@wopr-network/platform-core 1.40.0 → 1.42.1

package/dist/api/middleware/get-client-ip.d.ts

@@ -4,11 +4,20 @@ import type { Context } from "hono";
  * Returns an empty set if the value is undefined or empty.
  */
 export declare function parseTrustedProxies(envValue: string | undefined): Set<string>;
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export declare function isPrivateIp(ip: string): boolean;
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **first** (leftmost)
- *   value from `X-Forwarded-For` (the original client IP).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **first** (leftmost) value from
+ *   `X-Forwarded-For` (the original client IP).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */

package/dist/api/middleware/get-client-ip.js

@@ -14,19 +14,43 @@ export function parseTrustedProxies(envValue) {
 function normalizeIp(ip) {
     return ip.startsWith("::ffff:") ? ip.slice(7) : ip;
 }
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export function isPrivateIp(ip) {
+    const parts = ip.split(".");
+    if (parts.length !== 4)
+        return false;
+    const a = Number.parseInt(parts[0], 10);
+    const b = Number.parseInt(parts[1], 10);
+    if (a === 10)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 127)
+        return true;
+    return false;
+}
 // Parsed once at module load — no per-request overhead.
 const trustedProxies = parseTrustedProxies(process.env.TRUSTED_PROXY_IPS);
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **first** (leftmost)
- *   value from `X-Forwarded-For` (the original client IP).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **first** (leftmost) value from
+ *   `X-Forwarded-For` (the original client IP).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */
 export function getClientIp(xffHeader, socketAddr, trusted = trustedProxies) {
     const normalizedSocket = socketAddr ? normalizeIp(socketAddr) : undefined;
-    if (xffHeader && normalizedSocket && trusted.has(normalizedSocket)) {
+    if (xffHeader && normalizedSocket && (trusted.has(normalizedSocket) || isPrivateIp(normalizedSocket))) {
         const parts = xffHeader.split(",");
         const first = parts[0]?.trim();
         if (first)

package/dist/api/middleware/rate-limit.d.ts

@@ -10,7 +10,7 @@
  */
 import type { Context, MiddlewareHandler } from "hono";
 import type { IRateLimitRepository } from "../rate-limit-repository.js";
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 export interface RateLimitConfig {
     /** Maximum number of requests per window. */
     max: number;

package/dist/api/middleware/rate-limit.js

@@ -9,7 +9,7 @@
  * State is persisted via IRateLimitRepository (DB-backed in production).
  */
 import { getClientIpFromContext } from "./get-client-ip.js";
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -132,8 +132,12 @@ const CHANNEL_VALIDATE_LIMIT = { max: 10 };
 const FLEET_CREATE_LIMIT = { max: 30 };
 /** Fleet read operations (GET /fleet/*): 120 req/min */
 const FLEET_READ_LIMIT = { max: 120 };
-/** Default for everything else: 60 req/min */
-const DEFAULT_LIMIT = { max: 60 };
+/** Default for everything else: 200 req/min.
+ * A single Next.js page load triggers ~60-70 REST requests (sidebar, credits,
+ * session validation, marketplace, etc.). 60 was too low and caused users to
+ * hit rate limits on their first page load. Sensitive endpoints (auth, billing,
+ * signup) have their own stricter limits below. */
+const DEFAULT_LIMIT = { max: 200 };
 /** Auth login: 5 failed attempts per 15 minutes (WOP-839) */
 const AUTH_LOGIN_LIMIT = {
     max: 5,

package/dist/gateway/capability-rate-limit.js

@@ -63,7 +63,8 @@ export function capabilityRateLimit(config, repo) {
             return next();
         }
         const tenant = c.get("gatewayTenant");
-        const tenantId = tenant?.id ?? "unknown";
+        const attributedTenantId = c.get("attributedTenantId");
+        const tenantId = attributedTenantId ?? tenant?.id ?? "unknown";
         const max = limits[category];
         const scope = `cap:${category}`;
         const now = Date.now();

