@tokenbuddy/tokenbuddy 1.0.4

package/src/daemon.ts

@@ -0,0 +1,1158 @@
+import express, { Request, Response } from "express";
+import * as crypto from "crypto";
+import { spawn } from "child_process";
+import * as fs from "fs";
+import { AddressInfo } from "net";
+import { createModuleLogger } from "@tokenbuddy/logging";
+import { BuyerStore } from "./buyer-store.js";
+import {
+  applyProviderInstall,
+  detectProviders,
+  previewProviderInstall,
+  rollbackProviderInstall
+} from "./provider-install.js";
+
+const logger = createModuleLogger("tb-proxyd");
+const PROXY_JSON_BODY_LIMIT = "10mb";
+
+export interface DaemonConfig {
+  controlPort: number;
+  proxyPort: number;
+  dbPath: string;
+  sellerRegistryUrl: string;
+  selectionMode?: "auto" | "manual";
+}
+
+interface RegistrySeller {
+  id: string;
+  name?: string;
+  url: string;
+  supportedProtocols?: string[];
+  paymentMethods?: string[];
+}
+
+interface SellerRegistryDocument {
+  version: number;
+  defaultSeller?: string;
+  sellers: RegistrySeller[];
+}
+
+interface SellerManifest {
+  sellerId?: string;
+  seller_id?: string;
+  supportedProtocols?: string[];
+  supported_protocols?: string[];
+  paymentMethods?: string[];
+  payment_methods?: string[];
+  models?: Array<{ id: string; [key: string]: unknown }>;
+}
+
+interface SellerRoute {
+  seller: RegistrySeller;
+  manifest: SellerManifest;
+  protocol: string;
+  modelId: string;
+  paymentMethod: string;
+}
+
+interface UsageSummary {
+  promptTokens: number;
+  completionTokens: number;
+  billedMicros: number;
+}
+
+interface PurchaseCreateResponse {
+  purchaseId?: string;
+  purchase_id?: string;
+  status?: string;
+  creditMicros?: number;
+  credit_micros?: number;
+  currency?: string;
+  paymentReference?: string;
+  payment_reference?: string;
+  expiresAt?: string;
+  expires_at?: string;
+  quote?: unknown;
+  paymentInstructions?: unknown;
+  payment_instructions?: unknown;
+  error?: { message?: string };
+}
+
+interface PurchaseCompleteResponse extends PurchaseCreateResponse {
+  accessToken?: string;
+  access_token?: string;
+  tokenClass?: string;
+  token_class?: string;
+}
+
+export class TokenbuddyDaemon {
+  private config: DaemonConfig;
+  private tokenStore: BuyerStore;
+  private controlServer?: any;
+  private proxyServer?: any;
+  private selectionMode: "auto" | "manual";
+
+  private activePurchases = new Map<string, Promise<string>>();
+
+  constructor(config: DaemonConfig) {
+    this.config = config;
+    this.selectionMode = config.selectionMode || "auto";
+    this.tokenStore = new BuyerStore({ dbPath: config.dbPath });
+  }
+
+  private activeControlPort(): number {
+    const address = this.controlServer?.address?.() as AddressInfo | string | null | undefined;
+    return typeof address === "object" && address ? address.port : this.config.controlPort;
+  }
+
+  private activeProxyPort(): number {
+    const address = this.proxyServer?.address?.() as AddressInfo | string | null | undefined;
+    return typeof address === "object" && address ? address.port : this.config.proxyPort;
+  }
+
+  private async fetchRegistry(): Promise<SellerRegistryDocument> {
+    const response = await fetch(this.config.sellerRegistryUrl);
+    if (!response.ok) {
+      throw new Error(`registry returned ${response.status}`);
+    }
+    const data = await response.json() as SellerRegistryDocument;
+    if (!data || !Array.isArray(data.sellers)) {
+      throw new Error("registry response missing sellers");
+    }
+    return data;
+  }
+
+  private async fetchSellerManifest(seller: RegistrySeller): Promise<SellerManifest> {
+    const baseUrl = seller.url.replace(/\/+$/, "");
+    const response = await fetch(`${baseUrl}/manifest`);
+    if (!response.ok) {
+      throw new Error(`manifest returned ${response.status}`);
+    }
+    return await response.json() as SellerManifest;
+  }
+
+  private runtimeSummary() {
+    return {
+      status: "running",
+      pid: process.pid,
+      controlPort: this.activeControlPort(),
+      proxyPort: this.activeProxyPort(),
+      selectionMode: this.selectionMode,
+      dbPath: this.config.dbPath,
+      sellerRegistryUrl: this.config.sellerRegistryUrl,
+      store: this.tokenStore.summary()
+    };
+  }
+
+  private normalizeSellerUrl(seller: RegistrySeller): string {
+    return seller.url.replace(/\/+$/, "");
+  }
+
+  private endpointProtocol(endpoint: string): string | undefined {
+    if (endpoint === "/v1/chat/completions") {
+      return "chat_completions";
+    }
+    if (endpoint === "/v1/responses") {
+      return "responses";
+    }
+    if (endpoint === "/v1/messages" || endpoint === "/messages") {
+      return "messages";
+    }
+    return undefined;
+  }
+
+  private extractModelId(endpoint: string, body: unknown): string | undefined {
+    if (body && typeof body === "object" && "model" in body) {
+      const model = (body as { model?: unknown }).model;
+      return typeof model === "string" && model.trim() ? model.trim() : undefined;
+    }
+    if (endpoint === "/v1/responses" && body && typeof body === "object" && "model_id" in body) {
+      const model = (body as { model_id?: unknown }).model_id;
+      return typeof model === "string" && model.trim() ? model.trim() : undefined;
+    }
+    return undefined;
+  }
+
+  private manifestProtocols(manifest: SellerManifest, seller: RegistrySeller): string[] {
+    const protocols = manifest.supportedProtocols || manifest.supported_protocols || seller.supportedProtocols || [];
+    return protocols.includes("anthropic_messages") && !protocols.includes("messages")
+      ? [...protocols, "messages"]
+      : protocols;
+  }
+
+  private manifestPaymentMethods(manifest: SellerManifest, seller: RegistrySeller): string[] {
+    return manifest.paymentMethods || manifest.payment_methods || seller.paymentMethods || [];
+  }
+
+  private manifestModelIds(manifest: SellerManifest): string[] {
+    return (manifest.models || []).map((model) => model.id).filter((id) => typeof id === "string" && id.length > 0);
+  }
+
+  private defaultPaymentMethod(): string | undefined {
+    const payments = this.tokenStore.listPayments().filter((payment) => payment.enabled);
+    return payments.find((payment) => payment.isDefault)?.method || payments.find((payment) => payment.method === "mock")?.method;
+  }
+
+  private async selectSellerRoutes(endpoint: string, modelId: string): Promise<SellerRoute[]> {
+    const protocol = this.endpointProtocol(endpoint);
+    if (!protocol) {
+      throw new Error(`unsupported proxy endpoint: ${endpoint}`);
+    }
+    const paymentMethod = this.defaultPaymentMethod();
+    if (!paymentMethod || !["mock", "clawtip"].includes(paymentMethod)) {
+      throw new Error("mock or clawtip payment method is not configured as an enabled buyer payment method");
+    }
+
+    const registry = await this.fetchRegistry();
+    const defaultSellers = registry.sellers.filter((seller) => seller.id === registry.defaultSeller);
+    const backupSellers = registry.sellers.filter((seller) => seller.id !== registry.defaultSeller);
+    const sellers = this.selectionMode === "manual" ? defaultSellers : [...defaultSellers, ...backupSellers];
+
+    const routes: SellerRoute[] = [];
+    for (const seller of sellers) {
+      let manifest: SellerManifest;
+      try {
+        manifest = await this.fetchSellerManifest(seller);
+      } catch (error: unknown) {
+        logger.warn("route.manifest.failed", "seller manifest unavailable during route selection", {
+          sellerKey: seller.id,
+          model: modelId,
+          endpoint,
+          errorMessage: error instanceof Error ? error.message : String(error)
+        });
+        continue;
+      }
+
+      const protocols = this.manifestProtocols(manifest, seller);
+      const paymentMethods = this.manifestPaymentMethods(manifest, seller);
+      const modelIds = this.manifestModelIds(manifest);
+      if (!protocols.includes(protocol) || !paymentMethods.includes(paymentMethod) || !modelIds.includes(modelId)) {
+        continue;
+      }
+
+      routes.push({
+        seller,
+        manifest,
+        protocol,
+        modelId,
+        paymentMethod
+      });
+    }
+
+    if (routes.length === 0) {
+      throw new Error(`no compatible seller for ${endpoint} model ${modelId}`);
+    }
+
+    logger.info("route.candidates.prewarmed", "seller route candidates prewarmed", {
+      model: modelId,
+      endpoint,
+      protocol,
+      paymentMethod,
+      selectionMode: this.selectionMode,
+      sellerCount: routes.length,
+      sellers: routes.map((route) => route.seller.id)
+    });
+    return routes;
+  }
+
+  private logRouteSelected(route: SellerRoute, endpoint: string, routeIndex: number): void {
+    logger.info("route.selected", "seller route selected", {
+      sellerKey: route.seller.id,
+      model: route.modelId,
+      endpoint,
+      protocol: route.protocol,
+      paymentMethod: route.paymentMethod,
+      routeIndex,
+      backup: routeIndex > 0
+    });
+  }
+
+  private shouldFailoverStatus(status: number): boolean {
+    return status === 429 || status >= 500;
+  }
+
+  private logFailover(
+    route: SellerRoute,
+    endpoint: string,
+    routeIndex: number,
+    reason: string,
+    status?: number
+  ): void {
+    logger.warn("route.failover.triggered", "seller route failed over to backup candidate", {
+      sellerKey: route.seller.id,
+      model: route.modelId,
+      endpoint,
+      routeIndex,
+      reason,
+      status
+    });
+  }
+
+  private failoverErrorMessage(error: unknown): string {
+    return error instanceof Error ? error.message : String(error);
+  }
+
+  private async selectSeller(endpoint: string, modelId: string): Promise<SellerRoute> {
+    const routes = await this.selectSellerRoutes(endpoint, modelId);
+    const route = routes[0];
+    this.logRouteSelected(route, endpoint, 0);
+    return route;
+  }
+
+  private async listSellerBackedModels(): Promise<{
+    models: Array<{ id: string; sellerId: string; sellerName?: string; sellerUrl: string; supportedProtocols: string[]; paymentMethods: string[] }>;
