1mod authorization;
2pub mod db;
3mod telemetry;
4mod token;
5
6use crate::{
7 api::CloudflareIpCountryHeader, build_clickhouse_client, db::UserId, executor::Executor,
8 Config, Error, Result,
9};
10use anyhow::{anyhow, Context as _};
11use authorization::authorize_access_to_language_model;
12use axum::{
13 body::Body,
14 http::{self, HeaderName, HeaderValue, Request, StatusCode},
15 middleware::{self, Next},
16 response::{IntoResponse, Response},
17 routing::post,
18 Extension, Json, Router, TypedHeader,
19};
20use chrono::{DateTime, Duration, Utc};
21use collections::HashMap;
22use db::{usage_measure::UsageMeasure, ActiveUserCount, LlmDatabase};
23use futures::{Stream, StreamExt as _};
24use http_client::IsahcHttpClient;
25use rpc::{
26 proto::Plan, LanguageModelProvider, PerformCompletionParams, EXPIRED_LLM_TOKEN_HEADER_NAME,
27};
28use std::{
29 pin::Pin,
30 sync::Arc,
31 task::{Context, Poll},
32};
33use strum::IntoEnumIterator;
34use telemetry::{report_llm_rate_limit, report_llm_usage, LlmRateLimitEventRow, LlmUsageEventRow};
35use tokio::sync::RwLock;
36use util::ResultExt;
37
38pub use token::*;
39
40pub struct LlmState {
41 pub config: Config,
42 pub executor: Executor,
43 pub db: Arc<LlmDatabase>,
44 pub http_client: IsahcHttpClient,
45 pub clickhouse_client: Option<clickhouse::Client>,
46 active_user_count_by_model:
47 RwLock<HashMap<(LanguageModelProvider, String), (DateTime<Utc>, ActiveUserCount)>>,
48}
49
50const ACTIVE_USER_COUNT_CACHE_DURATION: Duration = Duration::seconds(30);
51
52impl LlmState {
53 pub async fn new(config: Config, executor: Executor) -> Result<Arc<Self>> {
54 let database_url = config
55 .llm_database_url
56 .as_ref()
57 .ok_or_else(|| anyhow!("missing LLM_DATABASE_URL"))?;
58 let max_connections = config
59 .llm_database_max_connections
60 .ok_or_else(|| anyhow!("missing LLM_DATABASE_MAX_CONNECTIONS"))?;
61
62 let mut db_options = db::ConnectOptions::new(database_url);
63 db_options.max_connections(max_connections);
64 let mut db = LlmDatabase::new(db_options, executor.clone()).await?;
65 db.initialize().await?;
66
67 let db = Arc::new(db);
68
69 let user_agent = format!("Zed Server/{}", env!("CARGO_PKG_VERSION"));
70 let http_client = IsahcHttpClient::builder()
71 .default_header("User-Agent", user_agent)
72 .build()
73 .context("failed to construct http client")?;
74
75 let this = Self {
76 executor,
77 db,
78 http_client,
79 clickhouse_client: config
80 .clickhouse_url
81 .as_ref()
82 .and_then(|_| build_clickhouse_client(&config).log_err()),
83 active_user_count_by_model: RwLock::new(HashMap::default()),
84 config,
85 };
86
87 Ok(Arc::new(this))
88 }
89
90 pub async fn get_active_user_count(
91 &self,
92 provider: LanguageModelProvider,
93 model: &str,
94 ) -> Result<ActiveUserCount> {
95 let now = Utc::now();
96
97 {
98 let active_user_count_by_model = self.active_user_count_by_model.read().await;
99 if let Some((last_updated, count)) =
100 active_user_count_by_model.get(&(provider, model.to_string()))
101 {
102 if now - *last_updated < ACTIVE_USER_COUNT_CACHE_DURATION {
103 return Ok(*count);
104 }
105 }
106 }
107
108 let mut cache = self.active_user_count_by_model.write().await;
109 let new_count = self.db.get_active_user_count(provider, model, now).await?;
110 cache.insert((provider, model.to_string()), (now, new_count));
111 Ok(new_count)
112 }
113}
114
115pub fn routes() -> Router<(), Body> {
116 Router::new()
117 .route("/completion", post(perform_completion))
118 .layer(middleware::from_fn(validate_api_token))
119}
120
121async fn validate_api_token<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
122 let token = req
123 .headers()
124 .get(http::header::AUTHORIZATION)
125 .and_then(|header| header.to_str().ok())
126 .ok_or_else(|| {
127 Error::http(
128 StatusCode::BAD_REQUEST,
129 "missing authorization header".to_string(),
130 )
131 })?
