1mod authorization;
2pub mod db;
3mod telemetry;
4mod token;
5
6use crate::{
7 api::CloudflareIpCountryHeader, build_clickhouse_client, db::UserId, executor::Executor,
8 Config, Error, Result,
9};
10use anyhow::{anyhow, Context as _};
11use authorization::authorize_access_to_language_model;
12use axum::routing::get;
13use axum::{
14 body::Body,
15 http::{self, HeaderName, HeaderValue, Request, StatusCode},
16 middleware::{self, Next},
17 response::{IntoResponse, Response},
18 routing::post,
19 Extension, Json, Router, TypedHeader,
20};
21use chrono::{DateTime, Duration, Utc};
22use collections::HashMap;
23use db::{usage_measure::UsageMeasure, ActiveUserCount, LlmDatabase};
24use futures::{Stream, StreamExt as _};
25use isahc_http_client::IsahcHttpClient;
26use rpc::ListModelsResponse;
27use rpc::{
28 proto::Plan, LanguageModelProvider, PerformCompletionParams, EXPIRED_LLM_TOKEN_HEADER_NAME,
29};
30use std::{
31 pin::Pin,
32 sync::Arc,
33 task::{Context, Poll},
34};
35use strum::IntoEnumIterator;
36use telemetry::{report_llm_rate_limit, report_llm_usage, LlmRateLimitEventRow, LlmUsageEventRow};
37use tokio::sync::RwLock;
38use util::ResultExt;
39
40pub use token::*;
41
42pub struct LlmState {
43 pub config: Config,
44 pub executor: Executor,
45 pub db: Arc<LlmDatabase>,
46 pub http_client: IsahcHttpClient,
47 pub clickhouse_client: Option<clickhouse::Client>,
48 active_user_count_by_model:
49 RwLock<HashMap<(LanguageModelProvider, String), (DateTime<Utc>, ActiveUserCount)>>,
50}
51
52const ACTIVE_USER_COUNT_CACHE_DURATION: Duration = Duration::seconds(30);
53
54impl LlmState {
55 pub async fn new(config: Config, executor: Executor) -> Result<Arc<Self>> {
56 let database_url = config
57 .llm_database_url
58 .as_ref()
59 .ok_or_else(|| anyhow!("missing LLM_DATABASE_URL"))?;
60 let max_connections = config
61 .llm_database_max_connections
62 .ok_or_else(|| anyhow!("missing LLM_DATABASE_MAX_CONNECTIONS"))?;
63
64 let mut db_options = db::ConnectOptions::new(database_url);
65 db_options.max_connections(max_connections);
66 let mut db = LlmDatabase::new(db_options, executor.clone()).await?;
67 db.initialize().await?;
68
69 let db = Arc::new(db);
70
71 let user_agent = format!("Zed Server/{}", env!("CARGO_PKG_VERSION"));
72 let http_client = IsahcHttpClient::builder()
73 .default_header("User-Agent", user_agent)
74 .build()
75 .map(IsahcHttpClient::from)
76 .context("failed to construct http client")?;
77
78 let this = Self {
79 executor,
80 db,
81 http_client,
82 clickhouse_client: config
83 .clickhouse_url
84 .as_ref()
85 .and_then(|_| build_clickhouse_client(&config).log_err()),
86 active_user_count_by_model: RwLock::new(HashMap::default()),
87 config,
88 };
89
90 Ok(Arc::new(this))
91 }
92
93 pub async fn get_active_user_count(
94 &self,
95 provider: LanguageModelProvider,
96 model: &str,
97 ) -> Result<ActiveUserCount> {
98 let now = Utc::now();
99
100 {
101 let active_user_count_by_model = self.active_user_count_by_model.read().await;
102 if let Some((last_updated, count)) =
103 active_user_count_by_model.get(&(provider, model.to_string()))
104 {
105 if now - *last_updated < ACTIVE_USER_COUNT_CACHE_DURATION {
106 return Ok(*count);
107 }
108 }
109 }
110
111 let mut cache = self.active_user_count_by_model.write().await;
112 let new_count = self.db.get_active_user_count(provider, model, now).await?;
113 cache.insert((provider, model.to_string()), (now, new_count));
114 Ok(new_count)
115 }
116}
117
118pub fn routes() -> Router<(), Body> {
119 Router::new()
120 .route("/models", get(list_models))
121 .route("/completion", post(perform_completion))
122 .layer(middleware::from_fn(validate_api_token))
123}
124
125async fn validate_api_token<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
126 let token = req
127 .headers()
128 .get(http::header::AUTHORIZATION)
129 .and_then(|header| header.to_str().ok())
130 .ok_or_else(|| {
131 Error::http(
132 StatusCode::BAD_REQUEST,
133 "missing authorization header".to_string(),
134 )
135 })?
