Dripline is an opinionated reverse-proxy gateway built for SaaS products that incur usage-based costs like having an LLM endpoint. It enforces per-user hard limits before upstream execution, preventing surprise bills and abuse.
It is not a generic API gateway, it is a cost-control layer.
Endpoints that host services like llms can be usage-priced and unpredictable. A single abusive user or integration bug can generate unexpected costs. Traditional gateways optimize for throughput and latency, not deterministic cost enforcement.
Dripline ensures that no user exceeds their configured daily quota before a cost-incurring endpoint is executed.
Dripline runs as a reverse proxy with strict separation between:
- Authenticates API keys
- Resolves end-user identity
- Detects metered endpoints
- Enforces daily usage limits
- Proxies requests upstream
- Records usage analytics
- Create and revoke end users
- Issue API keys
- Inspect per-user usage
- View system-wide usage summary
Request enters gateway -> API key resolves to internal end-user identity -> Metered endpoint detection -> Atomic usage check + increment (daily window) -> If allowed -> proxied upstream -> If limit exceeded -> 429 returned before upstream call
Enforcement happens before LLM execution.
- Per-end-user usage attribution
- Deterministic daily hard limits (UTC window)
- Atomic DB-backed enforcement
- Reverse proxy with timeout handling
- Upstream error attribution
- Restart-safe persistence
- Admin control plane
Usage is currently request-based (1 request = 1 unit). Token-based metering is planned.
Limits are enforced pre-execution to guarantee cost control.
If enforcement cannot complete, the request is blocked.
Correctness is prioritized over availability.
All enforcement uses internal UUIDs. External IDs are mapped but never trusted for enforcement.
Chosen for predictability and operational simplicity.
- a generic API manager
- an enterprise plugin gateway
- a billing engine
- a token-parsing middleware (yet)
Bun · TypeScript · Elysia · SQLite (Postgres-ready)
Core enforcement and proxy layer operational.