132 .strip_prefix("Bearer ")
133 .ok_or_else(|| {
134 Error::http(
135 StatusCode::BAD_REQUEST,
136 "invalid authorization header".to_string(),
137 )
138 })?;
139
140 let state = req.extensions().get::<Arc<LlmState>>().unwrap();
141 match LlmTokenClaims::validate(&token, &state.config) {
142 Ok(claims) => {
143 if state.db.is_access_token_revoked(&claims.jti).await? {
144 return Err(Error::http(
145 StatusCode::UNAUTHORIZED,
146 "unauthorized".to_string(),
147 ));
148 }
149
150 tracing::Span::current()
151 .record("user_id", claims.user_id)
152 .record("login", claims.github_user_login.clone())
153 .record("authn.jti", &claims.jti)
154 .record("is_staff", &claims.is_staff);
155
156 req.extensions_mut().insert(claims);
157 Ok::<_, Error>(next.run(req).await.into_response())
158 }
159 Err(ValidateLlmTokenError::Expired) => Err(Error::Http(
160 StatusCode::UNAUTHORIZED,
161 "unauthorized".to_string(),
162 [(
163 HeaderName::from_static(EXPIRED_LLM_TOKEN_HEADER_NAME),
164 HeaderValue::from_static("true"),
165 )]
166 .into_iter()
167 .collect(),
168 )),
169 Err(_err) => Err(Error::http(
170 StatusCode::UNAUTHORIZED,
171 "unauthorized".to_string(),
172 )),
173 }
174}
175
176async fn perform_completion(
177 Extension(state): Extension<Arc<LlmState>>,
178 Extension(claims): Extension<LlmTokenClaims>,
179 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
180 Json(params): Json<PerformCompletionParams>,
181) -> Result<impl IntoResponse> {
182 let model = normalize_model_name(
183 state.db.model_names_for_provider(params.provider),
184 params.model,
185 );
186
187 authorize_access_to_language_model(
188 &state.config,
189 &claims,
190 country_code_header.map(|header| header.to_string()),
191 params.provider,
192 &model,
193 )?;
194
195 check_usage_limit(&state, params.provider, &model, &claims).await?;
196
197 let stream = match params.provider {
198 LanguageModelProvider::Anthropic => {
199 let api_key = if claims.is_staff {
200 state
201 .config
202 .anthropic_staff_api_key
203 .as_ref()
204 .context("no Anthropic AI staff API key configured on the server")?
205 } else {
206 state
207 .config
208 .anthropic_api_key
209 .as_ref()
210 .context("no Anthropic AI API key configured on the server")?
211 };
212
213 let mut request: anthropic::Request =
214 serde_json::from_str(¶ms.provider_request.get())?;
215
216 // Override the model on the request with the latest version of the model that is
217 // known to the server.
218 //
219 // Right now, we use the version that's defined in `model.id()`, but we will likely
220 // want to change this code once a new version of an Anthropic model is released,
221 // so that users can use the new version, without having to update Zed.
222 request.model = match model.as_str() {
223 "claude-3-5-sonnet" => anthropic::Model::Claude3_5Sonnet.id().to_string(),
224 "claude-3-opus" => anthropic::Model::Claude3Opus.id().to_string(),
225 "claude-3-haiku" => anthropic::Model::Claude3Haiku.id().to_string(),
226 "claude-3-sonnet" => anthropic::Model::Claude3Sonnet.id().to_string(),
227 _ => request.model,
228 };
229
230 let (chunks, rate_limit_info) = anthropic::stream_completion_with_rate_limit_info(
231 &state.http_client,
232 anthropic::ANTHROPIC_API_URL,
233 api_key,
234 request,
235 None,
236 )
237 .await
238 .map_err(|err| match err {
239 anthropic::AnthropicError::ApiError(ref api_error) => match api_error.code() {
240 Some(anthropic::ApiErrorCode::RateLimitError) => {
241 tracing::info!(
242 target: "upstream rate limit exceeded",
243 user_id = claims.user_id,
244 login = claims.github_user_login,
245 authn.jti = claims.jti,
246 is_staff = claims.is_staff,
247 provider = params.provider.to_string(),
248 model = model
249 );
250
251 Error::http(
252 StatusCode::TOO_MANY_REQUESTS,
253 "Upstream Anthropic rate limit exceeded.".to_string(),
254 )
255 }
256 Some(anthropic::ApiErrorCode::InvalidRequestError) => {
257 Error::http(StatusCode::BAD_REQUEST, api_error.message.clone())
258 }
259 Some(anthropic::ApiErrorCode::OverloadedError) => {
260 Error::http(StatusCode::SERVICE_UNAVAILABLE, api_error.message.clone())
261 }
262 Some(_) => {
263 Error::http(StatusCode::INTERNAL_SERVER_ERROR, api_error.message.clone())
264 }
265 None => Error::Internal(anyhow!(err)),
266 },
267 anthropic::AnthropicError::Other(err) => Error::Internal(err),
268 })?;
269
270 if let Some(rate_limit_info) = rate_limit_info {
271 tracing::info!(
272 target: "upstream rate limit",
273 is_staff = claims.is_staff,
274 provider = params.provider.to_string(),
275 model = model,
276 tokens_remaining = rate_limit_info.tokens_remaining,
277 requests_remaining = rate_limit_info.requests_remaining,
278 requests_reset = ?rate_limit_info.requests_reset,
279 tokens_reset = ?rate_limit_info.tokens_reset,
280 );
281 }
282
283 chunks
284 .map(move |event| {
285 let chunk = event?;
286 let (input_tokens, output_tokens) = match &chunk {
287 anthropic::Event::MessageStart {
288 message: anthropic::Response { usage, .. },
289 }
290 | anthropic::Event::MessageDelta { usage, .. } => (
291 usage.input_tokens.unwrap_or(0) as usize,
292 usage.output_tokens.unwrap_or(0) as usize,
293 ),
294 _ => (0, 0),
295 };
296
297 anyhow::Ok((
298 serde_json::to_vec(&chunk).unwrap(),
299 input_tokens,
300 output_tokens,
301 ))
302 })
303 .boxed()
304 }
305 LanguageModelProvider::OpenAi => {
306 let api_key = state
307 .config
308 .openai_api_key
309 .as_ref()
310 .context("no OpenAI API key configured on the server")?;
311 let chunks = open_ai::stream_completion(
312 &state.http_client,
313 open_ai::OPEN_AI_API_URL,
314 api_key,
315 serde_json::from_str(¶ms.provider_request.get())?,
316 None,
317 )
318 .await?;
319
320 chunks
321 .map(|event| {
322 event.map(|chunk| {
323 let input_tokens =
324 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
325 let output_tokens =
326 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
327 (
328 serde_json::to_vec(&chunk).unwrap(),
329 input_tokens,
330 output_tokens,
331 )
332 })
333 })
334 .boxed()
335 }
336 LanguageModelProvider::Google => {
337 let api_key = state
338 .config
339 .google_ai_api_key
340 .as_ref()
341 .context("no Google AI API key configured on the server")?;
342 let chunks = google_ai::stream_generate_content(
343 &state.http_client,
344 google_ai::API_URL,
345 api_key,
346 serde_json::from_str(¶ms.provider_request.get())?,
347 )
348 .await?;
349
350 chunks
351 .map(|event| {
352 event.map(|chunk| {
353 // TODO - implement token counting for Google AI
354 let input_tokens = 0;
355 let output_tokens = 0;
356 (
357 serde_json::to_vec(&chunk).unwrap(),
358 input_tokens,
359 output_tokens,
360 )
361 })
362 })
363 .boxed()
364 }
365 LanguageModelProvider::Zed => {
366 let api_key = state
367 .config
368 .qwen2_7b_api_key
369 .as_ref()
370 .context("no Qwen2-7B API key configured on the server")?;
371 let api_url = state
372 .config
373 .qwen2_7b_api_url
374 .as_ref()
375 .context("no Qwen2-7B URL configured on the server")?;
376 let chunks = open_ai::stream_completion(
377 &state.http_client,
378 &api_url,
379 api_key,
380 serde_json::from_str(¶ms.provider_request.get())?,
381 None,
382 )
383 .await?;
384
385 chunks
386 .map(|event| {
387 event.map(|chunk| {
388 let input_tokens =
389 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
390 let output_tokens =
391 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
392 (
393 serde_json::to_vec(&chunk).unwrap(),
394 input_tokens,
395 output_tokens,
396 )
397 })
398 })
399 .boxed()
400 }
401 };
402
403 Ok(Response::new(Body::wrap_stream(TokenCountingStream {
404 state,
405 claims,
406 provider: params.provider,
407 model,
408 input_tokens: 0,
409 output_tokens: 0,
410 inner_stream: stream,
411 })))
412}
413
414fn normalize_model_name(known_models: Vec<String>, name: String) -> String {
415 if let Some(known_model_name) = known_models
416 .iter()
417 .filter(|known_model_name| name.starts_with(known_model_name.as_str()))
418 .max_by_key(|known_model_name| known_model_name.len())
419 {
420 known_model_name.to_string()
421 } else {
422 name
423 }
424}
425
426/// The maximum lifetime spending an individual user can reach before being cut off.
