aigetwey 1.2.0 → 1.3.2

package/src/routes/admin.ts

@@ -16,6 +16,7 @@ import type { FastifyInstance, FastifyRequest, FastifyReply } from "fastify";
 import type { GatewayState } from "../core/state.js";
 import type { UsageDB } from "../db.js";
 import { checkAdminAuth, clientKeyFingerprint, type AdminVerifier } from "../middleware/auth.js";
+import { buildKeyUsageRow } from "../core/keysUsage.js";
 import {
   maskKey,
   serializeConfig,
@@ -44,6 +45,7 @@ import {
   addServerKey,
   editServerKey,
   removeServerKey,
+  setServerKeyScope,
   setBudget,
   clearBudget,
   type Config,
@@ -87,6 +89,23 @@ function maskedConfig(config: Config): Config {
       Object.entries(clone.server.key_names).map(([k, name]) => [maskKey(k), name]),
     );
   }
+  // key_models / key_rpm are keyed by the RAW key — re-key to the masked form so
+  // real keys never leak through /admin/config.
+  if (clone.server.key_models) {
+    clone.server.key_models = Object.fromEntries(
+      Object.entries(clone.server.key_models).map(([k, v]) => [maskKey(k), v]),
+    );
+  }
+  if (clone.server.key_rpm) {
+    clone.server.key_rpm = Object.fromEntries(
+      Object.entries(clone.server.key_rpm).map(([k, v]) => [maskKey(k), v]),
+    );
+  }
+  if (clone.server.key_expires) {
+    clone.server.key_expires = Object.fromEntries(
+      Object.entries(clone.server.key_expires).map(([k, v]) => [maskKey(k), v]),
+    );
+  }
   return clone;
 }
 
@@ -143,12 +162,9 @@ export function registerAdminRoutes(app: FastifyInstance, deps: AdminDeps): void
     reply.send({ providers: deps.state.pool.snapshot(deps.state.config.listProviders()) });
   });
 
-  // per-provider quota: consumed, limit, and ms until the next scheduled reset.
-  app.get("/admin/quota", requireAdmin, (_req, reply) => {
-    reply.send({
-      quota: deps.state.quota.snapshot(deps.state.config.listProviders()),
-      budgets: deps.state.budget.statuses(),
-    });
+  // budget statuses: consumed, limit, and ms until the next scheduled reset.
+  app.get("/admin/budgets", requireAdmin, (_req, reply) => {
+    reply.send({ budgets: deps.state.budget.statuses() });
   });
 
   // add or replace a budget (keyed by scope). Body = Budget; invalid shape or an
@@ -403,7 +419,7 @@ export function registerAdminRoutes(app: FastifyInstance, deps: AdminDeps): void
   });
 
   // Test ONE model end-to-end (aigetwey's per-model science button). Routes through
-  // the real pipeline via handle(), so the ping lands in usage/quota exactly like
+  // the real pipeline via handle(), so the ping lands in usage exactly like
   // a normal call — and it catches "model not found / not entitled" a /models
   // ping can't. Model id travels as ?model= to survive slashes through the proxy.
   app.post("/admin/providers/:id/models/test", requireAdmin, async (req, reply) => {
@@ -414,7 +430,7 @@ export function registerAdminRoutes(app: FastifyInstance, deps: AdminDeps): void
     if (!provider) return reply.code(404).send({ error: `provider "${id}" not found` });
     try {
       await handle(
-        { config: deps.state.config, pool: deps.state.pool, db: deps.db, quota: deps.state.quota },
+        { config: deps.state.config, pool: deps.state.pool, db: deps.db },
         "openai",
         { model: `${id}/${modelId}`, messages: [{ role: "user", content: "ping" }], max_tokens: 1, stream: false },
       );
@@ -564,6 +580,15 @@ export function registerAdminRoutes(app: FastifyInstance, deps: AdminDeps): void
     applyMutation(reply, (c) => editServerKey(c, i, { name: b?.name }));
   });
 
+  // set/clear ONE gateway key's scopes (model allowlist + rpm), by index.
+  app.put("/admin/endpoint/keys/:index/scope", requireAdmin, (req, reply) => {
+    const { index } = req.params as { index: string };
+    const i = Number(index);
+    if (!Number.isInteger(i)) return reply.code(400).send({ error: "index must be an integer" });
+    const b = (req.body ?? {}) as { models?: string[]; rpm?: number | null; expires?: number | null };
+    applyMutation(reply, (c) => setServerKeyScope(c, i, { models: b.models, rpm: b.rpm, expires: b.expires }));
+  });
+
   app.delete("/admin/endpoint/keys/:index", requireAdmin, (req, reply) => {
     const { index } = req.params as { index: string };
     const i = Number(index);
@@ -584,6 +609,26 @@ export function registerAdminRoutes(app: FastifyInstance, deps: AdminDeps): void
     );
   });
 