+    sellers: Array<{ id: string; name?: string; url: string; status: string; manifestSellerId?: string; errorMessage?: string }>;
+  }> {
+    const registry = await this.fetchRegistry();
+    const sellerResults = await Promise.all(registry.sellers.map(async (seller) => {
+      try {
+        const manifest = await this.fetchSellerManifest(seller);
+        const protocols = this.manifestProtocols(manifest, seller);
+        const paymentMethods = this.manifestPaymentMethods(manifest, seller);
+        const models = (manifest.models || []).map((model) => ({
+          id: model.id,
+          sellerId: seller.id,
+          sellerName: seller.name,
+          sellerUrl: seller.url,
+          supportedProtocols: protocols,
+          paymentMethods
+        }));
+        return {
+          seller: {
+            id: seller.id,
+            name: seller.name,
+            url: seller.url,
+            status: "ok",
+            manifestSellerId: manifest.sellerId || manifest.seller_id || seller.id
+          },
+          models
+        };
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("models.refresh.seller_failed", "seller manifest refresh failed", {
+          sellerId: seller.id,
+          errorMessage
+        });
+        return {
+          seller: {
+            id: seller.id,
+            name: seller.name,
+            url: seller.url,
+            status: "failed",
+            errorMessage
+          },
+          models: []
+        };
+      }
+    }));
+    return {
+      models: sellerResults.flatMap((result) => result.models),
+      sellers: sellerResults.map((result) => result.seller)
+    };
+  }
+
+  private readUsage(bodyText: string): UsageSummary {
+    const fallback: UsageSummary = {
+      promptTokens: 0,
+      completionTokens: 0,
+      billedMicros: 0
+    };
+    if (!bodyText.trim()) {
+      return fallback;
+    }
+    try {
+      const data = JSON.parse(bodyText) as {
+        usage?: {
+          prompt_tokens?: number;
+          completion_tokens?: number;
+          input_tokens?: number;
+          output_tokens?: number;
+        };
+      };
+      const promptTokens = data.usage?.prompt_tokens ?? data.usage?.input_tokens ?? 0;
+      const completionTokens = data.usage?.completion_tokens ?? data.usage?.output_tokens ?? 0;
+      return {
+        promptTokens,
+        completionTokens,
+        billedMicros: (promptTokens + completionTokens) * 4
+      };
+    } catch {
+      return fallback;
+    }
+  }
+
+  private inferPromptForHash(body: unknown): string | undefined {
+    if (!body || typeof body !== "object") {
+      return undefined;
+    }
+    const compact = JSON.stringify(body);
+    return compact.length > 0 ? compact : undefined;
+  }
+
+  private autoPurchaseAmountUsdMicros(): number {
+    const raw = process.env.TB_PROXYD_AUTO_PURCHASE_AMOUNT_USD_MICROS;
+    const parsed = raw ? Number(raw) : 2000000;
+    if (!Number.isInteger(parsed) || parsed < 1) {
+      return 2000000;
+    }
+    return parsed;
+  }
+
+  private tokenRebuyMinBalanceMicros(): number {
+    const raw = process.env.TB_PROXYD_TOKEN_REBUY_MIN_BALANCE_MICROS;
+    const parsed = raw ? Number(raw) : 200000;
+    if (!Number.isInteger(parsed) || parsed < 0) {
+      return 200000;
+    }
+    return parsed;
+  }
+
+  private async getOrPurchaseToken(route: SellerRoute): Promise<string> {
+    const sellerKey = route.seller.id;
+    const sellerUrl = this.normalizeSellerUrl(route.seller);
+    const { modelId, paymentMethod } = route;
+    const cached = this.tokenStore.getToken(sellerKey);
+    const rebuyMinBalanceMicros = this.tokenRebuyMinBalanceMicros();
+    if (cached && cached.balanceMicros > rebuyMinBalanceMicros) {
+      logger.info("token.cache.hit", "seller token cache hit", {
+        sellerKey,
+        model: modelId,
+        balanceMicros: cached.balanceMicros,
+        rebuyMinBalanceMicros
+      });
+      return cached.token;
+    }
+    logger.info("token.cache.miss", "seller token cache miss", {
+      sellerKey,
+      model: modelId,
+      balanceMicros: cached?.balanceMicros || 0,
+      rebuyMinBalanceMicros
+    });
+
+    const purchaseKey = `${sellerKey}:${modelId}:${paymentMethod}`;
+    const purchasePromise = this.activePurchases.get(purchaseKey);
+    if (purchasePromise) {
+      logger.info("purchase.lock.awaited", "parallel request awaiting active purchase", {
+        sellerKey,
+        model: modelId
+      });
+      return purchasePromise;
+    }
+
+    const purchaseTask = (async () => {
+      const startedAt = Date.now();
+      const amountUsdMicros = this.autoPurchaseAmountUsdMicros();
+      logger.info("purchase.token.started", "seller token purchase started", {
+        sellerKey,
+        model: modelId,
+        paymentMethod,
+        amountUsdMicros
+      });
+      try {
+        // 1. purchase/create
+        const createRes = await fetch(`${sellerUrl}/purchase/create`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            amountUsdMicros,
