@tokenbuddy/tokenbuddy 1.0.4

package/tests/tokenbuddy.test.ts

@@ -0,0 +1,1186 @@
+import { TokenbuddyDaemon } from "../src/daemon.js";
+import { BuyerStore, resolveBuyerStorePath } from "../src/buyer-store.js";
+import { buildCli } from "../src/cli.js";
+import {
+  applyProviderInstall,
+  detectProviders,
+  previewProviderInstall,
+  rollbackProviderInstall
+} from "../src/provider-install.js";
+import { detectTerminals } from "../src/terminal-detect.js";
+import * as path from "path";
+import * as fs from "fs";
+import http from "http";
+import { AddressInfo } from "net";
+
+const TEMP_BUYER_DB = path.resolve(__dirname, "../../data-test/buyer-cache-test.db");
+const TEMP_STORE_ROOT = path.resolve(__dirname, "../../data-test/buyer-store-test");
+const PACKAGE_JSON = path.resolve(__dirname, "../package.json");
+
+function rmSqliteFiles(dbPath: string): void {
+  for (const fileName of [dbPath, `${dbPath}-wal`, `${dbPath}-shm`]) {
+    fs.rmSync(fileName, { force: true });
+  }
+}
+
+function rmDir(dirPath: string): void {
+  fs.rmSync(dirPath, { recursive: true, force: true });
+}
+
+describe("TokenBuddy CLI command surface", () => {
+  test("tb root help only exposes the approved user commands", () => {
+    const program = buildCli();
+    const commandNames = program.commands
+      .map(command => command.name())
+      .filter(command => command !== "help")
+      .sort();
+
+    expect(commandNames).toEqual(["doctor", "init", "models", "payment"]);
+  });
+
+  test("tb payment help only exposes list, add, and remove", () => {
+    const program = buildCli();
+    const payment = program.commands.find(command => command.name() === "payment");
+
+    expect(payment).toBeDefined();
+    const help = payment!.helpInformation();
+
+    for (const command of ["list", "add", "remove"]) {
+      expect(help).toContain(command);
+    }
+
+    for (const removedCommand of ["enable", "disable", "doctor", "default"]) {
+      expect(help).not.toContain(` ${removedCommand}`);
+    }
+  });
+
+  test("removed top-level commands are unreachable", () => {
+    for (const command of ["proxy", "seller", "admin", "config", "ledger"]) {
+      const program = buildCli();
+      program.exitOverride();
+      program.configureOutput({ writeErr: () => undefined });
+
+      expect(() => program.parse(["node", "tb", command])).toThrow(/unknown command/i);
+    }
+  });
+
+  test("package exposes tb and tb-proxyd bins", () => {
+    const packageJson = JSON.parse(fs.readFileSync(PACKAGE_JSON, "utf8"));
+
+    expect(packageJson.bin).toEqual({
+      tb: "./bin/tb.js",
+      "tb-proxyd": "./bin/tb-proxyd.js"
+    });
+  });
+});
+
+describe("BuyerStore safe SQLite persistence", () => {
+  let store: BuyerStore;
+
+  beforeEach(() => {
+    rmDir(TEMP_STORE_ROOT);
+    store = new BuyerStore({ root: TEMP_STORE_ROOT });
+  });
+
+  afterEach(() => {
+    store.close();
+    rmDir(TEMP_STORE_ROOT);
+  });
+
+  test("resolves TOKENBUDDY_BUYER_STORE and enables WAL", () => {
+    const previousStoreRoot = process.env.TOKENBUDDY_BUYER_STORE;
+    process.env.TOKENBUDDY_BUYER_STORE = TEMP_STORE_ROOT;
+    try {
+      expect(resolveBuyerStorePath()).toBe(path.join(TEMP_STORE_ROOT, "buyer-store.db"));
+    } finally {
+      if (previousStoreRoot === undefined) {
+        delete process.env.TOKENBUDDY_BUYER_STORE;
+      } else {
+        process.env.TOKENBUDDY_BUYER_STORE = previousStoreRoot;
+      }
+    }
+
+    expect(store.journalMode()).toBe("wal");
+    expect(fs.existsSync(path.join(TEMP_STORE_ROOT, "buyer-store.db"))).toBe(true);
+  });
+
+  test("keeps token cache behavior behind the buyer store boundary", () => {
+    expect(store.getToken("seller-a")).toBeUndefined();
+
+    store.saveToken("seller-a", "raw-token-secret", "model:gpt-4", 500000, "2030-01-01T00:00:00.000Z");
+    expect(store.getToken("seller-a")).toEqual({
+      token: "raw-token-secret",
+      balanceMicros: 500000
+    });
+
+    store.deductBalance("seller-a", 120000);
+    expect(store.getToken("seller-a")).toEqual({
+      token: "raw-token-secret",
+      balanceMicros: 380000
+    });
+  });
+
+  test("returns stable empty state for payments, pending purchases, and ledgers", () => {
+    expect(store.listPayments()).toEqual([]);
+    expect(store.listPendingPurchases()).toEqual([]);
+    expect(store.listPurchaseLedger()).toEqual([]);
+    expect(store.listInferenceLedger()).toEqual([]);
+  });
+
+  test("stores payment config and pending purchases with safe references", () => {
+    store.savePayment({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "developer" }
+    });
+    store.upsertPendingPurchase({
+      purchaseId: "pur_pending_1",
+      sellerKey: "seller-a",
+      modelId: "gpt-4",
+      paymentMethod: "mock",
+      amountUsdMicros: 1000000,
+      status: "pending",
+      paymentReference: "payCredential-secret",
+      expiresAt: "2030-01-01T00:00:00.000Z"
+    });
+
+    expect(store.listPayments()).toMatchObject([
+      { method: "mock", enabled: true, isDefault: true, config: { channel: "developer" } }
+    ]);
+    const pendingPurchases = store.listPendingPurchases();
+    expect(pendingPurchases).toMatchObject([
+      {
+        purchaseId: "pur_pending_1",
