@wopr-network/platform-core 1.39.7 → 1.42.0

package/dist/db/schema/tenants.js

@@ -4,7 +4,7 @@ export const tenants = pgTable("tenants", {
     id: text("id").primaryKey(), // nanoid or crypto.randomUUID()
     name: text("name").notNull(),
     slug: text("slug").unique(),
-    type: text("type").notNull(), // "personal" | "org"
+    type: text("type").notNull(), // "personal" | "org" | "platform_service"
     ownerId: text("owner_id").notNull(), // user who created it
     billingEmail: text("billing_email"),
     createdAt: bigint("created_at", { mode: "number" })
@@ -14,5 +14,5 @@ export const tenants = pgTable("tenants", {
     index("idx_tenants_slug").on(table.slug),
     index("idx_tenants_owner").on(table.ownerId),
     index("idx_tenants_type").on(table.type),
-    check("chk_tenants_type", sql `${table.type} IN ('personal', 'org')`),
+    check("chk_tenants_type", sql `${table.type} IN ('personal', 'org', 'platform_service')`),
 ]);

package/dist/db/seed-platform-service-tenant.d.ts

@@ -0,0 +1,6 @@
+import type { DrizzleDb } from "./index.js";
+export interface PlatformServiceSeedResult {
+    tenantId: string;
+    serviceKey: string | null;
+}
+export declare function seedPlatformServiceTenant(db: DrizzleDb): Promise<PlatformServiceSeedResult>;

package/dist/db/seed-platform-service-tenant.js

@@ -0,0 +1,42 @@
+/**
+ * Idempotent seed: creates the holyship-platform internal billing tenant
+ * with a stable service key for platform-to-gateway LLM billing.
+ *
+ * Safe to call on every boot — skips if the tenant already exists.
+ */
+import { createHash, randomBytes } from "node:crypto";
+import { eq } from "drizzle-orm";
+import { gatewayServiceKeys } from "./schema/gateway-service-keys.js";
+import { tenants } from "./schema/tenants.js";
+const PLATFORM_TENANT_ID = "holyship-platform";
+const PLATFORM_TENANT_SLUG = "holyship-platform";
+const PLATFORM_INSTANCE_ID = "holyship-platform-internal";
+export async function seedPlatformServiceTenant(db) {
+    // Check if tenant already exists
+    const existing = await db.select({ id: tenants.id }).from(tenants).where(eq(tenants.id, PLATFORM_TENANT_ID)).limit(1);
+    if (existing.length > 0) {
+        return { tenantId: PLATFORM_TENANT_ID, serviceKey: null };
+    }
+    // Create the platform_service tenant
+    await db.insert(tenants).values({
+        id: PLATFORM_TENANT_ID,
+        name: "Holy Ship Platform",
+        slug: PLATFORM_TENANT_SLUG,
+        type: "platform_service",
+        ownerId: "system",
+        billingEmail: null,
+        createdAt: Date.now(),
+    });
+    // Generate a service key and store its hash
+    const rawKey = `sk-hs-${randomBytes(24).toString("hex")}`;
+    const keyHash = createHash("sha256").update(rawKey).digest("hex");
+    await db.insert(gatewayServiceKeys).values({
+        id: crypto.randomUUID(),
+        keyHash,
+        tenantId: PLATFORM_TENANT_ID,
+        instanceId: PLATFORM_INSTANCE_ID,
+        createdAt: Date.now(),
+        revokedAt: null,
+    });
+    return { tenantId: PLATFORM_TENANT_ID, serviceKey: rawKey };
+}

package/dist/gateway/capability-rate-limit.js

@@ -63,7 +63,8 @@ export function capabilityRateLimit(config, repo) {
             return next();
         }
         const tenant = c.get("gatewayTenant");
-        const tenantId = tenant?.id ?? "unknown";
+        const attributedTenantId = c.get("attributedTenantId");
+        const tenantId = attributedTenantId ?? tenant?.id ?? "unknown";
         const max = limits[category];
         const scope = `cap:${category}`;
         const now = Date.now();

package/dist/gateway/credit-gate.d.ts

@@ -43,4 +43,4 @@ export declare function creditBalanceCheck(c: Context<GatewayAuthEnv>, deps: Cre
 /**
  * Post-call credit debit. Fire-and-forget — never fails the response.
  */
-export declare function debitCredits(deps: CreditGateDeps, tenantId: string, costUsd: number, margin: number, capability: string, provider: string, attributedUserId?: string): Promise<void>;
+export declare function debitCredits(deps: CreditGateDeps, tenantId: string, costUsd: number, margin: number, capability: string, provider: string, attributedUserId?: string, attributedTenantId?: string | null): Promise<void>;

