
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@askalf/dario
Advanced tools
Use your Claude Pro/Max subscription in any tool — Cursor, Cline, Aider, the Agent SDK, your scripts — at subscription pricing, not per-token API bills. One local Anthropic + OpenAI-compatible endpoint.
Your Claude Pro/Max subscription works in exactly one place: Claude Code.
dario makes it work everywhere — at subscription pricing, not per-token API bills.
Zero runtime dependencies · SLSA-attested every release · nothing phones home · ~20.5k lines you can read in a weekend · independent, unofficial, third-party (DISCLAIMER.md)
🗓️ The billing split — announced, then paused. Anthropic announced (2026-05-13) that Agent-SDK and
claude -p(headless) traffic would leave your subscription pool for a small separate monthly credit ($20 / $100 / $200 by plan), then metered per-token API rates — scheduled for 2026-06-15. It was paused before that date: those surfaces still bill subscription today, and Anthropic says it will give advance notice before any revised version. dario already rewrites every request into interactive Claude Code wire-shape, so your traffic sits in the subscription pool whether the split is paused or live — and its daily billing-classifier canary is the tripwire for the day it returns. The full timeline, and how to verify on your own machine →
⚠️ Still on a version before 4.8.39? Upgrade now — those could silently corrupt code/structured content routed through the proxy (the identifier scrub stripped tokens like the JS
continuekeyword). Details →
You're already paying $20, $100, or $200 a month for Claude. Then Cursor wants an API key. Aider wants an API key. Cline, Continue, Zed, your scripts — every one of them bills you again, per token, while the subscription you already bought sits idle in Claude Code.
dario is one local endpoint that routes all of them through the Claude subscription you already pay for. Point any Anthropic- or OpenAI-compatible tool at http://localhost:3456 and you're done. No per-tool config, no second bill.
# 1. Install
npm install -g @askalf/dario
# 2. Log in to your Claude subscription (Pro, Max 5x, or Max 20x)
dario login # or `dario login --manual` for SSH / headless
# 3. Start the local proxy
dario proxy # separate terminal or background
# 4. Point any Anthropic-compat tool at it
export ANTHROPIC_BASE_URL=http://localhost:3456
export ANTHROPIC_API_KEY=dario
That's the whole setup. Every tool that honors those env vars now runs on your subscription.
Works with: Claude Code, Cursor, Aider, Cline, Roo Code, Continue.dev, Zed, Windsurf, OpenHands, OpenClaw, Hermes, Codex CLI, the Claude Agent SDK, your own scripts.
Add other providers and reuse the same proxy:
dario backend add openai --key=sk-proj-...
dario backend add groq --key=gsk_... --base-url=https://api.groq.com/openai/v1
dario backend add openrouter --key=sk-or-... --base-url=https://openrouter.ai/api/v1
dario backend add local --key=anything --base-url=http://127.0.0.1:11434/v1
export OPENAI_BASE_URL=http://localhost:3456/v1
export OPENAI_API_KEY=dario
Force a specific backend with a model prefix: openai:gpt-4o, claude:opus, groq:llama-3.3-70b, local:qwen-coder. Prefer Docker? ghcr.io/askalf/dario:latest — multi-arch (amd64+arm64), published every release (guide). Something off? dario doctor prints one paste-ready health report.
Type dario with no args (in another terminal) to open a full-screen control panel — live request stream, per-model burn-rate, rate-limit utilization, billing-bucket breakdown, and an in-place config editor that writes to ~/.dario/config.json. It turns subscription accounting from "log files" into "watch it happen." Pure ANSI, zero new runtime deps. Migrating from v3? See MIGRATION.md.
