ZON
MVP · Local Gateway
ZON · Topic · ai-key-control-plane

个人版 AKCP MVP(可直接跑)

你说你现在“直接一个中转”,而你要的是:渠道台账 + 每月预算(剩余)+ RPM/TPM 限流 + 风险告警(飞书)+ 以后还能继续扩展控制能力。 这个 MVP 选择了 Gateway-first:你的业务只改 base_url,第三方 key 不再分发到业务代码/前端。

UX Demo Report

AKCP MVP (Personal, Runnable)

You currently use a “relay”. What you want is: channel inventory, monthly budgets, RPM/TPM limits, risk alerts (Feishu), and a foundation for future API controls. This MVP is gateway-first: your app only changes base_url; third‑party keys never go to your app/frontend.

UX Demo Report

你将得到

What you get

  • 本机网关Local gateway
    OpenAI-compatible 反代,多 channel(baseUrl+secretRef)。
    OpenAI-compatible reverse proxy, multi-channel (baseUrl + secretRef).
  • 计量账本Metering ledger
    本地 JSONL 记录:status/latency/tokens/cost(默认不存 prompt)。
    Local JSONL events: status/latency/tokens/cost (no prompts by default).
  • 预算 + 止损Budget guardrails
    每 channel 月预算(80% / 95% 告警;可开启 hard stop)。
    Monthly budget per channel (alert at 80% / 95%; optional hard stop).
  • RPM/TPMRPM/TPM
    RPM=每分钟请求数;TPM=每分钟 token 数(基于已记账 tokens 的 soft-limit)。
    RPM = requests per minute; TPM = tokens per minute (soft-limit based on accounted tokens).
  • 飞书告警Feishu alerts
    支持飞书/Lark Incoming Webhook(推荐)。
    Feishu/Lark Incoming Webhook supported (recommended).

为什么不直接“部署网关”到 Vercel?

Why not deploy the gateway on Vercel?

  • 这个 Board(zondev.top)是静态站点,用来展示报告/演示。把真实 key 放在云端服务上意味着扩大攻击面。
    This board (zondev.top) is a static site for reports/demos. Putting real keys in a cloud runtime expands the attack surface.
  • 个人使用最稳的是:本机运行 + Keychain 存 secret + 如需远程访问则用 Tailscale/WireGuard
    The safest personal setup: run locally + store secrets in Keychain + for remote access use Tailscale/WireGuard.

一键跑起来(macOS)

Run it (macOS)

代码在你本地:docs/best-minds-board/topics/ai-key-control-plane/mvp/(这页是部署版说明)。 
cd docs/best-minds-board/topics/ai-key-control-plane/mvp
node akcp.mjs init

# 推荐:把上游 key 放进 Keychain(配置文件只写 secretRef,不写明文)
AKCP_SECRET='sk-...' node akcp.mjs keychain:set akcp codex

# 内部 token(建议即使本机也设;将来上 VPS 必须)
export AKCP_INTERNAL_TOKEN='akcp-internal-please-change'

# 飞书告警(可选)
export FEISHU_WEBHOOK_URL='https://open.feishu.cn/open-apis/bot/v2/hook/...'
node akcp.mjs feishu:test

# 启动
node akcp-gateway.mjs
然后打开:http://127.0.0.1:19088/__akcp/ui
Your local files live at: docs/best-minds-board/topics/ai-key-control-plane/mvp/ (this is the deployed guide).
cd docs/best-minds-board/topics/ai-key-control-plane/mvp
node akcp.mjs init

# Recommended: store upstream key in macOS Keychain (config only keeps secretRef)
AKCP_SECRET='sk-...' node akcp.mjs keychain:set akcp codex

# Internal token (recommended even on localhost; required for VPS)
export AKCP_INTERNAL_TOKEN='akcp-internal-please-change'

# Feishu alert (optional)
export FEISHU_WEBHOOK_URL='https://open.feishu.cn/open-apis/bot/v2/hook/...'
node akcp.mjs feishu:test

# Run
node akcp-gateway.mjs
Then open: http://127.0.0.1:19088/__akcp/ui

安全检查清单(个人也别省)

Security checklist (even for personal use)