1mod authorization;
2pub mod db;
3mod token;
4
5use crate::api::events::SnowflakeRow;
6use crate::api::CloudflareIpCountryHeader;
7use crate::build_kinesis_client;
8use crate::{db::UserId, executor::Executor, Cents, Config, Error, Result};
9use anyhow::{anyhow, Context as _};
10use authorization::authorize_access_to_language_model;
11use axum::routing::get;
12use axum::{
13 body::Body,
14 http::{self, HeaderName, HeaderValue, Request, StatusCode},
15 middleware::{self, Next},
16 response::{IntoResponse, Response},
17 routing::post,
18 Extension, Json, Router, TypedHeader,
19};
20use chrono::{DateTime, Duration, Utc};
21use collections::HashMap;
22use db::TokenUsage;
23use db::{usage_measure::UsageMeasure, ActiveUserCount, LlmDatabase};
24use futures::{Stream, StreamExt as _};
25use reqwest_client::ReqwestClient;
26use rpc::{
27 proto::Plan, LanguageModelProvider, PerformCompletionParams, EXPIRED_LLM_TOKEN_HEADER_NAME,
28};
29use rpc::{ListModelsResponse, MAX_LLM_MONTHLY_SPEND_REACHED_HEADER_NAME};
30use serde_json::json;
31use std::{
32 pin::Pin,
33 sync::Arc,
34 task::{Context, Poll},
35};
36use strum::IntoEnumIterator;
37use tokio::sync::RwLock;
38use util::ResultExt;
39
40pub use token::*;
41
42const ACTIVE_USER_COUNT_CACHE_DURATION: Duration = Duration::seconds(30);
43
44pub struct LlmState {
45 pub config: Config,
46 pub executor: Executor,
47 pub db: Arc<LlmDatabase>,
48 pub http_client: ReqwestClient,
49 pub kinesis_client: Option<aws_sdk_kinesis::Client>,
50 active_user_count_by_model:
51 RwLock<HashMap<(LanguageModelProvider, String), (DateTime<Utc>, ActiveUserCount)>>,
52}
53
54impl LlmState {
55 pub async fn new(config: Config, executor: Executor) -> Result<Arc<Self>> {
56 let database_url = config
57 .llm_database_url
58 .as_ref()
59 .ok_or_else(|| anyhow!("missing LLM_DATABASE_URL"))?;
60 let max_connections = config
61 .llm_database_max_connections
62 .ok_or_else(|| anyhow!("missing LLM_DATABASE_MAX_CONNECTIONS"))?;
63
64 let mut db_options = db::ConnectOptions::new(database_url);
65 db_options.max_connections(max_connections);
66 let mut db = LlmDatabase::new(db_options, executor.clone()).await?;
67 db.initialize().await?;
68
69 let db = Arc::new(db);
70
71 let user_agent = format!("Zed Server/{}", env!("CARGO_PKG_VERSION"));
72 let http_client =
73 ReqwestClient::user_agent(&user_agent).context("failed to construct http client")?;
74
75 let this = Self {
76 executor,
77 db,
78 http_client,
79 kinesis_client: if config.kinesis_access_key.is_some() {
80 build_kinesis_client(&config).await.log_err()
81 } else {
82 None
83 },
84 active_user_count_by_model: RwLock::new(HashMap::default()),
85 config,
86 };
87
88 Ok(Arc::new(this))
89 }
90
91 pub async fn get_active_user_count(
92 &self,
93 provider: LanguageModelProvider,
94 model: &str,
95 ) -> Result<ActiveUserCount> {
96 let now = Utc::now();
97
98 {
99 let active_user_count_by_model = self.active_user_count_by_model.read().await;
100 if let Some((last_updated, count)) =
101 active_user_count_by_model.get(&(provider, model.to_string()))
102 {
103 if now - *last_updated < ACTIVE_USER_COUNT_CACHE_DURATION {
104 return Ok(*count);
105 }
106 }
107 }
108
109 let mut cache = self.active_user_count_by_model.write().await;
110 let new_count = self.db.get_active_user_count(provider, model, now).await?;
111 cache.insert((provider, model.to_string()), (now, new_count));
112 Ok(new_count)
113 }
114}
115
116pub fn routes() -> Router<(), Body> {
117 Router::new()
118 .route("/models", get(list_models))
119 .route("/completion", post(perform_completion))
120 .layer(middleware::from_fn(validate_api_token))
121}
122
123async fn validate_api_token<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
124 let token = req
125 .headers()
126 .get(http::header::AUTHORIZATION)
127 .and_then(|header| header.to_str().ok())
128 .ok_or_else(|| {
129 Error::http(
130 StatusCode::BAD_REQUEST,
131 "missing authorization header".to_string(),
132 )
133 })?