┌─ dario ─────────────────────────────[ q quit · Tab next · ? help ]──┐
│ Status Config ▎Analytics▎ Hits Accounts Backends │
├─────────────────────────────────────────────────────────────────────┤
│ ANALYTICS — last 60 min │
│ │
│ Requests: 247 (4.1/min) Tokens in: 142,830 │
│ Tokens out: 38,200 Subscription %: 98% │
│ │
│ Per-model: │
│ opus-4-8 ████████████░░░░░░░░ 60% (148 req) │
│ sonnet-5 █████░░░░░░░░░░░░░░░ 26% ( 64 req) │
│ haiku-4-5 ███░░░░░░░░░░░░░░░░░ 14% ( 35 req) │
│ │
│ Rate-limit: │
│ 5h ████░░░░░░░░░░░░░░░░░░░░░░░░ 18% │
│ 7d ██░░░░░░░░░░░░░░░░░░░░░░░░░░ 8% │
└─────────────────────────────────────────────────────────────────────┘
On 2026-05-13, Anthropic announced — via the Claude Help Center and a @ClaudeDevs X post, with no anthropic.com blog post, no email to most subscribers, no mention in CC release notes — that on 2026-06-15, Agentic traffic (Agent SDK, claude -p headless) would stop counting against your subscription pool and move to a separate small monthly credit, then metered per-token API rates. The announced terms:
| Plan | Announced Agent-SDK / claude -p credit | When it would run out |
|---|---|---|
| Pro | $20/mo | extra-usage at API rates only if enabled; otherwise suspended until renewal |
| Max 5x | $100/mo | same |
| Max 20x | $200/mo | same |
Then Anthropic paused it before 2026-06-15. The Help Center now states Agent-SDK and claude -p usage continue drawing from your existing subscription pool unchanged; Anthropic said it's reworking the proposal and will give advance notice before any revised version. No credits were issued; no split took effect.
So the cliff isn't live — but it was announced once, on short public notice, and can return. dario is built around that fact, split or no split. Every outbound request is rebuilt into interactive Claude Code wire-shape before it leaves your machine — headers, body key order, TLS stack, session-id lifecycle, and (--stealth) the temporal axis: response-correlated think-time and session-start latency. Anthropic's billing classifier sees an interactive Claude Code session, so your traffic sits in the subscription pool whether the classifier is checking today or after a revival.
| Your setup | Today (split paused) | If the split returns |
|---|---|---|
| Any tool → Anthropic API direct | per-token API | per-token API |
| Any tool → proxy that forwards requests as-is | subscription pool | $20–200/mo credit, then per-token (or suspended) |
| Any tool → dario | subscription pool | subscription pool — rewritten to interactive-CC shape |
| Claude Code, interactive | subscription pool | subscription pool |
(A sustained Cline or Aider session can burn $100 of API-rate tokens in an evening — the "if it returns" column is what that credit cap would meter.) The daily billing-classifier canary is the tripwire: it fires one live request a day and asserts the bucket is still subscription, so a revived split surfaces within a day, not on a surprise invoice. Verify on your own machine right now: dario doctor --usage fires one request and surfaces the rate-limit headers — representative-claim should read five_hour or seven_day (subscription buckets). Full timeline: docs/why-now-2026-06.md.
| Setup | Monthly cost — heavy user |
|---|---|
| Cursor + Anthropic API direct | $80–$300 |
| Multi-tool heavy use (Cursor + Aider + Cline + Continue), per-token | $200–$600+ |
| Any of the above + dario | $20–$200 flat — your existing Pro/Max plan, nothing extra |
Switching providers is a model-name change, not a reconfigure. Add a backend once and the same localhost:3456 speaks OpenAI, Groq, OpenRouter, or a local Ollama too.
Two layers, separated:
context-1m beta isn't in the default set, so you get the 200K window unless you know the flag to turn it back on) — when the billing classifier silently flips your request to overage without saying which signal triggered it — that's information asymmetry weaponized into product design.Both vendors sell the same two products: a flat-rate subscription and a metered API. OpenAI keeps them physically separate — ChatGPT Plus is chat-only with no API surface; the API is a different product with its own key; you pick one. Anthropic separates them too, but its subscription is reached through the same API-shaped interface Claude Code uses, and which bucket a request bills to — subscription vs. metered overage — is decided by an undocumented classifier reading signals in the request, not by you choosing a product.
dario makes that classifier's inputs explicit. Your identity and auth are real and untouched: it uses your own subscription credentials, impersonates no user, breaks no login. What it changes is the client fingerprint — it rebuilds each request into the exact wire shape Claude Code emits (captured live from your installed binary) so the classifier routes it to the subscription pool no matter which tool actually sent it.
