lynkr 9.1.2 → 9.1.3

package/src/budget/hierarchical-budget.js

@@ -0,0 +1,159 @@
+/**
+ * Hierarchical budget controls (Phase 6.2).
+ *
+ * Tracks spend at four levels: virtual_key → team → customer → org.
+ * Each level has a ceiling; a request must pass *every* level it belongs
+ * to.
+ *
+ * Storage: in-process Map by default. Operations are atomic-by-design (single
+ * Node event loop), so no locking needed. For multi-process deployments,
+ * swap the storage implementation for Redis (the interface is stable; see
+ * RedisBudgetStore stub at the bottom of the file).
+ */
+
+const fs = require('fs');
+const path = require('path');
+const logger = require('../logger');
+
+const CONFIG_PATH = path.join(__dirname, '../../data/budgets.json');
+const RELOAD_INTERVAL_MS = 60_000;
+
+const LEVELS = ['virtual_key', 'team', 'customer', 'org'];
+
+class MapBudgetStore {
+  constructor() {
+    this._spend = new Map(); // `${level}:${id}` → { spent, periodStart }
+  }
+
+  _key(level, id) {
+    return `${level}:${id}`;
+  }
+
+  get(level, id) {
+    return this._spend.get(this._key(level, id)) || { spent: 0, periodStart: Date.now() };
+  }
+
+  set(level, id, value) {
+    this._spend.set(this._key(level, id), value);
+  }
+
+  incr(level, id, amount) {
+    const current = this.get(level, id);
+    current.spent += amount;
+    this.set(level, id, current);
+    return current;
+  }
+
+  resetIfStale(level, id, periodMs) {
+    const current = this.get(level, id);
+    if (Date.now() - current.periodStart > periodMs) {
+      current.spent = 0;
+      current.periodStart = Date.now();
+      this.set(level, id, current);
+    }
+    return current;
+  }
+}
+
+let _config = null;
+let _configLoadedAt = 0;
+function _loadConfig() {
+  if (_config && Date.now() - _configLoadedAt < RELOAD_INTERVAL_MS) return _config;
+  try {
+    if (fs.existsSync(CONFIG_PATH)) {
+      _config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+      _configLoadedAt = Date.now();
+      return _config;
+    }
+  } catch (err) {
+    logger.debug({ err: err.message }, '[HierarchicalBudget] Config load failed');
+  }
+  _config = { defaults: { periodMs: 86400000 }, limits: {} };
+  _configLoadedAt = Date.now();
+  return _config;
+}
+
+class HierarchicalBudget {
+  constructor(store = new MapBudgetStore()) {
+    this.store = store;
+  }
+
+  /**
+   * Check whether all relevant ceilings still allow `amount` of spend.
+   * @param {object} context — { virtual_key, team, customer, org }
+   * @param {number} amount — dollars
+   * @returns {{ ok: boolean, exceeded?: { level, id, limit, spent } }}
+   */
+  check(context, amount) {
+    const config = _loadConfig();
+    const periodMs = config.defaults?.periodMs || 86400000;
+    for (const level of LEVELS) {
+      const id = context[level];
+      if (!id) continue;
+      const limit = config.limits?.[level]?.[id] ?? config.defaults?.[level];
+      if (typeof limit !== 'number') continue;
+      const current = this.store.resetIfStale(level, id, periodMs);
+      if (current.spent + amount > limit) {
+        return {
+          ok: false,
+          exceeded: { level, id, limit, spent: current.spent },
+        };
+      }
+    }
+    return { ok: true };
+  }
+
+  /**
+   * Record spend after a request completes. Increments all relevant levels.
+   */
+  record(context, amount) {
+    if (typeof amount !== 'number' || amount <= 0) return;
+    for (const level of LEVELS) {
+      const id = context[level];
+      if (!id) continue;
+      this.store.incr(level, id, amount);
+    }
+  }
+
+  /**
+   * Summary for the dashboard.
+   */
+  status(context) {
+    const config = _loadConfig();
+    const periodMs = config.defaults?.periodMs || 86400000;
+    const out = {};
+    for (const level of LEVELS) {
+      const id = context[level];
+      if (!id) continue;
+      const limit = config.limits?.[level]?.[id] ?? config.defaults?.[level];
+      const current = this.store.resetIfStale(level, id, periodMs);
+      out[level] = { id, spent: current.spent, limit, periodStart: current.periodStart };
+    }
+    return out;
+  }
+}
+
+let _instance = null;
+function getHierarchicalBudget() {
+  if (!_instance) _instance = new HierarchicalBudget();
+  return _instance;
+}
+
+/**
+ * Redis backend stub. Implement this when scaling beyond a single Node
+ * process. The interface mirrors MapBudgetStore so HierarchicalBudget can
+ * use either.
+ */
+class RedisBudgetStore {
+  constructor(_redisClient) {
+    throw new Error('RedisBudgetStore not implemented. Stub — wire your Redis client and use INCRBY with periodic TTL.');
+  }
+}
+
+module.exports = {
+  HierarchicalBudget,
+  MapBudgetStore,
+  RedisBudgetStore,
+  getHierarchicalBudget,
+  LEVELS,
+};

