Implement AI usage control platform with policy engine and Python SDK

[Copilot]

Implements application-level AI usage control with multi-tenant workspace isolation, configurable policy enforcement, and usage tracking. Platform enables organizations to enforce rate limits, token quotas, cost controls, and model restrictions across LLM operations.

Backend (FastAPI)

• Multi-tenant architecture: Workspace-based isolation with SQLite + async SQLAlchemy
• API key authentication: Header-based auth (X-API-Key) with workspace-scoped keys
• Policy engine: Priority-based evaluation supporting:
  • Rate limits (requests/hour)
  • Token limits (per request)
  • Cost limits (per hour)
  • Model whitelist/blacklist
• Usage logging: Tracks tokens, costs, policy decisions, metadata
• REST API: 16 endpoints with OpenAPI docs at /docs

Python SDK

Wraps LLM calls with automatic policy enforcement and usage recording:

from ai_usage_control import AIUsageControlClient

client = AIUsageControlClient(api_key="auc_...", base_url="http://localhost:8000")

# Decorator pattern - automatic policy check + logging
@client.wrap_llm_call(model="gpt-4", operation="chat.completion")
def call_openai(prompt):
    return openai.ChatCompletion.create(model="gpt-4", messages=[...])

# Raises PolicyViolationException if blocked
response = call_openai("Hello")  

Manual mode also supported for explicit control over evaluation and logging.

Security

Updated dependencies to patch vulnerabilities:

• fastapi: 0.109.0 → 0.109.1 (ReDoS fix)
• python-multipart: 0.0.6 → 0.0.22 (arbitrary file write, DoS, ReDoS fixes)

Documentation

• Architecture overview with diagrams
• Quick start guide
• API reference
• Usage examples
• Security considerations (SECURITY.md)

Database Schema

4 models: Workspace, APIKey, Policy, UsageLog with proper foreign key relationships and indexes.

Original prompt

Build the foundation of an AI usage control platform. Include a FastAPI backend with API key auth, workspace/multi-tenant support, a policy evaluation endpoint (allow/block with reason codes), and usage logging. Add a Python SDK that wraps LLM calls, evaluates policy before execution, and records usage. Include a clear README explaining architecture and usage.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.