Be clear-eyed about what that is. It's a transparency tool in one real sense — it documents and exposes a classifier Anthropic keeps hidden. It's also, plainly, routing through your subscription traffic that Anthropic's gate is built to meter. Both are true. dario is unofficial and unaffiliated (DISCLAIMER.md) — decide with both in view.
dario doesn't guess Claude Code's request shape — it captures it live from your installed claude binary on every startup, drift-detects against each upstream CC release, and replays it byte-for-byte. That's why the billing classifier can't tell the difference. Deep dive: docs/wire-fidelity.md.
What the classifier reads. Discussion #13 documents eight binary signals identified via MITM capture + binary RE + controlled A/B testing with a real Max 5x subscriber. It's rule-based, not ML — transitions are sharp; same input flips to the same output 100% of the time across 6 A/B trials:
| Signal | Claude Code value | Non-CC value |
|---|---|---|
output_config.effort | CC-scale level — CC default xhigh; dario sends max (both subscription-verified) | omitted / off-scale → reclassified |
max_tokens | 64000 | other → reclassified |
thinking shape | {type: "adaptive"} (per-model) | {enabled, budget_tokens: N} → reclassified |
| System prompt block count | exactly 3 | other → reclassified |
| Tool names | Bash, Read, Write, Edit, … | non-CC names → reclassified |
| Per-request billing tag | rolling SHA-256 | missing/static → reclassified |
| JSON field order | specific stable order | different → reclassified |
Non-CC body fields (temperature, top_p, service_tier) | absent | present → reclassified |
Discussion #178 reproduces a ninth fingerprint operating on commit metadata: the classifier fires on the literal namespaced string openclaw.inbound_meta.v1 in recent git commits. dario's template replay protects you because that git context never reaches api.anthropic.com — only dario's captured CC template does.
Why this needs constant maintenance. The billing split got a public announcement (then a pause); the wire-shape changes that arrive between releases never do. CC v2.1.142 (changelog, 2026-05-14) itemized a Fast-mode tweak and some fixes — and said nothing about three wire-shape changes in the same release. That's the rule, not the exception; a running ledger of silent changes dario caught and shipped:
| Silent wire-shape change (no subscriber changelog) | Effect on subscribers | dario shipped |
|---|---|---|
context-1m-2025-08-07 dropped from the default beta set on the OAuth path | Subscription requests default to the 200K window on Sonnet/Opus unless the beta is re-added | v3.38.3–4 (2026-05-14/15) |
thinking: {type:"adaptive"} gated per-model server-side | Sonnet/Opus 4-5 through any proxy 400s every request | v3.38.5 — 2026-05-15 |
TodoWrite/TodoRead replaced by the Task* family, no migration note | Clients hardcoding todo_* send unrecognized tools | v3.38.6 — 13 min later |
Claude Fable 5 ships as CC's flagship (v2.1.170) with undocumented wire quirks: a required fallback-credit-2026-06-01 beta, soft-refusal of max/xhigh effort, and a [1m]-only context-1m beta | Subscription fable traffic 200-refused (empty body) without the flag; wrong effort silently returns nothing | v4.8.46–52 — 2026-06-09 |
CC tailors the anthropic-beta set per model — opus 9, sonnet 8 (no mid-conversation-system), haiku 6 (also no effort) | Proxies sending one beta set diverge from CC for non-opus models | v4.8.53 — 2026-06-09 |
Fable 5 / Mythos 5 globally suspended by a US-government directive (2026-06-12, every customer + tier) — api.anthropic.com now not_founds them | dario kept advertising claude-fable-5[1m] in /v1/models and forwarded fable traffic into a confusing upstream 404 | v4.8.71 — 2026-06-13 (filtered out + clean local 404; reversible via DARIO_SUSPENDED_MODELS) |
And it gets subtler: v4.2.1 (2026-05-17) shipped receipts for same CC binary, different wire output 24 hours apart — Anthropic ships changes through CC's remote configuration, not just npm releases. So dario runs three classes of drift detection, all auto-detecting and auto-PR'ing:
cc-drift-watch.yml (scheduled hourly, github-hosted) catches each new CC npm release; cc-drift-auto-release.yml auto-drafts, merges, and ships within minutes.cc-drift-template-watch.yml (scheduled every 30 min, self-hosted runner with an authenticated CC install) captures live and opens an auto-rebake PR with a unified-line diff inline. The only way to catch this class — github-hosted has no Pro/Max session to capture from.cc-billing-classifier-canary.yml sends one live request daily and asserts the representative-claim header still maps to a subscription bucket — catches Anthropic changing the rules while the wire shape is unchanged.docs/drift-monitor.md.Anthropic doesn't publish a wire-level changelog for subscribers. dario is one.