+        sellerKey: "seller-a"
+      }
+    ]);
+    expect(pendingPurchases[0]).not.toHaveProperty("paymentReference");
+    const serialized = JSON.stringify(pendingPurchases);
+    expect(serialized).not.toContain("payCredential-secret");
+    expect(serialized).toContain("paymentReferenceHash");
+  });
+
+  test("fetches and removes payment config by method", () => {
+    store.savePayment({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "developer" }
+    });
+
+    expect(store.getPayment("mock")).toMatchObject({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "developer" }
+    });
+    expect(store.removePayment("mock")).toBe(true);
+    expect(store.getPayment("mock")).toBeUndefined();
+    expect(store.removePayment("mock")).toBe(false);
+  });
+
+  test("redacts raw proof, prompt, and response from safe ledger output", () => {
+    store.recordPurchaseLedger({
+      purchaseId: "pur_done_1",
+      sellerKey: "seller-a",
+      modelId: "gpt-4",
+      paymentMethod: "mock",
+      status: "funded",
+      creditMicros: 1000000,
+      currency: "USD",
+      paymentReference: "raw-payment-proof-secret"
+    });
+    store.recordInferenceLedger({
+      requestId: "req_1",
+      sellerKey: "seller-a",
+      modelId: "gpt-4",
+      endpoint: "/v1/chat/completions",
+      status: "settled",
+      promptTokens: 10,
+      completionTokens: 20,
+      billedMicros: 70,
+      prompt: "raw prompt secret",
+      response: "raw model response secret"
+    });
+
+    const publicOutput = JSON.stringify({
+      purchases: store.listPurchaseLedger(),
+      inferences: store.listInferenceLedger()
+    });
+
+    for (const secret of [
+      "raw-payment-proof-secret",
+      "raw prompt secret",
+      "raw model response secret",
+      "payCredential"
+    ]) {
+      expect(publicOutput).not.toContain(secret);
+    }
+    expect(publicOutput).toContain("paymentReferenceHash");
+    expect(publicOutput).toContain("promptHash");
+    expect(publicOutput).toContain("responseHash");
+  });
+});
+
+describe("TokenBuddy payment CLI", () => {
+  const CLI_STORE_ROOT = path.resolve(__dirname, "../../data-test/payment-cli-store");
+  let previousBuyerStore: string | undefined;
+  let previousExitCode: string | number | undefined;
+  let previousControlPort: string | undefined;
+  let previousProxyPort: string | undefined;
+  let controlServer: http.Server;
+  let controlServerOpen = false;
+  let controlPort: number;
+
+  beforeEach((done) => {
+    rmDir(CLI_STORE_ROOT);
+    previousBuyerStore = process.env.TOKENBUDDY_BUYER_STORE;
+    previousExitCode = process.exitCode;
+    previousControlPort = process.env.TB_PROXYD_CONTROL_PORT;
+    previousProxyPort = process.env.TB_PROXYD_PROXY_PORT;
+    process.env.TOKENBUDDY_BUYER_STORE = CLI_STORE_ROOT;
+    process.exitCode = undefined;
+    controlServer = http.createServer((req, res) => {
+      res.setHeader("Content-Type", "application/json");
+      if (req.url === "/status") {
+        res.end(JSON.stringify({
+          status: "running",
+          pid: 12345,
+          controlPort,
+          proxyPort: 45678
+        }));
+        return;
+      }
+      res.statusCode = 404;
+      res.end(JSON.stringify({ error: "not_found" }));
+    });
+    controlServer.listen(0, "127.0.0.1", () => {
+      controlServerOpen = true;
+      controlPort = (controlServer.address() as AddressInfo).port;
+      process.env.TB_PROXYD_CONTROL_PORT = String(controlPort);
+      process.env.TB_PROXYD_PROXY_PORT = "45678";
+      done();
+    });
+  });
+
+  afterEach((done) => {
+    if (previousBuyerStore === undefined) {
+      delete process.env.TOKENBUDDY_BUYER_STORE;
+    } else {
+      process.env.TOKENBUDDY_BUYER_STORE = previousBuyerStore;
+    }
+    if (previousControlPort === undefined) {
+      delete process.env.TB_PROXYD_CONTROL_PORT;
+    } else {
+      process.env.TB_PROXYD_CONTROL_PORT = previousControlPort;
+    }
+    if (previousProxyPort === undefined) {
+      delete process.env.TB_PROXYD_PROXY_PORT;
+    } else {
+      process.env.TB_PROXYD_PROXY_PORT = previousProxyPort;
+    }
+    process.exitCode = previousExitCode;
+    rmDir(CLI_STORE_ROOT);
+    jest.restoreAllMocks();
+    if (controlServerOpen) {
+      controlServer.close(() => {
+        controlServerOpen = false;
+        done();
+      });
+    } else {
+      done();
+    }
+  });
+
+  test("ordinary commands fail closed when tb-proxyd is not running", async () => {
+    await new Promise<void>((resolve) => controlServer.close(() => {
+      controlServerOpen = false;
+      resolve();
+    }));
+    const errors: string[] = [];
+    const program = buildCli();
+    program.exitOverride();
+    program.configureOutput({ writeErr: () => undefined });
+    jest.spyOn(console, "error").mockImplementation((message?: unknown) => {
+      errors.push(String(message));
+    });
+
+    await expect(program.parseAsync(["node", "tb", "payment", "list", "--json"])).rejects.toThrow("tb-proxyd is not running");
+    expect(errors.join("\n")).toContain("tb doctor --fix");
+    expect(errors.join("\n")).toContain("tb init");
+  });
+
+  test("payment list --json emits pure JSON with supported methods", async () => {