+            currency: "USD",
+            requestKey: `pur_req_${crypto.randomBytes(8).toString("hex")}`,
+            paymentMethod,
+            modelId
+          })
+        });
+        const createData = await createRes.json() as PurchaseCreateResponse;
+        if (!createRes.ok) {
+          logger.warn("purchase.create.failed", "seller purchase create failed", {
+            sellerKey,
+            model: modelId,
+            status: createRes.status,
+            errorMessage: createData.error?.message || "purchase/create failed",
+            durationMs: Date.now() - startedAt
+          });
+          throw new Error(createData.error?.message || "purchase/create failed");
+        }
+        const purchaseId = createData.purchaseId || createData.purchase_id;
+        if (!purchaseId) {
+          throw new Error("purchase/create response missing purchaseId");
+        }
+        this.tokenStore.upsertPendingPurchase({
+          purchaseId,
+          sellerKey,
+          modelId,
+          paymentMethod,
+          amountUsdMicros,
+          status: createData.status || "pending",
+          paymentReference: createData.paymentReference || createData.payment_reference,
+          expiresAt: createData.expiresAt || createData.expires_at
+        });
+        logger.info("purchase.create.succeeded", "seller purchase created", {
+          sellerKey,
+          model: modelId,
+          purchaseId,
+          status: createRes.status
+        });
+
+        const paymentProof = await this.resolvePaymentProof(route, createData);
+        const completeRes = await fetch(`${sellerUrl}/purchase/complete`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            purchaseId,
+            paymentProof,
+            requestKey: `comp_req_${crypto.randomBytes(8).toString("hex")}`,
+            paymentMethod
+          })
+        });
+        const completeData = await completeRes.json() as PurchaseCompleteResponse;
+        if (!completeRes.ok) {
+          logger.warn("purchase.complete.failed", "seller purchase complete failed", {
+            sellerKey,
+            model: modelId,
+            purchaseId,
+            status: completeRes.status,
+            errorMessage: completeData.error?.message || "purchase/complete failed",
+            durationMs: Date.now() - startedAt
+          });
+          throw new Error(completeData.error?.message || "purchase/complete failed");
+        }
+
+        const token = completeData.accessToken || completeData.access_token;
+        if (!token) {
+          throw new Error("purchase/complete response missing accessToken");
+        }
+        const tokenClass = completeData.tokenClass || completeData.token_class || `model:${modelId}`;
+        const creditMicros = completeData.creditMicros ?? completeData.credit_micros ?? createData.creditMicros ?? createData.credit_micros ?? 0;
+        const currency = completeData.currency || createData.currency || "USD";
+        const expiresAt = new Date(Date.now() + 86400 * 1000).toISOString();
+
+        this.tokenStore.saveToken(sellerKey, token, tokenClass, creditMicros, expiresAt);
+        this.tokenStore.recordPurchaseLedger({
+          purchaseId,
+          sellerKey,
+          modelId,
+          paymentMethod,
+          status: completeData.status || "funded",
+          creditMicros,
+          currency,
+          paymentReference: completeData.paymentReference || completeData.payment_reference,
+          completedAt: new Date().toISOString()
+        });
+        logger.info("purchase.token.succeeded", "seller token purchased", {
+          sellerKey,
+          model: modelId,
+          purchaseId,
+          tokenClass,
+          creditMicros,
+          durationMs: Date.now() - startedAt
+        });
+
+        return token;
+      } catch (error: unknown) {
+        logger.error("purchase.token.failed", "seller token purchase failed", {
+          sellerKey,
+          model: modelId,
+          errorMessage: error instanceof Error ? error.message : String(error),
+          durationMs: Date.now() - startedAt
+        });
+        throw error;
+      } finally {
+        this.activePurchases.delete(purchaseKey);
+      }
+    })();
+
+    this.activePurchases.set(purchaseKey, purchaseTask);
+    return purchaseTask;
+  }
+
+  private async resolvePaymentProof(route: SellerRoute, createData: PurchaseCreateResponse): Promise<string> {
+    if (route.paymentMethod === "mock") {
+      return "mock-proof-data";
+    }
+
+    if (route.paymentMethod !== "clawtip") {
+      throw new Error(`unsupported payment method for auto purchase: ${route.paymentMethod}`);
+    }
+
+    const proofCommand = process.env.TB_PROXYD_CLAWTIP_PROOF_COMMAND;
+    if (proofCommand?.trim()) {
+      return await this.runClawtipProofCommand(route, createData, proofCommand.trim());
+    }
+
+    const proofFile = process.env.TOKENBUDDY_CLAWTIP_PAYMENT_PROOF_FILE || process.env.TOKENBUDDY_CLAWTIP_PROOF_FILE;
