feat: auth gate, rate limiting, and cost attribution#26
Open
stackbilt-admin wants to merge 1 commit intomainfrom
Open
feat: auth gate, rate limiting, and cost attribution#26stackbilt-admin wants to merge 1 commit intomainfrom
stackbilt-admin wants to merge 1 commit intomainfrom
Conversation
- Rate limiter: sliding window per-tenant using RATELIMIT_KV with tier-based limits (free=20/min, hobby=60, pro=300, enterprise=1000). Returns 429 with Retry-After and X-RateLimit-* headers. - Cost attribution: per-tool credit costs with quality multipliers for image_generate. Reserves quota via edge-auth consumeQuota RPC before tool call, settles (commit/refund) after based on outcome. Free tools (read-only, zero cost) skip quota enforcement. - Scope enforcement: mutation tools require 'generate' scope. tools/list filters catalog to match session scopes. - AuthServiceRpc extended with checkQuota, consumeQuota, and commitOrRefundQuota methods matching edge-auth's entrypoint. - All existing tests updated with new mocks; 25 new tests added. Closes #18 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the three security-critical features from issue #18 (AgentRelay reference spec):
Rate limiting — Sliding window per-tenant rate limiter using
RATELIMIT_KV. Tier-based limits: free=20/min, hobby=60, pro=300, enterprise=1000. Returns429with standardRetry-AfterandX-RateLimit-*headers on all responses.Cost attribution — Per-tool credit costs with quality multipliers for
image_generate. Reserves quota via edge-authconsumeQuotaRPC before each tool call, then commits or refunds based on outcome. Zero-cost tools (read-only lookups) skip quota enforcement entirely.Scope enforcement — Mutation tools (
LOCAL_MUTATION,EXTERNAL_MUTATION,DESTRUCTIVE) require thegeneratescope.tools/listfilters the catalog to only show tools the session has access to. API keys with read-only scopes cannot invoke mutations.New files
src/rate-limiter.ts— Fixed-window rate limiter with KV TTL for auto-cleanupsrc/cost-attribution.ts— Tool cost registry, quota reservation/settlementtest/rate-limiter.test.ts— 8 teststest/cost-attribution.test.ts— 17 testsModified files
src/gateway.ts— Wire rate limiting after auth, quota reserve before tool call, scope check ontools/callsrc/types.ts— AddcheckQuota,consumeQuota,commitOrRefundQuotatoAuthServiceRpc; addRATELIMIT_KVtoGatewayEnvwrangler.toml— AddRATELIMIT_KVnamespace bindingRATELIMIT_KVTest plan
tsc --noEmit)X-RateLimit-Remainingheader decrementsimage_generatewithultra_plusquality, verify 40-credit costCloses #18
🤖 Generated with Claude Code