136 .strip_prefix("Bearer ")
137 .ok_or_else(|| {
138 Error::http(
139 StatusCode::BAD_REQUEST,
140 "invalid authorization header".to_string(),
141 )
142 })?;
143
144 let state = req.extensions().get::<Arc<LlmState>>().unwrap();
145 match LlmTokenClaims::validate(token, &state.config) {
146 Ok(claims) => {
147 if state.db.is_access_token_revoked(&claims.jti).await? {
148 return Err(Error::http(
149 StatusCode::UNAUTHORIZED,
150 "unauthorized".to_string(),
151 ));
152 }
153
154 tracing::Span::current()
155 .record("user_id", claims.user_id)
156 .record("login", claims.github_user_login.clone())
157 .record("authn.jti", &claims.jti)
158 .record("is_staff", claims.is_staff);
159
160 req.extensions_mut().insert(claims);
161 Ok::<_, Error>(next.run(req).await.into_response())
162 }
163 Err(ValidateLlmTokenError::Expired) => Err(Error::Http(
164 StatusCode::UNAUTHORIZED,
165 "unauthorized".to_string(),
166 [(
167 HeaderName::from_static(EXPIRED_LLM_TOKEN_HEADER_NAME),
168 HeaderValue::from_static("true"),
169 )]
170 .into_iter()
171 .collect(),
172 )),
173 Err(_err) => Err(Error::http(
174 StatusCode::UNAUTHORIZED,
175 "unauthorized".to_string(),
176 )),
177 }
178}
179
180async fn list_models(
181 Extension(state): Extension<Arc<LlmState>>,
182 Extension(claims): Extension<LlmTokenClaims>,
183 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
184) -> Result<Json<ListModelsResponse>> {
185 let country_code = country_code_header.map(|header| header.to_string());
186
187 let mut accessible_models = Vec::new();
188
189 for (provider, model) in state.db.all_models() {
190 let authorize_result = authorize_access_to_language_model(
191 &state.config,
192 &claims,
193 country_code.as_deref(),
194 provider,
195 &model.name,
196 );
197
198 if authorize_result.is_ok() {
199 accessible_models.push(rpc::LanguageModel {
200 provider,
201 name: model.name,
202 });
203 }
204 }
205
206 Ok(Json(ListModelsResponse {
207 models: accessible_models,
208 }))
209}
210
211async fn perform_completion(
212 Extension(state): Extension<Arc<LlmState>>,
213 Extension(claims): Extension<LlmTokenClaims>,
214 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
215 Json(params): Json<PerformCompletionParams>,
216) -> Result<impl IntoResponse> {
217 let model = normalize_model_name(
218 state.db.model_names_for_provider(params.provider),
219 params.model,
220 );
221
222 authorize_access_to_language_model(
223 &state.config,
224 &claims,
225 country_code_header
226 .map(|header| header.to_string())
227 .as_deref(),
228 params.provider,
229 &model,
230 )?;
231
232 check_usage_limit(&state, params.provider, &model, &claims).await?;
233
234 let stream = match params.provider {
235 LanguageModelProvider::Anthropic => {
236 let api_key = if claims.is_staff {
237 state
238 .config
239 .anthropic_staff_api_key
240 .as_ref()
241 .context("no Anthropic AI staff API key configured on the server")?
