1mod authorization;
2pub mod db;
3mod token;
4
5use crate::api::events::SnowflakeRow;
6use crate::api::CloudflareIpCountryHeader;
7use crate::build_kinesis_client;
8use crate::{db::UserId, executor::Executor, Cents, Config, Error, Result};
9use anyhow::{anyhow, Context as _};
10use authorization::authorize_access_to_language_model;
11use axum::routing::get;
12use axum::{
13 body::Body,
14 http::{self, HeaderName, HeaderValue, Request, StatusCode},
15 middleware::{self, Next},
16 response::{IntoResponse, Response},
17 routing::post,
18 Extension, Json, Router, TypedHeader,
19};
20use chrono::{DateTime, Duration, Utc};
21use collections::HashMap;
22use db::TokenUsage;
23use db::{usage_measure::UsageMeasure, ActiveUserCount, LlmDatabase};
24use futures::{Stream, StreamExt as _};
25use reqwest_client::ReqwestClient;
26use rpc::{
27 proto::Plan, LanguageModelProvider, PerformCompletionParams, EXPIRED_LLM_TOKEN_HEADER_NAME,
28};
29use rpc::{ListModelsResponse, MAX_LLM_MONTHLY_SPEND_REACHED_HEADER_NAME};
30use serde_json::json;
31use std::{
32 pin::Pin,
33 sync::Arc,
34 task::{Context, Poll},
35};
36use strum::IntoEnumIterator;
37use tokio::sync::RwLock;
38use util::ResultExt;
39
40pub use token::*;
41
42const ACTIVE_USER_COUNT_CACHE_DURATION: Duration = Duration::seconds(30);
43
44pub struct LlmState {
45 pub config: Config,
46 pub executor: Executor,
47 pub db: Arc<LlmDatabase>,
48 pub http_client: ReqwestClient,
49 pub kinesis_client: Option<aws_sdk_kinesis::Client>,
50 active_user_count_by_model:
51 RwLock<HashMap<(LanguageModelProvider, String), (DateTime<Utc>, ActiveUserCount)>>,
52}
53
54impl LlmState {
55 pub async fn new(config: Config, executor: Executor) -> Result<Arc<Self>> {
56 let database_url = config
57 .llm_database_url
58 .as_ref()
59 .ok_or_else(|| anyhow!("missing LLM_DATABASE_URL"))?;
60 let max_connections = config
61 .llm_database_max_connections
62 .ok_or_else(|| anyhow!("missing LLM_DATABASE_MAX_CONNECTIONS"))?;
63
64 let mut db_options = db::ConnectOptions::new(database_url);
65 db_options.max_connections(max_connections);
66 let mut db = LlmDatabase::new(db_options, executor.clone()).await?;
67 db.initialize().await?;
68
69 let db = Arc::new(db);
70
71 let user_agent = format!("Zed Server/{}", env!("CARGO_PKG_VERSION"));
72 let http_client =
73 ReqwestClient::user_agent(&user_agent).context("failed to construct http client")?;
74
75 let this = Self {
76 executor,
77 db,
78 http_client,
79 kinesis_client: if config.kinesis_access_key.is_some() {
80 build_kinesis_client(&config).await.log_err()
81 } else {
82 None
83 },
84 active_user_count_by_model: RwLock::new(HashMap::default()),
85 config,
86 };
87
88 Ok(Arc::new(this))
89 }
90
91 pub async fn get_active_user_count(
92 &self,
93 provider: LanguageModelProvider,
94 model: &str,
95 ) -> Result<ActiveUserCount> {
96 let now = Utc::now();
97
98 {
99 let active_user_count_by_model = self.active_user_count_by_model.read().await;
100 if let Some((last_updated, count)) =
101 active_user_count_by_model.get(&(provider, model.to_string()))
102 {
103 if now - *last_updated < ACTIVE_USER_COUNT_CACHE_DURATION {
104 return Ok(*count);
105 }
106 }
107 }
108
109 let mut cache = self.active_user_count_by_model.write().await;
110 let new_count = self.db.get_active_user_count(provider, model, now).await?;
111 cache.insert((provider, model.to_string()), (now, new_count));
112 Ok(new_count)
113 }
114}
115
116pub fn routes() -> Router<(), Body> {
117 Router::new()
118 .route("/models", get(list_models))
119 .route("/completion", post(perform_completion))
120 .layer(middleware::from_fn(validate_api_token))
121}
122
123async fn validate_api_token<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
124 let token = req
125 .headers()
126 .get(http::header::AUTHORIZATION)
127 .and_then(|header| header.to_str().ok())
128 .ok_or_else(|| {
129 Error::http(
130 StatusCode::BAD_REQUEST,
131 "missing authorization header".to_string(),
132 )
133 })?