package/dist/gateway/credit-gate.js

@@ -21,6 +21,11 @@ export async function creditBalanceCheck(c, deps, estimatedCostCents = 0) {
     if (!deps.creditLedger)
         return null;
     const tenant = c.get("gatewayTenant");
+    // Platform service accounts bypass the pre-call balance gate.
+    // The company never 402s itself. Debit still runs post-call for P&L tracking.
+    if (tenant.type === "platform_service") {
+        return null;
+    }
     const balance = await deps.creditLedger.balance(tenant.id);
     const required = Math.max(0, estimatedCostCents);
     const graceBuffer = deps.graceBufferCents ?? 50; // default -$0.50
@@ -55,7 +60,7 @@ export async function creditBalanceCheck(c, deps, estimatedCostCents = 0) {
 /**
  * Post-call credit debit. Fire-and-forget — never fails the response.
  */
-export async function debitCredits(deps, tenantId, costUsd, margin, capability, provider, attributedUserId) {
+export async function debitCredits(deps, tenantId, costUsd, margin, capability, provider, attributedUserId, attributedTenantId) {
     if (!deps.creditLedger)
         return;
     const chargeCredit = withMargin(Credit.fromDollars(costUsd), margin);
@@ -75,6 +80,7 @@ export async function debitCredits(deps, tenantId, costUsd, margin, capability,
             description: `Gateway ${capability} via ${provider}`,
             allowNegative: true,
             attributedUserId,
+            ...(attributedTenantId ? { attributed_tenant_id: attributedTenantId } : {}),
         });
         // Only fire on first zero-crossing (balance was positive before, now ≤ 0)
         if (deps.onBalanceExhausted) {

package/dist/gateway/protocol/anthropic.js

@@ -96,6 +96,7 @@ export function createAnthropicRoutes(deps) {
 function messagesHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -174,7 +175,7 @@ function messagesHandler(deps) {
                         provider: "openrouter",
                         timestamp: Date.now(),
                     });
-                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
                 }
                 return new Response(res.body, {
                     status: res.status,

package/dist/gateway/protocol/openai.js

@@ -109,6 +109,7 @@ export function createOpenAIRoutes(deps) {
 function chatCompletionsHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -187,7 +188,7 @@ function chatCompletionsHandler(deps) {
                         provider: "openrouter",
                         timestamp: Date.now(),
                     });
-                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
                 }
                 return new Response(res.body, {
                     status: res.status,
@@ -219,7 +220,7 @@ function chatCompletionsHandler(deps) {
                     provider: "openrouter",
                     timestamp: Date.now(),
                 });
-                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
             }
             return new Response(responseBody, {
                 status: res.status,
@@ -246,6 +247,7 @@ function chatCompletionsHandler(deps) {
 function embeddingsHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -311,7 +313,7 @@ function embeddingsHandler(deps) {
                     provider: "openrouter",
                     timestamp: Date.now(),
                 });
-                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter");
+                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter", undefined, attributedTenantId);
             }
             return new Response(responseBody, {
                 status: res.status,

package/dist/gateway/service-key-auth.d.ts

@@ -11,6 +11,7 @@ export interface GatewayAuthEnv {
     Variables: {
         gatewayTenant: GatewayTenant;
         webhookBody: Record<string, unknown>;
+        attributedTenantId: string | null;
     };
 }
 /**

package/dist/gateway/service-key-auth.js

@@ -61,6 +61,8 @@ export function serviceKeyAuth(resolveServiceKey) {
             }, 401);
         }
         c.set("gatewayTenant", tenant);
+        const attributedTenantId = c.req.header("x-attribute-to") ?? null;
+        c.set("attributedTenantId", attributedTenantId);
         return next();
     };
 }

package/dist/gateway/types.d.ts

@@ -34,6 +34,8 @@ export interface GatewayEndpoint {
 export interface GatewayTenant {
     /** Tenant ID */
     id: string;
+    /** Tenant type — platform_service accounts bypass the pre-call credit gate */
+    type?: "personal" | "org" | "platform_service";
     /** Spend limits for budget checking */
     spendLimits: SpendLimits;
     /** Plan tier for rate limit lookup */

package/drizzle/migrations/0013_platform_service_tenant_type.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "tenants" DROP CONSTRAINT "chk_tenants_type";
+--> statement-breakpoint
+ALTER TABLE "tenants" ADD CONSTRAINT "chk_tenants_type" CHECK ("tenants"."type" IN ('personal', 'org', 'platform_service'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.39.7",
+  "version": "1.42.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/db/schema/tenants.ts

@@ -7,7 +7,7 @@ export const tenants = pgTable(
     id: text("id").primaryKey(), // nanoid or crypto.randomUUID()
     name: text("name").notNull(),
     slug: text("slug").unique(),
-    type: text("type").notNull(), // "personal" | "org"
+    type: text("type").notNull(), // "personal" | "org" | "platform_service"
     ownerId: text("owner_id").notNull(), // user who created it
     billingEmail: text("billing_email"),
     createdAt: bigint("created_at", { mode: "number" })
@@ -18,6 +18,6 @@ export const tenants = pgTable(
     index("idx_tenants_slug").on(table.slug),
     index("idx_tenants_owner").on(table.ownerId),
     index("idx_tenants_type").on(table.type),
-    check("chk_tenants_type", sql`${table.type} IN ('personal', 'org')`),
+    check("chk_tenants_type", sql`${table.type} IN ('personal', 'org', 'platform_service')`),
   ],
 );

package/src/db/seed-platform-service-tenant.ts

@@ -0,0 +1,55 @@
+/**
+ * Idempotent seed: creates the holyship-platform internal billing tenant
+ * with a stable service key for platform-to-gateway LLM billing.
+ *
+ * Safe to call on every boot — skips if the tenant already exists.
+ */
+import { createHash, randomBytes } from "node:crypto";
+import { eq } from "drizzle-orm";
+import type { DrizzleDb } from "./index.js";
+import { gatewayServiceKeys } from "./schema/gateway-service-keys.js";
+import { tenants } from "./schema/tenants.js";
+
+const PLATFORM_TENANT_ID = "holyship-platform";
+const PLATFORM_TENANT_SLUG = "holyship-platform";
+const PLATFORM_INSTANCE_ID = "holyship-platform-internal";
+
+export interface PlatformServiceSeedResult {
+  tenantId: string;
+  serviceKey: string | null; // null if tenant + key already existed
+}
+
+export async function seedPlatformServiceTenant(db: DrizzleDb): Promise<PlatformServiceSeedResult> {
+  // Check if tenant already exists
+  const existing = await db.select({ id: tenants.id }).from(tenants).where(eq(tenants.id, PLATFORM_TENANT_ID)).limit(1);
+
+  if (existing.length > 0) {
+    return { tenantId: PLATFORM_TENANT_ID, serviceKey: null };
+  }
+
+  // Create the platform_service tenant
+  await db.insert(tenants).values({
+    id: PLATFORM_TENANT_ID,
+    name: "Holy Ship Platform",
+    slug: PLATFORM_TENANT_SLUG,
+    type: "platform_service",
+    ownerId: "system",
+    billingEmail: null,
+    createdAt: Date.now(),
+  });
+
+  // Generate a service key and store its hash
+  const rawKey = `sk-hs-${randomBytes(24).toString("hex")}`;
+  const keyHash = createHash("sha256").update(rawKey).digest("hex");
+
+  await db.insert(gatewayServiceKeys).values({
+    id: crypto.randomUUID(),
+    keyHash,
+    tenantId: PLATFORM_TENANT_ID,
+    instanceId: PLATFORM_INSTANCE_ID,
+    createdAt: Date.now(),
+    revokedAt: null,
+  });
+
+  return { tenantId: PLATFORM_TENANT_ID, serviceKey: rawKey };
+}

package/src/gateway/capability-rate-limit.ts

@@ -94,7 +94,8 @@ export function capabilityRateLimit(
     }
 
     const tenant = c.get("gatewayTenant") as GatewayTenant | undefined;
-    const tenantId = tenant?.id ?? "unknown";
+    const attributedTenantId = c.get("attributedTenantId") as string | null | undefined;
+    const tenantId = attributedTenantId ?? tenant?.id ?? "unknown";
     const max = limits[category];
     const scope = `cap:${category}`;
     const now = Date.now();