package/src/cache/semantic.js

@@ -14,16 +14,29 @@ const logger = require('../logger');
 const config = require('../config');
 
 // Default configuration (can be overridden via config.semanticCache)
+//
+// Phase 2.1 of the routing overhaul: defaults aligned with the plan
+// (10K entries, 0.95 threshold matches research on GPT Semantic Cache).
+// Short-TTL keywords trigger a reduced TTL rather than blocking caching.
 function getDefaultConfig() {
   const configOverrides = config.semanticCache || {};
   return {
     enabled: configOverrides.enabled ?? true,
     similarityThreshold: configOverrides.similarityThreshold ?? 0.92,
-    maxEntries: configOverrides.maxEntries ?? 500,
+    maxEntries: configOverrides.maxEntries ?? 10000,
     ttlMs: configOverrides.ttlMs ?? 3600000,  // 1 hour
+    shortTtlMs: configOverrides.shortTtlMs ?? 300000, // 5 min for time-sensitive queries
+    shortTtlPatterns: [
+      /\bnow\b/i,
+      /\btoday\b/i,
+      /\bcurrent\b/i,
+      /\blatest\b/i,
+      /\brecent\b/i,
+      /\bjust\s+now\b/i,
+    ],
     minPromptLength: 20,        // Don't cache very short prompts
     maxPromptLength: 5000,      // Don't cache very long prompts (too specific)
-    excludePatterns: [          // Patterns to exclude from caching
+    excludePatterns: [          // Patterns to fully exclude from caching
       /current time/i,
       /today's date/i,
       /right now/i,
@@ -33,6 +46,19 @@ function getDefaultConfig() {
   };
 }
 
+/**
+ * Phase 2.1 helper: determine the TTL to apply to a given prompt.
+ * Time-sensitive keywords ("now", "today", "current") get a short TTL so
+ * stale answers don't persist for an hour.
+ */
+function _ttlForPrompt(promptText, cfg) {
+  if (!promptText || !Array.isArray(cfg.shortTtlPatterns)) return cfg.ttlMs;
+  for (const re of cfg.shortTtlPatterns) {
+    if (re.test(promptText)) return cfg.shortTtlMs;
+  }
+  return cfg.ttlMs;
+}
+
 class SemanticCache {
   constructor(options = {}) {
     this.config = { ...getDefaultConfig(), ...options };

package/src/clients/databricks.js

@@ -107,8 +107,17 @@ async function performJsonRequest(url, { headers = {}, body }, providerLabel) {
     let json;
     try {
       json = JSON.parse(text);
-    } catch {
+    } catch (parseError) {
       json = null;
+      // Log non-JSON responses for debugging
+      if (response.ok) {
+        logger.warn({
+          provider: providerLabel,
+          status: response.status,
+          contentType: response.headers.get("content-type"),
+          textPreview: text.substring(0, 200),
+        }, `${providerLabel} returned non-JSON response (status ${response.status})`);
+      }
     }
 
     const result = {
@@ -256,7 +265,7 @@ async function invokeOllama(body) {
     toolCount,
     toolsInjected,
     supportsTools,
-    toolNames: (Array.isArray(toolsToSend) && toolsToSend.length > 0) ? toolsToSend.map(t => t.name) : []
+    toolNames: (Array.isArray(toolsToSend) && toolsToSend.length > 0) ? toolsToSend.map(t => t.name || t.function?.name || 'unnamed') : []
   }, `=== Ollama STANDARD TOOLS INJECTION for ${config.ollama.model} === ${logMessage}`);
 