242 } else {
243 state
244 .config
245 .anthropic_api_key
246 .as_ref()
247 .context("no Anthropic AI API key configured on the server")?
248 };
249
250 let mut request: anthropic::Request =
251 serde_json::from_str(params.provider_request.get())?;
252
253 // Override the model on the request with the latest version of the model that is
254 // known to the server.
255 //
256 // Right now, we use the version that's defined in `model.id()`, but we will likely
257 // want to change this code once a new version of an Anthropic model is released,
258 // so that users can use the new version, without having to update Zed.
259 request.model = match model.as_str() {
260 "claude-3-5-sonnet" => anthropic::Model::Claude3_5Sonnet.id().to_string(),
261 "claude-3-opus" => anthropic::Model::Claude3Opus.id().to_string(),
262 "claude-3-haiku" => anthropic::Model::Claude3Haiku.id().to_string(),
263 "claude-3-sonnet" => anthropic::Model::Claude3Sonnet.id().to_string(),
264 _ => request.model,
265 };
266
267 let (chunks, rate_limit_info) = anthropic::stream_completion_with_rate_limit_info(
268 &state.http_client,
269 anthropic::ANTHROPIC_API_URL,
270 api_key,
271 request,
272 None,
273 )
274 .await
275 .map_err(|err| match err {
276 anthropic::AnthropicError::ApiError(ref api_error) => match api_error.code() {
277 Some(anthropic::ApiErrorCode::RateLimitError) => {
278 tracing::info!(
279 target: "upstream rate limit exceeded",
280 user_id = claims.user_id,
281 login = claims.github_user_login,
282 authn.jti = claims.jti,
283 is_staff = claims.is_staff,
284 provider = params.provider.to_string(),
285 model = model
286 );
287
288 Error::http(
289 StatusCode::TOO_MANY_REQUESTS,
290 "Upstream Anthropic rate limit exceeded.".to_string(),
291 )
292 }
293 Some(anthropic::ApiErrorCode::InvalidRequestError) => {
294 Error::http(StatusCode::BAD_REQUEST, api_error.message.clone())
295 }
296 Some(anthropic::ApiErrorCode::OverloadedError) => {
297 Error::http(StatusCode::SERVICE_UNAVAILABLE, api_error.message.clone())
298 }
299 Some(_) => {
300 Error::http(StatusCode::INTERNAL_SERVER_ERROR, api_error.message.clone())
301 }
302 None => Error::Internal(anyhow!(err)),
303 },
304 anthropic::AnthropicError::Other(err) => Error::Internal(err),
305 })?;
306
307 if let Some(rate_limit_info) = rate_limit_info {
308 tracing::info!(
309 target: "upstream rate limit",
310 is_staff = claims.is_staff,
311 provider = params.provider.to_string(),
312 model = model,
313 tokens_remaining = rate_limit_info.tokens_remaining,
314 requests_remaining = rate_limit_info.requests_remaining,
315 requests_reset = ?rate_limit_info.requests_reset,
316 tokens_reset = ?rate_limit_info.tokens_reset,
317 );
318 }
319
320 chunks
321 .map(move |event| {
322 let chunk = event?;
323 let (input_tokens, output_tokens) = match &chunk {
324 anthropic::Event::MessageStart {
325 message: anthropic::Response { usage, .. },
326 }
327 | anthropic::Event::MessageDelta { usage, .. } => (
328 usage.input_tokens.unwrap_or(0) as usize,
329 usage.output_tokens.unwrap_or(0) as usize,
330 ),
331 _ => (0, 0),
332 };
333
334 anyhow::Ok((
335 serde_json::to_vec(&chunk).unwrap(),
336 input_tokens,
337 output_tokens,
338 ))
339 })
340 .boxed()
341 }
342 LanguageModelProvider::OpenAi => {
343 let api_key = state
344 .config
345 .openai_api_key
346 .as_ref()
347 .context("no OpenAI API key configured on the server")?;
348 let chunks = open_ai::stream_completion(
349 &state.http_client,
350 open_ai::OPEN_AI_API_URL,
351 api_key,
352 serde_json::from_str(params.provider_request.get())?,
353 None,
354 )
355 .await?;
356
357 chunks
358 .map(|event| {
359 event.map(|chunk| {
360 let input_tokens =
361 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
362 let output_tokens =
363 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
364 (
365 serde_json::to_vec(&chunk).unwrap(),
366 input_tokens,
367 output_tokens,
368 )
369 })
