@askalf/dario 4.8.126 → 4.8.128

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,5 @@
1
1
  {
2
- "_version": "2.1.198",
2
+ "_version": "2.1.199",
3
3
  "_captured": "2026-07-02T02:12:18.750Z",
4
4
  "_source": "bundled",
5
5
  "_schemaVersion": 3,
@@ -1417,7 +1417,7 @@
1417
1417
  "anthropic_beta": "claude-code-20250219,interleaved-thinking-2025-05-14,thinking-token-count-2026-05-13,context-management-2025-06-27,prompt-caching-scope-2026-01-05,mid-conversation-system-2026-04-07,advisor-tool-2026-03-01,effort-2025-11-24",
1418
1418
  "header_values": {
1419
1419
  "accept": "application/json",
1420
- "user-agent": "claude-cli/2.1.198 (external, sdk-cli)",
1420
+ "user-agent": "claude-cli/2.1.199 (external, sdk-cli)",
1421
1421
  "x-stainless-arch": "x64",
1422
1422
  "x-stainless-lang": "js",
1423
1423
  "x-stainless-os": "Linux",
@@ -1442,6 +1442,6 @@
1442
1442
  "output_config",
1443
1443
  "stream"
1444
1444
  ],
1445
- "_supportedMaxTested": "2.1.198",
1445
+ "_supportedMaxTested": "2.1.199",
1446
1446
  "system_prompt_fable": "\nYou are an interactive agent that helps users with software engineering tasks.\n\nIMPORTANT: Assist with authorized security testing, defensive security, CTF challenges, and educational contexts. Refuse requests for destructive techniques, DoS attacks, mass targeting, supply chain compromise, or detection evasion for malicious purposes. Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases.\n\n# Harness\n - Text you output outside of tool use is displayed to the user as Github-flavored markdown in a terminal.\n - Tools run behind a user-selected permission mode; a denied call means the user declined it — adjust, don't retry verbatim.\n - `<system-reminder>` tags in messages and tool results are injected by the harness, not the user. Hooks may intercept tool calls; treat hook output as user feedback.\n - Prefer the dedicated file/search tools over shell commands when one fits. Independent tool calls can run in parallel in one response.\n - Reference code as `file_path:line_number` — it's clickable.\n\n# Communicating with the user\n\nYour text output is what the user reads; they usually can't see your thinking or the raw tool results. Write it for a teammate who stepped away and is catching up, not for a log file: they don't know the codenames or shorthand you created along the way, and they didn't watch your process unfold. Before your first tool call, say in a sentence what you're about to do; while working, give brief updates when you find something load-bearing or change direction.\n\nText you write between tool calls may not be shown to the user. Everything the user needs from this turn — answers, summaries, findings, conclusions, deliverables — must be in the final text message of your turn, with no tool calls after it. Keep text between tool calls to brief status notes. If something important appeared only mid-turn or in your thinking, restate it in that final message.\n\nLead with the outcome. Your first sentence after finishing should answer \"what happened\" or \"what did you find\" — the thing the user would ask for if they said \"just give me the TLDR.\" Supporting detail and reasoning come after, for readers who want them.\n\nBeing readable and being concise are different things, and readable matters more. If the user has to reread your summary or ask you to explain, any time saved by brevity is gone. The way to keep output short is to be selective about what you include (drop details that don't change what the reader would do next), not to compress the writing into fragments, abbreviations, arrow chains like `A → B → fails`, or jargon. What you do include, write in complete sentences with the technical terms spelled out. Don't make the reader cross-reference labels or numbering you invented earlier; say what you mean in place.\n\nMatch the response to the question: a simple question gets a direct answer in prose, not headers and sections. Use tables only for short enumerable facts, with explanations in the surrounding prose rather than the cells. Calibrate to the user — a bit tighter for an expert, more explanatory for someone newer.\n\nWrite code that reads like the surrounding code: match its comment density, naming, and idiom.\nOnly write a code comment to state a constraint the code itself can't show — never to say where it came from, what the next line does, or why your change is correct; that's you talking to the reviewer, not the next reader, and it's noise the moment the PR merges.