+    const store = new BuyerStore({ root: CLI_STORE_ROOT });
+    store.savePayment({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "developer", explicitOptIn: true }
+    });
+    store.close();
+
+    const output: string[] = [];
+    jest.spyOn(console, "log").mockImplementation((message?: unknown) => {
+      output.push(String(message));
+    });
+
+    const program = buildCli();
+    await program.parseAsync(["node", "tb", "payment", "list", "--json"]);
+
+    expect(output).toHaveLength(1);
+    const parsed = JSON.parse(output[0]) as any;
+    expect(parsed.payments).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        method: "mock",
+        supported: true,
+        configured: true,
+        enabled: true,
+        isDefault: true
+      }),
+      expect.objectContaining({
+        method: "clawtip",
+        supported: true,
+        configured: false
+      })
+    ]));
+    expect(output[0]).not.toContain("payCredential");
+    expect(output[0]).not.toContain("encryptedData");
+  });
+
+  test("payment add/remove mock updates the buyer store", async () => {
+    const logs: string[] = [];
+    jest.spyOn(console, "log").mockImplementation((message?: unknown) => {
+      logs.push(String(message));
+    });
+
+    await buildCli().parseAsync(["node", "tb", "payment", "add", "mock"]);
+    let store = new BuyerStore({ root: CLI_STORE_ROOT });
+    expect(store.getPayment("mock")).toMatchObject({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "developer", explicitOptIn: true }
+    });
+    store.close();
+
+    await buildCli().parseAsync(["node", "tb", "payment", "remove", "mock"]);
+    store = new BuyerStore({ root: CLI_STORE_ROOT });
+    expect(store.getPayment("mock")).toBeUndefined();
+    store.close();
+    expect(logs.join("\n")).toContain("Mock payment method registered");
+    expect(logs.join("\n")).toContain("removed");
+  });
+});
+
+describe("TokenBuddy JSON inspection commands", () => {
+  let controlServer: http.Server;
+  let controlPort: number;
+  let previousControlPort: string | undefined;
+  let previousProxyPort: string | undefined;
+
+  beforeEach((done) => {
+    previousControlPort = process.env.TB_PROXYD_CONTROL_PORT;
+    previousProxyPort = process.env.TB_PROXYD_PROXY_PORT;
+    controlServer = http.createServer((req, res) => {
+      res.setHeader("Content-Type", "application/json");
+      if (req.url === "/status") {
+        res.end(JSON.stringify({
+          status: "running",
+          pid: 12345,
+          controlPort,
+          proxyPort: 45678
+        }));
+        return;
+      }
+      if (req.url === "/models") {
+        res.end(JSON.stringify({
+          object: "list",
+          data: [
+            { id: "gpt-4", sellerId: "json-test-seller" }
+          ]
+        }));
+        return;
+      }
+      res.statusCode = 404;
+      res.end(JSON.stringify({ error: "not_found" }));
+    });
+    controlServer.listen(0, "127.0.0.1", () => {
+      controlPort = (controlServer.address() as AddressInfo).port;
+      process.env.TB_PROXYD_CONTROL_PORT = String(controlPort);
+      process.env.TB_PROXYD_PROXY_PORT = "45678";
+      done();
+    });
+  });
+
+  afterEach((done) => {
+    if (previousControlPort === undefined) {
+      delete process.env.TB_PROXYD_CONTROL_PORT;
+    } else {
+      process.env.TB_PROXYD_CONTROL_PORT = previousControlPort;
+    }
+    if (previousProxyPort === undefined) {
+      delete process.env.TB_PROXYD_PROXY_PORT;
+    } else {
+      process.env.TB_PROXYD_PROXY_PORT = previousProxyPort;
+    }
+    jest.restoreAllMocks();
+    controlServer.close(done);
+  });
+
+  test("doctor --json reports daemon and provider state", async () => {
+    const output: string[] = [];
+    jest.spyOn(console, "log").mockImplementation((message?: unknown) => {
+      output.push(String(message));
+    });
+
+    await buildCli().parseAsync(["node", "tb", "doctor", "--json"]);
+
+    expect(output).toHaveLength(1);
+    const parsed = JSON.parse(output[0]) as any;
+    expect(parsed.daemon).toMatchObject({
+      running: true,
+      controlPort,
+      proxyPort: 45678,
+      fixAvailable: true
+    });
+    expect(parsed.repair).toMatchObject({
+      requested: false,
+      attempted: false,
+      fixed: false
+    });
+    expect(parsed.providers).toEqual(expect.arrayContaining([
+      expect.objectContaining({ id: "codex" }),
+      expect.objectContaining({ id: "claude-code" })
+    ]));
+  });
+
+  test("models --json returns daemon model data", async () => {
+    const output: string[] = [];
+    jest.spyOn(console, "log").mockImplementation((message?: unknown) => {
+      output.push(String(message));
+    });
+
+    await buildCli().parseAsync(["node", "tb", "models", "--json"]);
+
+    expect(output).toHaveLength(1);
+    const parsed = JSON.parse(output[0]) as any;
+    expect(parsed.data).toEqual([
+      { id: "gpt-4", sellerId: "json-test-seller" }
+    ]);
+  });
+});
+
+describe("Provider install planning", () => {
+  const PROVIDER_HOME = path.resolve(__dirname, "../../data-test/provider-home");
+  const PROVIDER_STORE_ROOT = path.resolve(__dirname, "../../data-test/provider-store");
+  const proxyUrl = "http://127.0.0.1:17821";
+
+  beforeEach(() => {
+    rmDir(PROVIDER_HOME);
+    rmDir(PROVIDER_STORE_ROOT);
+    fs.mkdirSync(path.join(PROVIDER_HOME, ".codex"), { recursive: true });
+    fs.mkdirSync(path.join(PROVIDER_HOME, ".claude"), { recursive: true });
+    fs.mkdirSync(path.join(PROVIDER_HOME, ".openclaw"), { recursive: true });
+    fs.writeFileSync(path.join(PROVIDER_HOME, ".codex", "config.toml"), "approval_policy = \"never\"\n", "utf8");
+    fs.writeFileSync(path.join(PROVIDER_HOME, ".claude", "settings.json"), JSON.stringify({ theme: "dark" }, null, 2), "utf8");
+    fs.writeFileSync(path.join(PROVIDER_HOME, ".openclaw", "config.json"), JSON.stringify({ keep: "field" }, null, 2), "utf8");
+  });
+
+  afterEach(() => {
+    rmDir(PROVIDER_HOME);
+    rmDir(PROVIDER_STORE_ROOT);
+  });
+
+  test("detects providers and previews without mutating files", () => {
+    const codexBefore = fs.readFileSync(path.join(PROVIDER_HOME, ".codex", "config.toml"), "utf8");
+    const providers = detectProviders({ home: PROVIDER_HOME });
+    expect(providers).toEqual(expect.arrayContaining([
+      expect.objectContaining({ id: "codex", detected: true }),
+      expect.objectContaining({ id: "claude-code", detected: true }),
+      expect.objectContaining({ id: "openclaw", detected: true }),
+      expect.objectContaining({ id: "hermes", detected: false })
+    ]));
+
+    const changes = previewProviderInstall({
+      providers: ["codex", "claude-code", "openclaw", "hermes"],
+      proxyUrl,
+      model: "gpt-4",
+      home: PROVIDER_HOME
+    });
+
+    expect(changes).toEqual(expect.arrayContaining([
+      expect.objectContaining({ providerId: "codex", action: "update" }),
+      expect.objectContaining({ providerId: "hermes", action: "create" })
+    ]));
+    expect(fs.readFileSync(path.join(PROVIDER_HOME, ".codex", "config.toml"), "utf8")).toBe(codexBefore);
+  });
+
+  test("applies provider config and rolls back existing and created files", () => {
+    const store = new BuyerStore({ root: PROVIDER_STORE_ROOT });
+    try {
+      const applied = applyProviderInstall({
+        providers: ["codex", "claude-code", "openclaw", "hermes"],
+        proxyUrl,
+        model: "gpt-4",
+        home: PROVIDER_HOME
+      }, store);
+      expect(applied).toEqual(expect.arrayContaining([
+        expect.objectContaining({ providerId: "codex", action: "updated" }),
+        expect.objectContaining({ providerId: "hermes", action: "created" })
+      ]));
+
+      const codex = fs.readFileSync(path.join(PROVIDER_HOME, ".codex", "config.toml"), "utf8");
+      expect(codex).toContain("approval_policy = \"never\"");
+      expect(codex).toContain("[tokenbuddy]");
+      expect(codex).toContain(`proxy_url = "${proxyUrl}"`);
+
+      const claude = JSON.parse(fs.readFileSync(path.join(PROVIDER_HOME, ".claude", "settings.json"), "utf8"));
+      expect(claude.theme).toBe("dark");
+      expect(claude.env.ANTHROPIC_BASE_URL).toBe(proxyUrl);
+
+      const openclaw = JSON.parse(fs.readFileSync(path.join(PROVIDER_HOME, ".openclaw", "config.json"), "utf8"));
+      expect(openclaw.keep).toBe("field");
+      expect(openclaw.api_url).toBe(proxyUrl);
+      expect(fs.existsSync(path.join(PROVIDER_HOME, ".hermes", "settings.json"))).toBe(true);
+      expect(store.getProviderInstallSnapshot("codex")).toBeDefined();
+
+      const rolledBack = rollbackProviderInstall({
+        providers: ["codex", "claude-code", "openclaw", "hermes"],
+        home: PROVIDER_HOME
+      }, store);
+
+      expect(rolledBack).toEqual(expect.arrayContaining([
+        expect.objectContaining({ providerId: "codex", action: "restored" }),
+        expect.objectContaining({ providerId: "hermes", action: "removed" })
+      ]));
+      expect(fs.readFileSync(path.join(PROVIDER_HOME, ".codex", "config.toml"), "utf8")).toBe("approval_policy = \"never\"\n");
+      expect(JSON.parse(fs.readFileSync(path.join(PROVIDER_HOME, ".openclaw", "config.json"), "utf8"))).toEqual({ keep: "field" });
+      expect(fs.existsSync(path.join(PROVIDER_HOME, ".hermes", "settings.json"))).toBe(false);
+      expect(store.getProviderInstallSnapshot("codex")).toBeUndefined();
+    } finally {
+      store.close();
+    }
+  });
+});
+
+describe("TokenBuddy CLI and Daemon Integration Tests", () => {
+  let daemon: TokenbuddyDaemon;
+  let mockSellerServer: http.Server;
+  let sellerReqCount = 0;
+  let completeReqCount = 0;
+  let mockSellerPort: number;
+  let daemonControlPort: number;
+  let daemonProxyPort: number;
+  const sellerRequests: Array<{
+    url?: string;
+    authorization?: string;
+    idempotencyKey?: string;
+    paymentMethod?: string;
+    body?: any;
+  }> = [];
+
+  const readJsonBody = (req: http.IncomingMessage): Promise<any> => new Promise((resolve) => {
+    let body = "";
+    req.on("data", (chunk) => {
+      body += chunk.toString();
+    });
+    req.on("end", () => {
+      resolve(body ? JSON.parse(body) : {});
+    });
+  });
+
+  beforeAll((done) => {
+    mockSellerServer = http.createServer(async (req, res) => {
+      res.setHeader("Content-Type", "application/json");
+
+      if (req.url === "/registry/sellers") {
+        res.end(JSON.stringify({
+          version: 1,
+          defaultSeller: "mock-seller",
+          sellers: [