370 })
371 .boxed()
372 }
373 LanguageModelProvider::Google => {
374 let api_key = state
375 .config
376 .google_ai_api_key
377 .as_ref()
378 .context("no Google AI API key configured on the server")?;
379 let chunks = google_ai::stream_generate_content(
380 &state.http_client,
381 google_ai::API_URL,
382 api_key,
383 serde_json::from_str(params.provider_request.get())?,
384 None,
385 )
386 .await?;
387
388 chunks
389 .map(|event| {
390 event.map(|chunk| {
391 // TODO - implement token counting for Google AI
392 let input_tokens = 0;
393 let output_tokens = 0;
394 (
395 serde_json::to_vec(&chunk).unwrap(),
396 input_tokens,
397 output_tokens,
398 )
399 })
400 })
401 .boxed()
402 }
403 LanguageModelProvider::Zed => {
404 let api_key = state
405 .config
406 .runpod_api_key
407 .as_ref()
408 .context("no Qwen2-7B API key configured on the server")?;
409 let api_url = state
410 .config
411 .runpod_api_summary_url
412 .as_ref()
413 .context("no Qwen2-7B URL configured on the server")?;
414 let chunks = open_ai::stream_completion(
415 &state.http_client,
416 api_url,
417 api_key,
418 serde_json::from_str(params.provider_request.get())?,
419 None,
420 )
421 .await?;
422
423 chunks
424 .map(|event| {
425 event.map(|chunk| {
426 let input_tokens =
427 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
428 let output_tokens =
429 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
430 (
431 serde_json::to_vec(&chunk).unwrap(),
432 input_tokens,
433 output_tokens,
434 )
435 })
436 })
437 .boxed()
438 }
439 };
440
441 Ok(Response::new(Body::wrap_stream(TokenCountingStream {
442 state,
443 claims,
444 provider: params.provider,
445 model,
446 input_tokens: 0,
447 output_tokens: 0,
448 inner_stream: stream,
449 })))
450}
451
452fn normalize_model_name(known_models: Vec<String>, name: String) -> String {
453 if let Some(known_model_name) = known_models
454 .iter()
455 .filter(|known_model_name| name.starts_with(known_model_name.as_str()))
456 .max_by_key(|known_model_name| known_model_name.len())
457 {
458 known_model_name.to_string()
459 } else {
460 name
461 }
462}
463
464/// The maximum lifetime spending an individual user can reach before being cut off.
465///
466/// Represented in cents.
467const LIFETIME_SPENDING_LIMIT_IN_CENTS: usize = 1_000 * 100;
468
469async fn check_usage_limit(
470 state: &Arc<LlmState>,
471 provider: LanguageModelProvider,
472 model_name: &str,
473 claims: &LlmTokenClaims,
474) -> Result<()> {
475 let model = state.db.model(provider, model_name)?;
476 let usage = state
477 .db
478 .get_usage(
479 UserId::from_proto(claims.user_id),
480 provider,
481 model_name,
482 Utc::now(),
483 )
484 .await?;
485
486 if usage.lifetime_spending >= LIFETIME_SPENDING_LIMIT_IN_CENTS {
487 return Err(Error::http(
488 StatusCode::FORBIDDEN,
489 "Maximum spending limit reached.".to_string(),
490 ));
491 }
492
493 let active_users = state.get_active_user_count(provider, model_name).await?;
494
495 let users_in_recent_minutes = active_users.users_in_recent_minutes.max(1);
496 let users_in_recent_days = active_users.users_in_recent_days.max(1);
497
498 let per_user_max_requests_per_minute =
499 model.max_requests_per_minute as usize / users_in_recent_minutes;
500 let per_user_max_tokens_per_minute =
501 model.max_tokens_per_minute as usize / users_in_recent_minutes;
502 let per_user_max_tokens_per_day = model.max_tokens_per_day as usize / users_in_recent_days;
503
504 let checks = [
505 (
506 usage.requests_this_minute,
507 per_user_max_requests_per_minute,
508 UsageMeasure::RequestsPerMinute,
509 ),
510 (
511 usage.tokens_this_minute,
512 per_user_max_tokens_per_minute,
513 UsageMeasure::TokensPerMinute,
514 ),
515 (
516 usage.tokens_this_day,
517 per_user_max_tokens_per_day,
518 UsageMeasure::TokensPerDay,
519 ),
520 ];
521
522 for (used, limit, usage_measure) in checks {
523 // Temporarily bypass rate-limiting for staff members.
524 if claims.is_staff {
525 continue;
526 }
527
528 if used > limit {
529 let resource = match usage_measure {
530 UsageMeasure::RequestsPerMinute => "requests_per_minute",
531 UsageMeasure::TokensPerMinute => "tokens_per_minute",
532 UsageMeasure::TokensPerDay => "tokens_per_day",
533 _ => "",
534 };
535
536 if let Some(client) = state.clickhouse_client.as_ref() {
537 tracing::info!(
538 target: "user rate limit",
539 user_id = claims.user_id,
540 login = claims.github_user_login,
541 authn.jti = claims.jti,
542 is_staff = claims.is_staff,
543 provider = provider.to_string(),
544 model = model.name,
545 requests_this_minute = usage.requests_this_minute,
546 tokens_this_minute = usage.tokens_this_minute,
547 tokens_this_day = usage.tokens_this_day,
548 users_in_recent_minutes = users_in_recent_minutes,
549 users_in_recent_days = users_in_recent_days,
550 max_requests_per_minute = per_user_max_requests_per_minute,
551 max_tokens_per_minute = per_user_max_tokens_per_minute,
552 max_tokens_per_day = per_user_max_tokens_per_day,
553 );
554
555 report_llm_rate_limit(
556 client,
557 LlmRateLimitEventRow {
558 time: Utc::now().timestamp_millis(),
559 user_id: claims.user_id as i32,
560 is_staff: claims.is_staff,
561 plan: match claims.plan {
562 Plan::Free => "free".to_string(),
563 Plan::ZedPro => "zed_pro".to_string(),
564 },
565 model: model.name.clone(),
566 provider: provider.to_string(),
567 usage_measure: resource.to_string(),
568 requests_this_minute: usage.requests_this_minute as u64,
569 tokens_this_minute: usage.tokens_this_minute as u64,
570 tokens_this_day: usage.tokens_this_day as u64,
571 users_in_recent_minutes: users_in_recent_minutes as u64,
572 users_in_recent_days: users_in_recent_days as u64,
573 max_requests_per_minute: per_user_max_requests_per_minute as u64,
574 max_tokens_per_minute: per_user_max_tokens_per_minute as u64,
575 max_tokens_per_day: per_user_max_tokens_per_day as u64,
576 },
577 )
578 .await
579 .log_err();
580 }
581
582 return Err(Error::http(
583 StatusCode::TOO_MANY_REQUESTS,
584 format!("Rate limit exceeded. Maximum {} reached.", resource),
585 ));
586 }
587 }
588
589 Ok(())
590}
591
592struct TokenCountingStream<S> {
593 state: Arc<LlmState>,
594 claims: LlmTokenClaims,
595 provider: LanguageModelProvider,
596 model: String,
597 input_tokens: usize,
598 output_tokens: usize,
599 inner_stream: S,
600}
601
602impl<S> Stream for TokenCountingStream<S>
603where
604 S: Stream<Item = Result<(Vec<u8>, usize, usize), anyhow::Error>> + Unpin,
605{
606 type Item = Result<Vec<u8>, anyhow::Error>;
607
608 fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
609 match Pin::new(&mut self.inner_stream).poll_next(cx) {
610 Poll::Ready(Some(Ok((mut bytes, input_tokens, output_tokens)))) => {
611 bytes.push(b'\n');
612 self.input_tokens += input_tokens;
613 self.output_tokens += output_tokens;
614 Poll::Ready(Some(Ok(bytes)))
615 }
616 Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
617 Poll::Ready(None) => Poll::Ready(None),
618 Poll::Pending => Poll::Pending,
619 }
620 }
621}
622