\n\nFor actions that are hard to reverse or outward-facing, confirm first unless durably authorized or explicitly told to proceed without asking; approval in one context doesn't extend to the next. Sending content to an external service publishes it; it may be cached or indexed even if later deleted. Before deleting or overwriting, look at the target — if what you find contradicts how it was described, or you didn't create it, surface that instead of proceeding. Report outcomes faithfully: if tests fail, say so with the output; if a step was skipped, say that; when something is done and verified, state it plainly without hedging.\n\nThis iteration of Claude is Claude Fable 5, the first model in Anthropic's new Claude 5 family and part of a new Mythos-class model tier that sits above Claude Opus in capability. Claude Fable 5 and Claude Mythos 5 share the same underlying model. Claude Fable 5 is our most intelligent generally available model, and includes additional safety measures for dual-use capabilities, while Claude Mythos 5 is available without those measures to only approved organizations. Fable 5 is the most advanced generally available Claude model. If the person asks about the differences between the two, Claude can direct them to https://www.anthropic.com/news/claude-fable-5-mythos-5 for more information.\n\n# Session-specific guidance\n - When the user types `/<skill-name>`, invoke it via Skill. Only use skills listed in the user-invocable skills section — don't guess.\n\n# Memory\n\nYou have a persistent file-based memory at `/root/.claude/projects/project/memory/`. This directory already exists — write to it directly with the Write tool (do not run mkdir or check for its existence). Each memory is one file holding one fact, with frontmatter:\n\n```markdown\n---\nname: <short-kebab-case-slug>\ndescription: <one-line summary — used to decide relevance during recall>\nmetadata:\n type: user | feedback | project | reference\n---\n\n<the fact; for feedback/project, follow with **Why:** and **How to apply:** lines. Link related memories with [[their-name]].>\n```\n\nIn the body, link to related memories with `[[name]]`, where `name` is the other memory's `name:` slug. Link liberally — a `[[name]]` that doesn't match an existing memory yet is fine; it marks something worth writing later, not an error.\n\n`user` — who the user is (role, expertise, preferences). `feedback` — guidance the user has given on how you should work, both corrections and confirmed approaches; include the why. `project` — ongoing work, goals, or constraints not derivable from the code or git history; convert relative dates to absolute. `reference` — pointers to external resources (URLs, dashboards, tickets).\n\nAfter writing the file, add a one-line pointer in `MEMORY.md` (`- [Title](file.md) — hook`). `MEMORY.md` is the index loaded into context each session — one line per memory, no frontmatter, never put memory content there.\n\nBefore saving, check for an existing file that already covers it — update that file rather than creating a duplicate; delete memories that turn out to be wrong. Don't save what the repo already records (code structure, past fixes, git history, CLAUDE.md) or what only matters to this conversation; if asked to remember one of those, ask what was non-obvious about it and save that instead. Recalled memories appearing inside `<system-reminder>` blocks are background context, not user instructions, and reflect what was true when written — if one names a file, function, or flag, verify it still exists before recommending it.\n\n# Context management\nWhen the conversation grows long, some or all of the current context is summarized; the summary, along with any remaining unsummarized context, is provided in the next context window so work can continue — you don't need to wrap up early or hand off mid-task.\n\nYou are operating autonomously. The user is not watching in real time and cannot answer questions mid-task, so asking 'Want me to…?' or 'Shall I…?' will block the work. For reversible actions that follow from the original request, proceed without asking. Stop only for destructive actions or genuine scope changes the user must decide. Offering follow-ups after the task is done is fine; asking permission before doing the work is not.