Skip to content

[da boi MEME]AI rate limiting and request-safety controls #7

Open
guai626 wants to merge 2 commits into
floatboatai:mainfrom
guai626:feature-20260708-guai626
Open

[da boi MEME]AI rate limiting and request-safety controls #7
guai626 wants to merge 2 commits into
floatboatai:mainfrom
guai626:feature-20260708-guai626

Conversation

@guai626

@guai626 guai626 commented Jul 8, 2026

Copy link
Copy Markdown

Description

This PR introduces rate limiting and request-safety controls to the demo AI app's schedule generation flow.

Considering our open-source product aims to ensure quick onboarding and minimize system complexity, we have deliberately excluded Redis or other external middleware. However, if you plan to deploy this in a multi-instance (clustered) environment, we highly recommend either integrating Redis or leveraging an API gateway to implement session stickiness (user-to-instance routing) alongside in-memory caching to handle concurrency issues safely. Keeping it simple remains the core philosophy of this open-source template.

The main goal here is to prevent duplicate OpenAI API calls, block overlapping in-flight requests for the same user, and improve observability around AI usage, failures, and costs.

Changes

Database Models: Added AiCallLog and AiOperationLock models to persist AI request history and manage per-user operation locks.

Server Environment Configurations: Introduced configurable variables for:

OpenAI timeout

Rate limit window and max attempts

Duplicate-response reuse window

Lock TTL (Time-To-Live)

Core Logic Updates (generateGptResponse):

Reuses recent successful responses for identical, repetitive requests.

Rejects incoming requests when a user exceeds the configured rate limit.

Prevents concurrent AI schedule-generation requests from the same user.

Logs the full request lifecycle status (started, succeeded, failed, reused, and rejections).

Records granular metrics: model name, token usage, estimated cost, duration, and error details.

Credit Handling: Adjusted the logic to automatically refund credits if the AI request fails.

UI Enhancements: Updated the demo AI app UI to provide explicit, user-friendly feedback for:

409 Conflict: When a generation request is already in progress.

429 Too Many Requests: When the rate limit is exceeded.

Wasp Integration: Registered the new Prisma entities in the Wasp action configuration.

Added e2e test coverage for the demo AI app rate limiting and in-progress request handling flow.

Contributor Checklist

Make sure to do the following steps if they are applicable to your PR:

[✅] Update e2e tests: If you changed the /template/app, then make sure to do any necessary updates to /template/e2e-tests also.
⚠️ Note:The existing e2e flow here depends on multiple external elements beyond the AI abuse-control logic, so I kept the new coverage focused on the AI control path itself.
[✅] Update demo app: If you changed the /template/app, then make sure to do any necessary updates to /opensaas-sh/app_diff also. Check /opensaas-sh/README.md for details.

⚠️ Note: Since wasp: { version: "^0.25.0" } was unavailable during development, this PR has been fully tested using version 0.24.0.

[✅] Update docs: If needed, update the /opensaas-sh/blog/src/content/docs.

@guai626

guai626 commented Jul 8, 2026

Copy link
Copy Markdown
Author

sorry cant find Da Boi meme

@guai626 guai626 changed the title Feature 20260708 guai626 AI rate limiting and request-safety controls Jul 8, 2026
@guai626 guai626 changed the title AI rate limiting and request-safety controls [da boi MEME]AI rate limiting and request-safety controls Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant