Skip to content

Cost guard for runtime-session object storage #1469

Description

@legreffier

Problem

R2 adds durable runtime-session object storage backed by an S3-compatible service. Local/e2e use SeaweedFS and production is expected to use Fly.io Tigris or an equivalent S3-compatible bucket. That introduces a new recurring bill surface: stored bytes, object count, requests, and possibly egress.

We need an automated guardrail that detects abnormal runtime-session storage growth before it becomes an expensive surprise. This should be separate from the runtime-session implementation itself.

Scope

Add a scheduled GitHub Actions cost-guard workflow for runtime-session object storage.

The first version should:

  • Run on a daily schedule and on manual dispatch.
  • Compute expected active storage from Postgres runtime_sessions metadata, grouped by team and storage class.
  • Query the production object-store/provider API when available, or otherwise reconcile against bucket/object metadata through the S3-compatible API.
  • Compare active bytes, object count, and recent upload growth against configured thresholds.
  • Fail loudly or open/comment on an issue when thresholds are exceeded.
  • Report enough detail to identify the team/task/attempt range contributing to growth.
  • Avoid bucket listing in application request paths; reconciliation belongs in this scheduled guard only.

Configuration

Define the needed secrets/config explicitly before implementation. Likely inputs:

  • Production database connection or a restricted read-only DSN for runtime_sessions.
  • Object storage endpoint/bucket credentials or Fly/Tigris API credentials.
  • Budget thresholds, for example max active bytes, max object count, max daily growth, and warning/fail levels.
  • Notification target: issue comment, Slack/webhook, or workflow failure only.

Acceptance Criteria

  • A scheduled workflow runs without touching app code paths.
  • The workflow can calculate active runtime-session bytes from Postgres metadata.
  • The workflow can compare metadata totals with object-store/provider totals.
  • Thresholds are configurable from repo/environment secrets or workflow vars.
  • The output includes actionable diagnostics, not just "budget exceeded".
  • Missing credentials fail with a clear setup error.

Out of Scope

  • Runtime-session upload/download behavior.
  • Sync/repair of missing runtime sessions.
  • Lifecycle deletion/retention policy, unless needed only as a read-only input to cost reporting.

Related: #1414, #1427

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions