AikidoSec
diff --git a/‎README.md‎
Lines changed: 8 additions & 0 deletions b/‎README.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎library/agent/AIStatistics.test.ts‎
Lines changed: 206 additions & 0 deletions b/‎library/agent/AIStatistics.test.ts‎
Lines changed: 206 additions & 0 deletions
diff --git a/‎library/agent/AIStatistics.ts‎
Lines changed: 89 additions & 0 deletions b/‎library/agent/AIStatistics.ts‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎library/agent/Agent.ts‎
Lines changed: 12 additions & 1 deletion b/‎library/agent/Agent.ts‎
Lines changed: 12 additions & 1 deletion
@@ -98,6 +98,14 @@ See list above for supported database drivers.
 
 * ✅ [`@koa/router`](https://www.npmjs.com/package/@koa/router) 13.x, 12.x, 11.x and 10.x
 
+### AI SDKs
+
+Zen instruments the following AI SDKs to track which models are used and how many tokens are consumed, allowing you to monitor your AI usage and costs:
+
+* ✅ [`openai`](https://www.npmjs.com/package/openai) 4.x
+* ✅ [`@aws-sdk/client-bedrock-runtime`](https://www.npmjs.com/package/@aws-sdk/client-bedrock-runtime) 3.x
+
+_Note: Prompt injection attacks are currently not covered by Zen._
 
 ## Installation
 
 
@@ -0,0 +1,206 @@
+import * as t from "tap";
+import { AIStatistics } from "./AIStatistics";
+
+t.test("it initializes with empty state", async () => {
+  const stats = new AIStatistics();
+
+  t.same(stats.getStats(), []);
+  t.equal(stats.isEmpty(), true);
+});
+
+t.test("it tracks basic AI calls", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "openai",
+    model: "gpt-4",
+    inputTokens: 100,
+    outputTokens: 50,
+  });
+
+  const result = stats.getStats();
+  t.equal(result.length, 1);
+  t.same(result[0], {
+    provider: "openai",
+    model: "gpt-4",
+    calls: 1,
+    tokens: {
+      input: 100,
+      output: 50,
+      total: 150,
+    },
+  });
+
+  t.equal(stats.isEmpty(), false);
+});
+
+t.test("it tracks multiple calls to the same provider/model", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "openai",
+    model: "gpt-4",
+    inputTokens: 100,
+    outputTokens: 50,
+  });
+
+  stats.onAICall({
+    provider: "openai",
+    model: "gpt-4",
+    inputTokens: 200,
+    outputTokens: 75,
+  });
+
+  const result = stats.getStats();
+  t.same(result.length, 1);
+  t.same(result[0], {
+    provider: "openai",
+    model: "gpt-4",
+    calls: 2,
+    tokens: {
+      input: 300,
+      output: 125,
+      total: 425,
+    },
+  });
+});
+
+t.test(
+  "it tracks different provider/model combinations separately",
+  async () => {
+    const stats = new AIStatistics();
+
+    stats.onAICall({
+      provider: "openai",
+      model: "gpt-4",
+      inputTokens: 100,
+      outputTokens: 50,
+    });
+
+    stats.onAICall({
+      provider: "openai",
+      model: "gpt-3.5-turbo",
+      inputTokens: 80,
+      outputTokens: 40,
+    });
+
+    stats.onAICall({
+      provider: "anthropic",
+      model: "claude-3",
+      inputTokens: 120,
+      outputTokens: 60,
+    });
+
+    const result = stats.getStats();
+    t.equal(result.length, 3);
+
+    // Sort by provider:model for consistent testing
+    result.sort((a, b) =>
+      `${a.provider}:${a.model}`.localeCompare(`${b.provider}:${b.model}`)
+    );
+
+    t.same(result[0], {
+      provider: "anthropic",
+      model: "claude-3",
+      calls: 1,
+      tokens: {
+        input: 120,
+        output: 60,
+        total: 180,
+      },
+    });
+
+    t.same(result[1], {
+      provider: "openai",
+      model: "gpt-3.5-turbo",
+      calls: 1,
+      tokens: {
+        input: 80,
+        output: 40,
+        total: 120,
+      },
+    });
+
+    t.same(result[2], {
+      provider: "openai",
+      model: "gpt-4",
+      calls: 1,
+      tokens: {
+        input: 100,
+        output: 50,
+        total: 150,
+      },
+    });
+  }
+);
+
+t.test("it resets all statistics", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "openai",
+    model: "gpt-4",
+    inputTokens: 100,
+    outputTokens: 50,
+  });
+
+  stats.onAICall({
+    provider: "anthropic",
+    model: "claude-3",
+    inputTokens: 120,
+    outputTokens: 60,
+  });
+
+  t.equal(stats.isEmpty(), false);
+  t.equal(stats.getStats().length, 2);
+
+  stats.reset();
+
+  t.equal(stats.isEmpty(), true);
+  t.same(stats.getStats(), []);
+});
+
+t.test("it handles zero token inputs", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "openai",
+    model: "gpt-4",
+    inputTokens: 0,
+    outputTokens: 0,
+  });
+
+  const result = stats.getStats();
+  t.equal(result.length, 1);
+  t.same(result[0].tokens, {
+    input: 0,
+    output: 0,
+    total: 0,
+  });
+});
+
+t.test("called with empty provider", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "",
+    model: "gpt-4",
+    inputTokens: 100,
+    outputTokens: 50,
+  });
+
+  t.same(true, stats.isEmpty());
+});
+
+t.test("called with empty model", async () => {
+  const stats = new AIStatistics();
+
+  stats.onAICall({
+    provider: "openai",
+    model: "",
+    inputTokens: 100,
+    outputTokens: 50,
+  });
+
+  t.same(true, stats.isEmpty());
+});
@@ -0,0 +1,89 @@
+type AIProviderStats = {
+  provider: string;
+  model: string;
+  calls: number;
+  tokens: {
+    input: number;
+    output: number;
+    total: number;
+  };
+};
+
+export class AIStatistics {
+  private calls: Map<string, AIProviderStats> = new Map();
+
+  private getProviderKey(provider: string, model: string): string {
+    return `${provider}:${model}`;
+  }
+
+  private getRouteKey(path: string, method: string): string {
+    return `${method}:${path}`;
+  }
+
+  private ensureProviderStats(
+    provider: string,
+    model: string
+  ): AIProviderStats {
+    const key = this.getProviderKey(provider, model);
+
+    if (!this.calls.has(key)) {
+      this.calls.set(key, {
+        provider,
+        model,
+        calls: 0,
+        tokens: {
+          input: 0,
+          output: 0,
+          total: 0,
+        },
+      });
+    }
+
+    return this.calls.get(key)!;
+  }
+
+  onAICall({
+    provider,
+    model,
+    inputTokens,
+    outputTokens,
+  }: {
+    provider: string;
+    model: string;
+    inputTokens: number;
+    outputTokens: number;
+  }) {
+    if (!provider || !model) {
+      return;
+    }
+
+    const providerStats = this.ensureProviderStats(provider, model);
+    providerStats.calls += 1;
+    providerStats.tokens.input += inputTokens;
+    providerStats.tokens.output += outputTokens;
+    providerStats.tokens.total += inputTokens + outputTokens;
+  }
+
+  getStats() {
+    return Array.from(this.calls.values()).map((stats) => {
+      return {
+        provider: stats.provider,
+        model: stats.model,
+        calls: stats.calls,
+        tokens: {
+          input: stats.tokens.input,
+          output: stats.tokens.output,
+          total: stats.tokens.total,
+        },
+      };
+    });
+  }
+
+  reset() {
+    this.calls.clear();
+  }
+
+  isEmpty(): boolean {
+    return this.calls.size === 0;
+  }
+}
@@ -26,6 +26,7 @@ import { Wrapper } from "./Wrapper";
 import { isAikidoCI } from "../helpers/isAikidoCI";
 import { AttackLogger } from "./AttackLogger";
 import { Packages } from "./Packages";
+import { AIStatistics } from "./AIStatistics";
 
 type WrappedPackage = { version: string | null; supported: boolean };
 
@@ -58,6 +59,7 @@ export class Agent {
     maxPerfSamplesInMemory: 5000,
     maxCompressedStatsInMemory: 20, // per operation
   });
+  private aiStatistics = new AIStatistics();
   private middlewareInstalled = false;
   private attackLogger = new AttackLogger(1000);
 
@@ -85,6 +87,10 @@ export class Agent {
     return this.statistics;
   }
 
+  getAIStatistics() {
+    return this.aiStatistics;
+  }
+
   unableToPreventPrototypePollution(
     incompatiblePackages: Record<string, string>
   ) {
@@ -295,12 +301,14 @@ export class Agent {
     if (this.token) {
       this.logger.log("Heartbeat...");
       const stats = this.statistics.getStats();
+      const aiStats = this.aiStatistics.getStats();
       const routes = this.routes.asArray();
       const outgoingDomains = this.hostnames.asArray();
       const users = this.users.asArray();
       const packages = this.packages.asArray();
       const endedAt = Date.now();
       this.statistics.reset();
+      this.aiStatistics.reset();
       this.routes.clear();
       this.hostnames.clear();
       this.users.clear();
@@ -320,6 +328,7 @@ export class Agent {
             ipAddresses: stats.ipAddresses,
             sqlTokenizationFailures: stats.sqlTokenizationFailures,
           },
+          ai: aiStats,
           packages,
           hostnames: outgoingDomains,
           routes: routes,
@@ -358,8 +367,10 @@ export class Agent {
       const now = performance.now();
       const diff = now - this.lastHeartbeat;
       const shouldSendHeartbeat = diff > this.sendHeartbeatEveryMS;
+      const hasStats =
+        !this.statistics.isEmpty() || !this.aiStatistics.isEmpty();
       const canSendInitialStats =
-        !this.serviceConfig.hasReceivedAnyStats() && !this.statistics.isEmpty();
+        !this.serviceConfig.hasReceivedAnyStats() && hasStats;
       const shouldReportInitialStats =
         !this.reportedInitialStats && canSendInitialStats;