package/dist/gateway/credit-gate.d.ts

@@ -43,4 +43,4 @@ export declare function creditBalanceCheck(c: Context<GatewayAuthEnv>, deps: Cre
 /**
  * Post-call credit debit. Fire-and-forget — never fails the response.
  */
-export declare function debitCredits(deps: CreditGateDeps, tenantId: string, costUsd: number, margin: number, capability: string, provider: string, attributedUserId?: string): Promise<void>;
+export declare function debitCredits(deps: CreditGateDeps, tenantId: string, costUsd: number, margin: number, capability: string, provider: string, attributedUserId?: string, attributedTenantId?: string | null): Promise<void>;

package/dist/gateway/credit-gate.js

@@ -21,6 +21,11 @@ export async function creditBalanceCheck(c, deps, estimatedCostCents = 0) {
     if (!deps.creditLedger)
         return null;
     const tenant = c.get("gatewayTenant");
+    // Platform service accounts bypass the pre-call balance gate.
+    // The company never 402s itself. Debit still runs post-call for P&L tracking.
+    if (tenant.type === "platform_service") {
+        return null;
+    }
     const balance = await deps.creditLedger.balance(tenant.id);
     const required = Math.max(0, estimatedCostCents);
     const graceBuffer = deps.graceBufferCents ?? 50; // default -$0.50
@@ -55,7 +60,7 @@ export async function creditBalanceCheck(c, deps, estimatedCostCents = 0) {
 /**
  * Post-call credit debit. Fire-and-forget — never fails the response.
  */
-export async function debitCredits(deps, tenantId, costUsd, margin, capability, provider, attributedUserId) {
+export async function debitCredits(deps, tenantId, costUsd, margin, capability, provider, attributedUserId, attributedTenantId) {
     if (!deps.creditLedger)
         return;
     const chargeCredit = withMargin(Credit.fromDollars(costUsd), margin);
@@ -75,6 +80,7 @@ export async function debitCredits(deps, tenantId, costUsd, margin, capability,
             description: `Gateway ${capability} via ${provider}`,
             allowNegative: true,
             attributedUserId,
+            ...(attributedTenantId ? { attributed_tenant_id: attributedTenantId } : {}),
         });
         // Only fire on first zero-crossing (balance was positive before, now ≤ 0)
         if (deps.onBalanceExhausted) {

package/dist/gateway/protocol/anthropic.js

@@ -96,6 +96,7 @@ export function createAnthropicRoutes(deps) {
 function messagesHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -174,7 +175,7 @@ function messagesHandler(deps) {
                         provider: "openrouter",
                         timestamp: Date.now(),
                     });
-                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
                 }
                 return new Response(res.body, {
                     status: res.status,

package/dist/gateway/protocol/openai.js

@@ -109,6 +109,7 @@ export function createOpenAIRoutes(deps) {
 function chatCompletionsHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -187,7 +188,7 @@ function chatCompletionsHandler(deps) {
                         provider: "openrouter",
                         timestamp: Date.now(),
                     });
-                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                    debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
                 }
                 return new Response(res.body, {
                     status: res.status,
@@ -219,7 +220,7 @@ function chatCompletionsHandler(deps) {
                     provider: "openrouter",
                     timestamp: Date.now(),
                 });
-                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter", undefined, attributedTenantId);
             }
             return new Response(responseBody, {
                 status: res.status,
@@ -246,6 +247,7 @@ function chatCompletionsHandler(deps) {
 function embeddingsHandler(deps) {
     return async (c) => {
         const tenant = c.get("gatewayTenant");
+        const attributedTenantId = c.get("attributedTenantId");
         // Budget check
         const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
         if (!budgetResult.allowed) {
@@ -311,7 +313,7 @@ function embeddingsHandler(deps) {
                     provider: "openrouter",
                     timestamp: Date.now(),
                 });
-                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter");
+                debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter", undefined, attributedTenantId);
             }
             return new Response(responseBody, {
                 status: res.status,

package/dist/gateway/service-key-auth.d.ts

@@ -11,6 +11,7 @@ export interface GatewayAuthEnv {
     Variables: {
         gatewayTenant: GatewayTenant;
         webhookBody: Record<string, unknown>;
+        attributedTenantId: string | null;
     };
 }
 /**

package/dist/gateway/service-key-auth.js

@@ -61,6 +61,8 @@ export function serviceKeyAuth(resolveServiceKey) {
             }, 401);
         }
         c.set("gatewayTenant", tenant);
+        const attributedTenantId = c.req.header("x-attribute-to") ?? null;
+        c.set("attributedTenantId", attributedTenantId);
         return next();
     };
 }

package/dist/gateway/types.d.ts

@@ -34,6 +34,8 @@ export interface GatewayEndpoint {
 export interface GatewayTenant {
     /** Tenant ID */
     id: string;
+    /** Tenant type — platform_service accounts bypass the pre-call credit gate */
+    type?: "personal" | "org" | "platform_service";
     /** Spend limits for budget checking */
     spendLimits: SpendLimits;
     /** Plan tier for rate limit lookup */

package/dist/middleware/get-client-ip.d.ts

@@ -4,11 +4,20 @@ import type { Context } from "hono";
  * Returns an empty set if the value is undefined or empty.
  */
 export declare function parseTrustedProxies(envValue: string | undefined): Set<string>;
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export declare function isPrivateIp(ip: string): boolean;
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **last** (rightmost)
- *   value from `X-Forwarded-For` (closest hop to the trusted proxy).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **last** (rightmost) value from
+ *   `X-Forwarded-For` (closest hop to the trusted proxy).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */

package/dist/middleware/get-client-ip.js

@@ -14,19 +14,43 @@ export function parseTrustedProxies(envValue) {
 function normalizeIp(ip) {
     return ip.startsWith("::ffff:") ? ip.slice(7) : ip;
 }
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export function isPrivateIp(ip) {
+    const parts = ip.split(".");
+    if (parts.length !== 4)
+        return false;
+    const a = Number.parseInt(parts[0], 10);
+    const b = Number.parseInt(parts[1], 10);
+    if (a === 10)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 127)
+        return true;
+    return false;
+}
 // Parsed once at module load — no per-request overhead.
 const trustedProxies = parseTrustedProxies(process.env.TRUSTED_PROXY_IPS);
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **last** (rightmost)
- *   value from `X-Forwarded-For` (closest hop to the trusted proxy).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **last** (rightmost) value from
+ *   `X-Forwarded-For` (closest hop to the trusted proxy).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */
 export function getClientIp(xffHeader, socketAddr, trusted = trustedProxies) {
     const normalizedSocket = socketAddr ? normalizeIp(socketAddr) : undefined;
-    if (xffHeader && normalizedSocket && trusted.has(normalizedSocket)) {
+    if (xffHeader && normalizedSocket && (trusted.has(normalizedSocket) || isPrivateIp(normalizedSocket))) {
         // Trust XFF — take the rightmost (last) value
         const parts = xffHeader.split(",");
         const last = parts[parts.length - 1]?.trim();

package/dist/middleware/get-client-ip.test.js

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+import { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 describe("parseTrustedProxies", () => {
     it("returns empty set for undefined", () => {
         expect(parseTrustedProxies(undefined).size).toBe(0);
@@ -14,6 +14,37 @@ describe("parseTrustedProxies", () => {
         expect(result.size).toBe(2);
     });
 });
+describe("isPrivateIp", () => {
+    it("identifies 10.x.x.x as private", () => {
+        expect(isPrivateIp("10.0.0.1")).toBe(true);
+        expect(isPrivateIp("10.255.255.255")).toBe(true);
+    });
+    it("identifies 172.16-31.x.x as private", () => {
+        expect(isPrivateIp("172.16.0.1")).toBe(true);
+        expect(isPrivateIp("172.18.0.5")).toBe(true);
+        expect(isPrivateIp("172.31.255.255")).toBe(true);
+    });
+    it("rejects 172.15.x.x and 172.32.x.x as non-private", () => {
+        expect(isPrivateIp("172.15.0.1")).toBe(false);
+        expect(isPrivateIp("172.32.0.1")).toBe(false);
+    });
+    it("identifies 192.168.x.x as private", () => {
+        expect(isPrivateIp("192.168.0.1")).toBe(true);
+        expect(isPrivateIp("192.168.1.100")).toBe(true);
+    });
+    it("identifies 127.x.x.x as private (loopback)", () => {
+        expect(isPrivateIp("127.0.0.1")).toBe(true);
+    });
+    it("rejects public IPs", () => {
+        expect(isPrivateIp("8.8.8.8")).toBe(false);
+        expect(isPrivateIp("1.2.3.4")).toBe(false);
+        expect(isPrivateIp("203.0.113.1")).toBe(false);
+    });
+    it("rejects non-IPv4 strings", () => {
+        expect(isPrivateIp("::1")).toBe(false);
+        expect(isPrivateIp("not-an-ip")).toBe(false);
+    });
+});
 describe("getClientIp", () => {
     it("returns socket address when no trusted proxies configured", () => {
         expect(getClientIp("attacker-spoofed", "1.2.3.4", new Set())).toBe("1.2.3.4");
@@ -37,4 +68,15 @@ describe("getClientIp", () => {
     it("returns 'unknown' when no socket and no XFF", () => {
         expect(getClientIp(undefined, undefined, new Set())).toBe("unknown");
     });
+    it("auto-trusts private IPs even without explicit trusted proxy set", () => {
+        expect(getClientIp("real-client", "172.18.0.5", new Set())).toBe("real-client");
+        expect(getClientIp("real-client", "192.168.1.1", new Set())).toBe("real-client");
+        expect(getClientIp("real-client", "10.0.0.1", new Set())).toBe("real-client");
+    });
+    it("auto-trusts IPv6-mapped private IPs", () => {
+        expect(getClientIp("real-client", "::ffff:172.18.0.5", new Set())).toBe("real-client");
+    });
+    it("does NOT auto-trust public IPs without explicit proxy config", () => {
+        expect(getClientIp("spoofed", "8.8.8.8", new Set())).toBe("8.8.8.8");
+    });
 });

package/dist/middleware/rate-limit.d.ts

@@ -10,7 +10,7 @@
  */
 import type { Context, MiddlewareHandler } from "hono";
 import type { IRateLimitRepository } from "./rate-limit-repository.js";
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 export interface RateLimitConfig {
     /** Maximum number of requests per window. */
     max: number;

package/dist/middleware/rate-limit.js

@@ -9,7 +9,7 @@
  * State is persisted via IRateLimitRepository (DB-backed in production).
  */
 import { getClientIpFromContext } from "./get-client-ip.js";
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------

package/dist/middleware/rate-limit.test.js

@@ -196,11 +196,17 @@ describe("trusted proxy validation", () => {
     afterEach(() => {
         vi.useRealTimers();
     });
-    it("ignores X-Forwarded-For when TRUSTED_PROXY_IPS is not set", () => {
+    it("auto-trusts private IPs even when TRUSTED_PROXY_IPS is not set", () => {
         const trusted = parseTrustedProxies(undefined);
         expect(trusted.size).toBe(0);
+        // Private IPs are auto-trusted — XFF is used
         const ip = getClientIp("spoofed-ip", "192.168.1.100", trusted);
-        expect(ip).toBe("192.168.1.100");
+        expect(ip).toBe("spoofed-ip");
+    });
+    it("ignores X-Forwarded-For from public IPs when TRUSTED_PROXY_IPS is not set", () => {
+        const trusted = parseTrustedProxies(undefined);
+        const ip = getClientIp("spoofed-ip", "203.0.113.1", trusted);
+        expect(ip).toBe("203.0.113.1");
     });
     it("trusts X-Forwarded-For when socket address is in TRUSTED_PROXY_IPS", () => {
         const trusted = parseTrustedProxies("172.18.0.5,10.0.0.1");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.40.0",
+  "version": "1.42.1",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/api/middleware/get-client-ip.ts

