1mod authorization;
2pub mod db;
3mod telemetry;
4mod token;
5
6use crate::{
7 api::CloudflareIpCountryHeader, build_clickhouse_client, db::UserId, executor::Executor,
8 Config, Error, Result,
9};
10use anyhow::{anyhow, Context as _};
11use authorization::authorize_access_to_language_model;
12use axum::routing::get;
13use axum::{
14 body::Body,
15 http::{self, HeaderName, HeaderValue, Request, StatusCode},
16 middleware::{self, Next},
17 response::{IntoResponse, Response},
18 routing::post,
19 Extension, Json, Router, TypedHeader,
20};
21use chrono::{DateTime, Duration, Utc};
22use collections::HashMap;
23use db::{usage_measure::UsageMeasure, ActiveUserCount, LlmDatabase};
24use futures::{Stream, StreamExt as _};
25use isahc_http_client::IsahcHttpClient;
26use rpc::ListModelsResponse;
27use rpc::{
28 proto::Plan, LanguageModelProvider, PerformCompletionParams, EXPIRED_LLM_TOKEN_HEADER_NAME,
29};
30use std::{
31 pin::Pin,
32 sync::Arc,
33 task::{Context, Poll},
34};
35use strum::IntoEnumIterator;
36use telemetry::{report_llm_rate_limit, report_llm_usage, LlmRateLimitEventRow, LlmUsageEventRow};
37use tokio::sync::RwLock;
38use util::ResultExt;
39
40pub use token::*;
41
42pub struct LlmState {
43 pub config: Config,
44 pub executor: Executor,
45 pub db: Arc<LlmDatabase>,
46 pub http_client: IsahcHttpClient,
47 pub clickhouse_client: Option<clickhouse::Client>,
48 active_user_count_by_model:
49 RwLock<HashMap<(LanguageModelProvider, String), (DateTime<Utc>, ActiveUserCount)>>,
50}
51
52const ACTIVE_USER_COUNT_CACHE_DURATION: Duration = Duration::seconds(30);
53
54impl LlmState {
55 pub async fn new(config: Config, executor: Executor) -> Result<Arc<Self>> {
56 let database_url = config
57 .llm_database_url
58 .as_ref()
59 .ok_or_else(|| anyhow!("missing LLM_DATABASE_URL"))?;
60 let max_connections = config
61 .llm_database_max_connections
62 .ok_or_else(|| anyhow!("missing LLM_DATABASE_MAX_CONNECTIONS"))?;
63
64 let mut db_options = db::ConnectOptions::new(database_url);
65 db_options.max_connections(max_connections);
66 let mut db = LlmDatabase::new(db_options, executor.clone()).await?;
67 db.initialize().await?;
68
69 let db = Arc::new(db);
70
71 let user_agent = format!("Zed Server/{}", env!("CARGO_PKG_VERSION"));
72 let http_client = IsahcHttpClient::builder()
73 .default_header("User-Agent", user_agent)
74 .build()
75 .map(IsahcHttpClient::from)
76 .context("failed to construct http client")?;
77
78 let this = Self {
79 executor,
80 db,
81 http_client,
82 clickhouse_client: config
83 .clickhouse_url
84 .as_ref()
85 .and_then(|_| build_clickhouse_client(&config).log_err()),
86 active_user_count_by_model: RwLock::new(HashMap::default()),
87 config,
88 };
89
90 Ok(Arc::new(this))
91 }
92
93 pub async fn get_active_user_count(
94 &self,
95 provider: LanguageModelProvider,
96 model: &str,
97 ) -> Result<ActiveUserCount> {
98 let now = Utc::now();
99
100 {
101 let active_user_count_by_model = self.active_user_count_by_model.read().await;
102 if let Some((last_updated, count)) =
103 active_user_count_by_model.get(&(provider, model.to_string()))
104 {
105 if now - *last_updated < ACTIVE_USER_COUNT_CACHE_DURATION {
106 return Ok(*count);
107 }
108 }
109 }
110
111 let mut cache = self.active_user_count_by_model.write().await;
112 let new_count = self.db.get_active_user_count(provider, model, now).await?;
113 cache.insert((provider, model.to_string()), (now, new_count));
114 Ok(new_count)
115 }
116}
117
118pub fn routes() -> Router<(), Body> {
119 Router::new()
120 .route("/models", get(list_models))
121 .route("/completion", post(perform_completion))
122 .layer(middleware::from_fn(validate_api_token))
123}
124
125async fn validate_api_token<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
126 let token = req
127 .headers()
128 .get(http::header::AUTHORIZATION)
129 .and_then(|header| header.to_str().ok())
130 .ok_or_else(|| {
131 Error::http(
132 StatusCode::BAD_REQUEST,
133 "missing authorization header".to_string(),
134 )
135 })?
136 .strip_prefix("Bearer ")
137 .ok_or_else(|| {
138 Error::http(
139 StatusCode::BAD_REQUEST,
140 "invalid authorization header".to_string(),
141 )
142 })?;
143
144 let state = req.extensions().get::<Arc<LlmState>>().unwrap();
145 match LlmTokenClaims::validate(token, &state.config) {
146 Ok(claims) => {
147 if state.db.is_access_token_revoked(&claims.jti).await? {
148 return Err(Error::http(
149 StatusCode::UNAUTHORIZED,
150 "unauthorized".to_string(),
151 ));
152 }
153
154 tracing::Span::current()
155 .record("user_id", claims.user_id)
156 .record("login", claims.github_user_login.clone())
157 .record("authn.jti", &claims.jti)
158 .record("is_staff", claims.is_staff);
159
160 req.extensions_mut().insert(claims);
161 Ok::<_, Error>(next.run(req).await.into_response())
162 }
163 Err(ValidateLlmTokenError::Expired) => Err(Error::Http(
164 StatusCode::UNAUTHORIZED,
165 "unauthorized".to_string(),
166 [(
167 HeaderName::from_static(EXPIRED_LLM_TOKEN_HEADER_NAME),
168 HeaderValue::from_static("true"),
169 )]
170 .into_iter()
171 .collect(),
172 )),
173 Err(_err) => Err(Error::http(
174 StatusCode::UNAUTHORIZED,
175 "unauthorized".to_string(),
176 )),
177 }
178}
179
180async fn list_models(
181 Extension(state): Extension<Arc<LlmState>>,
182 Extension(claims): Extension<LlmTokenClaims>,
183 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
184) -> Result<Json<ListModelsResponse>> {
185 let country_code = country_code_header.map(|header| header.to_string());
186
187 let mut accessible_models = Vec::new();
188
189 for (provider, model) in state.db.all_models() {
190 let authorize_result = authorize_access_to_language_model(
191 &state.config,
192 &claims,
193 country_code.as_deref(),
194 provider,
195 &model.name,
196 );
197
198 if authorize_result.is_ok() {
199 accessible_models.push(rpc::LanguageModel {
200 provider,
201 name: model.name,
202 });
203 }
204 }
205
206 Ok(Json(ListModelsResponse {
207 models: accessible_models,
208 }))
209}
210
211async fn perform_completion(
212 Extension(state): Extension<Arc<LlmState>>,
213 Extension(claims): Extension<LlmTokenClaims>,
214 country_code_header: Option<TypedHeader<CloudflareIpCountryHeader>>,
215 Json(params): Json<PerformCompletionParams>,
216) -> Result<impl IntoResponse> {
217 let model = normalize_model_name(
218 state.db.model_names_for_provider(params.provider),
219 params.model,
220 );
221
222 authorize_access_to_language_model(
223 &state.config,
224 &claims,
225 country_code_header
226 .map(|header| header.to_string())
227 .as_deref(),
228 params.provider,
229 &model,
230 )?;
231
232 check_usage_limit(&state, params.provider, &model, &claims).await?;
233
234 let stream = match params.provider {
235 LanguageModelProvider::Anthropic => {
236 let api_key = if claims.is_staff {
237 state
238 .config
239 .anthropic_staff_api_key
240 .as_ref()
241 .context("no Anthropic AI staff API key configured on the server")?
