maxpool 1.0.0

package/src/index.js

@@ -0,0 +1,1007 @@
+#!/usr/bin/env node
+
+import { spawn, spawnSync } from 'node:child_process';
+import { createInterface } from 'node:readline';
+import { loadOrCreateConfig, loadConfig, saveConfig, atomicConfigUpdate, getConfigPath, loadState, saveState } from './config.js';
+import { AccountManager } from './account-manager.js';
+import { createProxyServer } from './server.js';
+import { Prober } from './prober.js';
+import { importCredentials, loginOAuth, fetchProfile, refreshAccessToken, isTokenExpiringSoon } from './oauth.js';
+import { TUI } from './tui.js';
+import { RestartController } from './restart-controller.js';
+import { resolveAccounts } from './account-config.js';
+
+const args = process.argv.slice(2);
+const command = args[0];
+const SERVER_RESTART_EXIT_CODE = 75;
+const SERVER_WORKER_ENV = 'MAXPOOL_SERVER_WORKER';
+
+switch (command) {
+  case 'server':
+    await serverCommand();
+    break;
+  case 'run':
+    await runCommand();
+    break;
+  case 'import':
+    await importCommand();
+    process.exit(0);
+    break;
+  case 'login':
+    await loginCommand();
+    process.exit(0);
+    break;
+  case 'env':
+    await envCommand();
+    process.exit(0);
+    break;
+  case 'status':
+    await statusCommand();
+    process.exit(0);
+    break;
+  case 'accounts':
+    await accountsCommand();
+    process.exit(0);
+    break;
+  case 'remove':
+    await removeCommand();
+    process.exit(0);
+    break;
+  case 'api':
+    await apiCommand();
+    process.exit(0);
+    break;
+  case 'help':
+  case '--help':
+  case '-h':
+    showHelp();
+    break;
+  default:
+    // No command or unknown command → start server
+    if (command && !command.startsWith('-')) {
+      console.error(`Unknown command: ${command}\n`);
+      showHelp();
+      process.exit(1);
+    }
+    await serverCommand();
+    break;
+}
+
+// ── server ──────────────────────────────────────────────────
+
+async function serverCommand() {
+  if (
+    process.env[SERVER_WORKER_ENV] === '1' ||
+    !process.stdout.isTTY ||
+    !process.stdin.isTTY
+  ) {
+    return serverWorkerCommand();
+  }
+
+  // Keep a stable foreground process attached to the shell. The worker can
+  // then request a restart without orphaning its replacement or losing TTY IO.
+  const ignoreTerminalSignal = () => {};
+  process.on('SIGINT', ignoreTerminalSignal);
+  process.on('SIGTERM', ignoreTerminalSignal);
+  try {
+    while (true) {
+      const result = await runServerWorker();
+      if (result.code === SERVER_RESTART_EXIT_CODE) continue;
+      if (result.signal) process.exitCode = 1;
+      else process.exitCode = result.code ?? 1;
+      return;
+    }
+  } finally {
+    process.off('SIGINT', ignoreTerminalSignal);
+    process.off('SIGTERM', ignoreTerminalSignal);
+  }
+}
+
+function runServerWorker() {
+  return new Promise((resolve, reject) => {
+    const child = spawn(process.execPath, process.argv.slice(1), {
+      cwd: process.cwd(),
+      env: { ...process.env, [SERVER_WORKER_ENV]: '1' },
+      stdio: 'inherit',
+    });
+    child.once('error', reject);
+    child.once('exit', (code, signal) => resolve({ code, signal }));
+  });
+}
+
+async function serverWorkerCommand() {
+  const config = await loadOrCreateConfig();
+
+  // --log-to <dir>
+  const logTo = argValue('--log-to');
+  if (logTo) config.logDir = logTo;
+
+  if (config.accounts.length === 0) {
+    console.error('No accounts configured.\n');
+    console.error('Add an account first:');
+    console.error('  maxpool import           Import from Claude Code');
+    console.error('  maxpool login            OAuth login via browser');
+    console.error('  maxpool login --api      Add an API key');
+    process.exit(1);
+  }
+
+  const accounts = await resolveAccounts(config);
+  if (accounts.length === 0) {
+    console.error('No valid accounts after initialization');
+    process.exit(1);
+  }
+
+  const threshold = config.switchThreshold || 0.90;
+  const accountManager = new AccountManager(accounts, threshold, config.scheduler || {});
+  accountManager.setRoutingMode(
+    config.routing?.mode,
+    config.routing?.preferredAccount,
+  );
+
+  // Restore quota observed in a previous run so a restart doesn't lose routing
+  // accuracy and re-probe from scratch. Stale windows clear on first use.
+  const savedState = await loadState();
+  if (savedState?.quota) accountManager.restoreQuotaState(savedState.quota);
+  const persistQuotaState = () =>
+    saveState({ quota: accountManager.exportQuotaState() }).catch(() => {});
+  // Persist quota every minute; unref so it never keeps the process alive.
+  const quotaSaveInterval = setInterval(persistQuotaState, 60_000);
+  quotaSaveInterval.unref?.();
+
+  // Opt-in background quota probe (config.quotaProbeSeconds, default 0 = off).