@@ -19,14 +19,34 @@ function normalizeIp(ip: string): string {
   return ip.startsWith("::ffff:") ? ip.slice(7) : ip;
 }
 
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export function isPrivateIp(ip: string): boolean {
+  const parts = ip.split(".");
+  if (parts.length !== 4) return false;
+  const a = Number.parseInt(parts[0], 10);
+  const b = Number.parseInt(parts[1], 10);
+  if (a === 10) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 168) return true;
+  if (a === 127) return true;
+  return false;
+}
+
 // Parsed once at module load — no per-request overhead.
 const trustedProxies = parseTrustedProxies(process.env.TRUSTED_PROXY_IPS);
 
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **first** (leftmost)
- *   value from `X-Forwarded-For` (the original client IP).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **first** (leftmost) value from
+ *   `X-Forwarded-For` (the original client IP).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */
@@ -37,7 +57,7 @@ export function getClientIp(
 ): string {
   const normalizedSocket = socketAddr ? normalizeIp(socketAddr) : undefined;
 
-  if (xffHeader && normalizedSocket && trusted.has(normalizedSocket)) {
+  if (xffHeader && normalizedSocket && (trusted.has(normalizedSocket) || isPrivateIp(normalizedSocket))) {
     const parts = xffHeader.split(",");
     const first = parts[0]?.trim();
     if (first) return first;

package/src/api/middleware/rate-limit.ts

@@ -13,7 +13,7 @@ import type { Context, MiddlewareHandler, Next } from "hono";
 import type { IRateLimitRepository } from "../rate-limit-repository.js";
 import { getClientIpFromContext } from "./get-client-ip.js";
 
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -202,8 +202,12 @@ const FLEET_CREATE_LIMIT: Omit<RateLimitConfig, "repo" | "scope"> = { max: 30 };
 /** Fleet read operations (GET /fleet/*): 120 req/min */
 const FLEET_READ_LIMIT: Omit<RateLimitConfig, "repo" | "scope"> = { max: 120 };
 
-/** Default for everything else: 60 req/min */
-const DEFAULT_LIMIT: Omit<RateLimitConfig, "repo" | "scope"> = { max: 60 };
+/** Default for everything else: 200 req/min.
+ * A single Next.js page load triggers ~60-70 REST requests (sidebar, credits,
+ * session validation, marketplace, etc.). 60 was too low and caused users to
+ * hit rate limits on their first page load. Sensitive endpoints (auth, billing,
+ * signup) have their own stricter limits below. */
+const DEFAULT_LIMIT: Omit<RateLimitConfig, "repo" | "scope"> = { max: 200 };
 
 /** Auth login: 5 failed attempts per 15 minutes (WOP-839) */
 const AUTH_LOGIN_LIMIT: Omit<RateLimitConfig, "repo" | "scope"> = {

package/src/gateway/capability-rate-limit.ts

@@ -94,7 +94,8 @@ export function capabilityRateLimit(
     }
 
     const tenant = c.get("gatewayTenant") as GatewayTenant | undefined;
-    const tenantId = tenant?.id ?? "unknown";
+    const attributedTenantId = c.get("attributedTenantId") as string | null | undefined;
+    const tenantId = attributedTenantId ?? tenant?.id ?? "unknown";
     const max = limits[category];
     const scope = `cap:${category}`;
     const now = Date.now();

