Add AI usage ledger, quota reservation, and abuse controls#8
Open
bybzhwbzhh88 wants to merge 1 commit into
Open
Add AI usage ledger, quota reservation, and abuse controls#8bybzhwbzhh88 wants to merge 1 commit into
bybzhwbzhh88 wants to merge 1 commit into
Conversation
5f09fff to
e0c2b8b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implemented the AI cost and abuse-control challenge for the existing AI Day Scheduler flow.
This PR adds a focused
ai-usagemodule that turns one AI generation request into an auditable quota transaction: reserve credit before provider calls, record pending/succeeded/failed/rate-limited attempts, refund reserved credit on provider failure, and protect against duplicate or concurrent submissions.What Changed
AiCallLedgerfor AI call audit records, quota reservation state, token/cost observability, and failure tracking.ai-usagemodule for quota reservation, idempotency, request hashing, rate limiting, failure refunds, stale pending cleanup, and admin aggregate summary.generateGptResponseto use the new ledger/quota flow before calling the OpenAI-compatible provider.402,409, and429feedback.docs/ai-usage-control.md.Design Notes
The implementation intentionally stays scoped to the existing AI Day Scheduler instead of building a full AI billing platform.
Credits remain the product-facing quota. Token usage and estimated provider cost are recorded for observability, but they do not drive billing in this PR.
Duplicate protection uses both
idempotencyKeyandrequestHash: the first protects safe retries of the same request, while the second prevents identical pending submissions across tabs or devices.The ledger stores
reservedCreditAmountandcreditRefundedso refund behavior can be audited from database state instead of relying on runtime-only variables.Verification
npm exec -- vitest run src/ai-usage --config vitest.config.tsDATABASE_URL=postgresql://user:pass@localhost:5432/opensaas npm exec -- prisma validate --schema schema.prismanpm exec -- tsc --noEmit --project tsconfig.src.jsonnpm exec -- playwright test tests/aiUsageControlTests.spec.ts --project=chromiumgit diff --checkNotes
^0.25.0requires a compatiblereact-routerversion, so the app package was aligned to^8.0.1for consistent local startup.docs/ai-usage-control.md.Follow-Up
Potential next steps are documented in
docs/ai-usage-control.md, including a lightweight admin dashboard, provider invoice reconciliation, Redis/gateway rate limiting, and upstream provider cooldown handling.