package/src/gateway/credit-gate.ts

@@ -54,6 +54,13 @@ export async function creditBalanceCheck(
   if (!deps.creditLedger) return null;
 
   const tenant = c.get("gatewayTenant");
+
+  // Platform service accounts bypass the pre-call balance gate.
+  // The company never 402s itself. Debit still runs post-call for P&L tracking.
+  if (tenant.type === "platform_service") {
+    return null;
+  }
+
   const balance = await deps.creditLedger.balance(tenant.id);
   const required = Math.max(0, estimatedCostCents);
   const graceBuffer = deps.graceBufferCents ?? 50; // default -$0.50
@@ -100,6 +107,7 @@ export async function debitCredits(
   capability: string,
   provider: string,
   attributedUserId?: string,
+  attributedTenantId?: string | null,
 ): Promise<void> {
   if (!deps.creditLedger) return;
 
@@ -122,6 +130,7 @@ export async function debitCredits(
       description: `Gateway ${capability} via ${provider}`,
       allowNegative: true,
       attributedUserId,
+      ...(attributedTenantId ? { attributed_tenant_id: attributedTenantId } : {}),
     });
 
     // Only fire on first zero-crossing (balance was positive before, now ≤ 0)

package/src/gateway/protocol/anthropic.ts

@@ -136,6 +136,7 @@ export function createAnthropicRoutes(deps: ProtocolDeps): Hono<GatewayAuthEnv>
 function messagesHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -224,7 +225,16 @@ function messagesHandler(deps: ProtocolDeps) {
             provider: "openrouter",
             timestamp: Date.now(),
           });
-          debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+          debitCredits(
+            deps,
+            tenant.id,
+            costUsd,
+            deps.defaultMargin,
+            "chat-completions",
+            "openrouter",
+            undefined,
+            attributedTenantId,
+          );
         }
 
         return new Response(res.body, {

package/src/gateway/protocol/openai.ts

@@ -146,6 +146,7 @@ export function createOpenAIRoutes(deps: ProtocolDeps): Hono<GatewayAuthEnv> {
 function chatCompletionsHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -241,7 +242,16 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
             provider: "openrouter",
             timestamp: Date.now(),
           });
-          debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+          debitCredits(
+            deps,
+            tenant.id,
+            costUsd,
+            deps.defaultMargin,
+            "chat-completions",
+            "openrouter",
+            undefined,
+            attributedTenantId,
+          );
         }
 
         return new Response(res.body, {
@@ -277,7 +287,16 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
           provider: "openrouter",
           timestamp: Date.now(),
         });
-        debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+        debitCredits(
+          deps,
+          tenant.id,
+          costUsd,
+          deps.defaultMargin,
+          "chat-completions",
+          "openrouter",
+          undefined,
+          attributedTenantId,
+        );
       }
 
       return new Response(responseBody, {
@@ -309,6 +328,7 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
 function embeddingsHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -391,7 +411,16 @@ function embeddingsHandler(deps: ProtocolDeps) {
           provider: "openrouter",
           timestamp: Date.now(),
         });
-        debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter");
+        debitCredits(
+          deps,
+          tenant.id,
+          costUsd,
+          deps.defaultMargin,
+          "embeddings",
+          "openrouter",
+          undefined,
+          attributedTenantId,
+        );
       }
 
       return new Response(responseBody, {

package/src/gateway/service-key-auth.ts

@@ -14,6 +14,7 @@ export interface GatewayAuthEnv {
   Variables: {
     gatewayTenant: GatewayTenant;
     webhookBody: Record<string, unknown>;
+    attributedTenantId: string | null;
   };
 }
 
@@ -90,6 +91,8 @@ export function serviceKeyAuth(
     }
 
     c.set("gatewayTenant", tenant);
+    const attributedTenantId = c.req.header("x-attribute-to") ?? null;
+    c.set("attributedTenantId", attributedTenantId);
     return next();
   };
 }

package/src/gateway/types.ts

@@ -47,6 +47,8 @@ export interface GatewayEndpoint {
 export interface GatewayTenant {
   /** Tenant ID */
   id: string;
+  /** Tenant type — platform_service accounts bypass the pre-call credit gate */
+  type?: "personal" | "org" | "platform_service";
   /** Spend limits for budget checking */
   spendLimits: SpendLimits;
   /** Plan tier for rate limit lookup */