PromptShield AI – Xano로 구축된 AI 비용 및 위험 방화벽

Source: Dev.to

아키텍처 개요

데모

데모 워크스루 비디오

(비디오 링크는 생략되었습니다 – 실제 비디오가 준비되면 교체하세요)

제품 스크린샷

대시보드에는 Xano만을 사용해 완전히 구현된 실제 API 키, 예산, 정책, 프로바이더 및 사용량 분석이 표시됩니다.

사용한 AI 프롬프트 (백엔드 생성)

모든 백엔드 워크플로, API 정의 및 스키마 수정 사항은 투명성과 재현성을 위해 아래 GitHub 저장소에 추적됩니다:

👉

XanoScript와 AI‑우선 워크플로를 사용해 초기 백엔드를 생성했습니다. 아래는 시스템을 부트스트랩하기 위해 사용한 원본 프롬프트입니다:

You are an expert backend architect building a production-ready, multi-tenant AI infrastructure backend using Xano.

Build a backend called "PromptShield AI" — an AI Cost & Risk Firewall that sits between applications and multiple LLM providers (OpenAI, Anthropic, etc.) to enforce budgets, rate limits, and safety policies before requests reach the LLM.

The backend must be secure, scalable, and suitable for public API consumption.

Create the initial backend for PromptShield AI with the following requirements:

1. Core Concept
PromptShield AI acts as a proxy API for LLM calls. Applications send standard chat/completion payloads to PromptShield, which enforces usage policies, budgets, and risk checks before forwarding requests to LLM providers.

2. Database Schema (Postgres)
Design tables for:
- tenants (org_id, name, plan, created_at)
- api_keys (key, tenant_id, status, last_used_at)
- users (user_id, tenant_id, role)
- llm_providers (provider, model, cost_per_1k_tokens)
- usage_logs (tenant_id, user_id, feature, provider, model, tokens_in, tokens_out, cost, timestamp)
- budgets (tenant_id, scope_type, limit_amount, period, reset_at)
- policies (policy_id, tenant_id, type, rule_json, enabled)
- ... (additional tables as needed)

3. API Endpoints
Define RESTful endpoints for:
- /v1/chat (proxy chat request)
- /v1/completions (proxy completion request)
- /admin/keys (CRUD API keys)
- /admin/budgets (CRUD budgets)
- /admin/policies (CRUD policies)
- /admin/usage (retrieve usage analytics)

4. Business Logic
- Validate API key and associate request with tenant.
- Check tenant’s budget; reject if limit exceeded.
- Run prompt through safety policy engine; block if risky.
- Select cheapest provider/model that satisfies policy constraints.
- Forward request, capture token usage, compute cost, store in usage_logs.
- Return response to caller.

5. Security & Scalability
- Rate‑limit per API key.
- Store secrets securely (e.g., encrypted columns).
- Use background jobs for async logging and billing.
- Design for horizontal scaling (stateless API layer).

Provide the XanoScript code snippets, schema definitions (SQL), and example API specifications (OpenAPI v3).