242 } else {
243 state
244 .config
245 .anthropic_api_key
246 .as_ref()
247 .context("no Anthropic AI API key configured on the server")?
248 };
249
250 let mut request: anthropic::Request =
251 serde_json::from_str(params.provider_request.get())?;
252
253 // Override the model on the request with the latest version of the model that is
254 // known to the server.
255 //
256 // Right now, we use the version that's defined in `model.id()`, but we will likely
257 // want to change this code once a new version of an Anthropic model is released,
258 // so that users can use the new version, without having to update Zed.
259 request.model = match model.as_str() {
260 "claude-3-5-sonnet" => anthropic::Model::Claude3_5Sonnet.id().to_string(),
261 "claude-3-opus" => anthropic::Model::Claude3Opus.id().to_string(),
262 "claude-3-haiku" => anthropic::Model::Claude3Haiku.id().to_string(),
263 "claude-3-sonnet" => anthropic::Model::Claude3Sonnet.id().to_string(),
264 _ => request.model,
265 };
266
267 let (chunks, rate_limit_info) = anthropic::stream_completion_with_rate_limit_info(
268 &state.http_client,
269 anthropic::ANTHROPIC_API_URL,
270 api_key,
271 request,
272 None,
273 )
274 .await
275 .map_err(|err| match err {
276 anthropic::AnthropicError::ApiError(ref api_error) => match api_error.code() {
277 Some(anthropic::ApiErrorCode::RateLimitError) => {
278 tracing::info!(
279 target: "upstream rate limit exceeded",
280 user_id = claims.user_id,
281 login = claims.github_user_login,
282 authn.jti = claims.jti,
283 is_staff = claims.is_staff,
284 provider = params.provider.to_string(),
285 model = model
286 );
287
288 Error::http(
289 StatusCode::TOO_MANY_REQUESTS,
290 "Upstream Anthropic rate limit exceeded.".to_string(),
291 )
292 }
293 Some(anthropic::ApiErrorCode::InvalidRequestError) => {
294 Error::http(StatusCode::BAD_REQUEST, api_error.message.clone())
295 }
296 Some(anthropic::ApiErrorCode::OverloadedError) => {
297 Error::http(StatusCode::SERVICE_UNAVAILABLE, api_error.message.clone())
298 }
299 Some(_) => {
300 Error::http(StatusCode::INTERNAL_SERVER_ERROR, api_error.message.clone())
301 }
302 None => Error::Internal(anyhow!(err)),
303 },
304 anthropic::AnthropicError::Other(err) => Error::Internal(err),
305 })?;
306
307 if let Some(rate_limit_info) = rate_limit_info {
308 tracing::info!(
309 target: "upstream rate limit",
310 is_staff = claims.is_staff,
311 provider = params.provider.to_string(),
312 model = model,
313 tokens_remaining = rate_limit_info.tokens_remaining,
314 requests_remaining = rate_limit_info.requests_remaining,
315 requests_reset = ?rate_limit_info.requests_reset,
316 tokens_reset = ?rate_limit_info.tokens_reset,
317 );
318 }
319
320 chunks
321 .map(move |event| {
322 let chunk = event?;
323 let (input_tokens, output_tokens) = match &chunk {
324 anthropic::Event::MessageStart {
325 message: anthropic::Response { usage, .. },
326 }
327 | anthropic::Event::MessageDelta { usage, .. } => (
328 usage.input_tokens.unwrap_or(0) as usize,
329 usage.output_tokens.unwrap_or(0) as usize,
330 ),
331 _ => (0, 0),
332 };
333
334 anyhow::Ok((
335 serde_json::to_vec(&chunk).unwrap(),
336 input_tokens,
337 output_tokens,
338 ))
339 })
340 .boxed()
341 }
342 LanguageModelProvider::OpenAi => {
343 let api_key = state
344 .config
345 .openai_api_key
346 .as_ref()
347 .context("no OpenAI API key configured on the server")?;
348 let chunks = open_ai::stream_completion(
349 &state.http_client,
350 open_ai::OPEN_AI_API_URL,
351 api_key,