package/src/gateway/credit-gate.ts

@@ -54,6 +54,13 @@ export async function creditBalanceCheck(
   if (!deps.creditLedger) return null;
 
   const tenant = c.get("gatewayTenant");
+
+  // Platform service accounts bypass the pre-call balance gate.
+  // The company never 402s itself. Debit still runs post-call for P&L tracking.
+  if (tenant.type === "platform_service") {
+    return null;
+  }
+
   const balance = await deps.creditLedger.balance(tenant.id);
   const required = Math.max(0, estimatedCostCents);
   const graceBuffer = deps.graceBufferCents ?? 50; // default -$0.50
@@ -100,6 +107,7 @@ export async function debitCredits(
   capability: string,
   provider: string,
   attributedUserId?: string,
+  attributedTenantId?: string | null,
 ): Promise<void> {
   if (!deps.creditLedger) return;
 
@@ -122,6 +130,7 @@ export async function debitCredits(
       description: `Gateway ${capability} via ${provider}`,
       allowNegative: true,
       attributedUserId,
+      ...(attributedTenantId ? { attributed_tenant_id: attributedTenantId } : {}),
     });
 
     // Only fire on first zero-crossing (balance was positive before, now ≤ 0)

package/src/gateway/protocol/anthropic.ts

@@ -136,6 +136,7 @@ export function createAnthropicRoutes(deps: ProtocolDeps): Hono<GatewayAuthEnv>
 function messagesHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -224,7 +225,16 @@ function messagesHandler(deps: ProtocolDeps) {
             provider: "openrouter",
             timestamp: Date.now(),
           });
-          debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+          debitCredits(
+            deps,
+            tenant.id,
+            costUsd,
+            deps.defaultMargin,
+            "chat-completions",
+            "openrouter",
+            undefined,
+            attributedTenantId,
+          );
         }
 
         return new Response(res.body, {

package/src/gateway/protocol/openai.ts

@@ -146,6 +146,7 @@ export function createOpenAIRoutes(deps: ProtocolDeps): Hono<GatewayAuthEnv> {
 function chatCompletionsHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -241,7 +242,16 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
             provider: "openrouter",
             timestamp: Date.now(),
           });
-          debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+          debitCredits(
+            deps,
+            tenant.id,
+            costUsd,
+            deps.defaultMargin,
+            "chat-completions",
+            "openrouter",
+            undefined,
+            attributedTenantId,
+          );
         }
 
         return new Response(res.body, {
@@ -277,7 +287,16 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
           provider: "openrouter",
           timestamp: Date.now(),
         });
-        debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "chat-completions", "openrouter");
+        debitCredits(
+          deps,
+          tenant.id,
+          costUsd,
+          deps.defaultMargin,
+          "chat-completions",
+          "openrouter",
+          undefined,
+          attributedTenantId,
+        );
       }
 
       return new Response(responseBody, {
@@ -309,6 +328,7 @@ function chatCompletionsHandler(deps: ProtocolDeps) {
 function embeddingsHandler(deps: ProtocolDeps) {
   return async (c: Context<GatewayAuthEnv>) => {
     const tenant = c.get("gatewayTenant");
+    const attributedTenantId = c.get("attributedTenantId");
 
     // Budget check
     const budgetResult = await deps.budgetChecker.check(tenant.id, tenant.spendLimits);
@@ -391,7 +411,16 @@ function embeddingsHandler(deps: ProtocolDeps) {
           provider: "openrouter",
           timestamp: Date.now(),
         });
-        debitCredits(deps, tenant.id, costUsd, deps.defaultMargin, "embeddings", "openrouter");
+        debitCredits(
+          deps,
+          tenant.id,
+          costUsd,
+          deps.defaultMargin,
+          "embeddings",
+          "openrouter",
+          undefined,
+          attributedTenantId,
+        );
       }
 
       return new Response(responseBody, {

package/src/gateway/service-key-auth.ts

@@ -14,6 +14,7 @@ export interface GatewayAuthEnv {
   Variables: {
     gatewayTenant: GatewayTenant;
     webhookBody: Record<string, unknown>;
+    attributedTenantId: string | null;
   };
 }
 
