Dashboard'da "AI rate limit aşıldı" — staff yan işi için kullanıyormuş, quota eksiği (PR #621 FFF F2)

Antakya Saraykent te 51 yaslarinda "Hatay Mutfagi" sahibi Ferhat, 19 yil modern Levantine restaurant + 2 ortak (yegen Demir + eski sef Pinar). Pro+ tier AI menu translation 8 dile (EN, AR, FR, DE, ES, IT, RU, JA) ceviriyor. Cuma sabahi dashboard: **"AI rate limit reached. You ve used 100/100 daily AI inferences."** Ferhat 4 menu item ekledigini soyledi ama 100 inference tükendi. Audit log: staff_id "pinar" 92 inference /api/ai-translate-menu son 24 saat. Pinar itiraf: yan is olarak Antakya turistik tour PDF lerini Arabic ten Turkce ye AI translation ile ceviriyormus 5 ay. Restaurant in 100/day quota si tek staff tarafından tukenmis. **Forensik**: thMenu admin AI endpoint leri (11 tane: ai-bio, ai-description, ai-pricing-suggestions, ai-daily-specials, ai-recipe-suggest, ai-translate-menu, ai-forecast, ai-menu-cleanup, ai-review-reply, ai-menu-generator, ai-shift-schedule) hicbiri checkAiDailyQuota (PR #509 Z F1 customer-facing 4 endpoint te shipped) cagirmiyordu. PR #624 GGG-prelim 2 sini (ai-menu-generator + ai-shift-schedule) shared helper a consolidate etmisti, 9 kalan endpoint helpersizdi. Threat model: (1) cost burn 1000+ inf/day/tenant Cloudflare AI billing $55/day max-burn; 100 tenant = $5,500/day Synaltix cost; (2) compromised CSRF token attacker 30,000 inf/day; (3) rogue/personal staff (Pinar case); (4) restaurant locked out of legitimate AI work quota exhausted by non-legit use. **PR #621 batch FFF F2** 4-katmanli fix: **Layer 1 admin AI quota helper** apps/web-admin/src/lib/ai-quota.ts mirror of web-menu helper. Atomic UPSERT counter pattern (PR #575 VV F1) `INSERT ... ON CONFLICT DO UPDATE SET used = used + 1 WHERE used < ? RETURNING used` single statement. Admin cap 100/day per restaurant (customer-side ayri 100/day bucket). **Layer 2 route 9 admin endpoint**: ai-bio/ai-description/ai-pricing-suggestions/ai-daily-specials/ai-recipe-suggest/ai-translate-menu (per-language break)/ai-forecast (soft-fail)/ai-menu-cleanup (soft-fail)/ai-review-reply. Per-endpoint break vs soft-fail decision endpoint semantic ine gore. **Layer 3 aiQuotaExceededResponse() builder**: standardize response shape {error: "ai_quota_exceeded", message, remaining, reset_at}. UI modal countdown timer + "Try again later" CTA. **Layer 4 telemetry beacon** [BEACON:ai_quota_high_burn] 80+/day threshold Synaltix internal alert manual review compromised account / rogue staff indicator. Platform-wide audit 60 gun 7 high-burn restaurant: 3 legitimate heavy use (multi-language menu, frequent specials), 2 staff personal use (Ferhat case), 1 compromised CSRF token (staff password phished, 2FA enforced), 1 bot abuse (CSRF cookie stolen). 2FA mandatory + admin rate-limit tightening parallel shipped. Pattern: **customer-facing AI inference endpoint lerinde enforce edilen per-tenant daily quota cap leri admin-side sibling endpoint lerde de EXPLICIT enforce edilmeli. "Operator zaten kendi cost unu yonetir" assumption compromised CSRF token / rogue staff / personal side-business usage vektorlerinde yikilir. Telemetry beacon high-burn restaurants i manuel review icin flag lemeli.** Implementation checklist: (1) customer + admin AI endpoint identify cap her ikisinde; (2) atomic UPSERT counter pattern; (3) shared helper cross-app erisim; (4) break vs soft-fail per-endpoint decision; (5) standardized response shape; (6) UI countdown timer; (7) telemetry beacon high-burn manual review; (8) 2FA mandatory + admin rate-limit tightening parallel; (9) quarterly burn-rate audit. Bryn Cardiff Cathays Park "Y Gegin" 55-cover modern Welsh restaurant + head chef Megan Welsh-EN translation side-work version ayni flow.

İlgili makaleler