352 serde_json::from_str(params.provider_request.get())?,
353 None,
354 )
355 .await?;
356
357 chunks
358 .map(|event| {
359 event.map(|chunk| {
360 let input_tokens =
361 chunk.usage.as_ref().map_or(0, |u| u.prompt_tokens) as usize;
362 let output_tokens =
363 chunk.usage.as_ref().map_or(0, |u| u.completion_tokens) as usize;
364 (
365 serde_json::to_vec(&chunk).unwrap(),
366 input_tokens,
367 output_tokens,
368 )
369 })
370 })
371 .boxed()
372 }
373 LanguageModelProvider::Google => {
374 let api_key = state
375 .config
376 .google_ai_api_key
377 .as_ref()
378 .context("no Google AI API key configured on the server")?;
379 let chunks = google_ai::stream_generate_content(
380 &state.http_client,
381 google_ai::API_URL,
382 api_key,
383 serde_json::from_str(params.provider_request.get())?,
384 None,
385 )
386 .await?;
387
388 chunks
389 .map(|event| {
390 event.map(|chunk| {
391 // TODO - implement token counting for Google AI
392 let input_tokens = 0;
393 let output_tokens = 0;
394 (
395 serde_json::to_vec(&chunk).unwrap(),
396 input_tokens,
397 output_tokens,
398 )
399 })
400 })
401 .boxed()
402 }
403 };
404
405 Ok(Response::new(Body::wrap_stream(TokenCountingStream {
406 state,
407 claims,
408 provider: params.provider,
409 model,
410 input_tokens: 0,
411 output_tokens: 0,
412 inner_stream: stream,
413 })))
414}
415
416fn normalize_model_name(known_models: Vec<String>, name: String) -> String {
417 if let Some(known_model_name) = known_models
418 .iter()
419 .filter(|known_model_name| name.starts_with(known_model_name.as_str()))
420 .max_by_key(|known_model_name| known_model_name.len())
421 {
422 known_model_name.to_string()
423 } else {
424 name
425 }
426}
427
428/// The maximum lifetime spending an individual user can reach before being cut off.
429///
430/// Represented in cents.
431const LIFETIME_SPENDING_LIMIT_IN_CENTS: usize = 1_000 * 100;
432
433async fn check_usage_limit(
434 state: &Arc<LlmState>,
435 provider: LanguageModelProvider,
436 model_name: &str,
437 claims: &LlmTokenClaims,
438) -> Result<()> {
439 let model = state.db.model(provider, model_name)?;
440 let usage = state
441 .db
442 .get_usage(
443 UserId::from_proto(claims.user_id),
444 provider,
445 model_name,
446 Utc::now(),
447 )
448 .await?;
449
450 if usage.lifetime_spending >= LIFETIME_SPENDING_LIMIT_IN_CENTS {
451 return Err(Error::http(
452 StatusCode::FORBIDDEN,
453 "Maximum spending limit reached.".to_string(),
454 ));
455 }
456
457 let active_users = state.get_active_user_count(provider, model_name).await?;
458
459 let users_in_recent_minutes = active_users.users_in_recent_minutes.max(1);
460 let users_in_recent_days = active_users.users_in_recent_days.max(1);
461
462 let per_user_max_requests_per_minute =
463 model.max_requests_per_minute as usize / users_in_recent_minutes;
464 let per_user_max_tokens_per_minute =
465 model.max_tokens_per_minute as usize / users_in_recent_minutes;
466 let per_user_max_tokens_per_day = model.max_tokens_per_day as usize / users_in_recent_days;
467
468 let checks = [
469 (
470 usage.requests_this_minute,
471 per_user_max_requests_per_minute,
472 UsageMeasure::RequestsPerMinute,
473 ),
474 (
475 usage.tokens_this_minute,
476 per_user_max_tokens_per_minute,
477 UsageMeasure::TokensPerMinute,
478 ),
479 (
480 usage.tokens_this_day,
481 per_user_max_tokens_per_day,
482 UsageMeasure::TokensPerDay,
483 ),
484 ];
485
486 for (used, limit, usage_measure) in checks {
487 // Temporarily bypass rate-limiting for staff members.