+            {
+              id: "incompatible-seller",
+              name: "Incompatible Seller",
+              url: `http://127.0.0.1:${mockSellerPort}/incompatible`,
+              supportedProtocols: ["chat_completions"],
+              paymentMethods: ["mock"]
+            },
+            {
+              id: "mock-seller",
+              name: "Mock Seller",
+              url: `http://127.0.0.1:${mockSellerPort}`,
+              supportedProtocols: ["chat_completions", "responses", "messages"],
+              paymentMethods: ["mock"]
+            }
+          ]
+        }));
+        return;
+      }
+
+      if (req.url === "/incompatible/manifest") {
+        res.end(JSON.stringify({
+          sellerId: "incompatible-seller",
+          supportedProtocols: ["chat_completions"],
+          paymentMethods: ["mock"],
+          models: [
+            { id: "other-model" }
+          ]
+        }));
+        return;
+      }
+
+      if (req.url === "/manifest") {
+        res.end(JSON.stringify({
+          sellerId: "mock-seller",
+          supportedProtocols: ["chat_completions", "responses", "messages"],
+          paymentMethods: ["mock"],
+          models: [
+            { id: "gpt-4" },
+            { id: "gpt-4.1-mini" },
+            { id: "claude-3-5-sonnet" }
+          ]
+        }));
+        return;
+      }
+
+      if (req.url === "/purchase/create") {
+        const body = await readJsonBody(req);
+        sellerRequests.push({ url: req.url, paymentMethod: body.paymentMethod, body });
+        sellerReqCount++;
+        res.end(JSON.stringify({
+          purchaseId: "pur_mock_123",
+          status: "pending",
+          creditMicros: 2000000,
+          currency: "USD",
+          expiresAt: new Date(Date.now() + 86400 * 1000).toISOString()
+        }));
+        return;
+      }
+
+      if (req.url === "/purchase/complete") {
+        const body = await readJsonBody(req);
+        sellerRequests.push({ url: req.url, paymentMethod: body.paymentMethod, body });
+        completeReqCount++;
+        res.end(JSON.stringify({
+          purchaseId: "pur_mock_123",
+          status: "active",
+          accessToken: "tok_mock_token_abc",
+          tokenClass: "model:gpt-4",
+          creditMicros: 2000000,
+          currency: "USD"
+        }));
+        return;
+      }
+
+      if (req.url === "/v1/chat/completions") {
+        const body = await readJsonBody(req);
+        sellerRequests.push({
+          url: req.url,
+          authorization: req.headers.authorization,
+          idempotencyKey: req.headers["idempotency-key"] as string | undefined,
+          body
+        });
+        if (body.stream) {
+          res.writeHead(200, { "Content-Type": "text/event-stream" });
+          res.write("data: {\"id\":\"chatcmpl-stream\",\"choices\":[{\"delta\":{\"content\":\"hello\"}}]}\n\n");
+          res.end("data: [DONE]\n\n");
+          return;
+        }
+        res.end(JSON.stringify({
+          id: "chatcmpl-mock",
+          usage: { prompt_tokens: 10, completion_tokens: 10 }
+        }));
+        return;
+      }
+
+      if (req.url === "/v1/responses") {
+        const body = await readJsonBody(req);
+        sellerRequests.push({
+          url: req.url,
+          authorization: req.headers.authorization,
+          idempotencyKey: req.headers["idempotency-key"] as string | undefined,
+          body
+        });
+        res.end(JSON.stringify({
+          id: "resp-mock",
+          usage: { input_tokens: 7, output_tokens: 9 }
+        }));
+        return;
+      }
+
+      if (req.url === "/v1/messages" || req.url === "/messages") {
+        const body = await readJsonBody(req);
+        sellerRequests.push({
+          url: req.url,
+          authorization: req.headers.authorization,
+          idempotencyKey: req.headers["idempotency-key"] as string | undefined,
+          body
+        });
+        res.end(JSON.stringify({
+          id: "msg-mock",
+          usage: { input_tokens: 5, output_tokens: 6 }
+        }));
+        return;
+      }
+
+      res.end("{}");
+    });
+
+    mockSellerServer.listen(0, "127.0.0.1", () => {
+      mockSellerPort = (mockSellerServer.address() as AddressInfo).port;
+      done();
+    });
+  });
+
+  afterAll((done) => {
+    mockSellerServer.close(done);
+  });
+
+  beforeEach(() => {
+    rmSqliteFiles(TEMP_BUYER_DB);
+    sellerReqCount = 0;
+    completeReqCount = 0;
+    sellerRequests.length = 0;
+    const seedStore = new BuyerStore({ dbPath: TEMP_BUYER_DB });
+    seedStore.savePayment({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "control-plane-test" }
+    });
+    seedStore.recordPurchaseLedger({
+      purchaseId: "pur_control_1",
+      sellerKey: "mock-seller",
+      modelId: "gpt-4",
+      paymentMethod: "mock",
+      status: "funded",
+      creditMicros: 1000000,
+      currency: "USD",
+      paymentReference: "raw-control-payment-proof"
+    });
+    seedStore.recordInferenceLedger({
+      requestId: "req_control_1",
+      sellerKey: "mock-seller",
+      modelId: "gpt-4",
+      endpoint: "/v1/chat/completions",
+      status: "settled",
+      promptTokens: 10,
+      completionTokens: 20,
+      billedMicros: 70,
+      prompt: "raw control prompt",
