laravelsecurityaudit/laravel-ai-circuit-breaker
Composer 安装命令:
composer require laravelsecurityaudit/laravel-ai-circuit-breaker
包简介
An abuse firewall for AI endpoints: detect runaway agent loops within a request, and open a circuit on a per-tenant spend anomaly, before a self-recursing agent drains the API budget. Security-framed, not just rate limiting.
README 文档
README
An abuse firewall for AI endpoints. It stops the failure mode rate limiting does not model: a runaway agent that calls itself in a loop, or a single tenant whose spend suddenly spikes, draining the API budget before anyone notices.
This is not a rate limiter. It does two things rate limiters and cost dashboards do not:
- Loop breaker. Detects a runaway agent within one request lifecycle: too many AI calls, or the same call repeated too many times. A self-recursing agent trips this first.
- Spend-anomaly circuit breaker. Tracks estimated input tokens and calls per principal over a rolling window, and opens a circuit (with a cooldown) when a tenant spikes.
This is an independent open-source package. It is not affiliated with, endorsed by, or sponsored by Laravel, Laravel LLC, or any AI provider.
Requirements
- PHP 8.2+, Laravel 12 or 13
Installation
composer require laravelsecurityaudit/laravel-ai-circuit-breaker
It registers a global HTTP-client middleware, so it governs every outbound request to a known AI provider regardless of the SDK. Prism and the Http facade are covered automatically; for a client with its own Guzzle stack (openai-php), attach CircuitBreaker::stack().
Observe first, enforce when ready
By default the breaker observes: it counts, fires events, and logs, but never blocks, so it can never break a legitimate workload on a false anomaly. Turn on enforcement when you trust the thresholds:
CIRCUIT_BREAKER_ENFORCE=true
When enforcing, a tripped limit opens the circuit for that principal and throws CircuitOpenException, which fails the AI call (fail-closed). fail_open is true, so an internal error never breaks a real call.
Principals and multi-tenancy
Calls are accounted to the authenticated user, tenant-aware when your user model exposes a tenant key, falling back to the client IP. Bind your own PrincipalResolver to customise the fingerprint.
A note on spend estimates
The outbound request carries no token usage, so spend is estimated from the request body (about four characters per token). This is an anomaly brake, not billing. Exact post-hoc accounting from the response is a planned addition.
Events
LoopDetected and CircuitOpened fire in both observe and enforce mode, so you can wire SIEM, Slack, or PagerDuty with a single listener.
Configuration
php artisan vendor:publish --tag=circuit-breaker-config
CIRCUIT_BREAKER_ENABLED=true CIRCUIT_BREAKER_ENFORCE=false CIRCUIT_BREAKER_MAX_CALLS=25 CIRCUIT_BREAKER_MAX_REPEATS=5 CIRCUIT_BREAKER_WINDOW=60 CIRCUIT_BREAKER_MAX_TOKENS=200000 CIRCUIT_BREAKER_COOLDOWN=300
Testing
composer test
composer analyse
The Laravel Security Audit family
One detection engine, guarding every place data leaves your app.
| Package | What it guards |
|---|---|
| laravel-secret-scanner | Shared secret and PII detection engine (the core) |
| laravel-mail-guard | Outgoing Laravel mail |
| laravel-ai-egress-guard | Outbound AI provider traffic (OpenAI, Anthropic, Gemini) |
| laravel-ai-lint | Static analysis: leaked AI keys and unsafe AI wiring |
| laravel-ai-circuit-breaker (this package) | Runaway AI loops and spend |
| laravel-ai-ledger | GDPR Article 30 processing ledger for AI traffic |
License
The MIT License (MIT). See LICENSE.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 3
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-06-28