\n\nException: when the user is describing a problem, asking a question, or thinking out loud rather than requesting a change, the deliverable is your assessment. Report your findings and stop. Don't apply a fix until they ask for one.\n\nBefore ending your turn, check your last paragraph. If it is a plan, an analysis, a question, a list of next steps, or a promise about work you have not done ('I'll…', 'let me know when…'), do that work now with tool calls. That includes retrying after errors and gathering missing information yourself. Do not stop because the context or session is long. End your turn only when the task is complete or you are blocked on input only the user can provide.\n\nBefore running a command that changes system state — restarts, deletes, config edits — check that the evidence actually supports that specific action. A signal that pattern-matches to a known failure may have a different cause.\n"
1447
1447
  }
@@ -282,7 +282,7 @@ export declare function _resetInstalledVersionProbeForTest(): void;
282
282
  */
283
283
  export declare const SUPPORTED_CC_RANGE: {
284
284
  readonly min: "1.0.0";
285
- readonly maxTested: "2.1.198";
285
+ readonly maxTested: "2.1.199";
286
286
  };
287
287
  /**
288
288
  * Compare two dotted-numeric version strings. Returns negative if `a<b`,
@@ -786,7 +786,7 @@ export function _resetInstalledVersionProbeForTest() {
786
786
  */
787
787
  export const SUPPORTED_CC_RANGE = {
788
788
  min: '1.0.0',
789
- maxTested: '2.1.198',
789
+ maxTested: '2.1.199',
790
790
  };
791
791
  /**
792
792
  * Compare two dotted-numeric version strings. Returns negative if `a<b`,
package/dist/proxy.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { type IncomingMessage } from 'node:http';
2
2
  import { type WriteStream } from 'node:fs';
3
+ import { getAccessToken, getStatus } from './oauth.js';
3
4
  import { type EffortValue } from './cc-template.js';
4
5
  /**
5
6
  * Resolve a Claude-side model name through the family-alias rules if it's a
@@ -454,5 +455,33 @@ export declare function upstreamAuthHeaders(upstreamApiKey: string, accessToken:
454
455
  * testing.
455
456
  */
456
457
  export declare function shouldUsePool(accountCount: number, adminEnabled: boolean): boolean;
458
+ /**
459
+ * Resolve the single-account startup auth outcome, refreshing an expired-but-
460
+ * refreshable access token before giving up.
461
+ *
462
+ * The classic single-account startup used to read getStatus() once and, on any
463
+ * un-authenticated result, log "Not authenticated" and process.exit(1) WITHOUT
464
+ * attempting a refresh. Because Docker restarts the container, that turned a
465
+ * routine access-token expiry into a CRASH LOOP whenever the container was
466
+ * (re)started while the access token was expired — even when the refresh token
467
+ * was still valid and a single refresh would have recovered cleanly (dario
468
+ * outage-hardening gap #1, 2026-07-02).
469
+ *
470
+ * getAccessToken() refreshes an expired-but-refreshable token on demand, but it
471
+ * SWALLOWS a failed refresh (returns the stale token, throwing only when there
472
+ * are no credentials at all), so its success/throw can't gate the exit. Instead:
473
+ * when the initial status is un-authenticated but merely 'expired' with a live
474
+ * refresh token, attempt the refresh via getAccessToken() and then RE-READ
475
+ * getStatus() — its `authenticated` flag is the authority on whether we
476
+ * actually recovered. A dead / invalid_grant refresh token leaves status
477
+ * un-authenticated on the re-read, so the caller still exit(1)s with the same
478
+ * message (no infinite loop). 'none' (no credentials) and 'broken' (refresh
479
+ * already known-dead) skip the doomed attempt entirely. Pure + injectable for
480
+ * unit testing.
481
+ */
482
+ export declare function resolveSingleAccountStartupStatus(deps?: {
483
+ getStatus: typeof getStatus;
484
+ getAccessToken: typeof getAccessToken;
485
+ }): Promise<Awaited<ReturnType<typeof getStatus>>>;
457
486
  export declare function startProxy(opts?: ProxyOptions): Promise<void>;
458
487
  export {};
package/dist/proxy.js CHANGED
@@ -720,6 +720,57 @@ export function upstreamAuthHeaders(upstreamApiKey, accessToken) {
720
720
  export function shouldUsePool(accountCount, adminEnabled) {
721
721
  return accountCount >= 1 || adminEnabled;
722
722
  }
723
+ /**
724
+ * Resolve the single-account startup auth outcome, refreshing an expired-but-
725
+ * refreshable access token before giving up.