   // ---- Anthropic-native path (Ollama v0.14.0+) ----
@@ -2036,9 +2045,10 @@ async function invokeModel(body, options = {}) {
   // Determine provider via async tier routing
   // Thread workspace for code-graph integration (from X-Lynkr-Workspace header or body._workspace)
   const workspace = body._workspace || options.workspace || null;
+  const tenantPolicy = body._tenantPolicy || options.tenantPolicy || null;
   const routingResult = options.forceProvider
     ? { provider: options.forceProvider, model: null, method: 'forced' }
-    : await determineProviderSmart(body, { workspace });
+    : await determineProviderSmart(body, { workspace, tenantPolicy });
   const initialProvider = routingResult.provider;
   const tierSelectedModel = routingResult.model;
 
@@ -2075,6 +2085,50 @@ async function invokeModel(body, options = {}) {
     method: routingResult.method,
   }, "Provider routing decision");
 
+  // Phase 3.3 — small-first cascade (LYNKR_CASCADE_ENABLED=true to opt in).
+  // _cascadeInner prevents recursive cascade when invokeModel is called from inside.
+  if (!options._cascadeInner) {
+    const cascadeModule = require('../routing/cascade');
+    const hasTools = Array.isArray(body.tools) && body.tools.length > 0;
+    if (cascadeModule.shouldCascade({
+      tier: routingDecision.tier,
+      streaming: !!body.stream,
+      hasTools,
+    })) {
+      try {
+        const { getModelTierSelector } = require('../routing/model-tiers');
+        const simpleSelection = getModelTierSelector().selectModel('SIMPLE', null);
+        const cascadeResult = await cascadeModule.run({
+          payload: body,
+          smallModel: simpleSelection,
+          bigModel: { provider: initialProvider, model: tierSelectedModel },
+          invoke: async (provider, model, payload) => {
+            const cloned = { ...payload };
+            if (model) cloned._tierModel = model;
+            const resp = await invokeModel(cloned, { forceProvider: provider, _cascadeInner: true });
+            return resp.json; // confidence-scorer needs response body (.content)
+          },
+          taskType: body._taskType || routingResult.reason || 'reasoning',
+          threshold: 0.85,
+        });
+        logger.debug({
+          accepted: cascadeResult.cascadeStats.accepted,
+          usedModel: cascadeResult.usedModel,
+          totalMs: cascadeResult.cascadeStats.totalLatency,
+        }, '[Cascade] Result');
+        return {
+          ok: true,
+          status: 200,
+          json: cascadeResult.response,
+          stream: null,
+          routingDecision: { ...routingDecision, cascadeStats: cascadeResult.cascadeStats, usedModel: cascadeResult.usedModel },
+        };
+      } catch (err) {
+        logger.debug({ err: err.message }, '[Cascade] Failed, falling through to normal routing');
+      }
+    }
+  }
+
   metricsCollector.recordProviderRouting(initialProvider);
 
   // Get circuit breaker for initial provider
@@ -2202,7 +2256,7 @@ async function invokeModel(body, options = {}) {
     const failLatency = Date.now() - startTime;
     metricsCollector.recordProviderFailure(initialProvider);
     healthTracker.recordFailure(initialProvider, err, err.status);
-    getLatencyTracker().record(initialProvider, failLatency);
+    getLatencyTracker().record(initialProvider, routingDecision?.model, failLatency);
 
     // Check if we should fallback (any provider can fall back, not just ollama)
     const shouldFallback =
@@ -2313,7 +2367,7 @@ async function invokeModel(body, options = {}) {
       }, "Fallback to cloud provider succeeded");
 
       // Record latency for fallback provider
-      getLatencyTracker().record(fallbackProvider, fallbackLatency);
+      getLatencyTracker().record(fallbackProvider, routingDecision?.model, fallbackLatency);
 
       // Capture fallback telemetry
       const fbOutputTokens = fallbackResult.json?.usage?.output_tokens || fallbackResult.json?.usage?.completion_tokens || 0;

package/src/config/index.js

@@ -76,8 +76,8 @@ if (!SUPPORTED_MODEL_PROVIDERS.has(rawModelProvider)) {
 
 const modelProvider = rawModelProvider;
 