427///
428/// Represented in cents.
429const LIFETIME_SPENDING_LIMIT_IN_CENTS: usize = 1_000 * 100;
430
431async fn check_usage_limit(
432 state: &Arc<LlmState>,
433 provider: LanguageModelProvider,
434 model_name: &str,
435 claims: &LlmTokenClaims,
436) -> Result<()> {
437 let model = state.db.model(provider, model_name)?;
438 let usage = state
439 .db
440 .get_usage(
441 UserId::from_proto(claims.user_id),
442 provider,
443 model_name,
444 Utc::now(),
445 )
446 .await?;
447
448 if usage.lifetime_spending >= LIFETIME_SPENDING_LIMIT_IN_CENTS {
449 return Err(Error::http(
450 StatusCode::FORBIDDEN,
451 "Maximum spending limit reached.".to_string(),
452 ));
453 }
454
455 let active_users = state.get_active_user_count(provider, model_name).await?;
456
457 let users_in_recent_minutes = active_users.users_in_recent_minutes.max(1);
458 let users_in_recent_days = active_users.users_in_recent_days.max(1);
459
460 let per_user_max_requests_per_minute =
461 model.max_requests_per_minute as usize / users_in_recent_minutes;
462 let per_user_max_tokens_per_minute =
463 model.max_tokens_per_minute as usize / users_in_recent_minutes;
464 let per_user_max_tokens_per_day = model.max_tokens_per_day as usize / users_in_recent_days;
465
466 let checks = [
467 (
468 usage.requests_this_minute,
469 per_user_max_requests_per_minute,
470 UsageMeasure::RequestsPerMinute,
471 ),
472 (
473 usage.tokens_this_minute,
474 per_user_max_tokens_per_minute,
475 UsageMeasure::TokensPerMinute,
476 ),
477 (
478 usage.tokens_this_day,
479 per_user_max_tokens_per_day,
480 UsageMeasure::TokensPerDay,
481 ),
482 ];
483
484 for (used, limit, usage_measure) in checks {
485 // Temporarily bypass rate-limiting for staff members.
486 if claims.is_staff {
487 continue;
488 }
489
490 if used > limit {
491 let resource = match usage_measure {
492 UsageMeasure::RequestsPerMinute => "requests_per_minute",
493 UsageMeasure::TokensPerMinute => "tokens_per_minute",
494 UsageMeasure::TokensPerDay => "tokens_per_day",
495 _ => "",
496 };
497
498 if let Some(client) = state.clickhouse_client.as_ref() {
499 tracing::info!(
500 target: "user rate limit",
501 user_id = claims.user_id,
502 login = claims.github_user_login,
503 authn.jti = claims.jti,
504 is_staff = claims.is_staff,
505 provider = provider.to_string(),
506 model = model.name,
507 requests_this_minute = usage.requests_this_minute,
508 tokens_this_minute = usage.tokens_this_minute,
509 tokens_this_day = usage.tokens_this_day,
510 users_in_recent_minutes = users_in_recent_minutes,
511 users_in_recent_days = users_in_recent_days,
512 max_requests_per_minute = per_user_max_requests_per_minute,
513 max_tokens_per_minute = per_user_max_tokens_per_minute,
514 max_tokens_per_day = per_user_max_tokens_per_day,
515 );
516
517 report_llm_rate_limit(
518 client,
519 LlmRateLimitEventRow {
520 time: Utc::now().timestamp_millis(),
521 user_id: claims.user_id as i32,
522 is_staff: claims.is_staff,
523 plan: match claims.plan {
524 Plan::Free => "free".to_string(),
525 Plan::ZedPro => "zed_pro".to_string(),
526 },
527 model: model.name.clone(),
528 provider: provider.to_string(),
529 usage_measure: resource.to_string(),
530 requests_this_minute: usage.requests_this_minute as u64,
531 tokens_this_minute: usage.tokens_this_minute as u64,
532 tokens_this_day: usage.tokens_this_day as u64,
533 users_in_recent_minutes: users_in_recent_minutes as u64,
534 users_in_recent_days: users_in_recent_days as u64,
535 max_requests_per_minute: per_user_max_requests_per_minute as u64,
536 max_tokens_per_minute: per_user_max_tokens_per_minute as u64,
537 max_tokens_per_day: per_user_max_tokens_per_day as u64,
538 },
539 )
540 .await
541 .log_err();
542 }
543
544 return Err(Error::http(
545 StatusCode::TOO_MANY_REQUESTS,
546 format!("Rate limit exceeded. Maximum {} reached.", resource),
547 ));
548 }
549 }
550
551 Ok(())
552}
553
554struct TokenCountingStream<S> {
555 state: Arc<LlmState>,
