[da boi MEME]AI rate limiting and request-safety controls #7
Open
guai626 wants to merge 2 commits into
Open
Conversation
Author
|
sorry cant find Da Boi meme |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces rate limiting and request-safety controls to the demo AI app's schedule generation flow.
Considering our open-source product aims to ensure quick onboarding and minimize system complexity, we have deliberately excluded Redis or other external middleware. However, if you plan to deploy this in a multi-instance (clustered) environment, we highly recommend either integrating Redis or leveraging an API gateway to implement session stickiness (user-to-instance routing) alongside in-memory caching to handle concurrency issues safely. Keeping it simple remains the core philosophy of this open-source template.
The main goal here is to prevent duplicate OpenAI API calls, block overlapping in-flight requests for the same user, and improve observability around AI usage, failures, and costs.
Changes
Database Models: Added AiCallLog and AiOperationLock models to persist AI request history and manage per-user operation locks.
Server Environment Configurations: Introduced configurable variables for:
OpenAI timeout
Rate limit window and max attempts
Duplicate-response reuse window
Lock TTL (Time-To-Live)
Core Logic Updates (generateGptResponse):
Reuses recent successful responses for identical, repetitive requests.
Rejects incoming requests when a user exceeds the configured rate limit.
Prevents concurrent AI schedule-generation requests from the same user.
Logs the full request lifecycle status (started, succeeded, failed, reused, and rejections).
Records granular metrics: model name, token usage, estimated cost, duration, and error details.
Credit Handling: Adjusted the logic to automatically refund credits if the AI request fails.
UI Enhancements: Updated the demo AI app UI to provide explicit, user-friendly feedback for:
409 Conflict: When a generation request is already in progress.
429 Too Many Requests: When the rate limit is exceeded.
Wasp Integration: Registered the new Prisma entities in the Wasp action configuration.
Added e2e test coverage for the demo AI app rate limiting and in-progress request handling flow.
Contributor Checklist
[✅] Update e2e tests: If you changed the /template/app, then make sure to do any necessary updates to /template/e2e-tests also.
⚠️ Note:The existing e2e flow here depends on multiple external elements beyond the AI abuse-control logic, so I kept the new coverage focused on the AI control path itself.
[✅] Update demo app: If you changed the /template/app, then make sure to do any necessary updates to /opensaas-sh/app_diff also. Check /opensaas-sh/README.md for details.
[✅] Update docs: If needed, update the /opensaas-sh/blog/src/content/docs.