134 .strip_prefix("Bearer ")
135 .ok_or_else(|| {
136 Error::http(
137 StatusCode::BAD_REQUEST,
138 "invalid authorization header".to_string(),
139 )
140 })?;
141
142 let state = req.extensions().get::<Arc<LlmState>>().unwrap();
143 match LlmTokenClaims::validate(token, &state.config) {
144 Ok(claims) => {
145 if state.db.is_access_token_revoked(&claims.jti).await? {
146 return Err(Error::http(
147 StatusCode::UNAUTHORIZED,
148 "unauthorized".to_string(),
149 ));
150 }
151
152 tracing::Span::current()
153 .record("user_id", claims.user_id)
154 .record("login", claims.github_user_login.clone())
155 .record("authn.jti", &claims.jti)
156 .record("is_staff", claims.is_staff);
157
158 req.extensions_mut().insert(claims);
159 Ok::<_, Error>(next.run(req).await.into_response())
160 }
161 Err(ValidateLlmTokenError::Expired) => Err(Error::Http(
162 StatusCode::UNAUTHORIZED,
163 "unauthorized".to_string(),
164 [(
165 HeaderName::from_static(EXPIRED_LLM_TOKEN_HEADER_NAME),
166 HeaderValue::from_static("true"),
167 )]
168 .into_iter()
169 .collect(),
170 )),
171 Err(_err) => Err(Error::http(
172 StatusCode::UNAUTHORIZED,
173 "unauthorized".to_string(),
174 )),
175 }
176}
177
178async fn list_models(
179 Extension(state): Extension<Arc<LlmState>>,
180 Extension(claims): Extension<LlmTokenClaims>,
181 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
182) -> Result<Json<ListModelsResponse>> {
183 let country_code = country_code_header.map(|header| header.to_string());
184
185 let mut accessible_models = Vec::new();
186
187 for (provider, model) in state.db.all_models() {
188 let authorize_result = authorize_access_to_language_model(
189 &state.config,
190 &claims,
191 country_code.as_deref(),
192 provider,
193 &model.name,
194 );
195
196 if authorize_result.is_ok() {
197 accessible_models.push(rpc::LanguageModel {
198 provider,
199 name: model.name,
200 });
201 }
202 }
203
204 Ok(Json(ListModelsResponse {
205 models: accessible_models,
206 }))
207}
208
209async fn perform_completion(
210 Extension(state): Extension<Arc<LlmState>>,
211 Extension(claims): Extension<LlmTokenClaims>,
212 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
213 Json(params): Json<PerformCompletionParams>,
214) -> Result<impl IntoResponse> {
215 let model = normalize_model_name(
216 state.db.model_names_for_provider(params.provider),
217 params.model,
218 );
219
220 authorize_access_to_language_model(
221 &state.config,
222 &claims,
223 country_code_header
224 .map(|header| header.to_string())
225 .as_deref(),
226 params.provider,
227 &model,
228 )?;
229
230 check_usage_limit(&state, params.provider, &model, &claims).await?;
231
232 let stream = match params.provider {
233 LanguageModelProvider::Anthropic => {
234 let api_key = if claims.is_staff {
235 state
236 .config
237 .anthropic_staff_api_key
238 .as_ref()
239 .context("no Anthropic AI staff API key configured on the server")?
240 } else {
241 state
242 .config
243 .anthropic_api_key
244 .as_ref()
245 .context("no Anthropic AI API key configured on the server")?
