openai-compat, ${baseUrl}).`);
+        console.log('  Restart \`dario proxy\` to pick up the new routing.');
+        console.log('');
+        return;
+    }
+    if (sub === 'remove' || sub === 'rm') {
+        const name = args[2];
+        if (!name) {
+            console.error('');
+            console.error('  Usage: dario backend remove <name>');
+            console.error('');
+            process.exit(1);
+        }
+        const ok = await removeBackend(name);
+        if (ok) {
+            console.log(`[dario] Backend "${name}" removed.`);
+        }
+        else {
+            console.error(`[dario] No backend "${name}" found.`);
+            process.exit(1);
+        }
+        return;
+    }
+    console.error(`[dario] Unknown backend subcommand: ${sub}`);
+    console.error('Usage: dario backend [list|add <name> --key=...|remove <name>]');
+    process.exit(1);
+}
 async function help() {
     console.log(`
   dario — Use your Claude subscription as an API.
@@ -152,6 +352,13 @@ async function help() {
     dario status             Check authentication status
     dario refresh            Force token refresh
     dario logout             Remove saved credentials
+    dario accounts list      List accounts in the multi-account pool
+    dario accounts add NAME  Add a new account to the pool (runs OAuth flow)
+    dario accounts remove N  Remove an account from the pool
+    dario backend list       List configured OpenAI-compat backends
+    dario backend add NAME --key=sk-... [--base-url=...]
+                             Add an OpenAI-compat backend (OpenAI, OpenRouter, Groq, etc.)
+    dario backend remove N   Remove an OpenAI-compat backend
 
   Proxy options:
     --model=MODEL            Force a model for all requests
@@ -206,6 +413,8 @@ const commands = {
     proxy,
     refresh,
     logout,
+    accounts,
+    backend,
     help,
     version,
     '--help': help,

package/dist/index.d.ts

@@ -7,3 +7,11 @@
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
 export type { OAuthTokens, CredentialsFile } from './oauth.js';
 export { startProxy, sanitizeError } from './proxy.js';
+export { AccountPool, parseRateLimits } from './pool.js';
+export type { PoolAccount, PoolStatus, RateLimitSnapshot, AccountIdentity } from './pool.js';
+export { listAccountAliases, loadAccount, loadAllAccounts, saveAccount, removeAccount, refreshAccountToken, addAccountViaOAuth, getAccountsDir, } from './accounts.js';
+export type { AccountCredentials } from './accounts.js';
+export { Analytics } from './analytics.js';
+export type { RequestRecord, AnalyticsSummary } from './analytics.js';
+export { listBackends, saveBackend, removeBackend, getOpenAIBackend, isOpenAIModel, } from './openai-backend.js';
+export type { BackendCredentials } from './openai-backend.js';

package/dist/index.js

@@ -6,3 +6,14 @@
  */
 export { startAutoOAuthFlow, refreshTokens, getAccessToken, getStatus, loadCredentials } from './oauth.js';
 export { startProxy, sanitizeError } from './proxy.js';
+// Multi-account pool API (pool activates automatically when ~/.dario/accounts/
+// contains 2+ accounts; see README for the progression from single-account
+// mode to pool mode).
+export { AccountPool, parseRateLimits } from './pool.js';
+export { listAccountAliases, loadAccount, loadAllAccounts, saveAccount, removeAccount, refreshAccountToken, addAccountViaOAuth, getAccountsDir, } from './accounts.js';
+export { Analytics } from './analytics.js';
+// Multi-provider backends (v3.6.0+). Secondary OpenAI-compat providers
+// (OpenAI, OpenRouter, Groq, local LiteLLM, etc.) configured via
+// `dario backend add`. The Claude subscription path is unchanged — these
+// are additional routes for non-Claude models.
+export { listBackends, saveBackend, removeBackend, getOpenAIBackend, isOpenAIModel, } from './openai-backend.js';

package/dist/openai-backend.d.ts

@@ -0,0 +1,19 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+export interface BackendCredentials {
+    provider: string;
+    name: string;
+    apiKey: string;
+    baseUrl: string;
+}
+export declare function listBackends(): Promise<BackendCredentials[]>;
+export declare function saveBackend(creds: BackendCredentials): Promise<void>;
+export declare function removeBackend(name: string): Promise<boolean>;
+/** Get the first openai-compat backend (v3.6.0 supports exactly one). */
+export declare function getOpenAIBackend(): Promise<BackendCredentials | null>;
+export declare function isOpenAIModel(model: string): boolean;
+/**
+ * Forward a client request to the configured OpenAI-compat backend.
+ * Pass-through: the client is already speaking OpenAI format, we just swap
+ * the API key and the target URL. No template, no identity, no scrubbing.
+ */
+export declare function forwardToOpenAI(req: IncomingMessage, res: ServerResponse, body: Buffer, backend: BackendCredentials, corsOrigin: string, securityHeaders: Record<string, string>, upstreamTimeoutMs: number, verbose: boolean): Promise<void>;