+      response: "raw control response"
+    });
+    seedStore.close();
+
+    daemon = new TokenbuddyDaemon({
+      controlPort: 0,
+      proxyPort: 0,
+      dbPath: TEMP_BUYER_DB,
+      sellerRegistryUrl: `http://127.0.0.1:${mockSellerPort}/registry/sellers`
+    });
+    daemon.start();
+    daemonControlPort = ((daemon as any).controlServer.address() as AddressInfo).port;
+    daemonProxyPort = ((daemon as any).proxyServer.address() as AddressInfo).port;
+  });
+
+  afterEach(() => {
+    daemon.stop();
+    rmSqliteFiles(TEMP_BUYER_DB);
+  });
+
+  test("Terminal detection Candidates works without errors", () => {
+    const list = detectTerminals();
+    expect(list.length).toBeGreaterThan(0);
+    expect(list.some(c => c.id === "claude-code")).toBe(true);
+  });
+
+  test("control plane exposes health, registry-backed models, payments, and safe ledgers", async () => {
+    const controlUrl = `http://127.0.0.1:${daemonControlPort}`;
+
+    const health = await (await fetch(`${controlUrl}/health`)).json() as any;
+    expect(health).toMatchObject({
+      status: "ok",
+      controlPort: daemonControlPort,
+      proxyPort: daemonProxyPort,
+      store: { journalMode: "wal" }
+    });
+
+    const status = await (await fetch(`${controlUrl}/status`)).json() as any;
+    expect(status).toMatchObject({
+      status: "running",
+      controlPort: daemonControlPort,
+      proxyPort: daemonProxyPort,
+      sellerRegistryUrl: `http://127.0.0.1:${mockSellerPort}/registry/sellers`,
+      store: {
+        paymentsCount: 1,
+        purchaseLedgerCount: 1,
+        inferenceLedgerCount: 1
+      }
+    });
+
+    const sellers = await (await fetch(`${controlUrl}/sellers`)).json() as any;
+    expect(sellers.sellers).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        id: "mock-seller",
+        status: "configured",
+        paymentMethods: ["mock"]
+      })
+    ]));
+
+    const models = await (await fetch(`${controlUrl}/models`)).json() as any;
+    expect(models.data).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        id: "gpt-4",
+        sellerId: "mock-seller",
+        paymentMethods: ["mock"]
+      })
+    ]));
+    expect(models.sellers).toEqual(expect.arrayContaining([
+      expect.objectContaining({ id: "mock-seller", status: "ok" })
+    ]));
+
+    const payments = await (await fetch(`${controlUrl}/payments`)).json() as any;
+    expect(payments.payments).toMatchObject([
+      { method: "mock", enabled: true, isDefault: true }
+    ]);
+
+    const purchases = await (await fetch(`${controlUrl}/ledger/purchases`)).json() as any;
+    const inferences = await (await fetch(`${controlUrl}/ledger/inferences`)).json() as any;
+    const publicOutput = JSON.stringify({ purchases, inferences, payments, models, sellers, status, health });
+
+    expect(purchases.purchases).toHaveLength(1);
+    expect(inferences.inferences).toHaveLength(1);
+    expect(publicOutput).toContain("paymentReferenceHash");
+    expect(publicOutput).toContain("promptHash");
+    expect(publicOutput).toContain("responseHash");
+    for (const secret of [
+      "raw-control-payment-proof",
+      "raw control prompt",
+      "raw control response",
+      "payCredential"
+    ]) {
+      expect(publicOutput).not.toContain(secret);
+    }
+  });
+
+  test("coalesces concurrent chat requests and preserves purchase/proxy headers", async () => {
+    const chatReq = {
+      model: "gpt-4",
+      messages: [{ role: "user", content: "raw concurrent prompt secret" }],
+      requestId: "chat_req_parallel"
+    };
+
+    const sendRequest = () => fetch(`http://127.0.0.1:${daemonProxyPort}/v1/chat/completions`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Idempotency-Key": "idem-chat-preserved"
+      },
+      body: JSON.stringify(chatReq)
+    });
+
+    const responses = await Promise.all([
+      sendRequest(), sendRequest(), sendRequest(), sendRequest(), sendRequest(),
+      sendRequest(), sendRequest(), sendRequest(), sendRequest(), sendRequest()
+    ]);
+
+    for (const r of responses) {
+      expect(r.ok).toBe(true);
+      const data: any = await r.json();
+      expect(data.id).toBe("chatcmpl-mock");
+    }
+
+    expect(sellerReqCount).toBe(1);
+    expect(completeReqCount).toBe(1);
+    expect(sellerRequests.find((request) => request.url === "/purchase/create")).toMatchObject({
+      paymentMethod: "mock"
+    });
+    const chatForwards = sellerRequests.filter((request) => request.url === "/v1/chat/completions");
+    expect(chatForwards).toHaveLength(10);
+    expect(chatForwards.every((request) => request.authorization === "Bearer tok_mock_token_abc")).toBe(true);
+    expect(chatForwards.every((request) => request.idempotencyKey === "idem-chat-preserved")).toBe(true);
+
+    const controlUrl = `http://127.0.0.1:${daemonControlPort}`;
+    const purchases = await (await fetch(`${controlUrl}/ledger/purchases`)).json() as any;
+    const inferences = await (await fetch(`${controlUrl}/ledger/inferences`)).json() as any;
+    expect(purchases.purchases.some((entry: any) => entry.purchaseId === "pur_mock_123" && entry.paymentMethod === "mock")).toBe(true);
+    expect(inferences.inferences.filter((entry: any) => entry.endpoint === "/v1/chat/completions")).toHaveLength(11);