134 .strip_prefix("Bearer ")
135 .ok_or_else(|| {
136 Error::http(
137 StatusCode::BAD_REQUEST,
138 "invalid authorization header".to_string(),
139 )
140 })?;
141
142 let state = req.extensions().get::<Arc<LlmState>>().unwrap();
143 match LlmTokenClaims::validate(token, &state.config) {
144 Ok(claims) => {
145 if state.db.is_access_token_revoked(&claims.jti).await? {
146 return Err(Error::http(
147 StatusCode::UNAUTHORIZED,
148 "unauthorized".to_string(),
149 ));
150 }
151
152 tracing::Span::current()
153 .record("user_id", claims.user_id)
154 .record("login", claims.github_user_login.clone())
155 .record("authn.jti", &claims.jti)
156 .record("is_staff", claims.is_staff);
157
158 req.extensions_mut().insert(claims);
159 Ok::<_, Error>(next.run(req).await.into_response())
160 }
161 Err(ValidateLlmTokenError::Expired) => Err(Error::Http(
162 StatusCode::UNAUTHORIZED,
163 "unauthorized".to_string(),
164 [(
165 HeaderName::from_static(EXPIRED_LLM_TOKEN_HEADER_NAME),
166 HeaderValue::from_static("true"),
167 )]
168 .into_iter()
169 .collect(),
170 )),
171 Err(_err) => Err(Error::http(
172 StatusCode::UNAUTHORIZED,
173 "unauthorized".to_string(),
174 )),
175 }
176}
177
178async fn list_models(
179 Extension(state): Extension<Arc<LlmState>>,
180 Extension(claims): Extension<LlmTokenClaims>,
181 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
182) -> Result<Json<ListModelsResponse>> {
183 let country_code = country_code_header.map(|header| header.to_string());
184
185 let mut accessible_models = Vec::new();
186
187 for (provider, model) in state.db.all_models() {
188 let authorize_result = authorize_access_to_language_model(
189 &state.config,
190 &claims,
191 country_code.as_deref(),
192 provider,
193 &model.name,
194 );
195
196 if authorize_result.is_ok() {
197 accessible_models.push(rpc::LanguageModel {
198 provider,
199 name: model.name,
200 });
201 }
202 }
203
204 Ok(Json(ListModelsResponse {
205 models: accessible_models,
206 }))
207}
208
209async fn perform_completion(
210 Extension(state): Extension<Arc<LlmState>>,
211 Extension(claims): Extension<LlmTokenClaims>,
212 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
213 Json(params): Json<PerformCompletionParams>,
214) -> Result<impl IntoResponse> {
215 let model = normalize_model_name(
216 state.db.model_names_for_provider(params.provider),
217 params.model,
218 );
219
220 authorize_access_to_language_model(
221 &state.config,
222 &claims,
223 country_code_header
224 .map(|header| header.to_string())
225 .as_deref(),
226 params.provider,
227 &model,
228 )?;
229
230 check_usage_limit(&state, params.provider, &model, &claims).await?;
231
232 let stream = match params.provider {
233 LanguageModelProvider::Anthropic => {
234 let api_key = if claims.is_staff {
235 state
236 .config
237 .anthropic_staff_api_key
238 .as_ref()
239 .context("no Anthropic AI staff API key configured on the server")?
240 } else {
241 state
242 .config
243 .anthropic_api_key
244 .as_ref()
245 .context("no Anthropic AI API key configured on the server")?
246 };
247
248 let mut request: anthropic::Request =
249 serde_json::from_str(params.provider_request.get())?;
250
251 // Override the model on the request with the latest version of the model that is
252 // known to the server.
253 //
254 // Right now, we use the version that's defined in `model.id()`, but we will likely
255 // want to change this code once a new version of an Anthropic model is released,
256 // so that users can use the new version, without having to update Zed.
257 request.model = match model.as_str() {
258 "claude-3-5-sonnet" => anthropic::Model::Claude3_5Sonnet.id().to_string(),
259 "claude-3-7-sonnet" => anthropic::Model::Claude3_7Sonnet.id().to_string(),
260 "claude-3-opus" => anthropic::Model::Claude3Opus.id().to_string(),
261 "claude-3-haiku" => anthropic::Model::Claude3Haiku.id().to_string(),
262 "claude-3-sonnet" => anthropic::Model::Claude3Sonnet.id().to_string(),
263 _ => request.model,
264 };
265
266 let (chunks, rate_limit_info) = anthropic::stream_completion_with_rate_limit_info(
267 &state.http_client,
268 anthropic::ANTHROPIC_API_URL,
269 api_key,
270 request,
271 )
272 .await
273 .map_err(|err| match err {
274 anthropic::AnthropicError::ApiError(ref api_error) => match api_error.code() {
275 Some(anthropic::ApiErrorCode::RateLimitError) => {
276 tracing::info!(
277 target: "upstream rate limit exceeded",
278 user_id = claims.user_id,
279 login = claims.github_user_login,
280 authn.jti = claims.jti,
281 is_staff = claims.is_staff,
282 provider = params.provider.to_string(),
283 model = model
284 );
285
286 Error::http(
287 StatusCode::TOO_MANY_REQUESTS,
288 "Upstream Anthropic rate limit exceeded.".to_string(),
289 )
290 }
291 Some(anthropic::ApiErrorCode::InvalidRequestError) => {
292 Error::http(StatusCode::BAD_REQUEST, api_error.message.clone())
293 }
294 Some(anthropic::ApiErrorCode::OverloadedError) => {
295 Error::http(StatusCode::SERVICE_UNAVAILABLE, api_error.message.clone())
296 }
297 Some(_) => {
298 Error::http(StatusCode::INTERNAL_SERVER_ERROR, api_error.message.clone())
299 }
300 None => Error::Internal(anyhow!(err)),
301 },
302 anthropic::AnthropicError::Other(err) => Error::Internal(err),
303 })?;
304
305 if let Some(rate_limit_info) = rate_limit_info {
306 tracing::info!(
307 target: "upstream rate limit",
308 is_staff = claims.is_staff,
309 provider = params.provider.to_string(),
310 model = model,
311 tokens_remaining = rate_limit_info.tokens_remaining,
312 requests_remaining = rate_limit_info.requests_remaining,
313 requests_reset = ?rate_limit_info.requests_reset,
314 tokens_reset = ?rate_limit_info.tokens_reset,
315 );
316 }
317
318 chunks
319 .map(move |event| {
320 let chunk = event?;
321 let (
322 input_tokens,
323 output_tokens,
324 cache_creation_input_tokens,
325 cache_read_input_tokens,
326 ) = match &chunk {
327 anthropic::Event::MessageStart {
328 message: anthropic::Response { usage, .. },
329 }
330 | anthropic::Event::MessageDelta { usage, .. } => (
331 usage.input_tokens.unwrap_or(0) as usize,
332 usage.output_tokens.unwrap_or(0) as usize,
333 usage.cache_creation_input_tokens.unwrap_or(0) as usize,
334 usage.cache_read_input_tokens.unwrap_or(0) as usize,
335 ),
336 _ => (0, 0, 0, 0),
337 };
338
339 anyhow::Ok(CompletionChunk {
340 bytes: serde_json::to_vec(&chunk).unwrap(),
341 input_tokens,
342 output_tokens,
343 cache_creation_input_tokens,
344 cache_read_input_tokens,
345 })
346 })
347 .boxed()
348 }
349 LanguageModelProvider::OpenAi => {
350 let api_key = state
351 .config
352 .openai_api_key
353 .as_ref()
354 .context("no OpenAI API key configured on the server")?;
355 let chunks = open_ai::stream_completion(
356 &state.http_client,
357 open_ai::OPEN_AI_API_URL,
358 api_key,
359 serde_json::from_str(params.provider_request.get())?,
360 )
361 .await?;
362
363 chunks
364 .map(|event| {
365 event.map(|chunk| {
366 let input_tokens =
367 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
368 let output_tokens =
369 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
370 CompletionChunk {
371 bytes: serde_json::to_vec(&chunk).unwrap(),
372 input_tokens,
373 output_tokens,
374 cache_creation_input_tokens: 0,
375 cache_read_input_tokens: 0,
376 }
377 })
378 })
379 .boxed()
380 }
381 LanguageModelProvider::Google => {
382 let api_key = state
383 .config
384 .google_ai_api_key
385 .as_ref()
386 .context("no Google AI API key configured on the server")?;
387 let chunks = google_ai::stream_generate_content(
388 &state.http_client,
389 google_ai::API_URL,
390 api_key,
391 serde_json::from_str(params.provider_request.get())?,
392 )
393 .await?;
394
395 chunks
396 .map(|event| {
397 event.map(|chunk| {
398 // TODO - implement token counting for Google AI
399 CompletionChunk {
400 bytes: serde_json::to_vec(&chunk).unwrap(),
401 input_tokens: 0,
402 output_tokens: 0,
403 cache_creation_input_tokens: 0,
404 cache_read_input_tokens: 0,
405 }
406 })
407 })
408 .boxed()
409 }
410 };
411
412 Ok(Response::new(Body::wrap_stream(TokenCountingStream {
413 state,
414 claims,
415 provider: params.provider,
416 model,
417 tokens: TokenUsage::default(),
418 inner_stream: stream,
419 })))
420}
421
422fn normalize_model_name(known_models: Vec<String>, name: String) -> String {
423 if let Some(known_model_name) = known_models
424 .iter()
425 .filter(|known_model_name| name.starts_with(known_model_name.as_str()))
426 .max_by_key(|known_model_name| known_model_name.len())
427 {
428 known_model_name.to_string()
429 } else {
430 name
431 }
432}
433
434/// The maximum monthly spending an individual user can reach on the free tier
435/// before they have to pay.
436pub const FREE_TIER_MONTHLY_SPENDING_LIMIT: Cents = Cents::from_dollars(10);
437
438/// The default value to use for maximum spend per month if the user did not
439/// explicitly set a maximum spend.
440///
441/// Used to prevent surprise bills.
442pub const DEFAULT_MAX_MONTHLY_SPEND: Cents = Cents::from_dollars(10);
443
444async fn check_usage_limit(
445 state: &Arc<LlmState>,
446 provider: LanguageModelProvider,
447 model_name: &str,
448 claims: &LlmTokenClaims,
449) -> Result<()> {
450 if claims.is_staff {
451 return Ok(());
452 }
453
454 let user_id = UserId::from_proto(claims.user_id);
455 let model = state.db.model(provider, model_name)?;
456 let usage = state
457 .db
458 .get_usage(user_id, provider, model_name, Utc::now())
459 .await?;
460 let free_tier = claims.free_tier_monthly_spending_limit();
461
462 let spending_this_month = state
463 .db
464 .get_user_spending_for_month(user_id, Utc::now())
465 .await?;
466 if spending_this_month >= free_tier {
467 if !claims.has_llm_subscription {
468 return Err(Error::http(
469 StatusCode::PAYMENT_REQUIRED,
470 "Maximum spending limit reached for this month.".to_string(),
471 ));
472 }
473
474 if (usage.spending_this_month - free_tier) >= Cents(claims.max_monthly_spend_in_cents) {
475 return Err(Error::Http(
476 StatusCode::FORBIDDEN,
477 "Maximum spending limit reached for this month.".to_string(),
478 [(
479 HeaderName::from_static(MAX_LLM_MONTHLY_SPEND_REACHED_HEADER_NAME),
480 HeaderValue::from_static("true"),
481 )]
482 .into_iter()
483 .collect(),
484 ));
485 }
486 }
487
488 let active_users = state.get_active_user_count(provider, model_name).await?;
489
490 let users_in_recent_minutes = active_users.users_in_recent_minutes.max(1);
491 let users_in_recent_days = active_users.users_in_recent_days.max(1);
492
493 let per_user_max_requests_per_minute =
494 model.max_requests_per_minute as usize / users_in_recent_minutes;
495 let per_user_max_tokens_per_minute =
496 model.max_tokens_per_minute as usize / users_in_recent_minutes;
497 let per_user_max_tokens_per_day = model.max_tokens_per_day as usize / users_in_recent_days;
498
499 let checks = [
500 (
501 usage.requests_this_minute,
502 per_user_max_requests_per_minute,
503 UsageMeasure::RequestsPerMinute,
504 ),
505 (
506 usage.tokens_this_minute,
507 per_user_max_tokens_per_minute,
508 UsageMeasure::TokensPerMinute,
509 ),
510 (
511 usage.tokens_this_day,
512 per_user_max_tokens_per_day,
513 UsageMeasure::TokensPerDay,
514 ),
515 ];
516
517 for (used, limit, usage_measure) in checks {
518 if used > limit {
519 let resource = match usage_measure {
520 UsageMeasure::RequestsPerMinute => "requests_per_minute",
521 UsageMeasure::TokensPerMinute => "tokens_per_minute",
522 UsageMeasure::TokensPerDay => "tokens_per_day",
523 };
524
525 tracing::info!(
526 target: "user rate limit",
527 user_id = claims.user_id,
528 login = claims.github_user_login,
529 authn.jti = claims.jti,
530 is_staff = claims.is_staff,
531 provider = provider.to_string(),
532 model = model.name,
533 requests_this_minute = usage.requests_this_minute,
534 tokens_this_minute = usage.tokens_this_minute,
535 tokens_this_day = usage.tokens_this_day,
536 users_in_recent_minutes = users_in_recent_minutes,
537 users_in_recent_days = users_in_recent_days,
538 max_requests_per_minute = per_user_max_requests_per_minute,
539 max_tokens_per_minute = per_user_max_tokens_per_minute,
540 max_tokens_per_day = per_user_max_tokens_per_day,
541 );
542
543 SnowflakeRow::new(
544 "Language Model Rate Limited",
545 claims.metrics_id,
546 claims.is_staff,
547 claims.system_id.clone(),
548 json!({
549 "usage": usage,
550 "users_in_recent_minutes": users_in_recent_minutes,
551 "users_in_recent_days": users_in_recent_days,
552 "max_requests_per_minute": per_user_max_requests_per_minute,
553 "max_tokens_per_minute": per_user_max_tokens_per_minute,
554 "max_tokens_per_day": per_user_max_tokens_per_day,
555 "plan": match claims.plan {
556 Plan::Free => "free".to_string(),
557 Plan::ZedPro => "zed_pro".to_string(),
558 },
559 "model": model.name.clone(),
560 "provider": provider.to_string(),
561 "usage_measure": resource.to_string(),
562 }),
563 )
564 .write(&state.kinesis_client, &state.config.kinesis_stream)
565 .await
566 .log_err();
567
568 return Err(Error::http(
569 StatusCode::TOO_MANY_REQUESTS,
570 format!("Rate limit exceeded. Maximum {} reached.", resource),
571 ));
572 }
573 }
574
575 Ok(())
576}
577
578struct CompletionChunk {
579 bytes: Vec<u8>,
580 input_tokens: usize,
581 output_tokens: usize,
582 cache_creation_input_tokens: usize,
583 cache_read_input_tokens: usize,
584}
585
586struct TokenCountingStream<S> {
587 state: Arc<LlmState>,
588 claims: LlmTokenClaims,
589 provider: LanguageModelProvider,
590 model: String,
591 tokens: TokenUsage,
592 inner_stream: S,
593}
594
595impl<S> Stream for TokenCountingStream<S>