+    if (proofFile?.trim()) {
+      return fs.readFileSync(proofFile.trim(), "utf8").trim();
+    }
+
+    const proof = process.env.TOKENBUDDY_CLAWTIP_PAYMENT_PROOF;
+    if (proof?.trim()) {
+      return proof.trim();
+    }
+
+    throw new Error("clawtip auto purchase requires TB_PROXYD_CLAWTIP_PROOF_COMMAND or a ClawTip proof env/file");
+  }
+
+  private runClawtipProofCommand(
+    route: SellerRoute,
+    createData: PurchaseCreateResponse,
+    commandPath: string
+  ): Promise<string> {
+    const timeoutMs = this.clawtipProofTimeoutMs();
+    const payload = JSON.stringify({
+      sellerKey: route.seller.id,
+      sellerUrl: this.normalizeSellerUrl(route.seller),
+      modelId: route.modelId,
+      purchase: createData,
+      paymentInstructions: createData.paymentInstructions || createData.payment_instructions,
+      quote: createData.quote
+    });
+
+    logger.info("purchase.clawtip_proof.started", "clawtip proof provider started", {
+      sellerKey: route.seller.id,
+      model: route.modelId,
+      timeoutMs
+    });
+
+    return new Promise((resolve, reject) => {
+      const child = spawn(commandPath, [], {
+        stdio: ["pipe", "pipe", "pipe"],
+        env: {
+          ...process.env,
+          TB_PROXYD_CLAWTIP_SELLER_KEY: route.seller.id,
+          TB_PROXYD_CLAWTIP_MODEL_ID: route.modelId
+        }
+      });
+      let stdout = "";
+      let stderr = "";
+      let settled = false;
+      const startedAt = Date.now();
+      const timer = setTimeout(() => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        child.kill("SIGTERM");
+        reject(new Error("clawtip proof provider timed out"));
+      }, timeoutMs);
+
+      child.stdout.on("data", (chunk: Buffer) => {
+        stdout += chunk.toString("utf8");
+        if (stdout.length > 1024 * 1024) {
+          child.kill("SIGTERM");
+        }
+      });
+      child.stderr.on("data", (chunk: Buffer) => {
+        stderr += chunk.toString("utf8").slice(0, 2048);
+      });
+      child.on("error", (error) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        clearTimeout(timer);
+        reject(error);
+      });
+      child.on("close", (code) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        clearTimeout(timer);
+        const proof = stdout.trim();
+        if (code !== 0 || !proof) {
+          reject(new Error(`clawtip proof provider failed with exit ${code}: ${stderr.trim() || "empty proof"}`));
+          return;
+        }
+        logger.info("purchase.clawtip_proof.succeeded", "clawtip proof provider succeeded", {
+          sellerKey: route.seller.id,
+          model: route.modelId,
+          durationMs: Date.now() - startedAt
+        });
+        resolve(proof);
+      });
+      child.stdin.end(payload);
+    });
+  }
+
+  private clawtipProofTimeoutMs(): number {
+    const raw = process.env.TB_PROXYD_CLAWTIP_PROOF_TIMEOUT_MS;
+    const parsed = raw ? Number(raw) : 120000;
+    if (!Number.isInteger(parsed) || parsed < 1000 || parsed > 600000) {
+      return 120000;
+    }
+    return parsed;
+  }
+
+  private copyUpstreamHeaders(upstreamResponse: globalThis.Response, res: Response): void {
+    upstreamResponse.headers.forEach((value, key) => {
+      const lowerKey = key.toLowerCase();
+      if (["connection", "keep-alive", "transfer-encoding", "upgrade"].includes(lowerKey)) {
+        return;
+      }
+      res.setHeader(key, value);
+    });
+  }
+
+  private async forwardProxyRequest(endpoint: string, req: Request, res: Response): Promise<void> {
+    const startedAt = Date.now();
+    const body = req.body || {};
+    const modelId = this.extractModelId(endpoint, body);
+    const requestId = req.header("x-request-id") || (body && typeof body === "object" ? (body as { requestId?: string }).requestId : undefined) || `proxy_req_${crypto.randomBytes(8).toString("hex")}`;
+    const idempotencyKey = req.header("idempotency-key") || `idem_${crypto.randomBytes(12).toString("hex")}`;
+
+    if (!modelId) {
+      res.status(400).json({ error: { code: "model_required", message: "request body must include model" } });
+      return;
+    }
+
+    try {
+      const routes = await this.selectSellerRoutes(endpoint, modelId);
+      let lastError: unknown;
+
+      for (let routeIndex = 0; routeIndex < routes.length; routeIndex += 1) {
+        const route = routes[routeIndex];
+        const sellerKey = route.seller.id;
+        this.logRouteSelected(route, endpoint, routeIndex);
+        try {
+          logger.info("proxy.request.started", "proxy request started", {
+            requestId,
+            sellerKey,
+            model: modelId,
+            endpoint,
+            stream: Boolean((body as { stream?: unknown }).stream)
+          });
+          const token = await this.getOrPurchaseToken(route);
+          const sellerUrl = this.normalizeSellerUrl(route.seller);
+          const upstreamBody = {
+            ...(body as Record<string, unknown>),
+            requestId
+          };
+
+          logger.info("proxy.upstream_fetch.started", "proxy upstream fetch started", {
+            requestId,
+            sellerKey,
+            model: modelId,
+            endpoint,
+            stream: Boolean((body as { stream?: unknown }).stream)
+          });
+          const upstreamResponse = await fetch(`${sellerUrl}${endpoint}`, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "Authorization": `Bearer ${token}`,
+              "X-Request-Id": requestId,
+              "Idempotency-Key": idempotencyKey
+            },
+            body: JSON.stringify(upstreamBody)
+          });
+
+          if (!upstreamResponse.ok) {
+            const errorBody = await upstreamResponse.text();
+            logger.warn("proxy.upstream_fetch.failed", "proxy upstream fetch returned non-ok status", {
+              requestId,
+              sellerKey,
+              model: modelId,
+              endpoint,
+              status: upstreamResponse.status,
+              durationMs: Date.now() - startedAt
+            });
+            if (this.shouldFailoverStatus(upstreamResponse.status) && routeIndex < routes.length - 1) {
+              lastError = new Error(`seller ${sellerKey} returned ${upstreamResponse.status}`);
+              this.logFailover(route, endpoint, routeIndex, "upstream_status", upstreamResponse.status);
+              continue;
+            }
+            this.copyUpstreamHeaders(upstreamResponse, res);
+            res.status(upstreamResponse.status);
+            res.send(errorBody);
+            return;
+          }
+
+          this.copyUpstreamHeaders(upstreamResponse, res);
+          res.status(upstreamResponse.status);
+          logger.info("proxy.upstream_fetch.succeeded", "proxy upstream fetch succeeded", {
+            requestId,
+            sellerKey,
+            model: modelId,
+            endpoint,
+            status: upstreamResponse.status,
+            stream: Boolean((body as { stream?: unknown }).stream)
+          });
+
+          const contentType = upstreamResponse.headers.get("content-type") || "";
+          if (contentType.includes("text/event-stream") || Boolean((body as { stream?: unknown }).stream)) {
+            const reader = upstreamResponse.body?.getReader();
+            if (!reader) {
+              res.end();
+              return;
+            }
+            let bytes = 0;
+            while (true) {
+              const { done, value } = await reader.read();
+              if (done) {
+                break;
+              }
+              bytes += value.byteLength;
+              res.write(Buffer.from(value));
+            }
+            res.end();
+            const billedMicros = Math.max(1, bytes);
+            this.tokenStore.deductBalance(sellerKey, billedMicros);
+            this.tokenStore.recordInferenceLedger({
+              requestId,
+              sellerKey,
+              modelId,
+              endpoint,
+              status: "settled",
+              promptTokens: 0,
+              completionTokens: 0,
+              billedMicros,
+              prompt: this.inferPromptForHash(body)
+            });
+            logger.info("inference.ledger.recorded", "safe inference ledger recorded", {
+              requestId,
+              sellerKey,
+              model: modelId,
+              endpoint,
+              status: "settled",
+              billedMicros
+            });
+            return;
+          }
+
+          const responseBody = await upstreamResponse.text();
+          res.send(responseBody);
+          const usage = this.readUsage(responseBody);
+          this.tokenStore.deductBalance(sellerKey, usage.billedMicros);
+          this.tokenStore.recordInferenceLedger({
+            requestId,
+            sellerKey,
+            modelId,
+            endpoint,
+            status: "settled",
+            promptTokens: usage.promptTokens,
+            completionTokens: usage.completionTokens,
+            billedMicros: usage.billedMicros,
+            prompt: this.inferPromptForHash(body),
+            response: responseBody
+          });
+          logger.info("inference.ledger.recorded", "safe inference ledger recorded", {
+            requestId,
+            sellerKey,
+            model: modelId,
+            endpoint,
+            status: "settled",
+            promptTokens: usage.promptTokens,
+            completionTokens: usage.completionTokens,
+            billedMicros: usage.billedMicros
+          });
+          return;
+        } catch (routeError: unknown) {
+          lastError = routeError;
+          logger.warn("proxy.route.failed", "seller route failed before response", {
+            requestId,
+            sellerKey,
+            model: modelId,
+            endpoint,
+            errorMessage: this.failoverErrorMessage(routeError),
+            durationMs: Date.now() - startedAt
+          });
+          if (!res.headersSent && routeIndex < routes.length - 1) {
+            this.logFailover(route, endpoint, routeIndex, "exception");
+            continue;
+          }
+          throw routeError;
+        }
+      }
+
+      throw lastError instanceof Error ? lastError : new Error("all seller routes failed");
+    } catch (error: unknown) {
+      logger.error("proxy.request.failed", "proxy request failed", {
+        requestId,
+        model: modelId,
+        endpoint,
+        errorMessage: error instanceof Error ? error.message : String(error),
+        durationMs: Date.now() - startedAt
+      });
+      if (!res.headersSent) {
+        res.status(502).json({
+          error: {
+            code: "proxy_request_failed",
+            message: error instanceof Error ? error.message : String(error)
+          }
+        });
+      }
+    }
+  }
+
+  public start() {
+    // 1. Control Plane Server (17820)
+    const controlApp = express();
+    controlApp.use(express.json());
+
+    controlApp.get("/health", (req, res) => {
+      logger.info("control.health.requested", "control health requested", {
+        controlPort: this.activeControlPort(),
+        proxyPort: this.activeProxyPort()
+      });
+      res.status(200).json({
+        status: "ok",
+        controlPort: this.activeControlPort(),
+        proxyPort: this.activeProxyPort(),
+        store: {
+          journalMode: this.tokenStore.journalMode()
+        }
+      });
+    });
+
+    controlApp.get("/status", (req, res) => {
+      logger.info("control.status.requested", "control status requested", {
+        controlPort: this.activeControlPort(),
+        proxyPort: this.activeProxyPort()
+      });
+      res.status(200).json({
+        ...this.runtimeSummary()
+      });
+    });
+
+    controlApp.get("/payments", (req, res) => {
+      logger.info("control.payments.requested", "control payments requested", {});
+      res.status(200).json({
+        payments: this.tokenStore.listPayments()
+      });
+    });
+
+    controlApp.get("/ledger/purchases", (req, res) => {
+      logger.info("control.ledger.requested", "control purchase ledger requested", {
+        ledger: "purchases"
+      });
+      res.status(200).json({
+        purchases: this.tokenStore.listPurchaseLedger()
+      });
+    });
+
+    controlApp.get("/ledger/inferences", (req, res) => {
+      logger.info("control.ledger.requested", "control inference ledger requested", {
+        ledger: "inferences"
+      });
+      res.status(200).json({
+        inferences: this.tokenStore.listInferenceLedger()
+      });
+    });
+
+    controlApp.get("/sellers", async (req, res) => {
+      try {
+        const registry = await this.fetchRegistry();
+        logger.info("sellers.refresh.succeeded", "seller registry refreshed", {
+          sellerCount: registry.sellers.length
+        });
+        res.status(200).json({
+          registryUrl: this.config.sellerRegistryUrl,
+          version: registry.version,
+          defaultSeller: registry.defaultSeller,
+          sellers: registry.sellers.map((seller) => ({
+            id: seller.id,
+            name: seller.name,
+            url: seller.url,
+            supportedProtocols: seller.supportedProtocols || [],
+            paymentMethods: seller.paymentMethods || [],
+            status: "configured"
+          }))
+        });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("sellers.refresh.failed", "seller registry refresh failed", {
+          registryUrl: this.config.sellerRegistryUrl,
+          errorMessage
+        });
+        res.status(502).json({
+          error: {
+            code: "registry_unavailable",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    controlApp.get("/models", async (req, res) => {
+      try {
+        const { models, sellers } = await this.listSellerBackedModels();
+        logger.info("models.refresh.succeeded", "seller models refreshed", {
+          sellerCount: sellers.length,
+          modelCount: models.length
+        });
+        res.status(200).json({
+          object: "list",
+          registryUrl: this.config.sellerRegistryUrl,
+          data: models,
+          sellers
+        });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("models.refresh.failed", "model refresh failed", {
+          registryUrl: this.config.sellerRegistryUrl,
+          errorMessage
+        });
+        res.status(502).json({
+          error: {
+            code: "models_unavailable",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    controlApp.post("/providers/detect", (req, res) => {
+      try {
+        const providers = detectProviders({ home: typeof req.body?.home === "string" ? req.body.home : undefined });
+        logger.info("provider.detect.succeeded", "provider detection succeeded", {
+          providerCount: providers.length,
+          detectedCount: providers.filter((provider) => provider.detected).length
+        });
+        res.status(200).json({ providers });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("provider.detect.failed", "provider detection failed", { errorMessage });
+        res.status(400).json({
+          error: {