+    const publicOutput = JSON.stringify({ purchases, inferences });
+    expect(publicOutput).not.toContain("raw concurrent prompt secret");
+    expect(publicOutput).not.toContain("tok_mock_token_abc");
+  });
+
+  test("proxies models, responses, and anthropic message endpoints through compatible seller manifests", async () => {
+    const proxyUrl = `http://127.0.0.1:${daemonProxyPort}`;
+
+    const models = await (await fetch(`${proxyUrl}/v1/models`)).json() as any;
+    expect(models.data).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        id: "gpt-4",
+        sellerId: "mock-seller"
+      })
+    ]));
+
+    const responses = await fetch(`${proxyUrl}/v1/responses`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Idempotency-Key": "idem-responses-preserved"
+      },
+      body: JSON.stringify({
+        model: "gpt-4.1-mini",
+        input: "raw responses prompt secret",
+        requestId: "responses_req_1"
+      })
+    });
+    expect(responses.ok).toBe(true);
+    expect((await responses.json() as any).id).toBe("resp-mock");
+
+    const largeInput = `raw large responses prompt secret ${"x".repeat(160 * 1024)}`;
+    const largeResponses = await fetch(`${proxyUrl}/v1/responses`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Idempotency-Key": "idem-large-responses-preserved"
+      },
+      body: JSON.stringify({
+        model: "gpt-4.1-mini",
+        input: largeInput,
+        requestId: "responses_req_large"
+      })
+    });
+    expect(largeResponses.ok).toBe(true);
+    expect((await largeResponses.json() as any).id).toBe("resp-mock");
+
+    for (const endpoint of ["/v1/messages", "/messages"]) {
+      const message = await fetch(`${proxyUrl}${endpoint}`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          model: "claude-3-5-sonnet",
+          messages: [{ role: "user", content: "raw anthropic prompt secret" }]
+        })
+      });
+      expect(message.ok).toBe(true);
+      expect((await message.json() as any).id).toBe("msg-mock");
+    }
+
+    expect(sellerRequests.find((request) => request.url === "/v1/responses")?.idempotencyKey).toBe("idem-responses-preserved");
+    expect(sellerRequests.find((request) => request.idempotencyKey === "idem-large-responses-preserved")?.body.input).toHaveLength(largeInput.length);
+    expect(sellerRequests.some((request) => request.url === "/v1/messages")).toBe(true);
+    expect(sellerRequests.some((request) => request.url === "/messages")).toBe(true);
+
+    const inferences = await (await fetch(`http://127.0.0.1:${daemonControlPort}/ledger/inferences`)).json() as any;
+    expect(inferences.inferences).toEqual(expect.arrayContaining([
+      expect.objectContaining({ endpoint: "/v1/responses", promptTokens: 7, completionTokens: 9 }),
+      expect.objectContaining({ endpoint: "/v1/responses", requestId: "responses_req_large" }),
+      expect.objectContaining({ endpoint: "/v1/messages", promptTokens: 5, completionTokens: 6 }),
+      expect.objectContaining({ endpoint: "/messages", promptTokens: 5, completionTokens: 6 })
+    ]));
+    const publicOutput = JSON.stringify(inferences);
+    expect(publicOutput).not.toContain("raw responses prompt secret");
+    expect(publicOutput).not.toContain("raw large responses prompt secret");
+    expect(publicOutput).not.toContain("raw anthropic prompt secret");
+  });
+
+  test("passes through streaming chat responses and records safe ledger metadata", async () => {
+    const response = await fetch(`http://127.0.0.1:${daemonProxyPort}/v1/chat/completions`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Idempotency-Key": "idem-stream-preserved"
+      },
+      body: JSON.stringify({
+        model: "gpt-4",
+        stream: true,
+        messages: [{ role: "user", content: "raw stream prompt secret" }],
+        requestId: "stream_req_1"
+      })
+    });
+
+    expect(response.ok).toBe(true);
+    expect(response.headers.get("content-type")).toContain("text/event-stream");
+    const body = await response.text();
+    expect(body).toContain("chatcmpl-stream");
+    expect(body).toContain("[DONE]");
+    expect(sellerRequests.find((request) => request.url === "/v1/chat/completions" && request.body?.stream)?.idempotencyKey).toBe("idem-stream-preserved");
+
+    const inferences = await (await fetch(`http://127.0.0.1:${daemonControlPort}/ledger/inferences`)).json() as any;
+    expect(inferences.inferences).toEqual(expect.arrayContaining([
+      expect.objectContaining({ endpoint: "/v1/chat/completions", requestId: "stream_req_1" })
+    ]));
+    const publicOutput = JSON.stringify(inferences);
+    expect(publicOutput).not.toContain("raw stream prompt secret");
+    expect(publicOutput).not.toContain("chatcmpl-stream");
+  });
+
+  test("fails closed when no compatible seller can serve the requested model", async () => {
+    const response = await fetch(`http://127.0.0.1:${daemonProxyPort}/v1/chat/completions`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        model: "missing-model",
+        messages: [{ role: "user", content: "hello" }]
+      })
+    });
+    expect(response.status).toBe(502);
+    const data = await response.json() as any;