556 claims: LlmTokenClaims,
557 provider: LanguageModelProvider,
558 model: String,
559 input_tokens: usize,
560 output_tokens: usize,
561 inner_stream: S,
562}
563
564impl<S> Stream for TokenCountingStream<S>
565where
566 S: Stream<Item = Result<(Vec<u8>, usize, usize), anyhow::Error>> + Unpin,
567{
568 type Item = Result<Vec<u8>, anyhow::Error>;
569
570 fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
571 match Pin::new(&mut self.inner_stream).poll_next(cx) {
572 Poll::Ready(Some(Ok((mut bytes, input_tokens, output_tokens)))) => {
573 bytes.push(b'\n');
574 self.input_tokens += input_tokens;
575 self.output_tokens += output_tokens;
576 Poll::Ready(Some(Ok(bytes)))
577 }
578 Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
579 Poll::Ready(None) => Poll::Ready(None),
580 Poll::Pending => Poll::Pending,
581 }
582 }
583}
584
585impl<S> Drop for TokenCountingStream<S> {
586 fn drop(&mut self) {
587 let state = self.state.clone();
588 let claims = self.claims.clone();
589 let provider = self.provider;
590 let model = std::mem::take(&mut self.model);
591 let input_token_count = self.input_tokens;
592 let output_token_count = self.output_tokens;
593 self.state.executor.spawn_detached(async move {
594 let usage = state
595 .db
596 .record_usage(
597 UserId::from_proto(claims.user_id),
598 claims.is_staff,
599 provider,
600 &model,
601 input_token_count,
602 output_token_count,
603 Utc::now(),
604 )
605 .await
606 .log_err();
607
608 if let Some(usage) = usage {
609 tracing::info!(
610 target: "user usage",
611 user_id = claims.user_id,
612 login = claims.github_user_login,
613 authn.jti = claims.jti,
614 is_staff = claims.is_staff,
615 requests_this_minute = usage.requests_this_minute,
616 tokens_this_minute = usage.tokens_this_minute,
617 );
618
619 if let Some(clickhouse_client) = state.clickhouse_client.as_ref() {
620 report_llm_usage(
621 clickhouse_client,
622 LlmUsageEventRow {
623 time: Utc::now().timestamp_millis(),
624 user_id: claims.user_id as i32,
625 is_staff: claims.is_staff,
626 plan: match claims.plan {
627 Plan::Free => "free".to_string(),
628 Plan::ZedPro => "zed_pro".to_string(),
629 },
630 model,
631 provider: provider.to_string(),
632 input_token_count: input_token_count as u64,
633 output_token_count: output_token_count as u64,
634 requests_this_minute: usage.requests_this_minute as u64,
635 tokens_this_minute: usage.tokens_this_minute as u64,
636 tokens_this_day: usage.tokens_this_day as u64,
637 input_tokens_this_month: usage.input_tokens_this_month as u64,
638 output_tokens_this_month: usage.output_tokens_this_month as u64,
639 spending_this_month: usage.spending_this_month as u64,
640 lifetime_spending: usage.lifetime_spending as u64,
641 },
642 )
643 .await
644 .log_err();
645 }
646 }
647 })
648 }
649}
650
651pub fn log_usage_periodically(state: Arc<LlmState>) {
652 state.executor.clone().spawn_detached(async move {
653 loop {
654 state
655 .executor
656 .sleep(std::time::Duration::from_secs(30))
657 .await;
658
659 for provider in LanguageModelProvider::iter() {
660 for model in state.db.model_names_for_provider(provider) {
661 if let Some(active_user_count) = state
662 .get_active_user_count(provider, &model)
663 .await
664 .log_err()
665 {
666 tracing::info!(
667 target: "active user counts",
668 provider = provider.to_string(),
669 model = model,
670 users_in_recent_minutes = active_user_count.users_in_recent_minutes,
671 users_in_recent_days = active_user_count.users_in_recent_days,
672 );
673 }
674 }
675 }
676
677 if let Some(usages) = state
678 .db
679 .get_application_wide_usages_by_model(Utc::now())
680 .await
681 .log_err()
682 {
683 for usage in usages {
684 tracing::info!(
685 target: "computed usage",
686 provider = usage.provider.to_string(),
687 model = usage.model,
688 requests_this_minute = usage.requests_this_minute,
689 tokens_this_minute = usage.tokens_this_minute,
690 );
691 }
692 }
693 }
694 })
695}