Problem
R2 adds durable runtime-session object storage backed by an S3-compatible service. Local/e2e use SeaweedFS and production is expected to use Fly.io Tigris or an equivalent S3-compatible bucket. That introduces a new recurring bill surface: stored bytes, object count, requests, and possibly egress.
We need an automated guardrail that detects abnormal runtime-session storage growth before it becomes an expensive surprise. This should be separate from the runtime-session implementation itself.
Scope
Add a scheduled GitHub Actions cost-guard workflow for runtime-session object storage.
The first version should:
- Run on a daily schedule and on manual dispatch.
- Compute expected active storage from Postgres
runtime_sessions metadata, grouped by team and storage class.
- Query the production object-store/provider API when available, or otherwise reconcile against bucket/object metadata through the S3-compatible API.
- Compare active bytes, object count, and recent upload growth against configured thresholds.
- Fail loudly or open/comment on an issue when thresholds are exceeded.
- Report enough detail to identify the team/task/attempt range contributing to growth.
- Avoid bucket listing in application request paths; reconciliation belongs in this scheduled guard only.
Configuration
Define the needed secrets/config explicitly before implementation. Likely inputs:
- Production database connection or a restricted read-only DSN for
runtime_sessions.
- Object storage endpoint/bucket credentials or Fly/Tigris API credentials.
- Budget thresholds, for example max active bytes, max object count, max daily growth, and warning/fail levels.
- Notification target: issue comment, Slack/webhook, or workflow failure only.
Acceptance Criteria
- A scheduled workflow runs without touching app code paths.
- The workflow can calculate active runtime-session bytes from Postgres metadata.
- The workflow can compare metadata totals with object-store/provider totals.
- Thresholds are configurable from repo/environment secrets or workflow vars.
- The output includes actionable diagnostics, not just "budget exceeded".
- Missing credentials fail with a clear setup error.
Out of Scope
- Runtime-session upload/download behavior.
- Sync/repair of missing runtime sessions.
- Lifecycle deletion/retention policy, unless needed only as a read-only input to cost reporting.
Related: #1414, #1427
Problem
R2 adds durable runtime-session object storage backed by an S3-compatible service. Local/e2e use SeaweedFS and production is expected to use Fly.io Tigris or an equivalent S3-compatible bucket. That introduces a new recurring bill surface: stored bytes, object count, requests, and possibly egress.
We need an automated guardrail that detects abnormal runtime-session storage growth before it becomes an expensive surprise. This should be separate from the runtime-session implementation itself.
Scope
Add a scheduled GitHub Actions cost-guard workflow for runtime-session object storage.
The first version should:
runtime_sessionsmetadata, grouped by team and storage class.Configuration
Define the needed secrets/config explicitly before implementation. Likely inputs:
runtime_sessions.Acceptance Criteria
Out of Scope
Related: #1414, #1427