feat(#329): Add usage budget management and cost governance #336

Merged

jason.woltje merged 3 commits from feature/329-usage-budget into develop 2026-02-05 20:37:52 +00:00

Conversation 0 Commits 3 Files Changed 5 +808

3 Commits

Author	SHA1	Message	Date
jason.woltje	6b63ca3e07	Merge branch 'develop' into feature/329-usage-budget	2026-02-05 20:37:17 +00:00
Jason Woltje	2cb3fe8f5a	fix(#329): Harden BudgetService against security review findings ... - Fix CRITICAL: Unbounded memory growth via daily record purging - Fix CRITICAL: Negative/NaN/Infinity token bypass via input clamping - Fix HIGH: TOCTOU race via atomic trySpawnAgent() method - Fix HIGH: Phantom agent leak via Set<string> ID tracking (not counter) - Fix HIGH: isAgentOverBudget now scoped to today only - Fix HIGH: Config validation clamps invalid values to safe defaults - Fix MEDIUM: Wire BudgetModule into AppModule - Fix MEDIUM: Sanitize agentId in log output to prevent log injection - Fix MEDIUM: Use Date objects for timezone-safe comparisons - Fix MEDIUM: Reject empty agentId/taskId in recordUsage - Add tests for negative tokens, NaN, Infinity, empty IDs, config edge cases Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 13:15:33 -06:00
Jason Woltje	22dc964503	feat(#329): Add usage budget management and cost governance ... Implement BudgetService for tracking and enforcing agent usage limits: - Daily token limit tracking (default 10M tokens) - Per-agent token limit enforcement (default 2M tokens) - Maximum concurrent agent cap (default 10) - Task duration limits (default 120 minutes) - Hard/soft limit enforcement modes - Real-time usage summaries with budget status (within_budget/approaching_limit/at_limit/exceeded) - Per-agent usage breakdown with percentage calculations Includes BudgetModule for NestJS DI and 23 unit tests. Fixes #329 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 13:00:26 -06:00