246 };
247
248 let mut request: anthropic::Request =
249 serde_json::from_str(params.provider_request.get())?;
250
251 // Override the model on the request with the latest version of the model that is
252 // known to the server.
253 //
254 // Right now, we use the version that's defined in `model.id()`, but we will likely
255 // want to change this code once a new version of an Anthropic model is released,
256 // so that users can use the new version, without having to update Zed.
257 request.model = match model.as_str() {
258 "claude-3-5-sonnet" => anthropic::Model::Claude3_5Sonnet.id().to_string(),
259 "claude-3-7-sonnet" => anthropic::Model::Claude3_7Sonnet.id().to_string(),
260 "claude-3-opus" => anthropic::Model::Claude3Opus.id().to_string(),
261 "claude-3-haiku" => anthropic::Model::Claude3Haiku.id().to_string(),
262 "claude-3-sonnet" => anthropic::Model::Claude3Sonnet.id().to_string(),
263 _ => request.model,
264 };
265
266 let (chunks, rate_limit_info) = anthropic::stream_completion_with_rate_limit_info(
267 &state.http_client,
268 anthropic::ANTHROPIC_API_URL,
269 api_key,
270 request,
271 )
272 .await
273 .map_err(|err| match err {
274 anthropic::AnthropicError::ApiError(ref api_error) => match api_error.code() {
275 Some(anthropic::ApiErrorCode::RateLimitError) => {
276 tracing::info!(
277 target: "upstream rate limit exceeded",
278 user_id = claims.user_id,
279 login = claims.github_user_login,
280 authn.jti = claims.jti,
281 is_staff = claims.is_staff,
282 provider = params.provider.to_string(),
283 model = model
284 );
285
286 Error::http(
287 StatusCode::TOO_MANY_REQUESTS,
288 "Upstream Anthropic rate limit exceeded.".to_string(),
289 )
290 }
291 Some(anthropic::ApiErrorCode::InvalidRequestError) => {
292 Error::http(StatusCode::BAD_REQUEST, api_error.message.clone())
293 }
294 Some(anthropic::ApiErrorCode::OverloadedError) => {
295 Error::http(StatusCode::SERVICE_UNAVAILABLE, api_error.message.clone())
296 }
297 Some(_) => {
298 Error::http(StatusCode::INTERNAL_SERVER_ERROR, api_error.message.clone())
299 }
300 None => Error::Internal(anyhow!(err)),
301 },
302 anthropic::AnthropicError::Other(err) => Error::Internal(err),
303 })?;
304
305 if let Some(rate_limit_info) = rate_limit_info {
306 tracing::info!(
307 target: "upstream rate limit",
308 is_staff = claims.is_staff,
309 provider = params.provider.to_string(),
310 model = model,
311 tokens_remaining = rate_limit_info.tokens_remaining,
312 requests_remaining = rate_limit_info.requests_remaining,
313 requests_reset = ?rate_limit_info.requests_reset,
314 tokens_reset = ?rate_limit_info.tokens_reset,
315 );
316 }
317
318 chunks
319 .map(move |event| {
320 let chunk = event?;
321 let (
322 input_tokens,
323 output_tokens,
324 cache_creation_input_tokens,
325 cache_read_input_tokens,
326 ) = match &chunk {
327 anthropic::Event::MessageStart {
328 message: anthropic::Response { usage, .. },
329 }
330 | anthropic::Event::MessageDelta { usage, .. } => (
331 usage.input_tokens.unwrap_or(0) as usize,
332 usage.output_tokens.unwrap_or(0) as usize,
333 usage.cache_creation_input_tokens.unwrap_or(0) as usize,
334 usage.cache_read_input_tokens.unwrap_or(0) as usize,
335 ),
336 _ => (0, 0, 0, 0),
337 };
338
339 anyhow::Ok(CompletionChunk {
340 bytes: serde_json::to_vec(&chunk).unwrap(),
341 input_tokens,
342 output_tokens,
343 cache_creation_input_tokens,
344 cache_read_input_tokens,
345 })
346 })
347 .boxed()
348 }
349 LanguageModelProvider::OpenAi => {
350 let api_key = state
351 .config
