jarvis/dd0c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47a64d53fd02017e0b5ce900e041de014af73342
dd0c/products/01-llm-cost-router/epics/epic-addendum-bmad.md

65 lines
2.6 KiB
Markdown
Raw Normal View History

Add BMad review epic addendums for all 6 products Per-product surgical additions to existing epics (not cross-cutting): - P1 route: 8pts (key redaction, SSE billing, token math, CI runner) - P2 drift: 12pts (mTLS revocation, state lock recovery, pgmq visibility, RLS leak, entropy scrubber) - P3 alert: 10pts (HMAC replay, claim-check, out-of-order correlation, free tier, tenant isolation) - P4 portal: 9pts (partial scan recovery, ownership conflicts, Meilisearch rebuild, VCR freshness, free tier) - P5 cost: 7pts (concurrent baselines, remediation RBAC, Clock interface, property tests, Redis fallback) - P6 run: 15pts (shell AST parsing, canary suite, intervention TTL, streaming audit, crypto signatures) Total: 61 story points across 30 new stories
2026-03-01 02:27:55 +00:00
# dd0c/route — Epic Addendum (BMad Review Findings)
**Source:** BMad Code Review (March 1, 2026)
**Approach:** Surgical additions to existing epics — no new epics created.
---
## Epic 1 Addendum: Proxy Engine
### Story 1.5: API Key Redaction in Error Traces
As a security-conscious developer, I want all API keys scrubbed from panic traces, error logs, and telemetry events, so that a proxy crash never leaks customer credentials.
**Acceptance Criteria:**
- Custom panic handler intercepts all panics and runs `redact_sensitive()` before logging.
- Regex patterns cover `sk-*`, `sk-ant-*`, `sk-proj-*`, `Bearer *` tokens.
- Telemetry events never contain raw API keys (verified by unit test scanning serialized JSON).
- Error responses to clients never echo back the Authorization header value.
**Estimate:** 2 points
### Story 1.6: SSE Disconnect Billing Accuracy
As an engineering manager, I want billing to reflect only the tokens actually streamed to the client, so that early disconnects don't charge for undelivered tokens.
**Acceptance Criteria:**
- When a client disconnects mid-stream, the proxy aborts the upstream connection within 1 second.
- Usage record reflects only tokens in chunks that were successfully flushed to the client.
- Disconnect during prompt processing (before first token) records 0 completion tokens.
- Provider connection count returns to 0 after client disconnect (no leaked connections).
**Estimate:** 3 points
---
## Epic 2 Addendum: Router Brain
### Story 2.5: Token Calculation Edge Cases
As a billing-accurate platform, I want token counting to handle Unicode, CJK, and emoji correctly per provider tokenizer, so that cost calculations match provider invoices within 1%.
**Acceptance Criteria:**
- Uses `cl100k_base` for OpenAI models, Claude tokenizer for Anthropic models.
- Token count for emoji sequences (🌍🔥) matches provider's count within 1%.
- CJK characters tokenized correctly (each char = 1+ tokens).
- Property test: 10K random strings, our count vs mock provider count within 1% tolerance.
**Estimate:** 2 points
---
## Epic 8 Addendum: Infrastructure & DevOps
### Story 8.7: Dedicated CI Runner for Latency Benchmarks
As a solo founder, I want proxy latency benchmarks to run on a dedicated self-hosted runner (NAS), so that P99 measurements are reproducible and not polluted by shared CI noise.
**Acceptance Criteria:**
- GitHub Actions workflow triggers on pushes to `src/proxy/**`.
- Runs `cargo bench --bench proxy_latency` on self-hosted runner.
- Fails the build if P99 exceeds 5ms.
- Results stored in `target/criterion/` for trend tracking.
**Estimate:** 1 point
---
**Total Addendum:** 8 points across 4 stories
Reference in New Issue Copy Permalink