The hybrid build and what it costs

A concrete two-layer architecture: keep the Puppeteer snipers local where they belong, lift the cheap request-based pollers to an optional always-on cloud tier, and see exactly where full web-hosting destroys your margin.

Recommended hybrid architecture

Two layers that never compete for the same infra. The moat stays on the user's machine; the upsell lives in the cloud.

Layer 1 -- User's Machine (Desktop App)

Electron shell + Express + WebSocket dashboard

Puppeteer Facebook Cars (fb-session.js + fb-scraper.js)

Puppeteer Facebook Electronics (facebook-sniper.js)

Puppeteer Mercari (mercari-client.js, stealth plugin)

Runs on the user's own IP and residential connection. Logged-in Facebook session bootstrapped once, stored locally. User supplies their own proxies via PROXY_* env vars. Operator cost: ~$0 per user added.

Whop OAuth license gate

lib/license/whop-oauth.cjs validates plan tier on startup. Free-tier daily snipe limits enforced locally (lib/license/free-tier-limits.cjs). The cloud lite flag is a Whop plan field the desktop app reads on verify.

Discord / Telegram alerts

↓

Watchlist sync (D1 / Turso / Firestore)

↓

Whop user ID as join key

Layer 2 -- Cloud Lite Tier (Optional Paid Upsell)

Hetzner CX22 (~$5/mo 2026) or Serverless Cron

HTTP Wallapop (axios REST, no browser)

HTTP Vinted (axios + access_token_web cookie)

HTTP OfferUp (impit TLS-fingerprint client)

Always-on, even when the user's laptop is closed. Datacenter IP works for all three markets. No Facebook session. No residential proxy required. A single CX22 handles hundreds of concurrent lightweight polls.

Storage and alert routing

Watchlists stored in Cloudflare D1 (free: 5M row reads/day), Turso (free: 500MB), or Firestore (free: 50k reads/day). Results routed to Discord webhook or Telegram bot per user. Zero Facebook credential custody -- no ToS exposure, no session-breach liability.

Puppeteer Heavy, browser-based, user-IP-bound -- stays local, forever | HTTP Lightweight, portable, cloud-safe -- move these first

Why this split works: The request-based monitors need only a functioning IP and a valid API token. Datacenter IPs work fine. The Puppeteer monitors need a logged-in Facebook session, a human-like browsing fingerprint, and a residential or mobile IP. Datacenter IPs trigger near-instant checkpoints. Those requirements make self-hosting correct for the browser side and cloud-hosting correct for the HTTP side -- not a tradeoff, just the physics of the markets.

Migration path: lift in this order

Four concrete steps to add the cloud lite tier without touching the existing desktop app behavior. One thing to never do.

Extract the three request-based pollers into a standalone Node.js worker

lib/wallapop-sniper.js, lib/vinted-sniper.js, and lib/offerup-client.js already use plain axios and impit -- no Electron or WebSocket dependencies. Pull them into a small worker process that accepts a watchlist JSON (from stdin or a DB query) and fires Discord webhook calls on matches. This is 1-2 days of work with no architecture change to the desktop app. The desktop app keeps running exactly as-is.

Deploy the worker to a $5/mo VPS or a serverless cron

A Hetzner CX22 (2 vCPU, 4 GB RAM, ~$4.35/mo in 2026) handles hundreds of lightweight HTTP polls without breaking a sweat. Alternatively: Cloudflare Workers Cron Triggers (free tier covers 100k invocations/day), Railway (free tier + $5 hobby), or Fly.io machines. None of these require a residential proxy for Wallapop, Vinted, or OfferUp -- datacenter IPs work cleanly for all three.

Store watchlists in a small cloud DB keyed by Whop user ID

Cloudflare D1 (free: 5M row reads/day), Turso (free: 500 MB), or Firestore (free: 50k reads/day) all work. The desktop app writes the user's watchlist on save; the cloud poller reads it on each poll cycle. The Whop user ID is the join key between the two. No new auth system required -- Whop is already the identity layer.

Gate the cloud tier behind a new Whop plan and a single feature flag

Add a higher-tier plan in Whop (e.g. "Pro" at $X/mo) that includes a cloud_lite: true field. The desktop app reads this on license verify (lib/license/whop-oauth.cjs already fetches plan data) and surfaces an "Always-on cloud sniping" toggle in the settings UI. Users on free or basic plans see the feature locked. No backend rewrite -- just a plan flag and a UI gate.

Do not migrate the Facebook or Mercari snipers to the cloud

These require: a logged-in Facebook session cookie (credential custody = ToS violation risk + security liability), a residential or mobile proxy ($50-200+/mo operator cost for a usable pool), and a full headless Chromium per user slot (0.5-1 GB RAM each). Datacenter IPs trigger Facebook checkpoints within minutes. The ban rate for shared cloud IPs approaches 100%. Moving these monitors to the cloud costs you money, creates legal exposure, and makes the product worse. Leave them local.

The thing that looks like friction is the moat. Every step above adds value without touching the Facebook snipers. The onboarding friction (set up proxies, log in to Facebook, run the app) is exactly what stops a weekend developer from cloning the repo and underselling you. A fully web-hosted competitor would need to solve proxy pools, session custody, and ban management at scale -- you already solved it by making it the user's problem.

12-month operator cost model

Same user base (200 active users), three scenarios. All figures are 2026 reference estimates.

Cumulative operator cost over 12 months

At 200 active users. Per-month figures, summed. 2026 estimates.

Assumptions: Self-hosted = $50/mo flat (Whop webhook server or tiny VPS for license relay, minor infra). Hybrid lite = $120/mo flat (Hetzner CX22 $5 + Cloudflare D1 free + Discord webhooks free + misc $5 + buffer $110 for future scaling). Full web-hosted = $800/mo at 200 users: 2x EC2 t3.medium ~$30 + residential proxy pool (rotating, good quality) $600 + NAT gateway + egress $50 + managed DB $20 + monitoring $20 + buffer $80. Full web-hosted cost grows as users and proxy demand increase. All figures per-month 2026 reference estimates.

Per-user operator cost vs. $25/mo subscription

Where full web-hosting erodes margin. 2026 estimates.

Assumptions: Subscription reference price: $25/user/mo. Self-hosted marginal cost: $50/mo fixed divided by user count (approaches $0 at scale). Hybrid lite: $120/mo fixed divided by user count (pool amortizes quickly). Full web-hosted: residential proxy pool minimum $200/mo for a usable rotating pool, scaling to $600/mo at 200+ users; plus ~$5/user/mo compute + overhead. At 10 users, proxy pool alone costs $20/user/mo against a $25 subscription. Even at 500 users, full web-hosting consumes approximately 36% of each subscription before infrastructure scaling costs. Self-hosted and hybrid leave most of the subscription as operator margin.

Scenario comparison at a glance

Scenario	12-mo operator cost (200 users)	Marginal cost per new user	Facebook sniper	Proxy responsibility	Session custody	Verdict
Self-hosted (current)	~$600	~$0	Supported	User's own	User's own	Default
Hybrid lite (recommended next step)	~$1,440	~$0.60	Stays local	User's own	User's own	Build this
Full web-hosted	~$9,600+	$8-15	Ban-prone	Operator pays	Operator holds	Avoid

All cost figures are 2026 reference estimates per-month unless noted. Full web-hosted cost at $9,600/yr assumes $800/mo flat for 200 users with a mid-tier residential proxy pool; it scales upward with user count and proxy tier. One-time setup costs (tooling, DB migration) are not included in the monthly figures.

The margin math on full web-hosting: At $25/mo subscription and $8-15/user/mo operator cost for a Facebook-capable hosted tier, you are left with $10-17/user gross margin before support, Whop fees, payment processing, and any infrastructure incidents. A proxy outage or Facebook mass-checkpoint event can flip that negative in hours. Self-hosted and hybrid keep that risk entirely on the user's side.