352 .openai_api_key
353 .as_ref()
354 .context("no OpenAI API key configured on the server")?;
355 let chunks = open_ai::stream_completion(
356 &state.http_client,
357 open_ai::OPEN_AI_API_URL,
358 api_key,
359 serde_json::from_str(params.provider_request.get())?,
360 )
361 .await?;
362
363 chunks
364 .map(|event| {
365 event.map(|chunk| {
366 let input_tokens =
367 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
368 let output_tokens =
369 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
370 CompletionChunk {
371 bytes: serde_json::to_vec(&chunk).unwrap(),
372 input_tokens,
373 output_tokens,
374 cache_creation_input_tokens: 0,
375 cache_read_input_tokens: 0,
376 }
377 })
378 })
379 .boxed()
380 }
381 LanguageModelProvider::Google => {
382 let api_key = state
383 .config
384 .google_ai_api_key
385 .as_ref()
386 .context("no Google AI API key configured on the server")?;
387 let chunks = google_ai::stream_generate_content(
388 &state.http_client,
389 google_ai::API_URL,
390 api_key,
391 serde_json::from_str(params.provider_request.get())?,
392 )
393 .await?;
394
395 chunks
396 .map(|event| {
397 event.map(|chunk| {
398 // TODO - implement token counting for Google AI
399 CompletionChunk {
400 bytes: serde_json::to_vec(&chunk).unwrap(),
401 input_tokens: 0,
402 output_tokens: 0,
403 cache_creation_input_tokens: 0,
404 cache_read_input_tokens: 0,
405 }
406 })
407 })
408 .boxed()
409 }
410 };
411
412 Ok(Response::new(Body::wrap_stream(TokenCountingStream {
413 state,
414 claims,
415 provider: params.provider,
416 model,
417 tokens: TokenUsage::default(),
418 inner_stream: stream,
419 })))
420}
421
422fn normalize_model_name(known_models: Vec<String>, name: String) -> String {
423 if let Some(known_model_name) = known_models
424 .iter()
425 .filter(|known_model_name| name.starts_with(known_model_name.as_str()))
426 .max_by_key(|known_model_name| known_model_name.len())
427 {
428 known_model_name.to_string()
429 } else {
430 name
431 }
432}
433
434/// The maximum monthly spending an individual user can reach on the free tier
435/// before they have to pay.
436pub const FREE_TIER_MONTHLY_SPENDING_LIMIT: Cents = Cents::from_dollars(10);
437
438/// The default value to use for maximum spend per month if the user did not
439/// explicitly set a maximum spend.
440///
441/// Used to prevent surprise bills.
442pub const DEFAULT_MAX_MONTHLY_SPEND: Cents = Cents::from_dollars(10);
443
444async fn check_usage_limit(
445 state: &Arc<LlmState>,
446 provider: LanguageModelProvider,
447 model_name: &str,
448 claims: &LlmTokenClaims,
449) -> Result<()> {
450 if claims.is_staff {
451 return Ok(());
452 }
453
454 let user_id = UserId::from_proto(claims.user_id);
455 let model = state.db.model(provider, model_name)?;
456 let free_tier = claims.free_tier_monthly_spending_limit();
457
458 let spending_this_month = state
459 .db
460 .get_user_spending_for_month(user_id, Utc::now())
461 .await?;
462 if spending_this_month >= free_tier {
463 if !claims.has_llm_subscription {
464 return Err(Error::http(
465 StatusCode::PAYMENT_REQUIRED,
466 "Maximum spending limit reached for this month.".to_string(),
467 ));
468 }
469
470 let monthly_spend = spending_this_month.saturating_sub(free_tier);
471 if monthly_spend >= Cents(claims.max_monthly_spend_in_cents) {
472 return Err(Error::Http(
473 StatusCode::FORBIDDEN,
474 "Maximum spending limit reached for this month.".to_string(),
475 [(
476 HeaderName::from_static(MAX_LLM_MONTHLY_SPEND_REACHED_HEADER_NAME),