package/dist/openai-backend.js

@@ -0,0 +1,170 @@
+/**
+ * OpenAI-compatible backend.
+ *
+ * When `dario backend add openai --key=sk-...` has been run, requests to
+ * `/v1/chat/completions` with a GPT-style model name are forwarded to the
+ * configured OpenAI-compat endpoint instead of being routed through the
+ * Claude template path. The Claude backend is unchanged.
+ *
+ * The `--base-url` flag is accepted so the same command works for any
+ * OpenAI-compatible provider (OpenAI, OpenRouter, Groq, LiteLLM, a local
+ * Ollama exposing OpenAI compat, etc.). Only one openai-compat backend can
+ * be active at a time in v3.6.0; multi-backend-per-provider routing lands
+ * in a follow-up release.
+ */
+import { readFile, writeFile, mkdir, unlink, readdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+const DARIO_DIR = join(homedir(), '.dario');
+const BACKENDS_DIR = join(DARIO_DIR, 'backends');
+async function ensureDir() {
+    await mkdir(BACKENDS_DIR, { recursive: true, mode: 0o700 });
+}
+export async function listBackends() {
+    try {
+        await ensureDir();
+        const files = await readdir(BACKENDS_DIR);
+        const jsonFiles = files.filter(f => f.endsWith('.json'));
+        const results = [];
+        for (const f of jsonFiles) {
+            try {
+                const raw = await readFile(join(BACKENDS_DIR, f), 'utf-8');
+                results.push(JSON.parse(raw));
+            }
+            catch { /* skip unreadable */ }
+        }
+        return results;
+    }
+    catch {
+        return [];
+    }
+}
+export async function saveBackend(creds) {
+    await ensureDir();
+    const path = join(BACKENDS_DIR, `${creds.name}.json`);
+    await writeFile(path, JSON.stringify(creds, null, 2), { mode: 0o600 });
+}
+export async function removeBackend(name) {
+    const path = join(BACKENDS_DIR, `${name}.json`);
+    try {
+        await unlink(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Get the first openai-compat backend (v3.6.0 supports exactly one). */
+export async function getOpenAIBackend() {
+    const all = await listBackends();
+    return all.find(b => b.provider === 'openai') ?? null;
+}
+// Model names that should route to the OpenAI backend when one is configured.
+// Deliberately narrow — OpenAI and reasoning-series only. Custom GPT-shaped
+// names from other providers (llama-*, mixtral-*) don't match by default;
+// users pass them through as-is on the OpenAI-compat endpoint and they'll
+// reach the configured baseUrl, which is correct for OpenRouter/Groq/etc.
+const OPENAI_MODEL_PATTERNS = [
+    /^gpt-/i,
+    /^o1-/i,
+    /^o3-/i,
+    /^o4-/i,
+    /^chatgpt-/i,
+    /^text-davinci/i,
+    /^text-embedding-/i,
+];
+export function isOpenAIModel(model) {
+    return OPENAI_MODEL_PATTERNS.some(p => p.test(model));
+}
+/**
+ * Forward a client request to the configured OpenAI-compat backend.
+ * Pass-through: the client is already speaking OpenAI format, we just swap
+ * the API key and the target URL. No template, no identity, no scrubbing.
+ */
+export async function forwardToOpenAI(req, res, body, backend, corsOrigin, securityHeaders, upstreamTimeoutMs, verbose) {
+    const target = `${backend.baseUrl.replace(/\/$/, '')}/chat/completions`;
+    const clientBeta = req.headers['anthropic-beta'];
+    // Headers: drop anything Anthropic-specific, keep only the essentials
+    // OpenAI-compat endpoints care about. Streaming is driven by the body, not
+    // a header, so we don't need to parse it here.
+    const headers = {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${backend.apiKey}`,
+        'Accept': req.headers.accept?.toString() ?? 'application/json',
+    };
+    // Some openai-compat providers (OpenRouter) want their own custom headers
+    // for attribution. If the client sent an x-title or http-referer, forward
+    // those through so the upstream provider sees them.
+    for (const h of ['x-title', 'http-referer', 'x-openrouter-app']) {
+        const v = req.headers[h];
+        if (typeof v === 'string')
+            headers[h] = v;
+    }
+    // Drop Anthropic-specific headers entirely
+    void clientBeta;
+    const abort = new AbortController();
+    const timeout = setTimeout(() => abort.abort(), upstreamTimeoutMs);
+    try {
+        if (verbose) {
+            console.log(`[dario] → openai backend: ${target}`);
+        }
+        const upstream = await fetch(target, {
+            method: 'POST',
+            headers,
+            body: body.length > 0 ? new Uint8Array(body) : undefined,
+            signal: abort.signal,
+        });
+        const respHeaders = {
+            'Content-Type': upstream.headers.get('content-type') ?? 'application/json',
+            'Access-Control-Allow-Origin': corsOrigin,
+            ...securityHeaders,
+        };
+        // Forward rate-limit + request-id headers from the upstream
+        for (const [key, value] of upstream.headers.entries()) {
+            if (key.startsWith('x-ratelimit') ||
+                key.startsWith('openai-') ||
+                key === 'request-id' ||
+                key === 'x-request-id') {
+                respHeaders[key] = value;
+            }
+        }
+        res.writeHead(upstream.status, respHeaders);
+        if (upstream.body) {
+            const reader = upstream.body.getReader();
+            try {
+                while (true) {
+                    const { done, value } = await reader.read();
+                    if (done)
+                        break;
+                    if (value)
+                        res.write(Buffer.from(value));
+                }
+            }
+            finally {
+                reader.releaseLock();
+            }
+        }
+        res.end();
+    }
+    catch (err) {
+        clearTimeout(timeout);
+        if (!res.headersSent) {
+            res.writeHead(502, { 'Content-Type': 'application/json', ...securityHeaders });
+            res.end(JSON.stringify({
+                error: 'Upstream OpenAI-compat backend error',
+                message: err instanceof Error ? err.message : String(err),
+                backend: backend.name,
+            }));
+        }
+        else {
+            try {
+                res.end();
+            }
+            catch { /* already closed */ }
+        }
+        return;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}