Runbook — AI provider monthly budget breached
One of the LLM providers' monthly spend hit the configured budget. Investigate cause, decide whether to raise the budget or throttle, then either lift the alert or implement controls.
| Field | Value |
|---|---|
| Severity | P0 (cost runaway can be existential pre-revenue) |
| Owner | @aphaiboon |
| Alert source | Watchtower — cmmd_provider_monthly_cost_usd / cmmd_provider_monthly_budget_usd > 1.0 |
| Estimated time | 30 min |
| Required access | CMMD AdminApp → AI usage, Railway, provider dashboards |
Symptom
Section titled “Symptom”ntfy push: “Anthropic budget exceeded (105%)” or similar per provider. Watchtower → CMMD overall → Today’s AI spend tile may also be in burn-rate alert.
Why P0
Section titled “Why P0”Pre-revenue, every dollar spent on LLM upstream is money out the door without revenue offset. A runaway can be existential. Treat as P0 even when there’s no customer impact.
Most likely causes (ranked)
Section titled “Most likely causes (ranked)”- Retry storm — a worker is retrying failed LLM calls without backoff. Check logs for repeating error patterns.
- Bug increasing call rate — a recent change unintentionally calls an LLM more often per user action (e.g. removed a cache, broke a deduper).
- Abuse — a user or external actor is driving traffic deliberately. Check per-user breakdown in CMMD AdminApp.
- Real growth + stale budget — actual usage scaled past the configured cap. Decision: raise the budget, throttle, or reprice.
- Provider raised prices — verify against the provider’s pricing page; CMMD’s
CostCalculatorconstants may be stale.
Diagnose
Section titled “Diagnose”-
Open CMMD AdminApp → Reporting → AI usage by provider (last 24h vs last 7d).
-
From SQL access, drill into the suspicious provider:
SELECT feature, user_id, provider, model,COUNT(*) as requests,SUM(total_tokens) as tokens,SUM(cost_cents)/100.0 as cost_usdFROM ai_agent_usage_logsWHERE created_at >= NOW() - INTERVAL '24 hours'AND provider = '<provider>'GROUP BY 1, 2, 3, 4ORDER BY cost_usd DESCLIMIT 20; -
Identify the top spender — usually one feature or one user dominates.
-
Cross-reference recent commits on
mainfor that feature.
Mitigate
Section titled “Mitigate”Retry storm
Section titled “Retry storm”- Identify the worker firing repeated calls.
- Pause the worker in Railway (or feature-flag it off if there’s a
feature_flagsrow). - Open an issue to add proper backoff before re-enabling.
Bug causing call rate spike
Section titled “Bug causing call rate spike”- Roll back the offending deploy via Railway.
- Open an issue for the fix.
- Identify the user from
ai_agent_usage_logs.user_id. - Admin-disable the account if clearly abusive.
- Add per-user rate limit if not already in place.
Real growth
Section titled “Real growth”- Raise the budget via
AI_PROVIDER_MONTHLY_BUDGET_OVERRIDESenv var on Railway. - Notify in
#alertsof the new ceiling. - Open an issue to think about pricing/throttling for sustained scale.
Verify resolved
Section titled “Verify resolved”cmmd_provider_monthly_cost_usd / cmmd_provider_monthly_budget_usd < 0.95for 10 minutes (or budget raised so the ratio is back below 1.0)- Cause identified + recorded in postmortem doc
Escalate
Section titled “Escalate”- If spend is doubling every hour → cut off the offending feature flag immediately, even before full diagnosis
- If sustained for 1h+ with no clear cause → escalate to incident response
Related
Section titled “Related”- runbook-ai-provider-daily-spend-burn
- runbook-llm-provider-degraded (retry storms often coincide with provider degradation)