477 HeaderValue::from_static("true"),
478 )]
479 .into_iter()
480 .collect(),
481 ));
482 }
483 }
484
485 let active_users = state.get_active_user_count(provider, model_name).await?;
486
487 let users_in_recent_minutes = active_users.users_in_recent_minutes.max(1);
488 let users_in_recent_days = active_users.users_in_recent_days.max(1);
489
490 let per_user_max_requests_per_minute =
491 model.max_requests_per_minute as usize / users_in_recent_minutes;
492 let per_user_max_tokens_per_minute =
493 model.max_tokens_per_minute as usize / users_in_recent_minutes;
494 let per_user_max_tokens_per_day = model.max_tokens_per_day as usize / users_in_recent_days;
495
496 let usage = state
497 .db
498 .get_usage(user_id, provider, model_name, Utc::now())
499 .await?;
500
501 let checks = [
502 (
503 usage.requests_this_minute,
504 per_user_max_requests_per_minute,
505 UsageMeasure::RequestsPerMinute,
506 ),
507 (
508 usage.tokens_this_minute,
509 per_user_max_tokens_per_minute,
510 UsageMeasure::TokensPerMinute,
511 ),
512 (
513 usage.tokens_this_day,
514 per_user_max_tokens_per_day,
515 UsageMeasure::TokensPerDay,
516 ),
517 ];
518
519 for (used, limit, usage_measure) in checks {
520 if used > limit {
521 let resource = match usage_measure {
522 UsageMeasure::RequestsPerMinute => "requests_per_minute",
523 UsageMeasure::TokensPerMinute => "tokens_per_minute",
524 UsageMeasure::TokensPerDay => "tokens_per_day",
525 };
526
527 tracing::info!(
528 target: "user rate limit",
529 user_id = claims.user_id,
530 login = claims.github_user_login,
531 authn.jti = claims.jti,
532 is_staff = claims.is_staff,
533 provider = provider.to_string(),
534 model = model.name,
535 requests_this_minute = usage.requests_this_minute,
536 tokens_this_minute = usage.tokens_this_minute,
537 tokens_this_day = usage.tokens_this_day,
538 users_in_recent_minutes = users_in_recent_minutes,
539 users_in_recent_days = users_in_recent_days,
540 max_requests_per_minute = per_user_max_requests_per_minute,
541 max_tokens_per_minute = per_user_max_tokens_per_minute,
542 max_tokens_per_day = per_user_max_tokens_per_day,
543 );
544
545 SnowflakeRow::new(
546 "Language Model Rate Limited",
547 claims.metrics_id,
548 claims.is_staff,
549 claims.system_id.clone(),
550 json!({
551 "usage": usage,
552 "users_in_recent_minutes": users_in_recent_minutes,
553 "users_in_recent_days": users_in_recent_days,
554 "max_requests_per_minute": per_user_max_requests_per_minute,
555 "max_tokens_per_minute": per_user_max_tokens_per_minute,
556 "max_tokens_per_day": per_user_max_tokens_per_day,
557 "plan": match claims.plan {
558 Plan::Free => "free".to_string(),
559 Plan::ZedPro => "zed_pro".to_string(),
560 },
561 "model": model.name.clone(),
562 "provider": provider.to_string(),
563 "usage_measure": resource.to_string(),
564 }),
565 )
566 .write(&state.kinesis_client, &state.config.kinesis_stream)
567 .await
568 .log_err();
569
570 return Err(Error::http(
571 StatusCode::TOO_MANY_REQUESTS,
572 format!("Rate limit exceeded. Maximum {} reached.", resource),
573 ));
574 }
575 }
576
577 Ok(())
578}
579
580struct CompletionChunk {
581 bytes: Vec<u8>,
582 input_tokens: usize,
583 output_tokens: usize,
584 cache_creation_input_tokens: usize,
585 cache_read_input_tokens: usize,
586}
587
588struct TokenCountingStream<S> {
589 state: Arc<LlmState>,
590 claims: LlmTokenClaims,
591 provider: LanguageModelProvider,
592 model: String,
593 tokens: TokenUsage,
594 inner_stream: S,
595}
596
597impl<S> Stream for TokenCountingStream<S>