+  const prober = new Prober(accountManager, { intervalMs: (config.quotaProbeSeconds || 0) * 1000 });
+  prober.start();
+
+  // Persist refreshed tokens back to config (re-read from disk to avoid clobbering
+  // accounts added externally, e.g. by `maxpool import` while server is running)
+  accountManager.onTokenRefresh((idx, newTokens) => {
+    const account = accountManager.accounts[idx];
+    if (!account) return;
+    // Keep config.accounts in sync so TUI saveConfig doesn't clobber fresh tokens
+    const memIdx = findConfigAccount(config, account);
+    if (memIdx >= 0) {
+      config.accounts[memIdx].accessToken = newTokens.accessToken;
+      config.accounts[memIdx].refreshToken = newTokens.refreshToken;
+      config.accounts[memIdx].expiresAt = newTokens.expiresAt;
+    }
+    atomicConfigUpdate(diskConfig => {
+      // Pick up any new accounts from disk so index matching stays correct
+      // (only add, don't refresh credentials — we're about to write the authoritative tokens)
+      for (const diskAcct of diskConfig.accounts) {
+        const known = (diskAcct.accountUuid && config.accounts.some(a => a.accountUuid === diskAcct.accountUuid))
+          || config.accounts.some(a => a.name === diskAcct.name);
+        if (!known) {
+          config.accounts.push(diskAcct);
+          accountManager.addAccount(diskAcct);
+        }
+      }
+      // Match by UUID first, then by name — index may have shifted
+      const cfgIdx = findConfigAccount(diskConfig, account);
+      if (cfgIdx >= 0) {
+        diskConfig.accounts[cfgIdx].accessToken = newTokens.accessToken;
+        diskConfig.accounts[cfgIdx].refreshToken = newTokens.refreshToken;
+        diskConfig.accounts[cfgIdx].expiresAt = newTokens.expiresAt;
+      }
+    }).catch(err => console.error(`[Maxpool] Failed to save refreshed token: ${err.message}`));
+  });
+  const port = config.proxy.port;
+  const host = config.proxy.host || '127.0.0.1';
+  const useTUI = process.stdout.isTTY && process.stdin.isTTY;
+
+  let tui = null;
+  let server = null;
+  let syncTimer = null;
+  let draining = false;
+  let restartController = null;
+  const drainTimeoutMs = Math.max(1000, Number(config.shutdown?.drainTimeoutMs) || 10 * 60_000);
+  const hooks = {
+    onRequestStart: (id, info) => {
+      const accepted = restartController.requestStarted(id);
+      if (accepted) tui?.onRequestStart(id, info);
+      return accepted;
+    },
+    onRequestRouted: (id, info) => {
+      restartController.requestRouted(id, info.account);
+      tui?.onRequestRouted(id, info);
+    },
+    onRequestEnd: (id, info) => {
+      restartController.requestEnded(id);
+      tui?.onRequestEnd(id, info);
+    },
+  };
+
+  const restartWorkerNow = () => {
+    if (draining) return;
+    draining = true;
+    if (syncTimer) clearInterval(syncTimer);
+    clearInterval(quotaSaveInterval);
+    persistQuotaState(); // flush learned quota so the restart restores it
+    prober.stop();
+    if (tui?.running) tui.stop();
+    console.log('\n[Maxpool] Restarting server now; queued requests will reconnect automatically.');
+    server.closeAllConnections?.();
+    process.exit(SERVER_RESTART_EXIT_CODE);
+  };
+
+  restartController = new RestartController({
+    pauseAdmission: () => accountManager.setAdmissionPaused(true),
+    restartNow: restartWorkerNow,
+  });
+
+  const shutdownGracefully = (reason, options = {}) => {
+    if (draining) {
+      console.error(`\n[Maxpool] Force exiting with ${restartController.activeRequests.size} active request(s) still open.`);
+      process.exit(1);
+    }
+
+    draining = true;
+    if (syncTimer) clearInterval(syncTimer);
+    clearInterval(quotaSaveInterval);
+    persistQuotaState(); // best-effort final flush of learned quota
+    prober.stop();
+    if (tui?.running) tui.stop();
+
+    console.log(`\n[Maxpool] Draining shutdown (${reason}).`);
+    console.log(`[Maxpool] Stopped accepting new requests; waiting for ${restartController.activeRequests.size} active request(s). Press Ctrl-C again to force.`);
+
+    let done = false;
+    let reportTimer = null;
+    let timeoutTimer = null;
+    const finish = code => {
+      if (done) return;
+      done = true;
+      if (reportTimer) clearInterval(reportTimer);
+      if (timeoutTimer) clearTimeout(timeoutTimer);
+      if (options.restart && code === 0) {
+        console.log('[Maxpool] Restarting server...');
+        process.exit(SERVER_RESTART_EXIT_CODE);
+      }
+      process.exit(code);
+    };
+
+    reportTimer = setInterval(() => {
+      console.log(`[Maxpool] Still draining ${restartController.activeRequests.size} active request(s)...`);
+    }, 5000);
+    reportTimer.unref();
+
+    timeoutTimer = setTimeout(() => {
+      console.error(`[Maxpool] Drain timeout after ${Math.ceil(drainTimeoutMs / 1000)}s; exiting with ${restartController.activeRequests.size} active request(s) still open.`);
+      finish(1);
+    }, drainTimeoutMs);
+    timeoutTimer.unref();
+
+    server.close(err => {
+      if (err) {
+        console.error(`[Maxpool] Shutdown error: ${err.message}`);
+        finish(1);
+        return;
+      }
+      console.log('[Maxpool] Shutdown complete.');
+      finish(0);
+    });
+    server.closeIdleConnections?.();
+  };
+
+  if (useTUI) {
+    tui = new TUI({
+      accountManager, config,
+      saveConfig: () => atomicConfigUpdate(async diskConfig => {
+        diskConfig.routing = {
+          mode: config.routing?.mode || 'automatic',
+          preferredAccount: config.routing?.preferredAccount || null,
+        };
+        // Write in-memory accounts as the authoritative state, preserving
+        // extra disk-only fields (e.g. importFrom) where the account still exists.