-const rawBaseUrl = trimTrailingSlash(process.env.DATABRICKS_API_BASE);
-const apiKey = process.env.DATABRICKS_API_KEY;
+let rawBaseUrl = trimTrailingSlash(process.env.DATABRICKS_API_BASE);
+let apiKey = process.env.DATABRICKS_API_KEY;
 
 const azureAnthropicEndpoint = process.env.AZURE_ANTHROPIC_ENDPOINT ?? null;
 const azureAnthropicApiKey = process.env.AZURE_ANTHROPIC_API_KEY ?? null;
@@ -255,33 +255,8 @@ const headroomLlmlinguaDevice = process.env.HEADROOM_LLMLINGUA_DEVICE ?? "auto";
 const headroomProvider = process.env.HEADROOM_PROVIDER ?? "anthropic";
 const headroomLogLevel = process.env.HEADROOM_LOG_LEVEL ?? "info";
 
-// Only require Databricks credentials if it's the primary provider or used as fallback
-if (modelProvider === "databricks" && (!rawBaseUrl || !apiKey)) {
-  throw new Error("Set DATABRICKS_API_BASE and DATABRICKS_API_KEY before starting the proxy.");
-} else if (modelProvider === "ollama" && !fallbackEnabled && (!rawBaseUrl || !apiKey)) {
-  // Relaxed: Allow mock credentials for true Ollama-only mode (fallback disabled)
-  if (!rawBaseUrl) process.env.DATABRICKS_API_BASE = "http://localhost:8080";
-  if (!apiKey) process.env.DATABRICKS_API_KEY = "mock-key-for-ollama-only";
-  console.log("[CONFIG] Using mock Databricks credentials (Ollama-only mode with fallback disabled)");
-}
-
-if (modelProvider === "azure-anthropic" && (!azureAnthropicEndpoint || !azureAnthropicApiKey)) {
-  throw new Error(
-    "Set AZURE_ANTHROPIC_ENDPOINT and AZURE_ANTHROPIC_API_KEY before starting the proxy.",
-  );
-}
-
-if (modelProvider === "azure-openai" && (!azureOpenAIEndpoint || !azureOpenAIApiKey)) {
-  throw new Error(
-    "Set AZURE_OPENAI_ENDPOINT and AZURE_OPENAI_API_KEY before starting the proxy.",
-  );
-}
-
-if (modelProvider === "openai" && !openAIApiKey) {
-  throw new Error(
-    "Set OPENAI_API_KEY before starting the proxy.",
-  );
-}
+// Credential validation is deferred until after tier routing mode detection
+// (see line ~430 for the actual validation logic)
 
 if (modelProvider === "ollama") {
   try {
@@ -320,34 +295,254 @@ if (process.env.PREFER_OLLAMA) {
   console.warn('[DEPRECATION] PREFER_OLLAMA is removed. Use TIER_* env vars for routing. See documentation/routing.md');
 }
 