596where
597 S: Stream<Item = Result<CompletionChunk, anyhow::Error>> + Unpin,
598{
599 type Item = Result<Vec<u8>, anyhow::Error>;
600
601 fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
602 match Pin::new(&mut self.inner_stream).poll_next(cx) {
603 Poll::Ready(Some(Ok(mut chunk))) => {
604 chunk.bytes.push(b'\n');
605 self.tokens.input += chunk.input_tokens;
606 self.tokens.output += chunk.output_tokens;
607 self.tokens.input_cache_creation += chunk.cache_creation_input_tokens;
608 self.tokens.input_cache_read += chunk.cache_read_input_tokens;
609 Poll::Ready(Some(Ok(chunk.bytes)))
610 }
611 Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
612 Poll::Ready(None) => Poll::Ready(None),
613 Poll::Pending => Poll::Pending,
614 }
615 }
616}
617
618impl<S> Drop for TokenCountingStream<S> {
619 fn drop(&mut self) {
620 let state = self.state.clone();
621 let claims = self.claims.clone();
622 let provider = self.provider;
623 let model = std::mem::take(&mut self.model);
624 let tokens = self.tokens;
625 self.state.executor.spawn_detached(async move {
626 let usage = state
627 .db
628 .record_usage(
629 UserId::from_proto(claims.user_id),
630 claims.is_staff,
631 provider,
632 &model,
633 tokens,
634 claims.has_llm_subscription,
635 Cents(claims.max_monthly_spend_in_cents),
636 claims.free_tier_monthly_spending_limit(),
637 Utc::now(),
638 )
639 .await
640 .log_err();
641
642 if let Some(usage) = usage {
643 tracing::info!(
644 target: "user usage",
645 user_id = claims.user_id,
646 login = claims.github_user_login,
647 authn.jti = claims.jti,
648 is_staff = claims.is_staff,
649 requests_this_minute = usage.requests_this_minute,
650 tokens_this_minute = usage.tokens_this_minute,
651 );
652
653 let properties = json!({
654 "has_llm_subscription": claims.has_llm_subscription,
655 "max_monthly_spend_in_cents": claims.max_monthly_spend_in_cents,
656 "plan": match claims.plan {
657 Plan::Free => "free".to_string(),
658 Plan::ZedPro => "zed_pro".to_string(),
659 },
660 "model": model,
661 "provider": provider,
662 "usage": usage,
663 "tokens": tokens
664 });
665 SnowflakeRow::new(
666 "Language Model Used",
667 claims.metrics_id,
668 claims.is_staff,
669 claims.system_id.clone(),
670 properties,
671 )
672 .write(&state.kinesis_client, &state.config.kinesis_stream)
673 .await
674 .log_err();
675 }
676 })
677 }
678}
679
680pub fn log_usage_periodically(state: Arc<LlmState>) {
681 state.executor.clone().spawn_detached(async move {
682 loop {
683 state
684 .executor
685 .sleep(std::time::Duration::from_secs(30))
686 .await;
687
688 for provider in LanguageModelProvider::iter() {
689 for model in state.db.model_names_for_provider(provider) {
690 if let Some(active_user_count) = state
691 .get_active_user_count(provider, &model)
692 .await
693 .log_err()
694 {
695 tracing::info!(
696 target: "active user counts",
697 provider = provider.to_string(),
698 model = model,
699 users_in_recent_minutes = active_user_count.users_in_recent_minutes,
700 users_in_recent_days = active_user_count.users_in_recent_days,
701 );
702 }
703 }
704 }
705
706 if let Some(usages) = state
707 .db
708 .get_application_wide_usages_by_model(Utc::now())
709 .await
710 .log_err()
711 {
712 for usage in usages {
713 tracing::info!(
714 target: "computed usage",
715 provider = usage.provider.to_string(),
716 model = usage.model,
717 requests_this_minute = usage.requests_this_minute,
718 tokens_this_minute = usage.tokens_this_minute,
719 );
720 }
721 }
722 }
723 })
724}