+        // Use live tokens from AccountManager (not the stale config.accounts copy).
+        diskConfig.accounts = config.accounts.map(a => {
+          const am = accountManager.accounts.find(candidate =>
+            (a.accountUuid && candidate.accountUuid === a.accountUuid) || candidate.name === a.name
+          );
+          const live = am ? {
+            ...a,
+            accessToken: am.credential,
+            refreshToken: am.refreshToken,
+            expiresAt: am.expiresAt,
+          } : a;
+          const diskAcct = diskConfig.accounts.find(
+            d => (a.accountUuid && d.accountUuid === a.accountUuid) || d.name === a.name
+          );
+          return diskAcct ? { ...diskAcct, ...live } : live;
+        });
+      }),
+      syncAccounts: async () => {
+        const diskConfig = await loadConfig();
+        if (!diskConfig) return 0;
+        return syncAccountsFromDisk(diskConfig, config, accountManager);
+      },
+      onQuit: () => {
+        shutdownGracefully('quit');
+      },
+      onRestart: () => {
+        restartController.requestRestart();
+      },
+    });
+  }
+
+  server = createProxyServer(accountManager, config, hooks);
+  let syncInFlight = false;
+  const syncIntervalMs = config.sync?.accountsIntervalMs ?? 15_000;
+  syncTimer = setInterval(async () => {
+    if (syncInFlight) return;
+    syncInFlight = true;
+    try {
+      const diskConfig = await loadConfig();
+      if (!diskConfig) return;
+      const added = await syncAccountsFromDisk(diskConfig, config, accountManager);
+      if (added && tui) tui._addLog(`Auto-loaded ${added} account(s) from config`);
+    } catch (err) {
+      console.error(`[Maxpool] Account auto-sync failed: ${err.message}`);
+    } finally {
+      syncInFlight = false;
+    }
+  }, syncIntervalMs);
+  syncTimer.unref();
+  const onListenError = err => handleServerListenError(err, host, port);
+  server.once('error', onListenError);
+
+  server.listen(port, host, () => {
+    server.removeListener('error', onListenError);
+    server.on('error', err => console.error(`[Maxpool] Server error: ${err.message}`));
+    if (tui) {
+      if (tui.start()) {
+        console.log(`Listening on ${host}:${port} with ${accounts.length} account(s)`);
+      } else {
+        tui = null;
+        logPlainServerStart({ host, port, accounts, threshold, config });
+      }
+    } else {
+      logPlainServerStart({ host, port, accounts, threshold, config });
+    }
+  });
+
+  process.on('SIGINT', () => shutdownGracefully('SIGINT'));
+  process.on('SIGTERM', () => shutdownGracefully('SIGTERM'));
+}
+
+function logPlainServerStart({ host, port, accounts, threshold, config }) {
+  const sep = '='.repeat(60);
+  console.log('');
+  console.log(sep);
+  console.log('  Maxpool Proxy');
+  console.log(sep);
+  console.log(`  Listen:     ${host}:${port}`);
+  console.log(`  Accounts:   ${accounts.length}`);
+  console.log(`  Threshold:  ${(threshold * 100).toFixed(0)}%`);
+  console.log(`  Scheduler:  adaptive least-loaded`);
+  console.log(`  Upstream:   ${config.upstream || 'https://api.anthropic.com'}`);
+  console.log('');
+  accounts.forEach((a, i) => {
+    console.log(`  [${i + 1}] ${a.name} (${a.type})`);
+  });
+  console.log('');
+  console.log('  Run Claude through proxy:  maxpool run');
+  console.log('  Show env vars:             maxpool env');
+  console.log(sep);
+  console.log('');
+}
+
+// ── import ──────────────────────────────────────────────────
+
+async function importCommand() {
+  const config = await loadOrCreateConfig();
+
+  let name = argValue('--name');
+  const jsonStr = argValue('--json');
+
+  let creds;
+  if (jsonStr) {
+    // Accept raw JSON: --json '{"claudeAiOauth":{"accessToken":"...","refreshToken":"...","expiresAt":...}}'
+    // or flat: --json '{"accessToken":"...","refreshToken":"...","expiresAt":...}'
+    try {
+      const raw = JSON.parse(jsonStr);
+      const data = raw.claudeAiOauth || raw;
+      if (!data.accessToken) {
+        console.error('JSON must contain "accessToken" (directly or under "claudeAiOauth")');
+        process.exit(1);
+      }
+      creds = {
+        accessToken: data.accessToken,
+        refreshToken: data.refreshToken,
+        expiresAt: data.expiresAt,
+      };
+    } catch (err) {
+      console.error(`Failed to parse --json: ${err.message}`);
+      process.exit(1);
+    }
+  } else {
+    const fromPath = argValue('--from') || '~/.claude/.credentials.json';
+    try {
+      creds = await importCredentials(fromPath);
+    } catch (err) {
+      console.error(`Failed to import from ${fromPath}: ${err.message}`);
+      process.exit(1);
+    }
+  }
+
+  await upsertOAuthAccount(config, name, creds, 'import');
+}
+
+// ── login ───────────────────────────────────────────────────
+
+async function loginCommand() {
+  if (args.includes('--api')) {
+    await loginApiCommand();
+    return;
+  }
+  if (args.includes('--oauth')) {
+    await loginOAuthCommand();
+    return;
+  }
+
+  // Default to OAuth if not a TTY
+  if (!process.stdout.isTTY) {
+    await loginOAuthCommand();
+    return;
+  }
+
+  // Interactive menu
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  console.log('Select login method:\n');
+  console.log('  1. Claude subscription  (Pro, Max, Team, Enterprise)');
+  console.log('  2. Anthropic API key    (Console API billing)');
+  console.log('');
+  const choice = await new Promise(resolve => rl.question('Choice [1]: ', resolve));
+  rl.close();
+
+  switch (choice.trim() || '1') {
+    case '1': await loginOAuthCommand(); break;
+    case '2': await loginApiCommand(); break;
+    default:
+      console.error(`Invalid choice: ${choice.trim()}`);
+      process.exit(1);
+  }
+}
+
+async function loginApiCommand() {
+  const config = await loadOrCreateConfig();
+  let name = argValue('--name');
+
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  const apiKey = await new Promise(resolve => rl.question('Anthropic API key: ', resolve));
+  rl.close();
+
+  if (!apiKey.trim()) {
+    console.error('No API key provided');
+    process.exit(1);
+  }
+
+  if (!name) {
+    const n = config.accounts.filter(a => a.name.startsWith('api-')).length + 1;
+    name = `api-${n}`;
+  }
+
+  config.accounts.push({ name, type: 'apikey', apiKey: apiKey.trim() });
+  await saveConfig(config);
+  console.log(`Added API key account "${name}"`);
+  console.log(`Saved to ${getConfigPath()}`);
+}
+
+async function loginOAuthCommand() {
+  const config = await loadOrCreateConfig();
+  let name = argValue('--name');
+
+  console.log('Starting OAuth login...');
+  let creds;
+  try {
+    creds = await loginOAuth();
+  } catch (err) {
+    console.error(`OAuth login failed: ${err.message}`);
+    console.error('');
+    console.error('Alternatives:');
+    console.error('  maxpool import        Import from existing Claude Code credentials');
+    console.error('  maxpool login --api   Add an API key instead');
+    process.exit(1);
+  }
+
+  await upsertOAuthAccount(config, name, creds, 'login');
+}
+
+// ── env ─────────────────────────────────────────────────────
+
+async function envCommand() {
+  const config = await loadOrCreateConfig();
+  console.log(`export ANTHROPIC_BASE_URL=http://${config.proxy.host || '127.0.0.1'}:${config.proxy.port}`);
+  if (args.includes('--with-key')) {
+    console.log(`export ANTHROPIC_API_KEY=${config.proxy.apiKey}`);
+  }
+}
+
+// ── run ─────────────────────────────────────────────────────
+
+async function runCommand() {
+  const config = await loadOrCreateConfig();
+
+  // Everything after 'run' (skip -- separator if present)
+  const claudeArgs = args.slice(1);
+  if (claudeArgs[0] === '--') claudeArgs.shift();
+
+  // Only set ANTHROPIC_BASE_URL — Claude Code keeps its own OAuth token
+  // which the proxy accepts from localhost. Not setting ANTHROPIC_API_KEY
+  // lets Claude Code stay in subscription mode (full model access).
+  // Use spawnSync so the Node process blocks entirely — behaves like execvp.