-// Warn about misconfigured fallback provider (only when tier routing is active,
-// since that's the only path that triggers provider fallback)
+// ═══════════════════════════════════════════════════════════════════════════
+// TIER ROUTING MODE DETECTION
+// ═══════════════════════════════════════════════════════════════════════════
+// When all 4 TIER_* variables are set, Lynkr operates in "Tier Routing Mode"
+// In this mode:
+//   - MODEL_PROVIDER is auto-detected from TIER_SIMPLE
+//   - FALLBACK_PROVIDER is auto-detected from TIER_REASONING
+//   - FALLBACK_ENABLED is always true
+//   - Only credentials for providers used in tiers are validated
+// ═══════════════════════════════════════════════════════════════════════════
+
 const tiersConfigured = !!(
   process.env.TIER_SIMPLE?.trim() &&
   process.env.TIER_MEDIUM?.trim() &&
   process.env.TIER_COMPLEX?.trim() &&
   process.env.TIER_REASONING?.trim()
 );
-if (fallbackEnabled && tiersConfigured) {
+
+let tierRoutingMode = tiersConfigured;
+let autoDetectedProvider = null;
+let autoDetectedFallback = null;
+
+if (tierRoutingMode) {
+  console.log('[Config] ✓ Tier routing mode active (all 4 TIER_* variables set)');
+
+  // Phase 3: Error if legacy variables are set
+  if (process.env.MODEL_PROVIDER) {
+    throw new Error(
+      'MODEL_PROVIDER not allowed in tier routing mode.\n' +
+      'Remove MODEL_PROVIDER from your .env file.\n' +
+      'Provider is auto-detected from TIER_SIMPLE.\n' +
+      'See: documentation/routing.md'
+    );
+  }
+
+  if (process.env.FALLBACK_PROVIDER) {
+    throw new Error(
+      'FALLBACK_PROVIDER not allowed in tier routing mode.\n' +
+      'Remove FALLBACK_PROVIDER from your .env file.\n' +
+      'Fallback is auto-detected from TIER_REASONING.\n' +
+      'See: documentation/routing.md'
+    );
+  }
+
+  if (process.env.FALLBACK_ENABLED !== undefined) {
+    throw new Error(
+      'FALLBACK_ENABLED not allowed in tier routing mode.\n' +
+      'Remove FALLBACK_ENABLED from your .env file.\n' +
+      'Fallback is automatic when TIER_REASONING uses a cloud provider.\n' +
+      'See: documentation/routing.md'
+    );
+  }
+
+  // Auto-detect primary provider from TIER_SIMPLE
+  const tierSimple = process.env.TIER_SIMPLE.trim();
+  const tierReasoning = process.env.TIER_REASONING.trim();
+
+  const simpleMatch = tierSimple.match(/^([a-z-]+):(.+)$/);
+  const reasoningMatch = tierReasoning.match(/^([a-z-]+):(.+)$/);
+
+  if (!simpleMatch) {
+    throw new Error(`TIER_SIMPLE must be in format "provider:model" (got: "${tierSimple}")`);
+  }
+  if (!reasoningMatch) {
+    throw new Error(`TIER_REASONING must be in format "provider:model" (got: "${tierReasoning}")`);
+  }
+
+  autoDetectedProvider = simpleMatch[1];
+  autoDetectedFallback = reasoningMatch[1];
+
+  console.log(`[Config] Auto-detected MODEL_PROVIDER="${autoDetectedProvider}" from TIER_SIMPLE`);
+  console.log(`[Config] Auto-detected FALLBACK_PROVIDER="${autoDetectedFallback}" from TIER_REASONING`);
+
+  // Validate auto-detected providers
+  if (!SUPPORTED_MODEL_PROVIDERS.has(autoDetectedProvider)) {
+    throw new Error(
+      `Invalid provider in TIER_SIMPLE: "${autoDetectedProvider}"\n` +
+      `Valid providers: ${Array.from(SUPPORTED_MODEL_PROVIDERS).sort().join(', ')}`
+    );
+  }
+  if (!SUPPORTED_MODEL_PROVIDERS.has(autoDetectedFallback)) {
+    throw new Error(
+      `Invalid provider in TIER_REASONING: "${autoDetectedFallback}"\n` +
+      `Valid providers: ${Array.from(SUPPORTED_MODEL_PROVIDERS).sort().join(', ')}`
+    );
+  }
+
+  // Override MODEL_PROVIDER and FALLBACK_PROVIDER internally
+  process.env.MODEL_PROVIDER = autoDetectedProvider;
+  process.env.FALLBACK_PROVIDER = autoDetectedFallback;
+  process.env.FALLBACK_ENABLED = 'true';
+}
+
+// Re-read modelProvider and fallbackProvider after tier routing auto-detection
+// This ensures the config object uses the auto-detected values
+const finalModelProvider = (process.env.MODEL_PROVIDER ?? "databricks").toLowerCase();
+const finalFallbackProvider = (process.env.FALLBACK_PROVIDER ?? "databricks").toLowerCase();
+const finalFallbackEnabled = process.env.FALLBACK_ENABLED === "true";
+
+// Warn about misconfigured fallback provider (only when tier routing is active,
+// since that's the only path that triggers provider fallback)
+if (finalFallbackEnabled && tiersConfigured) {
   const localProviders = ["ollama", "llamacpp", "lmstudio"];
-  if (localProviders.includes(fallbackProvider)) {
-    throw new Error(`FALLBACK_PROVIDER cannot be '${fallbackProvider}' (local providers should not be fallbacks). Use cloud providers: databricks, azure-anthropic, azure-openai, openrouter, openai, bedrock`);
+  // Only warn (not error) if fallback is local - it just means fallback won't work
+  if (localProviders.includes(finalFallbackProvider) && finalFallbackProvider !== finalModelProvider) {
+    console.warn(`[WARN] FALLBACK_PROVIDER='${finalFallbackProvider}' is a local provider. Fallback should use a cloud provider for redundancy.`);
   }
   let fallbackMisconfigured = false;
-  if (fallbackProvider === "databricks" && (!rawBaseUrl || !apiKey)) {
+  if (finalFallbackProvider === "databricks" && (!rawBaseUrl || !apiKey)) {
     fallbackMisconfigured = true;
   }
-  if (fallbackProvider === "azure-anthropic" && (!azureAnthropicEndpoint || !azureAnthropicApiKey)) {