+            code: "provider_detect_failed",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    controlApp.post("/providers/install/preview", (req, res) => {
+      try {
+        const changes = previewProviderInstall({
+          providers: Array.isArray(req.body?.providers) ? req.body.providers : [],
+          proxyUrl: String(req.body?.proxyUrl || ""),
+          model: String(req.body?.model || ""),
+          home: typeof req.body?.home === "string" ? req.body.home : undefined
+        });
+        logger.info("provider.install.previewed", "provider install previewed", {
+          providerCount: new Set(changes.map((change) => change.providerId)).size,
+          changeCount: changes.length
+        });
+        res.status(200).json({
+          changes: changes.map(({ content, ...change }) => change)
+        });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("provider.install.preview_failed", "provider install preview failed", { errorMessage });
+        res.status(400).json({
+          error: {
+            code: "provider_install_preview_failed",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    controlApp.post("/providers/install/apply", (req, res) => {
+      try {
+        const applied = applyProviderInstall({
+          providers: Array.isArray(req.body?.providers) ? req.body.providers : [],
+          proxyUrl: String(req.body?.proxyUrl || ""),
+          model: String(req.body?.model || ""),
+          home: typeof req.body?.home === "string" ? req.body.home : undefined
+        }, this.tokenStore);
+        logger.info("provider.install.applied", "provider install applied", {
+          providerCount: new Set(applied.map((entry) => entry.providerId)).size,
+          changeCount: applied.length
+        });
+        res.status(200).json({ applied });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("provider.install.apply_failed", "provider install apply failed", { errorMessage });
+        res.status(400).json({
+          error: {
+            code: "provider_install_apply_failed",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    controlApp.post("/providers/install/rollback", (req, res) => {
+      try {
+        const rolledBack = rollbackProviderInstall({
+          providers: Array.isArray(req.body?.providers) ? req.body.providers : [],
+          home: typeof req.body?.home === "string" ? req.body.home : undefined
+        }, this.tokenStore);
+        logger.info("provider.install.rolled_back", "provider install rolled back", {
+          providerCount: new Set(rolledBack.map((entry) => entry.providerId)).size,
+          changeCount: rolledBack.length
+        });
+        res.status(200).json({ rolledBack });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("provider.install.rollback_failed", "provider install rollback failed", { errorMessage });
+        res.status(400).json({
+          error: {
+            code: "provider_install_rollback_failed",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    this.controlServer = controlApp.listen(this.config.controlPort);
+
+    // 2. Proxy Plane Server (17821)
+    const proxyApp = express();
+    proxyApp.use(express.json({ limit: PROXY_JSON_BODY_LIMIT }));
+
+    proxyApp.get("/v1/models", async (req: Request, res: Response) => {
+      try {
+        const { models } = await this.listSellerBackedModels();
+        logger.info("models.refresh.succeeded", "proxy models refreshed", {
+          modelCount: models.length
+        });
+        res.status(200).json({
+          object: "list",
+          data: models.map((model) => ({
+            id: model.id,
+            object: "model",
+            owned_by: model.sellerId,
+            sellerId: model.sellerId,
+            supportedProtocols: model.supportedProtocols,
+            paymentMethods: model.paymentMethods
+          }))
+        });
+      } catch (error: unknown) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger.warn("models.refresh.failed", "proxy models refresh failed", {
+          registryUrl: this.config.sellerRegistryUrl,
+          errorMessage
+        });
+        res.status(502).json({
+          error: {
+            code: "models_unavailable",
+            message: errorMessage
+          }
+        });
+      }
+    });
+
+    for (const endpoint of ["/v1/chat/completions", "/v1/responses", "/v1/messages", "/messages"]) {
+      proxyApp.post(endpoint, async (req: Request, res: Response) => {
+        await this.forwardProxyRequest(endpoint, req, res);
+      });
+    }
+
+    this.proxyServer = proxyApp.listen(this.config.proxyPort);
+    logger.info("proxy.startup", "tb-proxyd daemon started", {
+      controlPort: this.config.controlPort,
+      proxyPort: this.config.proxyPort,
+      dbPath: this.config.dbPath,
+      sellerRegistryUrl: this.config.sellerRegistryUrl,
+      selectionMode: this.selectionMode
+    });
+  }
+
+  public stop() {
+    if (this.controlServer) this.controlServer.close();
+    if (this.proxyServer) this.proxyServer.close();
+    this.tokenStore.close();
+  }
+}