+  // per-key spend for the Budgets page "Keys" section: every gateway key, its
+  // all-time usage, expiry, and key-scoped budget status (null when uncapped).
+  app.get("/admin/keys/usage", requireAdmin, (_req, reply) => {
+    if (!deps.db) return reply.code(503).send({ error: "usage tracking disabled" });
+    const cfg = deps.state.config.raw;
+    const statuses = deps.state.budget.statuses();
+    const keys = cfg.server.api_keys.map((k) => {
+      const fp = clientKeyFingerprint(k);
+      return buildKeyUsageRow({
+        fingerprint: fp,
+        name: cfg.server.key_names?.[k] ?? maskKey(k),
+        masked: maskKey(k),
+        expires: cfg.server.key_expires?.[k],
+        totals: deps.db!.totals(0, { client_key: fp }),
+        budget: statuses.find((s) => s.scope.type === "key" && s.scope.id === fp) ?? null,
+      });
+    });
+    reply.send({ keys });
+  });
+
   // reveal ONE raw gateway key (the "show key" button on the Endpoint page).
   app.get("/admin/endpoint/keys/:index/reveal", requireAdmin, (req, reply) => {
     const { index } = req.params as { index: string };
@@ -749,6 +794,13 @@ function endpointPayload(config: Config) {
     caveman: config.endpoint.caveman,
     ponytail: config.endpoint.ponytail,
     headroom: config.endpoint.headroom,
-    keys: config.server.api_keys.map((k) => ({ key: maskKey(k), name: config.server.key_names?.[k] })),
+    keys: config.server.api_keys.map((k) => ({
+      key: maskKey(k),
+      fingerprint: clientKeyFingerprint(k),
+      name: config.server.key_names?.[k],
+      models: config.server.key_models?.[k],
+      rpm: config.server.key_rpm?.[k],
+      expires: config.server.key_expires?.[k],
+    })),
   };
 }

package/src/routes/v1.ts

@@ -1,9 +1,11 @@
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { checkAuth, extractKey, clientKeyFingerprint } from "../middleware/auth.js";
+import { isKeyExpired } from "../config.js";
 import type { GatewayState } from "../core/state.js";
 import { handle, GatewayError, type HandleDeps } from "../core/handler.js";
 import type { WireFormat } from "../core/canonical.js";
 import type { UsageDB } from "../db.js";
+import { RateLimiter } from "../core/ratelimit.js";
 
 /**
  * /v1 proxy surface. Auth-gates on the gateway's own keys (read from state each
@@ -11,6 +13,8 @@ import type { UsageDB } from "../db.js";
  * pipeline (non-stream JSON or SSE stream).
  */
 export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?: UsageDB): void {
+  const limiter = new RateLimiter();
+
   const requireAuth = {
     preHandler: (req: FastifyRequest, reply: FastifyReply, done: (err?: Error) => void) => {
       const res = checkAuth(req, state.config.server.api_keys);
@@ -18,6 +22,19 @@ export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?:
         reply.code(res.status ?? 401).send({ error: res.error });
         return; // skip done() to short-circuit the route
       }
+
+      const presented = extractKey(req);
+      if (presented && isKeyExpired(state.config.server, presented, Date.now())) {
+        reply.code(403).send({ error: "key expired" });
+        return; // short-circuit
+      }
+
+      const rpm = presented ? state.config.server.key_rpm?.[presented] : undefined;
+      if (presented && rpm && limiter.over(clientKeyFingerprint(presented), rpm)) {
+        reply.code(429).send({ error: "rate limit exceeded" });
+        return; // short-circuit
+      }
+
       done();
     },
   };
@@ -28,9 +45,9 @@ export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?:
     return {
       config: state.config,
       pool: state.pool,
-      quota: state.quota,
       budget: state.budget,
       db,
+      clientKeyModels: presented ? state.config.server.key_models?.[presented] : undefined,
       clientKeyFp: presented ? clientKeyFingerprint(presented) : undefined,
       log: (msg) => app.log.info(msg),
     };

package/src/server.ts

@@ -4,7 +4,6 @@ import { loadConfig } from "./config.js";
 import { registerRoutes } from "./routes/index.js";
 import { GatewayState } from "./core/state.js";
 import { UsageDB } from "./db.js";
-import { QuotaTracker } from "./core/quota.js";
 import { AuthStore } from "./core/authStore.js";
 import { consoleBuffer } from "./core/console-buffer.js";
 