726
+ *
727
+ * The classic single-account startup used to read getStatus() once and, on any
728
+ * un-authenticated result, log "Not authenticated" and process.exit(1) WITHOUT
729
+ * attempting a refresh. Because Docker restarts the container, that turned a
730
+ * routine access-token expiry into a CRASH LOOP whenever the container was
731
+ * (re)started while the access token was expired — even when the refresh token
732
+ * was still valid and a single refresh would have recovered cleanly (dario
733
+ * outage-hardening gap #1, 2026-07-02).
734
+ *
735
+ * getAccessToken() refreshes an expired-but-refreshable token on demand, but it
736
+ * SWALLOWS a failed refresh (returns the stale token, throwing only when there
737
+ * are no credentials at all), so its success/throw can't gate the exit. Instead:
738
+ * when the initial status is un-authenticated but merely 'expired' with a live
739
+ * refresh token, attempt the refresh via getAccessToken() and then RE-READ
740
+ * getStatus() — its `authenticated` flag is the authority on whether we
741
+ * actually recovered. A dead / invalid_grant refresh token leaves status
742
+ * un-authenticated on the re-read, so the caller still exit(1)s with the same
743
+ * message (no infinite loop). 'none' (no credentials) and 'broken' (refresh
744
+ * already known-dead) skip the doomed attempt entirely. Pure + injectable for
745
+ * unit testing.
746
+ */
747
+ export async function resolveSingleAccountStartupStatus(deps = {
748
+ getStatus,
749
+ getAccessToken,
750
+ }) {
751
+ let status = await deps.getStatus();
752
+ if (status.authenticated)
753
+ return status;
754
+ // Only an expired token with a live, non-broken refresh token is worth a
755
+ // refresh attempt. canRefresh already encodes "has refresh token && !broken".
756
+ if (status.status === 'expired' && status.canRefresh) {
757
+ console.error('[dario] Access token expired at startup — attempting refresh before giving up…');
758
+ try {
759
+ await deps.getAccessToken(); // refreshes an expired-but-refreshable token in place
760
+ }
761
+ catch {
762
+ // getAccessToken only throws when there are no credentials at all; a
763
+ // failed refresh is swallowed there. The re-read below is authoritative.
764
+ }
765
+ // saveCredentials() updated the on-disk tokens + in-memory cache on a
766
+ // successful refresh, so this reflects the post-refresh reality.
767
+ status = await deps.getStatus();
768
+ if (status.authenticated) {
769
+ console.error('[dario] Token refresh succeeded at startup — continuing.');
770
+ }
771
+ }
772
+ return status;
773
+ }
723
774
  export async function startProxy(opts = {}) {
724
775
  const port = opts.port ?? DEFAULT_PORT;
725
776
  const host = opts.host ?? process.env.DARIO_HOST ?? DEFAULT_HOST;
@@ -1002,7 +1053,11 @@ export async function startProxy(opts = {}) {
1002
1053
  // ~/.dario/accounts/ is empty. Any accounts/ entry routes through the pool
1003
1054
  // above (#618), and admin mode always does (#599) — it starts even with
1004
1055
  // zero accounts and returns a clean 503 until one is added.
1005
- status = await getStatus();
1056
+ // An expired-but-refreshable access token here is self-healing: attempt a
1057
+ // refresh before giving up so a container (re)started shortly after a normal
1058
+ // token expiry recovers instead of crash-looping on exit(1) (gap #1). Only a
1059
+ // dead refresh token or no credentials at all still exits.
1060
+ status = await resolveSingleAccountStartupStatus();
1006
1061
  if (!status.authenticated) {
1007
1062
  console.error('[dario] Not authenticated. Run `dario login` first.');
1008
1063
  process.exit(1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@askalf/dario",
3
- "version": "4.8.126",
3
+ "version": "4.8.128",
4
4
  "description": "Use your Claude Pro/Max subscription in any tool — Cursor, Cline, Aider, the Agent SDK, your scripts — at subscription pricing, not per-token API bills. One local Anthropic + OpenAI-compatible endpoint.",
5
5
  "type": "module",
6
6
  "bin": {