+    expect(data.error.message).toContain("no compatible seller");
+  });
+});
+
+describe("TokenBuddy manual routing mode", () => {
+  let server: http.Server;
+  let sellerPort: number;
+  let daemon: TokenbuddyDaemon;
+  let daemonProxyPort: number;
+  let daemonControlPort: number;
+  const events: Array<{ seller: string; url?: string }> = [];
+  const dbPath = path.resolve(__dirname, "../../data-test/manual-routing-test.db");
+
+  const readJsonBody = (req: http.IncomingMessage): Promise<any> => new Promise((resolve) => {
+    let body = "";
+    req.on("data", (chunk) => {
+      body += chunk.toString();
+    });
+    req.on("end", () => {
+      resolve(body ? JSON.parse(body) : {});
+    });
+  });
+
+  beforeAll((done) => {
+    server = http.createServer(async (req, res) => {
+      res.setHeader("Content-Type", "application/json");
+      if (req.url === "/registry/sellers") {
+        res.end(JSON.stringify({
+          version: 1,
+          defaultSeller: "primary-seller",
+          sellers: [
+            {
+              id: "primary-seller",
+              name: "Primary Seller",
+              url: `http://127.0.0.1:${sellerPort}/primary`,
+              supportedProtocols: ["chat_completions"],
+              paymentMethods: ["mock"]
+            },
+            {
+              id: "backup-seller",
+              name: "Backup Seller",
+              url: `http://127.0.0.1:${sellerPort}/backup`,
+              supportedProtocols: ["chat_completions"],
+              paymentMethods: ["mock"]
+            }
+          ]
+        }));
+        return;
+      }
+
+      if (req.url === "/primary/manifest") {
+        events.push({ seller: "primary-seller", url: req.url });
+        res.end(JSON.stringify({
+          sellerId: "primary-seller",
+          supportedProtocols: ["chat_completions"],
+          paymentMethods: ["mock"],
+          models: [{ id: "gpt-manual" }]
+        }));
+        return;
+      }
+
+      if (req.url === "/backup/manifest") {
+        events.push({ seller: "backup-seller", url: req.url });
+        res.end(JSON.stringify({
+          sellerId: "backup-seller",
+          supportedProtocols: ["chat_completions"],
+          paymentMethods: ["mock"],
+          models: [{ id: "gpt-manual" }]
+        }));
+        return;
+      }
+
+      const body = await readJsonBody(req);
+      if (req.url === "/primary/purchase/create") {
+        expect(body.paymentMethod).toBe("mock");
+        events.push({ seller: "primary-seller", url: req.url });
+        res.statusCode = 503;
+        res.end(JSON.stringify({ error: { code: "seller_unavailable" } }));
+        return;
+      }
+
+      if (req.url?.startsWith("/backup/")) {
+        events.push({ seller: "backup-seller", url: req.url });
+        res.end(JSON.stringify({ id: "backup-should-not-run" }));
+        return;
+      }
+
+      res.statusCode = 404;
+      res.end(JSON.stringify({ error: "not_found" }));
+    });
+
+    server.listen(0, "127.0.0.1", () => {
+      sellerPort = (server.address() as AddressInfo).port;
+      done();
+    });
+  });
+
+  afterAll((done) => {
+    server.close(done);
+  });
+
+  beforeEach(() => {
+    events.length = 0;
+    rmSqliteFiles(dbPath);
+    const store = new BuyerStore({ dbPath });
+    store.savePayment({
+      method: "mock",
+      enabled: true,
+      isDefault: true,
+      config: { channel: "manual-routing-test" }
+    });
+    store.close();
+
+    daemon = new TokenbuddyDaemon({
+      controlPort: 0,
+      proxyPort: 0,
+      dbPath,
+      sellerRegistryUrl: `http://127.0.0.1:${sellerPort}/registry/sellers`,
+      selectionMode: "manual"
+    });
+    daemon.start();
+    daemonControlPort = ((daemon as any).controlServer.address() as AddressInfo).port;
+    daemonProxyPort = ((daemon as any).proxyServer.address() as AddressInfo).port;
+  });
+
+  afterEach(() => {
+    daemon.stop();
+    rmSqliteFiles(dbPath);
+  });
+
+  test("uses only the default seller and does not prewarm or fail over to backup", async () => {
+    const status = await (await fetch(`http://127.0.0.1:${daemonControlPort}/status`)).json() as any;
+    expect(status.selectionMode).toBe("manual");
+
+    const response = await fetch(`http://127.0.0.1:${daemonProxyPort}/v1/chat/completions`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        model: "gpt-manual",
+        messages: [{ role: "user", content: "manual mode should not fail over" }]
+      })
+    });
+
+    expect(response.status).toBe(502);
+    const output = await response.json() as any;
+    expect(output.error.message).toContain("purchase/create failed");
+    expect(events).toEqual([
+      { seller: "primary-seller", url: "/primary/manifest" },
+      { seller: "primary-seller", url: "/primary/purchase/create" }
+    ]);
+
+    const purchases = await (await fetch(`http://127.0.0.1:${daemonControlPort}/ledger/purchases`)).json() as any;
+    const inferences = await (await fetch(`http://127.0.0.1:${daemonControlPort}/ledger/inferences`)).json() as any;
+    expect(purchases.purchases.some((entry: any) => entry.sellerKey === "backup-seller")).toBe(false);
+    expect(inferences.inferences.some((entry: any) => entry.sellerKey === "backup-seller")).toBe(false);
+  });
+});