hailin/it0 - it0 - AI Wolves Team

Commit Graph

Author	SHA1	Message	Date
hailin	9ed80cd0bc	feat: implement complete commercial monetization loop (Phases 1-4) ## Phase 1 - Token Metering + Quota Enforcement ### Usage Tracking - agent-service: add UsageRecord entity (per-tenant schema) tracking inputTokens/outputTokens/costUsd per AI task - Modify all 3 AI engines (claude-api, claude-code-cli, claude-agent-sdk) to emit separate input/output token counts in the `completed` event - claude-api-engine: costUsd = (input3 + output15) / 1,000,000 (claude-sonnet-4-5 pricing: $3/MTok in, $15/MTok out) - agent.controller: persist UsageRecord and publish `usage.recorded` event to Redis Streams on every task completion (non-blocking) - shared/events: new events UsageRecordedEvent, SubscriptionChangedEvent, QuotaExceededEvent, PaymentReceivedEvent ### Quota Enforcement - TenantInfo: add maxServers, maxUsers, maxStandingOrders, maxAgentTokensPerMonth fields - TenantContextMiddleware: rewritten to query public.tenants table for real quota values; 5-min in-memory cache; plan-based fallback on error - TenantContextService: getTenant() returns null instead of throwing; added getTenantOrThrow() for strict callers - inventory-service/server.controller: 429 when maxServers exceeded - ops-service/standing-order.controller: 429 when maxStandingOrders exceeded - auth-service/auth.service: 429 when maxUsers exceeded - 002-create-tenant-schema-template.sql: add usage_records table ## Phase 2 - billing-service (New Microservice, port 3010) ### Domain Layer (public schema, all UUIDs) Entities: Plan, Subscription, Invoice, InvoiceItem, Payment, PaymentMethod, UsageAggregate Domain services: - SubscriptionLifecycleService: full state machine (trialing -> active -> past_due -> cancelled/expired); upgrades immediate, downgrades at period end - InvoiceGeneratorService: monthly invoice = base fee + overage charges; proration item for mid-cycle upgrades - OverageCalculatorService: (totalTokens - includedTokens) * overageRate ### Infrastructure (all repos use DataSource directly, NOT TenantAwareRepository) - PlanRepository, SubscriptionRepository, InvoiceRepository (atomic transaction for invoice+items), PaymentRepository (payments + methods), UsageAggregateRepository (UPSERT via ON CONFLICT for atomic accumulation) ### Application Use Cases - CreateSubscriptionUseCase: called on tenant registration - ChangePlanUseCase: upgrade (immediate + proration) or downgrade (scheduled) - CancelSubscriptionUseCase: immediate or at-period-end - GenerateMonthlyInvoiceUseCase: cron target (1st of month 00:05 UTC); generates invoices, renews periods, applies scheduled downgrades - AggregateUsageUseCase: Redis Streams consumer group billing-service, upserts monthly usage aggregates from usage.recorded events - CheckTokenQuotaUseCase: hard limit enforcement per plan - CreatePaymentSessionUseCase + HandlePaymentWebhookUseCase ### REST API - GET /api/v1/billing/plans - GET/POST /api/v1/billing/subscription (+ /upgrade, /cancel) - GET /api/v1/billing/invoices (paginated) - GET /api/v1/billing/invoices/:id - POST /api/v1/billing/invoices/:id/pay - GET /api/v1/billing/usage/current + /history - CRUD /api/v1/billing/payment-methods - POST /api/v1/billing/webhooks/{stripe,alipay,wechat,crypto} ### Plan Seed (auto on startup via PlanSeedService) - free: $0/mo, 100K tokens, no overage, hard limit 100% - pro: $49.99/mo, 1M tokens, $8/MTok, hard limit 150% - enterprise: $199.99/mo, 10M tokens, $5/MTok, no hard limit ## Phase 3 - Payment Provider Integration ### PaymentProviderRegistry (Strategy Pattern, mirrors EngineRegistry) All providers use @Optional() injection; unconfigured providers omitted - StripeProvider: PaymentIntent API; webhook via stripe.webhooks.constructEvent - AlipayProvider: alipay-sdk; Native QR (precreate); RSA2 signature verify - WeChatPayProvider: v3 REST; Native Pay code_url; AES-256-GCM decrypt; HMAC-SHA256 request signing and webhook verification - CryptoProvider: Coinbase Commerce; hosted checkout; HMAC-SHA256 verify ### WebhookController All 4 webhook endpoints are public (no JWT) for payment provider callbacks. rawBody: true enabled in main.ts for signature verification. ## Infrastructure Changes - docker-compose.yml: billing-service container (port 13010); added as dependency of api-gateway - kong.yml: /api/v1/billing routes (JWT); /api/v1/billing/webhooks (public) - 005-create-billing-tables.sql: 7 billing tables + invoice sequence + ALTER tenants to add quota columns - run-migrations.ts: 005 runs as part of shared schema step ## Phase 4 - Frontend ### Web Admin (Next.js) New pages: - /billing: subscription card + token usage bar + warning banner + invoices - /billing/plans: comparison grid with USD/CNY toggle + upgrade/downgrade flow - /billing/invoices: paginated table with Pay Now button Sidebar: Billing group (CreditCard icon, 3 sub-items) i18n: billing keys added to en + zh sidebar translations ### Flutter App New feature module it0_app/lib/features/billing/: - BillingOverviewPage: plan card + token LinearProgressIndicator + latest invoice + upgrade button - BillingProvider (FutureProvider): parallel fetch subscription/quota/invoice Settings page: "订阅与用量" entry card Router: /settings/billing sub-route Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 21:09:17 -08:00