@@ -52,14 +51,8 @@ async function main(): Promise<void> {
   const dataDir = resolve(process.env.AIGETWEY_DATA_DIR ?? "data");
   const db = new UsageDB(join(dataDir, "usage.sqlite"));
 
-  // quota counts persist via the DB so a restart within a window keeps the budget.
-  const quota = new QuotaTracker(Date.now, {
-    load: () => db.loadQuota(),
-    save: (id, start, consumed) => db.saveQuota(id, start, consumed),
-  });
-
   // holder enables runtime config edits (hot-reload) from the dashboard.
-  const state = new GatewayState(configPath, config, quota, db);
+  const state = new GatewayState(configPath, config, db);
   // admin password lives in a hash store (seeded from the env on first run,
   // changeable at runtime from the dashboard).
   const auth = AuthStore.open(dataDir, process.env.AIGETWEY_ADMIN_PASSWORD);

package/src/stream/anthropic-stream.ts

@@ -25,8 +25,10 @@ interface AnthStreamState {
   toolIndexByBlock: Map<number, number>;
   nextToolIndex: number;
   promptTokens: number;
+  completionTokens: number;
   cachedTokens?: number;
   cacheCreationTokens?: number;
+  reasoningTokens?: number;
 }
 
 export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): AsyncGenerator<CanonicalChunk> {
@@ -36,6 +38,7 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
     toolIndexByBlock: new Map(),
     nextToolIndex: 0,
     promptTokens: 0,
+    completionTokens: 0,
   };
 
   for await (const ev of events) {
@@ -60,14 +63,18 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
         const u = message?.usage;
         if (u) {
           state.promptTokens = u.input_tokens ?? 0;
+          state.completionTokens = u.output_tokens ?? 0;
+          state.reasoningTokens = u.thinking_tokens ?? 0;
           state.cachedTokens = u.cache_read_input_tokens;
           state.cacheCreationTokens = u.cache_creation_input_tokens;
         }
         const startChunk = baseChunk(state, { role: "assistant", content: "" }, null);
         startChunk.usage = {
           prompt_tokens: state.promptTokens,
+          completion_tokens: state.completionTokens,
           cached_tokens: state.cachedTokens,
           cache_creation_tokens: state.cacheCreationTokens,
+          reasoning_tokens: state.reasoningTokens,
         };
         yield startChunk;
         break;
@@ -99,6 +106,7 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
         if (delta?.type === "text_delta") {
           yield baseChunk(state, { content: delta.text ?? "" }, null);
         } else if (delta?.type === "thinking_delta") {
+          state.reasoningTokens = (state.reasoningTokens ?? 0) + 1;
           yield baseChunk(state, { reasoning: delta.thinking ?? "" }, null);
         } else if (delta?.type === "input_json_delta") {
           const toolIndex = state.toolIndexByBlock.get(index);
@@ -115,7 +123,7 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
 
       case "message_delta": {
         const delta = msg.delta as { stop_reason?: string | null } | undefined;
-        const usage = msg.usage as { output_tokens?: number } | undefined;
+        const usage = msg.usage as { output_tokens?: number; thinking_tokens?: number } | undefined;
         const finish = mapStopReason(delta?.stop_reason);
         const chunk = baseChunk(state, {}, finish);
         chunk.usage = {
@@ -123,6 +131,7 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
           completion_tokens: usage?.output_tokens ?? 0,
           cached_tokens: state.cachedTokens,
           cache_creation_tokens: state.cacheCreationTokens,
+          reasoning_tokens: usage?.thinking_tokens ?? state.reasoningTokens ?? 0,
         };
         yield chunk;
         break;

package/src/stream/chunk.ts

@@ -29,6 +29,8 @@ export interface CanonicalChunkUsage {
   cached_tokens?: number;
   cache_creation_tokens?: number;
   reasoning_tokens?: number;
+  prompt_tokens_details?: { cached_tokens?: number };
+  completion_tokens_details?: { reasoning_tokens?: number };
 }
 
 export type ChunkFinishReason = "stop" | "length" | "tool_calls" | "content_filter" | null;

package/src/stream/gemini-stream.ts

@@ -76,7 +76,7 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
     }
 
     const usageMetadata = msg.usageMetadata as
-      | { promptTokenCount?: number; candidatesTokenCount?: number; cachedContentTokenCount?: number }
+      | { promptTokenCount?: number; candidatesTokenCount?: number; cachedContentTokenCount?: number; thoughtsTokenCount?: number }
       | undefined;
     if (cand?.finishReason || usageMetadata) {
       const chunk = base({}, mapFinish(cand?.finishReason));
@@ -84,7 +84,8 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
         chunk.usage = {
           prompt_tokens: usageMetadata.promptTokenCount ?? 0,
           completion_tokens: usageMetadata.candidatesTokenCount ?? 0,
-          cached_tokens: usageMetadata.cachedContentTokenCount,
+          cached_tokens: usageMetadata.cachedContentTokenCount ?? 0,
+          reasoning_tokens: usageMetadata.thoughtsTokenCount ?? 0,
         };
       }
       yield chunk;

package/src/stream/openai-stream.ts

@@ -24,12 +24,23 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
 /** Lift vendor reasoning fields into the canonical `delta.reasoning`. */
 function normalize(chunk: CanonicalChunk): CanonicalChunk {
   for (const choice of chunk.choices ?? []) {
-    const d = choice.delta as Record<string, unknown> & { reasoning?: string };
+    const d = choice.delta as (Record<string, unknown> & { reasoning?: string }) | undefined;
+    if (!d) continue;
     if (d.reasoning === undefined) {
       const vendor = (d["reasoning_content"] as string | undefined) ?? (d["reasoning"] as string | undefined);
       if (vendor) d.reasoning = vendor;
     }
   }
+
+  // Extract reasoning_tokens from OpenAI response.usage.completion_tokens_details.reasoning_tokens
+  if (chunk.usage?.completion_tokens_details?.reasoning_tokens !== undefined) {
+    chunk.usage.reasoning_tokens = chunk.usage.completion_tokens_details.reasoning_tokens;
+  }
+  // Extract cached_tokens from OpenAI response.usage.prompt_tokens_details.cached_tokens
+  if (chunk.usage?.prompt_tokens_details?.cached_tokens !== undefined) {
+    chunk.usage.cached_tokens = chunk.usage.prompt_tokens_details.cached_tokens;
+  }
+
   return chunk;
 }
 

