Phase1: Schema + skill event tracking
Some checks failed
Build and Push / build (push) Failing after 38s
Some checks failed
Build and Push / build (push) Failing after 38s
This commit is contained in:
@@ -3,6 +3,7 @@ import { getSessionUser, canMutate } from "@/lib/session";
|
||||
import { canUserSeeTenant } from "@/lib/visibility";
|
||||
import { getTenant, patchTenantSpec } from "@/lib/k8s";
|
||||
import { getPackageDef } from "@/lib/packages";
|
||||
import { recordSkillEvents } from "@/lib/db";
|
||||
import { safeError } from "@/lib/errors";
|
||||
|
||||
const ALLOWED_WORKSPACE_FILES = ["SOUL.md", "AGENTS.md", "TOOLS.md"];
|
||||
@@ -187,6 +188,50 @@ export async function PATCH(
|
||||
}
|
||||
|
||||
const updated = await patchTenantSpec(name, specPatch);
|
||||
|
||||
// Billing — Phase 1: if packages changed, record enable/disable
|
||||
// events. The diff is computed against the patched CR (the
|
||||
// returned state) rather than `existing` so the events match
|
||||
// what K8s actually committed. Best-effort: a logging failure
|
||||
// never poisons the PATCH response — drift would be reconciled
|
||||
// on the next backfill or by the next normal toggle.
|
||||
//
|
||||
// Note on races: two concurrent PATCHes could each see the
|
||||
// same `existing` and both succeed at the K8s layer (last write
|
||||
// wins for spec.packages, which is replaced wholesale). The
|
||||
// events from the losing PATCH would then describe a transition
|
||||
// that no longer reflects reality. Acceptable trade-off for v1
|
||||
// — the toggle UI sends one request at a time and races would
|
||||
// only matter for adjacent same-day toggles, which the billing
|
||||
// computation collapses to a single billable day anyway.
|
||||
if (specPatch.packages !== undefined) {
|
||||
try {
|
||||
const orgId =
|
||||
existing.metadata.labels?.["pieced.ch/zitadel-org-id"] ?? null;
|
||||
if (orgId) {
|
||||
const oldSet = new Set<string>(existing.spec.packages ?? []);
|
||||
const newSet = new Set<string>(updated.spec.packages ?? []);
|
||||
const added = [...newSet].filter((x) => !oldSet.has(x));
|
||||
const removed = [...oldSet].filter((x) => !newSet.has(x));
|
||||
if (added.length > 0 || removed.length > 0) {
|
||||
await recordSkillEvents(name, orgId, added, removed);
|
||||
}
|
||||
} else {
|
||||
// A tenant without the org label is a pre-Slice-3 artifact
|
||||
// — we can't attribute its skill events to any org. Log
|
||||
// and skip rather than guess.
|
||||
console.warn(
|
||||
`billing: tenant ${name} has no zitadel-org-id label; skill events not recorded`
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
console.error(
|
||||
`billing: failed to record skill events for ${name}:`,
|
||||
e
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return NextResponse.json(updated);
|
||||
} catch (e: any) {
|
||||
return NextResponse.json(
|
||||
|
||||
@@ -3,6 +3,7 @@ import { z } from "zod";
|
||||
import { getSessionUser, canMutate } from "@/lib/session";
|
||||
import { getTenant, patchTenantSpec, setTenantAnnotation } from "@/lib/k8s";
|
||||
import { canUserSeeTenant } from "@/lib/visibility";
|
||||
import { recordSuspensionEvent } from "@/lib/db";
|
||||
import { safeError } from "@/lib/errors";
|
||||
|
||||
const patchSchema = z.object({
|
||||
@@ -101,6 +102,33 @@ export async function PATCH(
|
||||
try {
|
||||
await patchTenantSpec(name, { suspend });
|
||||
|
||||
// Billing — Phase 1: record the transition so monthly proration
|
||||
// can exclude suspended days from the fixed fee. The portal
|
||||
// commands this transition; the operator's status.suspendedAt
|
||||
// lags by a reconcile cycle (seconds), which is irrelevant for
|
||||
// monthly billing. Best-effort: a logging failure never blocks
|
||||
// the suspend/resume itself.
|
||||
try {
|
||||
const orgId =
|
||||
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] ?? null;
|
||||
if (orgId) {
|
||||
await recordSuspensionEvent(
|
||||
name,
|
||||
orgId,
|
||||
suspend ? "suspended" : "resumed"
|
||||
);
|
||||
} else {
|
||||
console.warn(
|
||||
`billing: tenant ${name} has no zitadel-org-id label; suspension event not recorded`
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
console.error(
|
||||
`billing: failed to record suspension event for ${name}:`,
|
||||
e
|
||||
);
|
||||
}
|
||||
|
||||
// On admin-side resume, also clear the pending-resume-request
|
||||
// annotation if it exists. Belt-and-suspenders: the admin-approve
|
||||
// endpoint already clears it on its happy path, but a platform
|
||||
|
||||
Reference in New Issue
Block a user