feat(#329): Add usage budget management and cost governance #336

jason.woltje · 2026-02-05T19:01:09Z

jason.woltje commented

2026-02-05 19:01:09 +00:00

Summary

New BudgetService for tracking and enforcing agent usage limits
Daily token limit tracking (default 10M tokens)
Per-agent token limit enforcement (default 2M tokens)
Maximum concurrent agent cap (default 10)
Hard/soft limit enforcement modes
Real-time usage summaries with budget status levels
BudgetModule for NestJS dependency injection

Test Plan

23 unit tests pass covering all service methods
Lint passes (0 warnings)
TypeScript type check passes

Fixes #329

## Summary - New BudgetService for tracking and enforcing agent usage limits - Daily token limit tracking (default 10M tokens) - Per-agent token limit enforcement (default 2M tokens) - Maximum concurrent agent cap (default 10) - Hard/soft limit enforcement modes - Real-time usage summaries with budget status levels - BudgetModule for NestJS dependency injection ## Test Plan - [x] 23 unit tests pass covering all service methods - [x] Lint passes (0 warnings) - [x] TypeScript type check passes Fixes #329

jason.woltje added 1 commit 2026-02-05 19:01:10 +00:00

feat(#329 ): Add usage budget management and cost governance

ci/woodpecker/push/woodpecker Pipeline failed

Details

ci/woodpecker/pr/woodpecker Pipeline failed

Details

22dc964503

Implement BudgetService for tracking and enforcing agent usage limits:
- Daily token limit tracking (default 10M tokens)
- Per-agent token limit enforcement (default 2M tokens)
- Maximum concurrent agent cap (default 10)
- Task duration limits (default 120 minutes)
- Hard/soft limit enforcement modes
- Real-time usage summaries with budget status
  (within_budget/approaching_limit/at_limit/exceeded)
- Per-agent usage breakdown with percentage calculations

Includes BudgetModule for NestJS DI and 23 unit tests.

Fixes #329

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

jason.woltje added 1 commit 2026-02-05 19:16:01 +00:00

fix(#329 ): Harden BudgetService against security review findings

ci/woodpecker/push/woodpecker Pipeline failed

Details

ci/woodpecker/pr/woodpecker Pipeline failed

Details

2cb3fe8f5a

- Fix CRITICAL: Unbounded memory growth via daily record purging
- Fix CRITICAL: Negative/NaN/Infinity token bypass via input clamping
- Fix HIGH: TOCTOU race via atomic trySpawnAgent() method
- Fix HIGH: Phantom agent leak via Set<string> ID tracking (not counter)
- Fix HIGH: isAgentOverBudget now scoped to today only
- Fix HIGH: Config validation clamps invalid values to safe defaults
- Fix MEDIUM: Wire BudgetModule into AppModule
- Fix MEDIUM: Sanitize agentId in log output to prevent log injection
- Fix MEDIUM: Use Date objects for timezone-safe comparisons
- Fix MEDIUM: Reject empty agentId/taskId in recordUsage
- Add tests for negative tokens, NaN, Infinity, empty IDs, config edge cases

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

jason.woltje added 1 commit 2026-02-05 20:37:20 +00:00

Merge branch 'develop' into feature/329-usage-budget

ci/woodpecker/pr/woodpecker Pipeline failed

Details

ci/woodpecker/push/woodpecker Pipeline failed

Details

6b63ca3e07

jason.woltje merged commit bbc211f56e into develop

2026-02-05 20:37:52 +00:00

jason.woltje deleted branch feature/329-usage-budget

2026-02-05 20:37:52 +00:00

jason.woltje referenced this issue from a commit

2026-02-05 20:37:54 +00:00

Merge pull request 'feat(#329): Add usage budget management and cost governance' (#336) from feature/329-usage-budget into develop

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#336