You point every tool at one URL. dario reads each request, decides which backend owns it, forwards in that backend's native protocol.
| Client speaks | Model | Routes to | What happens |
|---|---|---|---|
| Anthropic Messages | claude-* / opus / sonnet / haiku | Claude backend | OAuth swap + CC template replay → api.anthropic.com |
| Anthropic Messages | gpt-*, llama-*, … | OpenAI-compat backend | Anthropic→OpenAI translation, forwarded |
| OpenAI Chat | gpt-* / o1-* / o3-* | OpenAI-compat backend | Auth swap, body forwarded byte-for-byte |
| OpenAI Chat | claude-* | Claude backend | OpenAI→Anthropic translation, then Claude path |
| Either | <provider>:<model> | Forced by prefix | Explicit override |
The tool doesn't know. The backend doesn't know. dario is the seam.
The full Claude lineup, autodetected. Opus 4.8, Sonnet 5, and Haiku 4.5 — plus [1m] long-context variants, generated by one rule for every family — by full id (claude-opus-4-8) or shortcut (opus / sonnet / haiku, append 1m for the long-context form). GET /v1/models asks Anthropic's live catalog (TTL-cached, baked fallback when offline), and the family shortcuts track it — a new model shows up and resolves the day it lands, no dario release needed; the model-specific wire shape (effort level, beta set, thinking config) is applied automatically. Suspended families are filtered out of both the live catalog and the baked fallback, so /v1/models never advertises a model that 404s upstream and suspended ids are rejected locally with an actionable error. Nothing is suspended by default; the mechanism is retained via DARIO_SUSPENDED_MODELS (comma-separated families, every spelling caught) for if a family is ever pulled upstream again.
One Claude subscription has a ceiling. Hold more than one seat — a personal Max and a work Max, a couple of Pro plans, team seats — and pool mode puts them all behind the same localhost:3456, routing every request to whichever seat has the most headroom left, live, per request. Drop accounts in and it auto-activates; a single dario accounts add bootstraps a servable proxy with no dario login step:
dario accounts add work
dario accounts add personal
dario proxy
Three things it does that a round-robin doesn't:
5h bucket, a 7d bucket, and a per-model 7d_<family> bucket. dario reads all of them off every response and routes each request by the bucket that actually governs it: an Opus call goes to the seat with Opus room, a Sonnet call to the seat with Sonnet room, independently. Plan tiers mix freely in one pool — dario cares about headroom, not tier.{account × cache key}, so rotating a long conversation across seats on headroom alone re-pays cache-create every turn — a 5–10× token-cost multiplier on the cached portion. dario pins each conversation to one account (hashed from its first message, deterministic) for the life of the session, and only rebinds when that account is exhausted.┌─ dario ─────────────────────────────[ q quit · Tab next · ? help ]──┐
│ Status Config Analytics Hits ▎Accounts▎ Backends │
├─────────────────────────────────────────────────────────────────────┤
│ ACCOUNTS — 3 pooled · routing by headroom │
│ │
│ work Max 20x 5h ██░░░░░ 12% 7d ████░░░ 41% ← next opus │
│ personal Max 5x 5h █████░░ 78% 7d ██████░ 88% │
│ side Pro 5h ░░░░░░░ 3% 7d █░░░░░░ 9% ← next sonnet│
│ │
│ sticky bindings: 4 active · 429 failovers (1h): 2 │
└─────────────────────────────────────────────────────────────────────┘
dario accounts {add,list,remove} from any shell, or provision entirely over HTTP with the headless admin API — zero-console Docker / k8s / Pi installs included. Routing internals, back-fill semantics, and the live /accounts + /analytics inspection endpoints: docs/multi-account-pool.md. The routing paths — per-model selection, sticky rebind, cascading 429 failover — are covered end-to-end by test/pool-e2e.mjs.