623impl<S> Drop for TokenCountingStream<S> {
624 fn drop(&mut self) {
625 let state = self.state.clone();
626 let claims = self.claims.clone();
627 let provider = self.provider;
628 let model = std::mem::take(&mut self.model);
629 let input_token_count = self.input_tokens;
630 let output_token_count = self.output_tokens;
631 self.state.executor.spawn_detached(async move {
632 let usage = state
633 .db
634 .record_usage(
635 UserId::from_proto(claims.user_id),
636 claims.is_staff,
637 provider,
638 &model,
639 input_token_count,
640 output_token_count,
641 Utc::now(),
642 )
643 .await
644 .log_err();
645
646 if let Some(usage) = usage {
647 tracing::info!(
648 target: "user usage",
649 user_id = claims.user_id,
650 login = claims.github_user_login,
651 authn.jti = claims.jti,
652 is_staff = claims.is_staff,
653 requests_this_minute = usage.requests_this_minute,
654 tokens_this_minute = usage.tokens_this_minute,
655 );
656
657 if let Some(clickhouse_client) = state.clickhouse_client.as_ref() {
658 report_llm_usage(
659 clickhouse_client,
660 LlmUsageEventRow {
661 time: Utc::now().timestamp_millis(),
662 user_id: claims.user_id as i32,
663 is_staff: claims.is_staff,
664 plan: match claims.plan {
665 Plan::Free => "free".to_string(),
666 Plan::ZedPro => "zed_pro".to_string(),
667 },
668 model,
669 provider: provider.to_string(),
670 input_token_count: input_token_count as u64,
671 output_token_count: output_token_count as u64,
672 requests_this_minute: usage.requests_this_minute as u64,
673 tokens_this_minute: usage.tokens_this_minute as u64,
674 tokens_this_day: usage.tokens_this_day as u64,
675 input_tokens_this_month: usage.input_tokens_this_month as u64,
676 output_tokens_this_month: usage.output_tokens_this_month as u64,
677 spending_this_month: usage.spending_this_month as u64,
678 lifetime_spending: usage.lifetime_spending as u64,
679 },
680 )
681 .await
682 .log_err();
683 }
684 }
685 })
686 }
687}
688
689pub fn log_usage_periodically(state: Arc<LlmState>) {
690 state.executor.clone().spawn_detached(async move {
691 loop {
692 state
693 .executor
694 .sleep(std::time::Duration::from_secs(30))
695 .await;
696
697 for provider in LanguageModelProvider::iter() {
698 for model in state.db.model_names_for_provider(provider) {
699 if let Some(active_user_count) = state
700 .get_active_user_count(provider, &model)
701 .await
702 .log_err()
703 {
704 tracing::info!(
705 target: "active user counts",
706 provider = provider.to_string(),
707 model = model,
708 users_in_recent_minutes = active_user_count.users_in_recent_minutes,
709 users_in_recent_days = active_user_count.users_in_recent_days,
710 );
711 }
712 }
713 }
714
715 if let Some(usages) = state
716 .db
717 .get_application_wide_usages_by_model(Utc::now())
718 .await
719 .log_err()
720 {
721 for usage in usages {
722 tracing::info!(
723 target: "computed usage",
724 provider = usage.provider.to_string(),
725 model = usage.model,
726 requests_this_minute = usage.requests_this_minute,
727 tokens_this_minute = usage.tokens_this_minute,
728 );
729 }
730 }
731 }
732 })
733}