@@ -90,6 +91,8 @@ export function serviceKeyAuth(
     }
 
     c.set("gatewayTenant", tenant);
+    const attributedTenantId = c.req.header("x-attribute-to") ?? null;
+    c.set("attributedTenantId", attributedTenantId);
     return next();
   };
 }

package/src/gateway/types.ts

@@ -47,6 +47,8 @@ export interface GatewayEndpoint {
 export interface GatewayTenant {
   /** Tenant ID */
   id: string;
+  /** Tenant type — platform_service accounts bypass the pre-call credit gate */
+  type?: "personal" | "org" | "platform_service";
   /** Spend limits for budget checking */
   spendLimits: SpendLimits;
   /** Plan tier for rate limit lookup */

package/src/middleware/get-client-ip.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+import { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 
 describe("parseTrustedProxies", () => {
   it("returns empty set for undefined", () => {
@@ -18,6 +18,44 @@ describe("parseTrustedProxies", () => {
   });
 });
 
+describe("isPrivateIp", () => {
+  it("identifies 10.x.x.x as private", () => {
+    expect(isPrivateIp("10.0.0.1")).toBe(true);
+    expect(isPrivateIp("10.255.255.255")).toBe(true);
+  });
+
+  it("identifies 172.16-31.x.x as private", () => {
+    expect(isPrivateIp("172.16.0.1")).toBe(true);
+    expect(isPrivateIp("172.18.0.5")).toBe(true);
+    expect(isPrivateIp("172.31.255.255")).toBe(true);
+  });
+
+  it("rejects 172.15.x.x and 172.32.x.x as non-private", () => {
+    expect(isPrivateIp("172.15.0.1")).toBe(false);
+    expect(isPrivateIp("172.32.0.1")).toBe(false);
+  });
+
+  it("identifies 192.168.x.x as private", () => {
+    expect(isPrivateIp("192.168.0.1")).toBe(true);
+    expect(isPrivateIp("192.168.1.100")).toBe(true);
+  });
+
+  it("identifies 127.x.x.x as private (loopback)", () => {
+    expect(isPrivateIp("127.0.0.1")).toBe(true);
+  });
+
+  it("rejects public IPs", () => {
+    expect(isPrivateIp("8.8.8.8")).toBe(false);
+    expect(isPrivateIp("1.2.3.4")).toBe(false);
+    expect(isPrivateIp("203.0.113.1")).toBe(false);
+  });
+
+  it("rejects non-IPv4 strings", () => {
+    expect(isPrivateIp("::1")).toBe(false);
+    expect(isPrivateIp("not-an-ip")).toBe(false);
+  });
+});
+
 describe("getClientIp", () => {
   it("returns socket address when no trusted proxies configured", () => {
     expect(getClientIp("attacker-spoofed", "1.2.3.4", new Set())).toBe("1.2.3.4");
@@ -46,4 +84,18 @@ describe("getClientIp", () => {
   it("returns 'unknown' when no socket and no XFF", () => {
     expect(getClientIp(undefined, undefined, new Set())).toBe("unknown");
   });
+
+  it("auto-trusts private IPs even without explicit trusted proxy set", () => {
+    expect(getClientIp("real-client", "172.18.0.5", new Set())).toBe("real-client");
+    expect(getClientIp("real-client", "192.168.1.1", new Set())).toBe("real-client");
+    expect(getClientIp("real-client", "10.0.0.1", new Set())).toBe("real-client");
+  });
+
+  it("auto-trusts IPv6-mapped private IPs", () => {
+    expect(getClientIp("real-client", "::ffff:172.18.0.5", new Set())).toBe("real-client");
+  });
+
+  it("does NOT auto-trust public IPs without explicit proxy config", () => {
+    expect(getClientIp("spoofed", "8.8.8.8", new Set())).toBe("8.8.8.8");
+  });
 });

package/src/middleware/get-client-ip.ts

@@ -19,14 +19,34 @@ function normalizeIp(ip: string): string {
   return ip.startsWith("::ffff:") ? ip.slice(7) : ip;
 }
 
