Skip to content

Add cost manipulation protection #67

New issue
New issue
Closed
Closed
Add cost manipulation protection#67
Labels
P1Priority 1: Critical, fix as soon as possiblecost-managementCost tracking and optimizationsecuritySecurity vulnerability or hardening
@neuromechanist

Description

@neuromechanist
neuromechanist
opened on Jan 24, 2026

Type: Security / Cost Management
Priority: P1 (Medium severity - prevents surprise bills)
Effort: 2 hours
Phase: 3

Description:
Communities could set expensive models without BYOK, causing unexpected platform costs (e.g., Claude Opus 4 at $15/1M tokens on platform key).

Financial Impact: MEDIUM - Prevents surprise billing

Acceptance Criteria:

  • Query OpenRouter API for model costs (or maintain hardcoded table)
  • During config validation, warn if expensive model (>$5/1M tokens) without BYOK
  • Require BYOK for ultra-expensive models (>$15/1M tokens) - hard error
  • Clear error messages explaining cost concerns
  • Include cost information in validation output
  • Tests for various cost scenarios

Implementation: Add validation in CLI and config loading

Related Issues: Part of security hardening with #64, #65, #66, #68
Branch: feature/issue-64-68-security-hardening

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Priority 1: Critical, fix as soon as possiblecost-managementCost tracking and optimizationsecuritySecurity vulnerability or hardening

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions