Skip to content

Add AI usage ledger, quota reservation, and abuse controls#8

Open
bybzhwbzhh88 wants to merge 1 commit into
floatboatai:mainfrom
bybzhwbzhh88:feature/ai-usage-control
Open

Add AI usage ledger, quota reservation, and abuse controls#8
bybzhwbzhh88 wants to merge 1 commit into
floatboatai:mainfrom
bybzhwbzhh88:feature/ai-usage-control

Conversation

@bybzhwbzhh88

Copy link
Copy Markdown

Summary

Implemented the AI cost and abuse-control challenge for the existing AI Day Scheduler flow.

This PR adds a focused ai-usage module that turns one AI generation request into an auditable quota transaction: reserve credit before provider calls, record pending/succeeded/failed/rate-limited attempts, refund reserved credit on provider failure, and protect against duplicate or concurrent submissions.

What Changed

  • Added AiCallLedger for AI call audit records, quota reservation state, token/cost observability, and failure tracking.
  • Added the ai-usage module for quota reservation, idempotency, request hashing, rate limiting, failure refunds, stale pending cleanup, and admin aggregate summary.
  • Updated generateGptResponse to use the new ledger/quota flow before calling the OpenAI-compatible provider.
  • Updated the demo UI to send an idempotency key and show clearer 402, 409, and 429 feedback.
  • Added focused unit, wiring, and Playwright E2E coverage.
  • Added detailed bilingual implementation notes in docs/ai-usage-control.md.

Design Notes

The implementation intentionally stays scoped to the existing AI Day Scheduler instead of building a full AI billing platform.

Credits remain the product-facing quota. Token usage and estimated provider cost are recorded for observability, but they do not drive billing in this PR.

Duplicate protection uses both idempotencyKey and requestHash: the first protects safe retries of the same request, while the second prevents identical pending submissions across tabs or devices.

The ledger stores reservedCreditAmount and creditRefunded so refund behavior can be audited from database state instead of relying on runtime-only variables.

Verification

  • npm exec -- vitest run src/ai-usage --config vitest.config.ts
  • DATABASE_URL=postgresql://user:pass@localhost:5432/opensaas npm exec -- prisma validate --schema schema.prisma
  • npm exec -- tsc --noEmit --project tsconfig.src.json
  • npm exec -- playwright test tests/aiUsageControlTests.spec.ts --project=chromium
  • git diff --check

Notes

  • The focused Playwright E2E covers duplicate-request and rate-limit UI feedback.
  • Wasp ^0.25.0 requires a compatible react-router version, so the app package was aligned to ^8.0.1 for consistent local startup.
  • The detailed implementation boundary, reused code, modified source, newly added source, and follow-up plan are documented in docs/ai-usage-control.md.

Follow-Up

Potential next steps are documented in docs/ai-usage-control.md, including a lightweight admin dashboard, provider invoice reconciliation, Redis/gateway rate limiting, and upstream provider cooldown handling.

@bybzhwbzhh88 bybzhwbzhh88 force-pushed the feature/ai-usage-control branch from 5f09fff to e0c2b8b Compare July 8, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant