FR-AI-001
AI Gateway cost-ledger pre-call check
module: AI
priority: MUST
status: accepted
verify: T
phase: P0
slice: 1
effort: 8h
Complete inventory of CyberOS Feature Requests — server-rendered at build time per FR-DOCS-001.
AI Gateway cost-ledger pre-call check
AI Gateway cost-ledger post-call reconcile
BRAIN audit-row bridge — canonical Writer for AI Gateway
Cost-hold expiry cleanup job — refund unsettled holds + emit audit
Tenant-policy YAML loader — per-tenant cap + warn + override + residency
Model-alias resolution (chat.smart → bedrock:claude-3.5-sonnet) with per-tenant override
Provider cost-table loader — YAML-backed, hot-reloadable rate table
LiteLLM-derived multi-provider router with retry + 30s failover SLA
Circuit breaker per (provider, model) with half-open recovery probing
Streaming SSE end-to-end (token-by-token to client)
Presidio EN-base PII redaction in-flight (every prompt)
VN-PII Presidio plugin (CCCD · MST · VN phone · NĐD · VN address · bank account)
VN-PII recall ≥ 99% per-recognizer CI gate on 200-sample fixture
Persona-version system-prompt injection from BRAIN memories/personas/<handle>.md
ZDR (Zero Data Retention) attestation table + enforcement when tenant policy requires
Tenant residency pinning (sg-1 / eu-1 / us-1 / vn-1) propagating to provider region selection
Per-tenant Redis response cache keyed by (tenant × redacted-prompt × model × persona); ≥30% hit-rate P0 target
Cross-tenant cache leak property-test (hard zero) — 200K random ops + 7 regression scenarios + adversarial inputs
Self-hosted BGE-M3 embeddings (single L4 GPU sidecar) + ONNX-CPU fallback + adaptive batching
BGE-reranker-v2-m3 cross-encoder for KB reranking (per-region sidecar; CPU fallback)
cyberos-ai operator CLI (usage · models · policy · failover · invoice · breaker · expiry · brain) with --confirm + --json + audit
OpenTelemetry trace + span emission for every call (caller → router → provider → response) with W3C TraceContext + PII-safe attributes
Tenant create — root-admin in tenant 0 calls POST /v1/admin/tenants with idempotency + RLS provisioning
Subject create — POST /v1/admin/subjects with bcrypt + role allow-list + idempotency + RLS-enforced cross-tenant blocking
RLS enforcement at every tenant-scoped table — USING + WITH CHECK + per-connection app.tenant_id + property test
JWT issuance + JWKS endpoint (RS256) with tenant_id + agent_persona + scope_grants + dual-rate-limit + jti dedup
Admin REST: list tenants + list subjects + revoke subject + unrevoke + cursor pagination + jti deny-list
cyberos-auth bootstrap CLI: tenant 0 + root-admin + initial signing key + sweepers + idempotency-table cleanup
Layer-2 ingest pipeline (binlog → pgvector + Apache AGE) — chain-anchor verification + 1s p95 lag + per-tenant cursor + idempotent UPSERT
Layer-2 rebuild-from-Layer-1 CI gate — deterministic rebuild + spot-check + 30min budget + mid-rebuild resume + multi-tenant
brain-sync daemon — laptop A ↔ Cloud BRAIN ↔ laptop B with sync_class gating + CRDT conflict + 10K offline buffer + device-id stamp
Tauri 2.x desktop app — macOS + Windows + Linux signed/notarised + auto-update + tray + quick capture + Full Disk Access
cyberos doctor — watched-folders integrity invariants (manifest ↔ filesystem ↔ HEAD reconciliation; 5 new invariants in memory.invariants.yaml)
BRAIN sync_class enforcement — private vs shareable + ACL filtering + structural compensation exclusion + property test
BRAIN capture daemon — Rust + notify crate FS watcher with rate-limit + content-dedup + backpressure + W3C trace propagation
BRAIN search — vector + graph + full-text in parallel + RRF fusion + BGE-rerank + RLS + ACL + chain_anchor verify + 250ms p95
Claude Code hook capture — UserPromptSubmit + PostToolUse + Stop hooks emit BRAIN memories with prompt + diff + trace correlation
BRAIN capture daemon supervision — systemd + launchd units + /healthz + watchdog + crash-restart with exponential backoff + sweeper cron
BRAIN pre-ingest PII detection — Presidio EN + custom VN recognisers; ≥ 99.5% held-back recall on labelled fixture; auto-redact at capture boundary
Mattermost v9.x fork at pinned MIT-Apache commit + automated license-drift watcher + CI gate
cyberos-chat-authbridge plugin — Mattermost auth delegates to FR-AUTH-004 JWT with tenant_id propagation and SCIM-free provisioning
Per-tenant CHAT deployment — AWS Fargate + RDS Multi-AZ + Redis ElastiCache with Terraform module and per-tenant isolation
PGroonga + custom Vietnamese bigram tokeniser — VN message search with ≥ 80% recall CI gate and dual-path (VN-bigram / EN-PGroonga) hybrid routing
BRAIN bridge — Postgres logical replication from chat to BRAIN Layer-3 ingest with p95 ≤ 5s latency
Slack import — `cyberos-chat import slack` with 8-step idempotent checkpoint-driven workflow
Zalo manual export importer — `cyberos-chat import zalo --bundle.zip` with VN-Unicode normalisation and Zalo-specific message kinds
@lumi mention parser — message mentions trigger CUO routing + BRAIN capture row + reply
Retro-capture flow — `@lumi remember the last N messages` with per-message opt-in checkboxes and aggregated BRAIN memory
Decommission signal — (chat msgs) / (chat + slack + zalo msgs) ≥ 0.95 over 14-day rolling window with per-tenant trigger
Mobile push delivery — APNS + FCM with privacy-preserving payload (title + sender only; no body)
DSAR export — Data Subject Access Request: every message a subject authored + chained BRAIN audit hashes for tamper-evidence
Server-render NFR catalog + Risk Register + FR catalog at build time — Pagefind-indexed + crawler-visible + deterministic + Alpine reactive coexistence
OTel Collector + LGTM stack (Loki + Prometheus + Tempo + Grafana) with mTLS ingress + per-service tokens + retention + file-buffer
Tenant-aware Grafana proxy (Rust) — AST-injects tenant_id into PromQL/LogQL/TraceQL with anti-bypass + property test + audit log
Per-service RED metrics (rate/errors/duration) via cyberos-obs-sdk shared crate with macro + CI lint + standardised buckets
LangSmith integration for AI traces — self-hosted + per-tenant opt-in + redacted-prompts-only + W3C TraceContext correlation + async non-blocking
W3C TraceContext correlation across logs/metrics/traces/AI-traces — propagate, embed, exemplar, end-to-end CI test
Tail-based sampling at OTel collector — 100% errors/5xx/slow/flagged + 10% normal + decision_wait + flagged-tenants config
obs-router: Alertmanager → CUO obs.triage-alert@1 skill → CHAT (≥0.70 conf) OR PagerDuty + sev-1 always pages + ack-button + audit
obs-compliance-view: pre-built read-only views (EU AI Act / PDPL / SOC 2 / ISO 27001) over BRAIN audit chain with Ed25519 chain-proof + tenant-scoped + PDF/JSON export
Chain-of-custody manifest with Ed25519 signature on every compliance export — PDF cover + JSON sidecar + audit row + verifier CLI
PROJ Issue + Cycle + Engagement schema — RLS + cross-module linkable + status FSM + audit + assignee validation
BRAIN-anchored proj.decision row per Issue state change — reason + prior_chain link + cross-module references + ACL + audit-before-action
Yjs CRDT for issue description + comment-body fields; LWW for scalar metadata; reconnection state recovery; conflict-free multi-cursor editing
Issue lifecycle FSM — backlog → todo → in-progress → in-review → done | cancelled with FR-PROJ-002 audit trail, validation, and forward-only enforcement
Rate-card schema per Engagement — (role × currency × hourly_rate × billable_default) with effective-date versioning and FR-AUTH-003 RLS
Billable cascade — Member-override → task-class → role-default → fallback; resolution snapshot at time-entry write
Three billing modes — Time & Materials, Fixed-Fee, Retainer — with mode-aware rollups and per-mode invoice generation hooks
BRAIN audit row per issue mutation — chained to PROJ history_event table with field-level diff and chain_anchor verification
BRAIN_LINK schema — Issue ↔ BRAIN memory linkage (cites | implements | supersedes) with bidirectional traversal and link-graph queries
Citation drift detector — nightly sweep flags stale BRAIN_LINKs (deleted target, superseded chain, broken memory_row_id) with operator notification
Blocker detector from comment stream — `blocked by` parser + dwell-time monitor + CUO Notify on stale blockers
Cycle-review draft generator — CUO/COO-persona LLM compose at cycle close with completion stats, blocker recap, and editable BRAIN draft
Estimate calibration snapshot — per-member per-task-class nightly batch with Bayesian update and operator-visible accuracy trend
Kanban Board view — drag/drop status transition + keyboard-first navigation + 60fps virtualised list rendering
Timeline view — cycle window × assignee swimlane with day-grid layout, drag-resize for date changes, and milestone markers
Gantt view with dependency arrows — issue-to-issue precedence + critical path highlighting + roll-up to parent issue
Brief Modal — issue deep-view with Yjs description editor + threaded comments + LWW meta sidebar + presence cursors
Liquid-Glass design tokens (tokens.proj.css) + axe-core CI accessibility gate + Storybook visual regression
Skill BRAIN integration — skill.invoked_started + skill.invoked_completed audit rows (skill.* namespace) + args_hash + trace_id propagation + panic-recovery
Self-hosted OCI registry for .skill bundles — cosign signing + tenant-scoped + immutable tags + 100MB cap + audit
SKILL.md frontmatter extension — allowed_brain_scopes + allowed_tools + version + signature enforced by capability broker
Capability broker — subprocess sandbox enforces allowed_tools + allowed_brain_scopes at invoke time; tool-name allowlist + path-glob allowlist + timeout enforcement
brain-capture@1 skill bundle — canonical SDK-style entry point for emitting BRAIN capture rows from tools, scripts, and external integrations
brain-sync@1 skill bundle — operator-facing sync trigger that defers to Stage 4 orchestrator (slice-3 stub; full sync ships P2)
synthesis-author@1 skill — nightly multi-brain auto-evolve composes derived memories from clustered raw captures (P3 — stub scaffold in P1)
vietnam-mst-validate@1 skill — Vietnamese Tax ID (MST) validation against General Department of Taxation (GDT) public registry
vietnam-bank-transfer@1 skill — VietQR + Napas247 transfer-code generator with bank-prefix validation, BRAIN audit, and per-transfer idempotency
vietnam-vat-invoice@1 skill — Vietnamese e-invoice (hóa đơn) Decree 123 XML emitter with GDT submission, digital signature, and per-invoice audit trail