hailin	51b348e609	feat: complete tenant member management (CRUD + delete tenant) Backend: add 5 missing endpoints to TenantController: - DELETE /tenants/:id (deprovision schema + cleanup) - GET /tenants/:id/members (query tenant schema users) - PATCH /tenants/:id/members/:memberId (change role) - DELETE /tenants/:id/members/:memberId (remove member) - PUT /tenants/:id (alias for frontend compatibility) Frontend: add member actions to tenant detail page: - Role column changed to dropdown selector - Added remove member button with confirmation - Added updateMember and removeMember mutations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 10:00:09 -08:00
hailin	9a1ecf10ec	fix: add restart policy, global error handlers, and fix tenant schema bug - Add restart: unless-stopped to all 12 Docker services - Add process.on(unhandledRejection/uncaughtException) to all 7 service main.ts - Fix handleEventTrigger using tenantId UUID as schema name instead of slug lookup - Wrap Redis event subscription callbacks in try/catch Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 05:30:34 -08:00
hailin	7ff012cd91	fix: use underscores in tenant slug for valid PostgreSQL schema names Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 03:23:14 -08:00
hailin	5d81667ddd	feat: add dual tenant registration (self-service + invitation) Backend: - Enhanced register endpoint to accept companyName for self-service tenant creation with schema provisioning and admin user setup - Added TenantInvite entity with token-based invitation system - Added invite CRUD endpoints to TenantController (create/list/revoke) - Added public endpoints for invite validation and acceptance Frontend: - Created registration page with optional organization name field - Created invitation acceptance page at /invite/[token] - Added invite management UI to tenant detail page - Updated login page with link to registration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 03:10:18 -08:00
hailin	7dbd2c1414	feat: add settings, roles, permissions, and metrics controllers Implement remaining backend controllers for all web admin menu pages: - SettingsController: general, notification, theme, account, API keys - RoleController: CRUD roles with permission assignment - PermissionController: permission matrix for RBAC management - MetricsController: server metrics overview and per-server data Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 01:03:34 -08:00
hailin	8f89b8121c	fix: format tenant API response to match frontend DTO Map flat quota fields to nested quota object and add userCount field to match the frontend's expected Tenant interface. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 00:41:19 -08:00
hailin	3816d6841d	fix: add users endpoint, admin route, and fix agent-config paths - Add UsersController to auth-service for user CRUD (GET/POST/PUT/DELETE /api/v1/auth/users) - Add Kong route /api/v1/admin -> auth-service for tenant management - Remove AuthGuard from TenantController (Kong handles JWT) - Fix frontend agent-config API paths from /api/v1/agent/config to /api/v1/agent-config Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 00:35:57 -08:00
hailin	c710303b60	fix: per-service JWT in Kong, fix auth-service tenant-aware repos - Replace global JWT plugin with per-service JWT (skip auth-service) to fix auth routes being blocked by global JWT in DB-less mode - Fix UserRepository and ApiKeyRepository to use standard TypeORM instead of TenantAwareRepository (users are global, not per-schema) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 23:31:32 -08:00
hailin	48e47975ca	fix: configure Kong JWT auth flow with consumer credentials - Add kid claim to auth-service JWT for Kong validation - Add Kong consumer with JWT credential (shared secret via env) - Add agent-config route to Kong for /api/v1/agent-config - Kong Dockerfile uses entrypoint script to inject JWT_SECRET at runtime - Fix frontend login path (/auth/login → /api/v1/auth/login) - Extract tenantId from JWT on login and store as current_tenant - Add auth guard in admin layout (redirect to /login if no token) - Pass JWT_SECRET env var to Kong container in docker-compose Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 23:20:06 -08:00
hailin	00f8801d51	Initial commit: IT0 AI-powered server cluster operations platform Full-stack monorepo with DDD + Clean Architecture: - Backend: 7 NestJS microservices + 5 shared libraries (TypeScript) - Mobile: Flutter app with Riverpod (Dart) - Web Admin: Next.js dashboard with Zustand + React Query - Voice: Python voice service (STT/TTS/VAD) - Infra: Docker Compose, K8s manifests, Turborepo build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-08 22:54:37 -08:00

11 Commits