package/src/core/quota.ts

@@ -1,253 +0,0 @@
-/**
- * Per-provider token quota tracking with scheduled window resets.
- *
- * Distinct from the key-pool cooldown: a cooldown is a transient penalty after a
- * 429; a quota is a budget that refills on a schedule (a 5-hour rolling window, a
- * daily/weekly/monthly calendar boundary). When a provider's `limit_tokens` is
- * reached before its window resets, routing skips it — like a key that's cooling
- * down, but for the whole provider.
- *
- * State is in-memory, optionally persisted so counts survive a restart within
- * the same window. Calendar boundaries are computed in the provider's timezone.
- */
-import type { Provider, Quota } from "../config.js";
-
-const HOUR_MS = 3600_000;
-const DAY_MS = 24 * HOUR_MS;
-
-const WEEKDAYS = ["sunday", "monday", "tuesday", "wednesday", "thursday", "friday", "saturday"];
-
-/** Optional persistence hook so counts survive a restart within a window. */
-export interface QuotaStore {
-  load(): Array<{ provider_id: string; window_start: number; consumed: number }>;
-  save(providerId: string, windowStart: number, consumed: number): void;
-}
-
-interface QuotaState {
-  windowStart: number;
-  consumed: number;
-}
-
-export interface QuotaSnapshot {
-  provider: string;
-  window: Quota["window"];
-  consumed: number;
-  limit_tokens?: number;
-  /** ms until the next scheduled reset */
-  reset_in_ms: number;
-  /** 0..1 fraction of the limit used, if a limit is set */
-  pct?: number;
-  exhausted: boolean;
-  /** true when a limit is set and pct >= the quota's alert_at (default 0.8) */
-  alert: boolean;
-}
-
-// ---- timezone-aware calendar math -----------------------------------------
-
-/** Wall-clock offset (ms) of `tz` at instant `date`: tzWallAsUTC - actualUTC. */
-function tzOffsetMs(date: Date, tz: string): number {
-  const dtf = new Intl.DateTimeFormat("en-US", {
-    timeZone: tz,
-    hourCycle: "h23",
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-    hour: "2-digit",
-    minute: "2-digit",
-    second: "2-digit",
-  });
-  const parts = Object.fromEntries(dtf.formatToParts(date).map((p) => [p.type, p.value]));
-  const asUTC = Date.UTC(
-    Number(parts.year),
-    Number(parts.month) - 1,
-    Number(parts.day),
-    Number(parts.hour),
-    Number(parts.minute),
-    Number(parts.second),
-  );
-  return asUTC - date.getTime();
-}
-
-/** Convert a desired wall-clock time in `tz` to an epoch ms. DST-corrected once. */
-function zonedWallToEpoch(y: number, mo: number, d: number, h: number, mi: number, tz: string): number {
-  const guessUTC = Date.UTC(y, mo, d, h, mi);
-  const offset = tzOffsetMs(new Date(guessUTC), tz);
-  let epoch = guessUTC - offset;
-  // re-check once: the offset can differ across a DST boundary
-  const offset2 = tzOffsetMs(new Date(epoch), tz);
-  if (offset2 !== offset) epoch = guessUTC - offset2;
-  return epoch;
-}
-
-/** Wall-clock parts of `nowMs` in `tz`. */
-function zonedParts(nowMs: number, tz: string) {
-  const dtf = new Intl.DateTimeFormat("en-US", {
-    timeZone: tz,
-    hourCycle: "h23",
-    weekday: "long",
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-    hour: "2-digit",
-    minute: "2-digit",
-  });
-  const p = Object.fromEntries(dtf.formatToParts(nowMs).map((x) => [x.type, x.value]));
-  return {
-    year: Number(p.year),
-    month: Number(p.month) - 1,
-    day: Number(p.day),
-    hour: Number(p.hour),
-    minute: Number(p.minute),
-    weekday: String(p.weekday).toLowerCase(),
-  };
-}
-
-function parseHHMM(reset_at: string | undefined): { h: number; m: number } {
-  const m = /^(\d{1,2}):(\d{2})$/.exec(reset_at ?? "");
-  if (!m) return { h: 0, m: 0 };
-  return { h: Math.min(23, Number(m[1])), m: Math.min(59, Number(m[2])) };
-}
-
-/**
- * Next reset instant (epoch ms) strictly after `now` for a quota schedule.
- *   - 5h:      rolling — windowStart + 5h.
- *   - daily:   next `reset_at` (HH:MM, default 00:00) wall-clock in tz.
- *   - weekly:  next `reset_at` weekday (default monday) at 00:00 in tz.
- *   - monthly: next 1st of month at 00:00 in tz.
- */
-export type WindowSpec = Pick<Quota, "window" | "reset_at" | "timezone">;
-
-export function nextResetAt(quota: WindowSpec, windowStart: number, now: number): number {
-  const tz = quota.timezone || "UTC";
-  if (quota.window === "5h") return windowStart + 5 * HOUR_MS;
-
-  const p = zonedParts(now, tz);
-
-  if (quota.window === "daily") {
-    const { h, m } = parseHHMM(quota.reset_at);
-    let candidate = zonedWallToEpoch(p.year, p.month, p.day, h, m, tz);
-    if (candidate <= now) candidate = zonedWallToEpoch(p.year, p.month, p.day + 1, h, m, tz);
-    return candidate;
-  }
-
-  if (quota.window === "weekly") {
-    const target = WEEKDAYS.indexOf((quota.reset_at ?? "monday").toLowerCase());