A subscriber should never see a single response billed outside their subscription pool during normal operation. One means something is wrong — wire-shape drift, a classifier change, an account misconfig — and continuing to forward requests in the same shape bleeds real money (accounts with extra-usage enabled) or returns a wall of rejections (accounts without it). The first hit is the signal; the second through hundredth are damage.
So the moment any upstream response bills to something other than your subscription pool — representative-claim: overage, api, or a new credit/SDK bucket like the one a revived Agent-SDK split would introduce — dario halts the proxy. The check is an allow-list, not a match on overage: anything that isn't a known subscription claim (five_hour/seven_day and their fallbacks) and isn't the unknown no-header sentinel trips it, so a credit-bucket claim dario has never seen still halts. Every subsequent request returns 503 with an Anthropic-shaped error body the client surfaces verbatim, until you run dario resume, press R on the TUI, or the cooldown clears (default 30 min). The halt is visible across the TUI's Status, Hits, and Analytics tabs, fires a best-effort native OS notification, and emits named SSE events. (In upstream-API-key passthrough mode — set ANTHROPIC_UPSTREAM_API_KEY — the guard is off; api billing is the point there, not a failure.)
┌─ dario ─────────────────────────────[ q quit · Tab next · ? help ]──┐
│ ▎Status▎ Config Analytics Hits Accounts Backends │
├─────────────────────────────────────────────────────────────────────┤
│ Overage-guard │
│ ⚠ HALTED overage detected 12s ago │
│ Request: claude-opus-4-8 account=work │
│ Cause: representative-claim = overage │
│ Auto-resume in 29m 48s │
│ Manual resume press R here, or `dario resume` from any shell │
└─────────────────────────────────────────────────────────────────────┘
Tune via ~/.dario/config.json → overageGuard, or CLI flags: --overage-behavior=warn (visibility-only), --no-overage-guard (off), --overage-cooldown=<ms>. Verified end-to-end by test/overage-guard-e2e-live.mjs — a real in-process proxy driven through the five-stage halt cycle over real HTTP. Background: #288.
docs/multi-account-pool.mdDARIO_ADMIN=1). Provision and manage pool accounts entirely over HTTP — start with zero accounts, POST /admin/login/start, paste the code back, and the account is routable the moment the 200 lands (live pool hot-reload, no restart). Token-gated even on loopback, audit-logged, rate-limited; GET /admin/accounts reports live per-account headroom. Built for Docker / k8s / Raspberry-Pi deployments where a console is the awkward part. → docs/admin-api.md--stealth). Static wire fidelity covers what the request looks like; --stealth adds when it arrives — response-length-correlated think time and 1.2–4.2s session-start latency, the inter-arrival pattern real interactive sessions have and agent loops don't. → docs/wire-fidelity.mdTOOL_MAP pre-maps Cline, Roo, Kilo, Cursor, Windsurf, Continue, Copilot, OpenHands, OpenClaw, Hermes, hands tool names to CC's native set. No flag, no validator errors. MCP tools (mcp__server__tool) forward verbatim — the shape real CC uses for session-attached servers (v4.8.135). One-page status per tool: compatibility matrix; setup + full walkthroughs: agent-compat.md, OpenHands · OpenClaw · hands.api.anthropic.com, OAuth flows, backend forwarding — through a VPN without putting the whole host on one, from a zero-config system tunnel to per-process egress. → docs/vpn-routing.mddario proxy --system-prompt=partial strips CC's tone/verbosity/no-comments constraints for 1.2–2.8× more output on open-ended work — empirically without flipping billing (the classifier doesn't read that slot). Discussion #183 has the per-prompt receipts. → docs/system-prompt.md--honor-client-thinking). By default dario rebuilds the outbound request with CC's interactive thinking shape regardless of what the client sent. Pass this flag (or DARIO_HONOR_CLIENT_THINKING=1) to pass a non-CC client's own thinking block through unchanged. Off by default; the rebuild-to-CC path is what keeps the subscription pool routing.--preserve-output-format). By default dario rebuilds output_config from CC's template (effort only), dropping a client's output_config.format JSON schema, so structured-output clients get unconstrained prose their strict parser rejects. Pass this flag (or DARIO_PRESERVE_OUTPUT_FORMAT=1) to carry the client's schema through unchanged — SDK clients like the Vercel AI SDK's generateObject then get schema-constrained output. Off by default; empirically without flipping billing (verified five_hour on claude-sonnet-4-6).dario subagent install registers a CC sub-agent for in-session diagnostics; dario mcp exposes dario as a read-only MCP server. → docs/sub-agent.md · docs/mcp-server.mdclaude -p and the Agent SDK both send. Use proxy mode for any non-CC client — it's the only mode that rebuilds every request to CC's full canonical shape.| Signal | Status |