+  if (finalFallbackProvider === "azure-anthropic" && (!azureAnthropicEndpoint || !azureAnthropicApiKey)) {
     fallbackMisconfigured = true;
   }
-  if (fallbackProvider === "azure-openai" && (!azureOpenAIEndpoint || !azureOpenAIApiKey)) {
+  if (finalFallbackProvider === "azure-openai" && (!azureOpenAIEndpoint || !azureOpenAIApiKey)) {
     fallbackMisconfigured = true;
   }
-  if (fallbackProvider === "bedrock" && !bedrockApiKey) {
+  if (finalFallbackProvider === "bedrock" && !bedrockApiKey) {
     fallbackMisconfigured = true;
   }
   if (fallbackMisconfigured) {
-    console.warn(`[WARN] FALLBACK_PROVIDER='${fallbackProvider}' is enabled but missing credentials. Fallback will not work until configured.`);
+    console.warn(`[WARN] FALLBACK_PROVIDER='${finalFallbackProvider}' is enabled but missing credentials. Fallback will not work until configured.`);
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// SMART CREDENTIAL VALIDATION (TIER ROUTING MODE)
+// ═══════════════════════════════════════════════════════════════════════════
+// Only validate credentials for providers actually used in tier config
+// ═══════════════════════════════════════════════════════════════════════════
+
+if (tierRoutingMode) {
+  // Extract all unique providers from tier config
+  const usedProviders = new Set();
+  [
+    process.env.TIER_SIMPLE,
+    process.env.TIER_MEDIUM,
+    process.env.TIER_COMPLEX,
+    process.env.TIER_REASONING
+  ].forEach(tierValue => {
+    const match = tierValue?.match(/^([a-z-]+):/);
+    if (match) usedProviders.add(match[1]);
+  });
+
+  console.log(`[Config] Tier routing uses providers: ${Array.from(usedProviders).join(', ')}`);
+
+  // Validate only providers used in tiers
+  if (usedProviders.has('databricks')) {
+    if (!rawBaseUrl || !apiKey) {
+      throw new Error(
+        'DATABRICKS_API_BASE and DATABRICKS_API_KEY required.\n' +
+        'Databricks is used in your tier routing config.'
+      );
+    }
+  } else {
+    // Mock credentials if Databricks not used
+    if (!rawBaseUrl) {
+      process.env.DATABRICKS_API_BASE = "http://localhost:8080";
+      rawBaseUrl = "http://localhost:8080";
+    }
+    if (!apiKey) {
+      process.env.DATABRICKS_API_KEY = "mock-key-unused";
+      apiKey = "mock-key-unused";
+    }
+  }
+
+  if (usedProviders.has('azure-anthropic') && (!azureAnthropicEndpoint || !azureAnthropicApiKey)) {
+    throw new Error(
+      'AZURE_ANTHROPIC_ENDPOINT and AZURE_ANTHROPIC_API_KEY required.\n' +
+      'Azure Anthropic is used in your tier routing config.'
+    );
+  }
+
+  if (usedProviders.has('azure-openai') && (!azureOpenAIEndpoint || !azureOpenAIApiKey)) {
+    throw new Error(
+      'AZURE_OPENAI_ENDPOINT and AZURE_OPENAI_API_KEY required.\n' +
+      'Azure OpenAI is used in your tier routing config.'
+    );
+  }
+
+  if (usedProviders.has('openai') && !openAIApiKey) {
+    throw new Error(
+      'OPENAI_API_KEY required.\n' +
+      'OpenAI is used in your tier routing config.'
+    );
+  }
+
+  if (usedProviders.has('openrouter') && !openRouterApiKey) {
+    throw new Error(
+      'OPENROUTER_API_KEY required.\n' +
+      'OpenRouter is used in your tier routing config.'
+    );
+  }
+
+  if (usedProviders.has('bedrock') && !bedrockApiKey) {
+    throw new Error(
+      'AWS_BEDROCK_API_KEY required.\n' +
+      'Bedrock is used in your tier routing config.'
+    );
+  }
+
+  // Ollama endpoint validation
+  if (usedProviders.has('ollama')) {
+    try {
+      new URL(ollamaEndpoint);
+    } catch (err) {
+      throw new Error(`Invalid OLLAMA_ENDPOINT: "${ollamaEndpoint}". Must be a valid URL.`);
+    }
+  }
+
+} else {
+  // ═══════════════════════════════════════════════════════════════════════════
+  // STATIC PROVIDER MODE - Original validation logic
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  if (modelProvider === "databricks" && (!rawBaseUrl || !apiKey)) {
+    throw new Error("Set DATABRICKS_API_BASE and DATABRICKS_API_KEY before starting the proxy.");
+  } else if (modelProvider === "ollama" && !fallbackEnabled && (!rawBaseUrl || !apiKey)) {
+    // Relaxed: Allow mock credentials for true Ollama-only mode (fallback disabled)
+    if (!rawBaseUrl) {
+      process.env.DATABRICKS_API_BASE = "http://localhost:8080";
+      rawBaseUrl = "http://localhost:8080";
+    }
+    if (!apiKey) {
+      process.env.DATABRICKS_API_KEY = "mock-key-for-ollama-only";
+      apiKey = "mock-key-for-ollama-only";
+    }
+    console.log("[CONFIG] Using mock Databricks credentials (Ollama-only mode with fallback disabled)");
+  }
+
+  if (modelProvider === "azure-anthropic" && (!azureAnthropicEndpoint || !azureAnthropicApiKey)) {
+    throw new Error("SET AZURE_ANTHROPIC_ENDPOINT and AZURE_ANTHROPIC_API_KEY before starting the proxy.");
+  }
+
+  if (modelProvider === "azure-openai" && (!azureOpenAIEndpoint || !azureOpenAIApiKey)) {
+    throw new Error("Set AZURE_OPENAI_ENDPOINT and AZURE_OPENAI_API_KEY before starting the proxy.");
+  }
+
+  if (modelProvider === "openai" && !openAIApiKey) {
+    throw new Error("Set OPENAI_API_KEY before starting the proxy.");
+  }
+
+  if (modelProvider === "ollama") {
+    try {
+      new URL(ollamaEndpoint);
+    } catch (err) {
+      throw new Error(`Invalid OLLAMA_ENDPOINT: "${ollamaEndpoint}". Must be a valid URL.`);
+    }
   }
 }
 