-    const targetIdx = target === -1 ? 1 : target;
-    const curIdx = WEEKDAYS.indexOf(p.weekday);
-    let daysAhead = (targetIdx - curIdx + 7) % 7;
-    let candidate = zonedWallToEpoch(p.year, p.month, p.day + daysAhead, 0, 0, tz);
-    if (candidate <= now) candidate = zonedWallToEpoch(p.year, p.month, p.day + daysAhead + 7, 0, 0, tz);
-    return candidate;
-  }
-
-  // monthly: first of next month at 00:00
-  return zonedWallToEpoch(p.year, p.month + 1, 1, 0, 0, tz);
-}
-
-/**
- * Epoch ms of the START of the window containing `now`.
- *   - 5h:      fixed 5-hour grid floor (stateless; no per-provider anchor).
- *   - daily:   today's reset_at in tz, or yesterday's if that's still ahead.
- *   - weekly:  the most recent occurrence of the target weekday at 00:00 in tz.
- *   - monthly: the 1st of the current month at 00:00 in tz.
- */
-export function currentWindowStart(spec: WindowSpec, now: number): number {
-  const tz = spec.timezone || "UTC";
-  if (spec.window === "5h") return Math.floor(now / (5 * HOUR_MS)) * (5 * HOUR_MS);
-
-  const p = zonedParts(now, tz);
-
-  if (spec.window === "daily") {
-    const { h, m } = parseHHMM(spec.reset_at);
-    let start = zonedWallToEpoch(p.year, p.month, p.day, h, m, tz);
-    if (start > now) start = zonedWallToEpoch(p.year, p.month, p.day - 1, h, m, tz);
-    return start;
-  }
-
-  if (spec.window === "weekly") {
-    const target = WEEKDAYS.indexOf((spec.reset_at ?? "monday").toLowerCase());
-    const targetIdx = target === -1 ? 1 : target;
-    const curIdx = WEEKDAYS.indexOf(p.weekday);
-    const daysBehind = (curIdx - targetIdx + 7) % 7;
-    let start = zonedWallToEpoch(p.year, p.month, p.day - daysBehind, 0, 0, tz);
-    if (start > now) start = zonedWallToEpoch(p.year, p.month, p.day - daysBehind - 7, 0, 0, tz);
-    return start;
-  }
-
-  // monthly
-  return zonedWallToEpoch(p.year, p.month, 1, 0, 0, tz);
-}
-
-export class QuotaTracker {
-  private readonly states = new Map<string, QuotaState>();
-
-  constructor(
-    private readonly now: () => number = Date.now,
-    private readonly store?: QuotaStore,
-  ) {
-    if (store) {
-      for (const row of store.load()) {
-        this.states.set(row.provider_id, { windowStart: row.window_start, consumed: row.consumed });
-      }
-    }
-  }
-
-  /**
-   * Return the live state for a provider, rolling the window over (resetting
-   * consumed to 0) if `now` has crossed the scheduled reset boundary.
-   */
-  private current(provider: Provider): QuotaState | null {
-    if (!provider.quota) return null;
-    const t = this.now();
-    const state = this.states.get(provider.id) ?? { windowStart: t, consumed: 0 };
-    if (!this.states.has(provider.id)) this.states.set(provider.id, state);
-    // boundary is the first reset AFTER this window opened — computed from
-    // windowStart, not `now`. Computing it from `now` would always return the
-    // NEXT future boundary and so never detect that we've crossed one.
-    const reset = nextResetAt(provider.quota, state.windowStart, state.windowStart);
-    if (t >= reset) {
-      state.windowStart = t;
-      state.consumed = 0;
-      this.store?.save(provider.id, state.windowStart, state.consumed);
-    }
-    return state;
-  }
-
-  /** Add consumed tokens for a provider (no-op if it has no quota config). */
-  consume(provider: Provider, tokens: number): void {
-    const state = this.current(provider);
-    if (!state) return;
-    state.consumed += Math.max(0, tokens);
-    this.store?.save(provider.id, state.windowStart, state.consumed);
-  }
-
-  /** True when a token limit is set AND it's been reached in the current window. */
-  isExhausted(provider: Provider): boolean {
-    const state = this.current(provider);
-    if (!state || !provider.quota?.limit_tokens) return false;
-    return state.consumed >= provider.quota.limit_tokens;
-  }
-
-  /** Dashboard view: window, consumed, countdown, and progress for each provider. */
-  snapshot(providers: Provider[]): QuotaSnapshot[] {
-    const t = this.now();
-    return providers.flatMap((provider) => {
-      if (!provider.quota) return [];
-      const state = this.current(provider)!;
-      const reset = nextResetAt(provider.quota, state.windowStart, t);
-      const limit = provider.quota.limit_tokens;
-      return [
-        {
-          provider: provider.id,
-          window: provider.quota.window,
-          consumed: state.consumed,
-          limit_tokens: limit,
-          reset_in_ms: Math.max(0, reset - t),
-          pct: limit ? Math.min(1, state.consumed / limit) : undefined,
-          exhausted: limit ? state.consumed >= limit : false,
-          alert: limit ? state.consumed / limit >= (provider.quota.alert_at ?? 0.8) : false,
-        },
-      ];
-    });
-  }
-}