|---|---|
| Source | ~20.5k lines of TypeScript across 47 files — auditable in a weekend |
| Dependencies | 0 runtime. Verify: npm ls --production |
| Provenance | Every release SLSA-attested via GitHub Actions + Sigstore |
| Scanning | CodeQL on every push and weekly |
| Tests | 100 test files, 93 in the default npm test suite (test/all.test.mjs) — green on every release |
| Drift response | scheduled-hourly cc-drift-watch.yml + auto-publish on merge — CC-release → dario-release typically same-day |
| Credentials | Never logged, redacted from errors, 0600 on disk in 0700 dirs; MCP server redacts at the tool boundary |
| Network | Binds 127.0.0.1 by default; upstream only to configured backends over HTTPS; hardcoded SSRF allowlist |
| Telemetry | None. No analytics, no tracking, no data collection |
npm audit signatures
npm view @askalf/dario dist.integrity
cd $(npm root -g)/@askalf/dario && npm ls --production
dario's surface is feature-complete and stable: the proxy, the TUI, the multi-account pool, the overage guard, the billing-split tripwire. What isn't stable is the thing it defends against. Anthropic ships wire-shape and classifier changes with no subscriber changelog, on no schedule — so the part of dario that runs unattended is the part that keeps your subscription routing the day they do, and it runs every day.
That defense is live: three drift watchers (npm-release hourly, remote-config every 30 min, classifier-rule daily — cron schedules; GitHub coalesces scheduled runs, so effective intervals run longer), a PR-time compat gate that runs the full suite against a live proxy before any wire-shape change merges, a liveness alarm if a watcher goes quiet, a daily NPM_TOKEN health check, and an auto-release pipeline that ships a fix within hours of a CC release. When Anthropic moves, the watchers catch it within a release cycle, the bot opens the PR, the maintainer reviews and merges — the receipt log above is that machinery doing its job. Residual manual cases — OAuth rotation, runner re-registration, ghcr backfill — live in the recovery runbook.
New product work happens on the askalf platform, a self-hosted AI workforce built on dario. dario itself doesn't need new features — it has one job, and keeping the truth about a moving target current is a job that never stops.
Best fit: developers juggling multiple LLM tools and per-tool API keys · Claude Pro/Max subscribers who want their plan usable everywhere, not just in Claude Code · teams running local/hosted OpenAI-compat servers who want one stable local endpoint · Agent SDK users who want OAuth-subscription routing with zero code change (baseURL: 'http://localhost:3456') · power users wanting multi-account pooling + 429 failover.
Not a fit: you need vendor-managed production SLAs (use the provider APIs) · you want a hosted, multi-tenant team platform with dashboard / SSO / audit logs (that's the askalf platform, now in early access) · you want a chat UI (use claude.ai).
dario (TUI) · login · proxy · doctor · accounts {list,add,remove} · backend {list,add,remove} · shim · mcp · subagent {install,status,remove} · usage · config · upgrade · status · refresh · resume · logout · help
Full flag/env reference: docs/commands.md · SDK examples + per-tool setup: docs/usage.md
Does this violate Anthropic's terms? Mechanically, dario uses your existing Claude Code OAuth tokens — it authenticates you as you, with your subscription, through Anthropic's official endpoints. Whether any particular use complies with current terms is between you and Anthropic; consult their terms and your agreement. Independent, unofficial, third-party — see DISCLAIMER.md.
Do I need Claude Code installed?
Recommended, not required. With CC, dario login picks up credentials automatically and the live template extractor reads your binary on every startup. Without it, dario runs its own OAuth flow and falls back to the bundled (scrubbed) template snapshot.
Do I need Bun?