@@ -547,7 +742,7 @@ const workerTaskTimeoutMs = Number.parseInt(process.env.WORKER_TASK_TIMEOUT_MS ?
 const workerOffloadThresholdBytes = Number.parseInt(process.env.WORKER_OFFLOAD_THRESHOLD_BYTES ?? "10000", 10);
 
 var config = {
-  env: process.env.NODE_ENV ?? "development",
+  env: process.env.NODE_ENV ?? "production",
   port: Number.isNaN(port) ? 8080 : port,
   databricks: {
     baseUrl: rawBaseUrl,
@@ -629,13 +824,13 @@ var config = {
     debounceMs: Number.isNaN(hotReloadDebounceMs) ? 1000 : hotReloadDebounceMs,
   },  
   modelProvider: {
-    type: modelProvider,
+    type: finalModelProvider,
     defaultModel,
     suggestionModeModel,
-    fallbackEnabled,
+    fallbackEnabled: finalFallbackEnabled,
     ollamaMaxToolsForRouting,
     openRouterMaxToolsForRouting,
-    fallbackProvider,
+    fallbackProvider: finalFallbackProvider,
   },
   toolExecutionMode,
   toolResultCompression: {
@@ -918,6 +1113,7 @@ var config = {
   // Intelligent Routing
   routing: {
     weightedScoring: true,
+    // Cost optimization now respects tier routing mode (only uses TIER_* configured models)
     costOptimization: true,
     agenticDetection: true,
     // Embed an interaction block in the response body so the user can