598where
599 S: Stream<Item = Result<CompletionChunk, anyhow::Error>> + Unpin,
600{
601 type Item = Result<Vec<u8>, anyhow::Error>;
602
603 fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
604 match Pin::new(&mut self.inner_stream).poll_next(cx) {
605 Poll::Ready(Some(Ok(mut chunk))) => {
606 chunk.bytes.push(b'\n');
607 self.tokens.input += chunk.input_tokens;
608 self.tokens.output += chunk.output_tokens;
609 self.tokens.input_cache_creation += chunk.cache_creation_input_tokens;
610 self.tokens.input_cache_read += chunk.cache_read_input_tokens;
611 Poll::Ready(Some(Ok(chunk.bytes)))
612 }
613 Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
614 Poll::Ready(None) => Poll::Ready(None),
615 Poll::Pending => Poll::Pending,
616 }
617 }
618}
619
620impl<S> Drop for TokenCountingStream<S> {
621 fn drop(&mut self) {
622 let state = self.state.clone();
623 let claims = self.claims.clone();
624 let provider = self.provider;
625 let model = std::mem::take(&mut self.model);
626 let tokens = self.tokens;
627 self.state.executor.spawn_detached(async move {
628 let usage = state
629 .db
630 .record_usage(
631 UserId::from_proto(claims.user_id),
632 claims.is_staff,
633 provider,
634 &model,
635 tokens,
636 claims.has_llm_subscription,
637 Cents(claims.max_monthly_spend_in_cents),
638 claims.free_tier_monthly_spending_limit(),
639 Utc::now(),
640 )
641 .await
642 .log_err();
643
644 if let Some(usage) = usage {
645 tracing::info!(
646 target: "user usage",
647 user_id = claims.user_id,
648 login = claims.github_user_login,
649 authn.jti = claims.jti,
650 is_staff = claims.is_staff,
651 requests_this_minute = usage.requests_this_minute,
652 tokens_this_minute = usage.tokens_this_minute,
653 );
654
655 let properties = json!({
656 "has_llm_subscription": claims.has_llm_subscription,
657 "max_monthly_spend_in_cents": claims.max_monthly_spend_in_cents,
658 "plan": match claims.plan {
659 Plan::Free => "free".to_string(),
660 Plan::ZedPro => "zed_pro".to_string(),
661 },
662 "model": model,
663 "provider": provider,
664 "usage": usage,
665 "tokens": tokens
666 });
667 SnowflakeRow::new(
668 "Language Model Used",
669 claims.metrics_id,
670 claims.is_staff,
671 claims.system_id.clone(),
672 properties,
673 )
674 .write(&state.kinesis_client, &state.config.kinesis_stream)
675 .await
676 .log_err();
677 }
678 })
679 }
680}
681
682pub fn log_usage_periodically(state: Arc<LlmState>) {
683 state.executor.clone().spawn_detached(async move {
684 loop {
685 state
686 .executor
687 .sleep(std::time::Duration::from_secs(30))
688 .await;
689
690 for provider in LanguageModelProvider::iter() {
691 for model in state.db.model_names_for_provider(provider) {
692 if let Some(active_user_count) = state
693 .get_active_user_count(provider, &model)
694 .await
695 .log_err()
696 {
697 tracing::info!(
698 target: "active user counts",
699 provider = provider.to_string(),
700 model = model,
701 users_in_recent_minutes = active_user_count.users_in_recent_minutes,
702 users_in_recent_days = active_user_count.users_in_recent_days,
703 );
704 }
705 }
706 }
707
708 if let Some(usages) = state
709 .db
710 .get_application_wide_usages_by_model(Utc::now())
711 .await
712 .log_err()
713 {
714 for usage in usages {
715 tracing::info!(
716 target: "computed usage",
717 provider = usage.provider.to_string(),
718 model = usage.model,
719 requests_this_minute = usage.requests_this_minute,
720 tokens_this_minute = usage.tokens_this_minute,
721 );
722 }
723 }
724 }
725 })
726}