Optional, recommended — Bun's TLS ClientHello matches CC's runtime. Without it dario works fine; dario doctor flags the mismatch and --strict-tls hard-fails until resolved.
Can I use dario without a Claude subscription?
Yes. Skip dario login, run dario backend add openai --key=…, and you have a local OpenAI-compat router with no Claude involvement.
representative-claim: seven_day in my headers — am I downgraded?
No. five_hour and seven_day are both subscription billing — different accounting buckets, same mode. overage is the one that flips you to per-token. Discussion #1.
Will the billing split break my setup? / What if Anthropic ships another silent change?
The split was announced, then paused before it took effect — today nothing changed, and your traffic still bills subscription. If it returns (Anthropic promised advance notice) or if Anthropic ships another silent wire change, it's caught automatically — see The billing split and How it stays working. dario rewrites every request to interactive-CC shape before it reaches api.anthropic.com, and the three-class drift watcher picks up new changes (npm-release hourly, remote-config every 30 min, classifier-rule daily). v3.38.5 + v3.38.6 — 13 minutes apart, same day as v2.1.142's silent drops — are the prior art.
Used dario before and bounced off a drift / capacity / tool-compat wall?
The 5-minute path back — what changed, what's automated now, and the one command to re-verify — is in docs/returning.md.
Full FAQ: docs/faq.md
openclaw.inbound_meta.v1PRs welcome. Small TypeScript codebase, zero runtime deps. Architecture + file-by-file map in CONTRIBUTING.md.
git clone https://github.com/askalf/dario && cd dario
npm install
npm run dev # tsx, no build step
npm test # 93 test files via test/all.test.mjs, green on every release
npm run e2e # live proxy + OAuth (needs a working Claude backend)
| Who | Contributions |
|---|---|
| @GodsBoy | Proxy auth, token redaction, error sanitization (#2) |
| @belangertrading | Billing-classification investigation (#4, #6, #7, #12, #23) |
| @iNicholasBE | macOS keychain credential detection (#30) |
| @boeingchoco | Reverse tool-param translation (#29), SSE framing regression catch, hybrid-tool motivation (#33, #36) |
| @tetsuco | Scrubber path corruption (#35), OpenClaw reverse-mapping collisions (#37), 20x-tier report (#42) |
| @mikelovatt | Silent subscription-drain surfaced via friendly billing buckets (#34) |
| @ringge | --no-auto-detect for text-tool auto-preserve (#40) |
| @earlvanze | OpenClaw tool mappings (#19), OAuth manual override (#47), HTTPS warning (#53) |
Anthropic doesn't publish a wire-level changelog for subscribers. The dario repo is the closest thing that exists. Every silent change Anthropic ships, the drift watcher catches; every fix dario ships, the public record gets longer. That accumulating record is what makes the asymmetry visible to the next subscriber who can't explain why their burn rate spiked.
Follow @ask_alf for drift bulletins as they happen.
dario is an independent, unofficial, third-party project. Not affiliated with, endorsed by, or sponsored by Anthropic, OpenAI, or any vendor referenced here. Provided as-is, no warranty. You are solely responsible for compliance with your subscription's terms, the security of your credentials, and the content you send through the proxy. Not for safety-critical, regulated, or production environments without your own review. Full text: DISCLAIMER.md.
MIT — see LICENSE and DISCLAIMER.md.
dario is the routing layer of Own Your Stack — open tools for owning your AI infrastructure instead of renting it by the token. One subscription. Your box. Your terms.
dario is part of Own Your Stack — the open toolkit behind Sprayberry Labs, an independent studio (Atlanta, GA) that ships bespoke software with the autonomous AI workforce these tools are part of.
Built in the open, scars included. Follow the build → @ask_alf · sprayberrylabs.com/own-your-stack
Part of Own Your Stack — own your AI infrastructure instead of renting it. Built by Thomas Sprayberry.
FAQs
Use your Claude Pro/Max subscription in any tool — Cursor, Cline, Aider, the Agent SDK, your scripts — at subscription pricing, not per-token API bills. One local Anthropic + OpenAI-compatible endpoint.
The npm package @askalf/dario receives a total of 4,887 weekly downloads. As such, @askalf/dario popularity was classified as popular.
We found that @askalf/dario demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.