+  const result = spawnSync('claude', claudeArgs, {
+    stdio: 'inherit',
+    env: {
+      ...process.env,
+      ANTHROPIC_BASE_URL: `http://${config.proxy.host || '127.0.0.1'}:${config.proxy.port}`,
+    },
+  });
+
+  if (result.error) {
+    if (result.error.code === 'ENOENT') {
+      console.error('Claude Code not found in PATH. Install it first.');
+    } else {
+      console.error(`Failed to start claude: ${result.error.message}`);
+    }
+    process.exit(1);
+  }
+
+  process.exit(result.status ?? 1);
+}
+
+// ── status ──────────────────────────────────────────────────
+
+async function statusCommand() {
+  const config = await loadOrCreateConfig();
+  const url = `http://${config.proxy.host || '127.0.0.1'}:${config.proxy.port}/maxpool/status`;
+
+  try {
+    const res = await fetch(url, { headers: { 'x-api-key': config.proxy.apiKey } });
+    const data = await res.json();
+
+    const routing = data.routing?.mode === 'preferred'
+      ? `prefer ${data.routing.preferredAccount} with automatic failover`
+      : 'automatic load balancing';
+    console.log(`Routing:        ${routing}`);
+    console.log(`Last selected:  ${data.currentAccount}`);
+    console.log(`Switch at:      ${(data.switchThreshold * 100).toFixed(0)}% usage\n`);
+    if (data.upstreamThrottle?.active || data.upstreamThrottle?.queued) {
+      const state = data.upstreamThrottle.active
+        ? data.upstreamThrottle.probeInFlight
+          ? 'probing recovery'
+          : `retry at ${data.upstreamThrottle.until}`
+        : 'recovering';
+      const queued = data.upstreamThrottle.queued || 0;
+      const oldest = queued ? `, oldest ${formatDurationMs(data.upstreamThrottle.oldestQueuedMs)}` : '';
+      console.log(`Anthropic:      temporarily throttled (${state}, queued ${queued}${oldest})\n`);
+    }
+
+    for (const acct of data.accounts) {
+      const q = acct.quota;
+      const current = acct.name === data.currentAccount ? ' *' : '';
+
+      console.log(`  ${acct.name} (${acct.type})${current}`);
+      console.log(`    Status:   ${acct.enabled === false ? 'disabled' : acct.status}`);
+      console.log(`    Load:     current ${acct.load?.current?.inFlight || 0}/${acct.load?.current?.activeWeight || 0} weight, 15m ${formatLoadWindow(acct.load?.last15m)}, 1h ${formatLoadWindow(acct.load?.last1h)}`);
+
+      if (acct.type === 'provider') {
+        const last = acct.lastStatus ? `${acct.lastStatus} in ${formatDurationMs(acct.lastResponseMs)}` : '-';
+        console.log(`    Active:   ${acct.inFlight}    OK: ${acct.completedRequests}    Failed: ${acct.failedRequests}`);
+        console.log(`    Last:     ${last}`);
+        if (q.genericLimit != null && q.genericRemaining != null) {
+          const used = q.genericLimit - q.genericRemaining;
+          const reset = q.genericReset ? `    Reset: ${new Date(q.genericReset).toISOString()}` : '';
+          console.log(`    Limit:    ${used}/${q.genericLimit} used${reset}`);
+        }
+      } else if (q.unified5h != null || q.unified7d != null) {
+        const ses = q.unified5h != null ? (q.unified5h * 100).toFixed(1) + '%' : '-';
+        const wk = q.unified7d != null ? (q.unified7d * 100).toFixed(1) + '%' : '-';
+        console.log(`    Session:  ${ses} used    Weekly: ${wk} used`);
+      } else {
+        const tok = q.tokensLimit ? ((1 - q.tokensRemaining / q.tokensLimit) * 100).toFixed(1) + '%' : '-';
+        const req = q.requestsLimit ? ((1 - q.requestsRemaining / q.requestsLimit) * 100).toFixed(1) + '%' : '-';
+        console.log(`    Tokens:   ${tok} used    Requests: ${req} used`);
+      }
+
+      console.log(`    Total:    ${acct.usage.totalInputTokens + acct.usage.totalOutputTokens} tokens, ${acct.usage.totalRequests} requests`);
+      if (acct.rateLimitedUntil) console.log(`    Throttled until: ${acct.rateLimitedUntil}`);
+      console.log('');
+    }
+  } catch {
+    console.error(`Cannot connect to proxy at ${config.proxy.host || '127.0.0.1'}:${config.proxy.port}`);
+    console.error('Is the server running? Start with: maxpool server');
+    process.exit(1);
+  }
+}
+
+// ── accounts ────────────────────────────────────────────────
+
+async function accountsCommand() {
+  const config = await loadOrCreateConfig();
+  const verbose = args.includes('-v') || args.includes('--verbose');
+
+  if (config.accounts.length === 0) {
+    console.log('No accounts configured.');
+    console.log('Add one with: maxpool import, maxpool login, or maxpool login --api');
+    return;
+  }
+
+  // Refresh expired tokens before fetching profiles
+  let configDirty = false;
+  await Promise.all(config.accounts.map(async (a) => {
+    if (a.type !== 'oauth' || !a.refreshToken) return;
+    if (!isTokenExpiringSoon(a.expiresAt)) return;
+    try {
+      const newTokens = await refreshAccessToken(a.refreshToken);
+      a.accessToken = newTokens.accessToken;
+      a.refreshToken = newTokens.refreshToken;
+      a.expiresAt = newTokens.expiresAt;
+      configDirty = true;
+    } catch (err) {
+      // refresh failed — fetchProfile will report the specific error
+    }
+  }));
+  if (configDirty) await saveConfig(config);
+
+  // Fetch profiles in parallel for all OAuth accounts
+  const profiles = await Promise.all(
+    config.accounts.map(a =>
+      a.type === 'oauth' && a.accessToken ? fetchProfile(a.accessToken) : null
+    )
+  );
+
+  // Deduplicate by accountUuid — keep the last (most recently added) entry
+  const seen = new Map();
+  let removed = 0;
+  for (let i = config.accounts.length - 1; i >= 0; i--) {
+    const a = config.accounts[i];
+    const uuid = profiles[i]?.accountUuid || a.accountUuid;
+    if (uuid) {
+      if (seen.has(uuid)) {
+        config.accounts.splice(i, 1);
+        profiles.splice(i, 1);
+        removed++;
+      } else {
+        seen.set(uuid, i);
+        // Update stored UUID and name from profile
+        if (profiles[i] && !profiles[i].error) {
+          a.accountUuid = profiles[i].accountUuid;
+          if (profiles[i].email) a.name = profiles[i].email;
+        }
+      }
+    }
+  }
+  if (removed > 0) {
+    await saveConfig(config);
+    console.log(`Removed ${removed} duplicate account(s)\n`);
+  }
+
+  for (const [i, a] of config.accounts.entries()) {
+    const p = profiles[i];
+
+    if (a.type === 'apikey') {
+      console.log(`  [${i + 1}] ${a.name} (apikey)  ${a.apiKey?.slice(0, 15)}...`);
+      continue;
+    }
+
+    // OAuth account
+    const hasProfile = p && !p.error;
+    const tier = hasProfile ? (p.hasClaudeMax ? 'Max' : p.hasClaudePro ? 'Pro' : 'subscription') : null;
+    const status = hasProfile ? `Claude ${tier}` : `unknown (${p?.error || 'no token'})`;
+    const src = a.source ? `, ${a.source}` : '';
+    console.log(`  [${i + 1}] ${a.name} (${status}${src})`);
+    if (hasProfile && p.email && p.email !== a.name) console.log(`       Email: ${p.email}`);
+    if (hasProfile && p.orgName) console.log(`       Org:   ${p.orgName}`);
+    if (verbose && a.expiresAt) {
+      const remaining = a.expiresAt - Date.now();
+      if (remaining <= 0) {
+        console.log(`       Token: expired`);
+      } else {
+        const mins = Math.floor(remaining / 60000);
+        const hrs = Math.floor(mins / 60);
+        const expiry = hrs > 0 ? `${hrs}h ${mins % 60}m` : `${mins}m`;
+        console.log(`       Token: expires in ${expiry}`);
+      }
+    }
+  }
+}
+
+// ── api ─────────────────────────────────────────────────────
+
+async function apiCommand() {
+  const config = await loadOrCreateConfig();
+  const path = args[1];
+
+  if (!path) {
+    console.error('Usage: maxpool api <path> [--account NAME] [--method POST] [--data JSON]');
+    console.error('Example: maxpool api /api/oauth/claude_cli/roles');
+    process.exit(1);
+  }
+
+  // Find account to use
+  const accountName = argValue('--account');
+  const method = (argValue('--method') || 'GET').toUpperCase();
+  const data = argValue('--data');
+
+  const accounts = await resolveAccounts(config);
+  let account;
+  if (accountName) {
+    account = accounts.find(a => a.name === accountName);
+    if (!account) { console.error(`Account "${accountName}" not found`); process.exit(1); }
+  } else {
+    account = accounts.find(a => a.type === 'oauth') || accounts[0];
+    if (!account) { console.error('No accounts configured'); process.exit(1); }
+  }
+
+  const credential = account.accessToken || account.apiKey;
+  const isOAuth = account.type === 'oauth';
+  const upstream = config.upstream || 'https://api.anthropic.com';
+  const url = path.startsWith('http') ? path : `${upstream}${path}`;
+
+  const headers = isOAuth
+    ? { 'Authorization': `Bearer ${credential}` }
+    : { 'x-api-key': credential };
+
+  const fetchOpts = { method, headers };
+  if (data) {
+    headers['Content-Type'] = 'application/json';
+    fetchOpts.body = data;
+  }
+
+  const res = await fetch(url, fetchOpts);
+
+  // Print response headers to stderr
+  console.error(`${res.status} ${res.statusText}`);
+  for (const [k, v] of res.headers.entries()) {
+    console.error(`  ${k}: ${v}`);
+  }
+  console.error('');
+
+  // Print body to stdout
+  const body = await res.text();
+  try {
+    console.log(JSON.stringify(JSON.parse(body), null, 2));
+  } catch {
+    console.log(body);
+  }
+}
+
+// ── remove ──────────────────────────────────────────────────
+
+async function removeCommand() {
+  const config = await loadOrCreateConfig();
+  const name = args[1];
+
+  if (!name) {
+    console.error('Usage: maxpool remove <account-name>');
+    process.exit(1);
+  }
+
+  const idx = config.accounts.findIndex(a => a.name === name);
+  if (idx < 0) {
+    console.error(`Account "${name}" not found`);
+    process.exit(1);
+  }
+
+  config.accounts.splice(idx, 1);
+  await saveConfig(config);
+  console.log(`Removed account "${name}"`);
+}
+
+// ── help ────────────────────────────────────────────────────
+
+function showHelp() {
+  console.log(`Maxpool - Multi-account Claude proxy
+
+Usage: maxpool [command] [options]
+
+Commands:
+  server              Start the proxy server (default)
+  import              Import credentials from Claude Code
+  login               OAuth login via browser
+  login --api         Add an API key account
+  env [--with-key]    Print env vars to use with Claude
+  run [-- args...]    Run Claude Code through the proxy
+  status              Show proxy & account status (live)
+  accounts            List configured accounts
+  remove <name>       Remove an account
+  api <path>          Call an API endpoint with account credentials
+  help                Show this help
+
+Options:
+  --name NAME         Set account name (import/login)
+  --from PATH         Credentials path (import, default: ~/.claude/.credentials.json)
+  --json JSON         Import from inline JSON (import), e.g.:
+                      --json '{"accessToken":"...","refreshToken":"...","expiresAt":1234}'
+  --log-to DIR        Log full requests/responses to DIR (server, one file per request)
+  --with-key          Include proxy API key in maxpool env output
+
+Config: ${getConfigPath()}
+`);
+}
+
+// ── shared account upsert ────────────────────────────────────
+
+async function upsertOAuthAccount(config, name, creds, source = 'unknown') {
+  // Fetch profile to auto-name and deduplicate by account UUID
+  const profile = await fetchProfile(creds.accessToken);
+  const profileOk = profile && !profile.error;
+
+  if (!profileOk) {
+    console.error(`Warning: could not fetch account profile — ${profile?.error || 'no token'}`);
+  }
+  if (!name && profile?.email) {
+    name = profile.email;
+    const tier = profile.hasClaudeMax ? 'Max' : profile.hasClaudePro ? 'Pro' : null;
+    if (tier) console.log(`Detected Claude ${tier} account: ${profile.email}`);
+  }
+  if (!name) {
+    const n = config.accounts.filter(a => a.name.startsWith('account-')).length + 1;
+    name = `account-${n}`;
+  }
+
+  const account = {
+    name,
+    type: 'oauth',
+    source,
+    accountUuid: profile?.accountUuid || null,
+    accessToken: creds.accessToken,
+    refreshToken: creds.refreshToken,
+    expiresAt: creds.expiresAt,
+  };
+
+  // Deduplicate: match by UUID first, then by name
+  let idx = profile?.accountUuid
+    ? config.accounts.findIndex(a => a.accountUuid === profile.accountUuid)
+    : -1;
+  if (idx < 0) idx = config.accounts.findIndex(a => a.name === name);
+
+  if (idx >= 0) {
+    config.accounts[idx] = account;
+    console.log(`Updated account "${name}"`);
+  } else {
+    config.accounts.push(account);
+    console.log(`Added account "${name}"`);
+  }
+
+  await saveConfig(config);
+  console.log(`Saved to ${getConfigPath()}`);
+}
+
+// ── config sync helpers ─────────────────────────────────────
+
+/**
+ * Find a config account entry matching an in-memory account (by UUID, then name).
+ */
+function findConfigAccount(diskConfig, account) {
+  if (account.accountUuid) {
+    const idx = diskConfig.accounts.findIndex(a => a.accountUuid === account.accountUuid);
+    if (idx >= 0) return idx;
+  }
+  return diskConfig.accounts.findIndex(a => a.name === account.name);
+}
+
+/**
+ * Sync accounts from disk config: add new accounts and refresh credentials
+ * for existing ones (handles re-imported OAuth tokens, rotated API keys, etc.).
+ * Returns the number of new accounts added.
+ */
+async function syncAccountsFromDisk(diskConfig, memConfig, accountManager) {
+  let added = 0;
+  for (const diskAcct of diskConfig.accounts) {
+    const matchByUuid = diskAcct.accountUuid
+      ? memConfig.accounts.findIndex(a => a.accountUuid === diskAcct.accountUuid)
+      : -1;
+    const matchByName = memConfig.accounts.findIndex(a => a.name === diskAcct.name);
+    const memIdx = (matchByUuid >= 0 ? matchByUuid : null) ?? (matchByName >= 0 ? matchByName : -1);
+
+    if (memIdx < 0) {
+      // New account discovered on disk — add to running server
+      memConfig.accounts.push(diskAcct);
+      accountManager.addAccount(diskAcct);
+      added++;
+      console.log(`[Maxpool] Picked up new account "${diskAcct.name}" from config`);
+      continue;
+    }
+
+    // Existing account — resolve fresh credentials from disk
+    let freshCred = null;
+    if (diskAcct.type === 'oauth' && diskAcct.importFrom) {
+      try {
+        const creds = await importCredentials(diskAcct.importFrom);
+        freshCred = { accessToken: creds.accessToken, refreshToken: creds.refreshToken, expiresAt: creds.expiresAt };
+      } catch (err) {
+        console.error(`[Maxpool] Re-import failed for "${diskAcct.name}": ${err.message}`);
+      }
+    } else if (diskAcct.type === 'oauth' && diskAcct.accessToken) {
+      freshCred = { accessToken: diskAcct.accessToken, refreshToken: diskAcct.refreshToken, expiresAt: diskAcct.expiresAt };
+    } else if (diskAcct.type === 'apikey' && diskAcct.apiKey) {
+      freshCred = { apiKey: diskAcct.apiKey };
+    } else if (diskAcct.type === 'provider' && (diskAcct.authToken || diskAcct.apiKey)) {
+      freshCred = { authToken: diskAcct.authToken || diskAcct.apiKey };
+    }
+
+    if (!freshCred) continue;
+
+    // Find the corresponding AccountManager entry and update credentials
+    const mgr = accountManager.accounts.find(a =>
+      (diskAcct.accountUuid && a.accountUuid === diskAcct.accountUuid) || a.name === diskAcct.name
+    );
+    if (!mgr) continue;
+    const enabled = diskAcct.enabled !== false;
+    if (mgr.enabled !== enabled) {
+      accountManager.setAccountEnabled(mgr.index, enabled);
+      console.log(`[Maxpool] ${enabled ? 'Enabled' : 'Disabled'} account "${mgr.name}" from config`);
+    }
+    memConfig.accounts[memIdx] = { ...memConfig.accounts[memIdx], ...diskAcct };
+
+    if (freshCred.accessToken) {
+      const changed = mgr.credential !== freshCred.accessToken ||
+        mgr.refreshToken !== freshCred.refreshToken;
+      // Don't overwrite in-memory credentials with staler ones from disk
+      // (e.g. after a TUI import updated the AM before saveConfig wrote to disk)
+      const diskIsStaler = freshCred.expiresAt && mgr.expiresAt &&
+        freshCred.expiresAt < mgr.expiresAt;
+      if (changed && !diskIsStaler) {
+        accountManager.updateAccountTokens(mgr.index, freshCred);
+        console.log(`[Maxpool] Refreshed credentials for "${mgr.name}"`);
+      }
+    } else if (freshCred.apiKey && mgr.credential !== freshCred.apiKey) {
+      mgr.credential = freshCred.apiKey;
+      if (mgr.status === 'error') mgr.status = 'active';
+      console.log(`[Maxpool] Updated API key for "${mgr.name}"`);
+    } else if (freshCred.authToken && mgr.credential !== freshCred.authToken) {
+      mgr.credential = freshCred.authToken;
+      if (mgr.status === 'error') mgr.status = 'active';
+      console.log(`[Maxpool] Updated provider token for "${mgr.name}"`);
+    }
+  }
+  memConfig.routing = {
+    mode: diskConfig.routing?.mode || 'automatic',
+    preferredAccount: diskConfig.routing?.preferredAccount || null,
+  };
+  const preferredApplied = accountManager.setRoutingMode(
+    memConfig.routing.mode,
+    memConfig.routing.preferredAccount,
+  );
+  if (memConfig.routing.mode === 'preferred' && !preferredApplied) {
+    memConfig.routing = { mode: 'automatic', preferredAccount: null };
+  }
+  return added;
+}
+
+// ── helpers ─────────────────────────────────────────────────
+
+function argValue(flag) {
+  const i = args.indexOf(flag);
+  return (i >= 0 && args[i + 1]) ? args[i + 1] : null;
+}
+
+function handleServerListenError(err, host, port) {
+  if (err.code === 'EADDRINUSE') {
+    console.error(`[Maxpool] ${host}:${port} is already in use.`);
+    console.error('Another Maxpool proxy may already be running.');
+    console.error('Check the existing server with: maxpool status');
+    console.error(`Find the listener with: lsof -nP -iTCP:${port} -sTCP:LISTEN`);
+  } else if (err.code === 'EACCES') {
+    console.error(`[Maxpool] Permission denied while listening on ${host}:${port}.`);
+    console.error('Choose a non-privileged port in the Maxpool config.');
+  } else {
+    console.error(`[Maxpool] Failed to listen on ${host}:${port}: ${err.message}`);
+  }
+  process.exit(1);
+}
+
+function formatDurationMs(ms) {
+  if (ms == null || Number.isNaN(ms)) return '-';
+  if (ms < 1000) return `${Math.round(ms)}ms`;
+  const sec = ms / 1000;
+  if (sec < 60) return `${sec.toFixed(1)}s`;
+  return `${Math.floor(sec / 60)}m${String(Math.round(sec % 60)).padStart(2, '0')}s`;
+}
+
+function formatLoadWindow(load = {}) {
+  const avg = load.avgMs != null ? ` avg ${formatDurationMs(load.avgMs)}` : '';
+  const failed = load.failed ? `, ${load.failed} failed` : '';
+  return `${load.requests || 0} req${avg}${failed}`;
+}