+/**
+ * Check whether an IPv4 address is in an RFC 1918 private range or loopback.
+ * These are always behind a proxy in production (Docker, k8s, cloud VPCs)
+ * so trusting X-Forwarded-For from them is safe and expected.
+ *
+ * Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8
+ */
+export function isPrivateIp(ip: string): boolean {
+  const parts = ip.split(".");
+  if (parts.length !== 4) return false;
+  const a = Number.parseInt(parts[0], 10);
+  const b = Number.parseInt(parts[1], 10);
+  if (a === 10) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 168) return true;
+  if (a === 127) return true;
+  return false;
+}
+
 // Parsed once at module load — no per-request overhead.
 const trustedProxies = parseTrustedProxies(process.env.TRUSTED_PROXY_IPS);
 
 /**
  * Determine the real client IP.
  *
- * - If `socketAddr` matches a trusted proxy, use the **last** (rightmost)
- *   value from `X-Forwarded-For` (closest hop to the trusted proxy).
+ * - If `socketAddr` matches a trusted proxy (explicit list OR RFC 1918
+ *   private IP), use the **last** (rightmost) value from
+ *   `X-Forwarded-For` (closest hop to the trusted proxy).
  * - Otherwise, use `socketAddr` directly (XFF is untrusted).
  * - Falls back to `"unknown"` if neither is available.
  */
@@ -37,7 +57,7 @@ export function getClientIp(
 ): string {
   const normalizedSocket = socketAddr ? normalizeIp(socketAddr) : undefined;
 
-  if (xffHeader && normalizedSocket && trusted.has(normalizedSocket)) {
+  if (xffHeader && normalizedSocket && (trusted.has(normalizedSocket) || isPrivateIp(normalizedSocket))) {
     // Trust XFF — take the rightmost (last) value
     const parts = xffHeader.split(",");
     const last = parts[parts.length - 1]?.trim();

package/src/middleware/rate-limit.test.ts

@@ -272,12 +272,19 @@ describe("trusted proxy validation", () => {
     vi.useRealTimers();
   });
 
-  it("ignores X-Forwarded-For when TRUSTED_PROXY_IPS is not set", () => {
+  it("auto-trusts private IPs even when TRUSTED_PROXY_IPS is not set", () => {
     const trusted = parseTrustedProxies(undefined);
     expect(trusted.size).toBe(0);
 
+    // Private IPs are auto-trusted — XFF is used
     const ip = getClientIp("spoofed-ip", "192.168.1.100", trusted);
-    expect(ip).toBe("192.168.1.100");
+    expect(ip).toBe("spoofed-ip");
+  });
+
+  it("ignores X-Forwarded-For from public IPs when TRUSTED_PROXY_IPS is not set", () => {
+    const trusted = parseTrustedProxies(undefined);
+    const ip = getClientIp("spoofed-ip", "203.0.113.1", trusted);
+    expect(ip).toBe("203.0.113.1");
   });
 
   it("trusts X-Forwarded-For when socket address is in TRUSTED_PROXY_IPS", () => {

package/src/middleware/rate-limit.ts

@@ -13,7 +13,7 @@ import type { Context, MiddlewareHandler, Next } from "hono";
 import { getClientIpFromContext } from "./get-client-ip.js";
 import type { IRateLimitRepository } from "./rate-limit-repository.js";
 
-export { getClientIp, parseTrustedProxies } from "./get-client-ip.js";
+export { getClientIp, isPrivateIp, parseTrustedProxies } from "./get-client-ip.js";
 
 // ---------------------------------------------------------------------------
 // Types