488 if claims.is_staff {
489 continue;
490 }
491
492 if used > limit {
493 let resource = match usage_measure {
494 UsageMeasure::RequestsPerMinute => "requests_per_minute",
495 UsageMeasure::TokensPerMinute => "tokens_per_minute",
496 UsageMeasure::TokensPerDay => "tokens_per_day",
497 _ => "",
498 };
499
500 if let Some(client) = state.clickhouse_client.as_ref() {
501 tracing::info!(
502 target: "user rate limit",
503 user_id = claims.user_id,
504 login = claims.github_user_login,
505 authn.jti = claims.jti,
506 is_staff = claims.is_staff,
507 provider = provider.to_string(),
508 model = model.name,
509 requests_this_minute = usage.requests_this_minute,
510 tokens_this_minute = usage.tokens_this_minute,
511 tokens_this_day = usage.tokens_this_day,
512 users_in_recent_minutes = users_in_recent_minutes,
513 users_in_recent_days = users_in_recent_days,
514 max_requests_per_minute = per_user_max_requests_per_minute,
515 max_tokens_per_minute = per_user_max_tokens_per_minute,
516 max_tokens_per_day = per_user_max_tokens_per_day,
517 );
518
519 report_llm_rate_limit(
520 client,
521 LlmRateLimitEventRow {
522 time: Utc::now().timestamp_millis(),
523 user_id: claims.user_id as i32,
524 is_staff: claims.is_staff,
525 plan: match claims.plan {
526 Plan::Free => "free".to_string(),
527 Plan::ZedPro => "zed_pro".to_string(),
528 },
529 model: model.name.clone(),
530 provider: provider.to_string(),
531 usage_measure: resource.to_string(),
532 requests_this_minute: usage.requests_this_minute as u64,
533 tokens_this_minute: usage.tokens_this_minute as u64,
534 tokens_this_day: usage.tokens_this_day as u64,
535 users_in_recent_minutes: users_in_recent_minutes as u64,
536 users_in_recent_days: users_in_recent_days as u64,
537 max_requests_per_minute: per_user_max_requests_per_minute as u64,
538 max_tokens_per_minute: per_user_max_tokens_per_minute as u64,
539 max_tokens_per_day: per_user_max_tokens_per_day as u64,
540 },
541 )
542 .await
543 .log_err();
544 }
545
546 return Err(Error::http(
547 StatusCode::TOO_MANY_REQUESTS,
548 format!("Rate limit exceeded. Maximum {} reached.", resource),
549 ));
550 }
551 }
552
553 Ok(())
554}
555
556struct TokenCountingStream<S> {
557 state: Arc<LlmState>,
558 claims: LlmTokenClaims,
559 provider: LanguageModelProvider,
560 model: String,
561 input_tokens: usize,
562 output_tokens: usize,
563 inner_stream: S,
564}
565
566impl<S> Stream for TokenCountingStream<S>
567where
568 S: Stream<Item = Result<(Vec<u8>, usize, usize), anyhow::Error>> + Unpin,
569{
570 type Item = Result<Vec<u8>, anyhow::Error>;
571
572 fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
573 match Pin::new(&mut self.inner_stream).poll_next(cx) {
574 Poll::Ready(Some(Ok((mut bytes, input_tokens, output_tokens)))) => {
575 bytes.push(b'\n');
576 self.input_tokens += input_tokens;
577 self.output_tokens += output_tokens;
578 Poll::Ready(Some(Ok(bytes)))
579 }
580 Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
581 Poll::Ready(None) => Poll::Ready(None),
582 Poll::Pending => Poll::Pending,
583 }
584 }
585}
586
