Lock alpha scope, tracker auth, TOPLOC fraud verification, and deferred multi-tracker money-path work; supersede legacy fraud issues with ADR-0018. Co-authored-by: Cursor <cursoragent@cursor.com>
1.6 KiB
1.6 KiB
Status: ready-for-agent
03 — C5 + M1: Starting credit 0, funded-account gate, spend cap
What to build
Close the free-credit faucet. New API keys start at 0 USDT; inference requires a real deposit or admin credit. Add a configurable per-request spend cap (M1) to limit runaway charges on compromised keys.
Code refs:
packages/tracker/meshnet_tracker/billing.py—DEFAULT_STARTING_CREDIT = 1.0(~22),ensure_client(~73–85),has_funds(~87–88), duplicate credit on charge (~130–138)packages/tracker/meshnet_tracker/server.py— billing gate before routing (~1667–1690)
Per ADR-0017 §2 and ADR-0016 §3.
Test-first
- Red: new API key gets 1.0 USDT implicit credit — test expects 0 balance until deposit.
- Red: first inference without deposit returns 402.
- Green:
DEFAULT_STARTING_CREDIT = 0.0; optional--max-charge-per-requestconfig.
Acceptance criteria
DEFAULT_STARTING_CREDITis 0.0; no automatic caller credit on first touchhas_fundsfalse for fresh keys; 402 before routing (server.py ~1684)- Admin
credit_clientor bound-wallet deposit still funds accounts - Configurable max charge per request (M1) rejects oversize completions with clear error
- Tests: fresh key blocked; after credit/deposit, inference proceeds
ADR links
Blocked by
02-a2-unified-auth-boundary.md(admin credit path secured)