For educational and research purposes only — not investment advice.
Trading Agents Lab
Download
← all docs

Cost Guard#

Stacked daily / weekly / monthly USD caps and an optional sessions-per-day rate cap. Optional. Off by default. Override per-run.

For educational research and paper trading. This is not investment advice.

What it is#

Cost Guard is a quota layer that sits in front of the live LLM debate. Before every paid-API session, the engine estimates the worst-case cost of the debate and checks it against the caps you've set. If the cost would push any cap over the limit, the request is blocked and a modal opens — you can either Cancel or Override and run anyway. The override is per-run; it does not raise the cap.

The four cap dimensions:

DimensionWhat it limits
DailyUSD spent across all debates that started today (UTC)
WeeklyUSD spent across the rolling 7-day window
MonthlyUSD spent across the rolling 30-day window
Sessions per dayCount of debates started today, regardless of cost

A cap of 0 means disabled. You can enable any subset — e.g. monthly USD only, or sessions-per-day only.

Why we built it#

LLM costs scale with model choice + token usage in ways that are easy to underestimate. A single debate with gpt-5 or Claude Opus 4.7 across 12 agents can easily cost more than you'd expect. Cost Guard turns "did I just spend $20 on three debates?" into a deliberate decision rather than a billing surprise.

It also protects against accidental loops, runaway scripts, and the occasional UI glitch that fires multiple debates. The rate cap (sessions-per-day) catches what the USD cap might miss.

Where to go in the UI#

Settings → Cost Guard.

Top of the page: a status row showing your current spend totals (daily / weekly / monthly USD, sessions today) with color bars indicating how close you are to each cap. Green = below 50%, amber = 50-90%, red = 90%+.

Below that: an Enable / Disable toggle and a form with four numeric inputs (one per cap dimension). Caps update via PUT on save. Settings can be changed at any time, including mid-session.

What counts as spend?#

The engine computes a per-session cost using a static cost rate table (engine/llm_providers.py). Rates are USD per million input/output tokens — refreshed manually when providers change them. Conservative numbers preferred.

Provider / AuthCost behavior
API-key on any per-token-billed providerReal token usage × rate table. Logged on session.complete.
OpenAI OAuth (ChatGPT subscription)$0. Subscription billing happens outside our app; we record 0 so the cost ledger only reflects per-token API spend.
Local LLM (Ollama / LM Studio)$0. Local sessions cost nothing in real dollars.
OpenRouterRecorded as 0.0 since model rates vary by underlying model and we don't track them. The rate cap (sessions-per-day) is what you'd use to discipline OpenRouter usage.

OAuth and Local sessions skip the three USD caps but do count against the sessions-per-day rate cap — even free runs benefit from quota discipline on runaway debate counts.

The pre-debate reservation flow#

Before a live debate kicks off, the renderer:

  1. Estimates worst-case cost for the session (assumes every agent maxes out its output budget, transcript grows triangularly across agents).
  2. POSTs /cost-guard/reserve with {model, auth_kind, max_tokens}.
  3. If the reservation succeeds → the debate proceeds with a reservation_id threaded on the WebSocket start frame.
  4. If the reservation fails with CostGuardBlocked → the Cost Guard modal opens.

The modal shows:

  • Which dimension would be exceeded (daily / weekly / monthly / rate)
  • Your current spend in that dimension
  • The configured cap
  • The estimated cost of the requested run

You then choose:

  • Cancel — the debate aborts. No tokens spent.
  • Override and run anyway — the renderer re-reserves with override=true. The session runs, and the cost is added to the rolling totals just like any other run. The cap itself does not change.

A three-second anti-tamper countdown disables the Override button on first appearance so you can't accidentally double-click through it. The Cancel button is always enabled.

The TOCTOU-safe reservation#

Cost Guard uses a time-of-check-to-time-of-use safe reservation pattern: the database insert of the reservation row is the atomic check. Two simultaneous debates cannot both squeeze under the same cap — the first to insert wins; the second sees the bumped totals and gets blocked.

Reservations have a 15-minute TTL. If a debate ends cleanly, the reservation is finalized with real token usage replacing the worst-case estimate. If the renderer crashes mid-debate, the reservation expires and the slot frees up. A background sweeper cleans expired reservations on every state read.

When to use which cap#

Tune to your risk tolerance:

  • Strict daily cap (e.g. $1/day) — pairs well with gpt-4o-mini/claude-haiku-4-5 and frequent experimentation. ~200 debates/day at this budget.
  • Monthly cap only (e.g. $30/month) — pairs with mixed-model use; lets you have expensive days as long as the month averages out.
  • Sessions-per-day cap (e.g. 20) — disciplines OAuth + Local users where USD caps don't fire. Also a sane secondary cap alongside USD limits.
  • All four enabled — paranoid mode. Useful for long-running unattended scenarios.

What does NOT count as spend#

  • Stub debates (no provider configured) — never charged. They run for free against the canned content.
  • OAuth debates — subscription billing is out-of-band. We record $0.
  • Local LLM debates — $0.
  • Failed sessions — if the LLM provider errors before any tokens are spent, the reservation is finalized at 0.

Reading the spend bars#

The status row at the top of the Cost Guard tab shows each cap dimension as a bar. The bar color reflects "how close are you to this cap":

Color% of cap usedWhat it means
🟢 Green0-49%Plenty of headroom.
🟡 Amber50-89%You're past halfway. Next runs may push you near the limit.
🔴 Red90-100%You're at or above the cap. Next live debate will be blocked.

For unset caps (value = 0 / disabled), the bar shows the raw spend with no fill — just a number, no progress visualization.

Resetting spend#

Spend totals are rolling windows, not user-resettable values. They automatically roll forward as time passes:

  • Daily totals reset at 00:00 UTC.
  • Weekly totals shed entries older than 7 days each midnight.
  • Monthly totals shed entries older than 30 days each midnight.

There is no manual reset — by design, so spend history can't be wiped to dodge a cap. If you need to forget historical data entirely, you can delete <userData>/data/sessions.db (or specifically the sessions table). This is destructive and not recommended; debate history is the same DB.

Tracking historical spend#

The History page shows per-session estimated_cost_usd next to each entry. Sort by date or by cost to see what your expensive runs were. This is independent of the Cost Guard windows — History never expires.

Engine API surface#

For developers integrating against the engine:

EndpointPurpose
GET /cost-guard/stateCurrent spend + config
PUT /cost-guard/configUpdate caps + enable/disable
POST /cost-guard/checkDry-run: would this debate be blocked?
POST /cost-guard/reserveAtomic check + reservation; returns reservation_id or 402 CostGuardBlocked

Full request/response shapes in docs/api.md.