587impl<S> Drop for TokenCountingStream<S> {
588 fn drop(&mut self) {
589 let state = self.state.clone();
590 let claims = self.claims.clone();
591 let provider = self.provider;
592 let model = std::mem::take(&mut self.model);
593 let input_token_count = self.input_tokens;
594 let output_token_count = self.output_tokens;
595 self.state.executor.spawn_detached(async move {
596 let usage = state
597 .db
598 .record_usage(
599 UserId::from_proto(claims.user_id),
600 claims.is_staff,
601 provider,
602 &model,
603 input_token_count,
604 output_token_count,
605 Utc::now(),
606 )
607 .await
608 .log_err();
609
610 if let Some(usage) = usage {
611 tracing::info!(
612 target: "user usage",
613 user_id = claims.user_id,
614 login = claims.github_user_login,
615 authn.jti = claims.jti,
616 is_staff = claims.is_staff,
617 requests_this_minute = usage.requests_this_minute,
618 tokens_this_minute = usage.tokens_this_minute,
619 );
620
621 if let Some(clickhouse_client) = state.clickhouse_client.as_ref() {
622 report_llm_usage(
623 clickhouse_client,
624 LlmUsageEventRow {
625 time: Utc::now().timestamp_millis(),
626 user_id: claims.user_id as i32,
627 is_staff: claims.is_staff,
628 plan: match claims.plan {
629 Plan::Free => "free".to_string(),
630 Plan::ZedPro => "zed_pro".to_string(),
631 },
632 model,
633 provider: provider.to_string(),
634 input_token_count: input_token_count as u64,
635 output_token_count: output_token_count as u64,
636 requests_this_minute: usage.requests_this_minute as u64,
637 tokens_this_minute: usage.tokens_this_minute as u64,
638 tokens_this_day: usage.tokens_this_day as u64,
639 input_tokens_this_month: usage.input_tokens_this_month as u64,
640 output_tokens_this_month: usage.output_tokens_this_month as u64,
641 spending_this_month: usage.spending_this_month as u64,
642 lifetime_spending: usage.lifetime_spending as u64,
643 },
644 )
645 .await
646 .log_err();
647 }
648 }
649 })
650 }
651}
652
653pub fn log_usage_periodically(state: Arc<LlmState>) {
654 state.executor.clone().spawn_detached(async move {
655 loop {
656 state
657 .executor
658 .sleep(std::time::Duration::from_secs(30))
659 .await;
660
661 for provider in LanguageModelProvider::iter() {
662 for model in state.db.model_names_for_provider(provider) {
663 if let Some(active_user_count) = state
664 .get_active_user_count(provider, &model)
665 .await
666 .log_err()
667 {
668 tracing::info!(
669 target: "active user counts",
670 provider = provider.to_string(),
671 model = model,
672 users_in_recent_minutes = active_user_count.users_in_recent_minutes,
673 users_in_recent_days = active_user_count.users_in_recent_days,
674 );
675 }
676 }
677 }
678
679 if let Some(usages) = state
680 .db
681 .get_application_wide_usages_by_model(Utc::now())
682 .await
683 .log_err()
684 {
685 for usage in usages {
686 tracing::info!(
687 target: "computed usage",
688 provider = usage.provider.to_string(),
689 model = usage.model,
690 requests_this_minute = usage.requests_this_minute,
691 tokens_this_minute = usage.tokens_this_minute,
692 );
693 }
694 }
695 }
696 })
697}