PromptShield AI – 使用 Xano 构建的 AI 成本与风险防火墙

Source: Dev.to

架构概览

演示

演示视频 walkthrough

（视频链接已省略 – 可在实际可用时替换为真实视频）

产品截图

仪表盘展示了真实的 API 密钥、预算、策略、供应商以及由 Xano 完全驱动的使用分析。

我使用的 AI Prompt（后端生成）

所有后端工作流、API 定义以及模式细化均在下方的 GitHub 仓库中进行跟踪，以确保透明度和可复现性：

👉

我使用 XanoScript 与 AI‑first 工作流生成了初始后端。以下是用于引导系统的原始 Prompt：

You are an expert backend architect building a production-ready, multi-tenant AI infrastructure backend using Xano.

Build a backend called "PromptShield AI" — an AI Cost & Risk Firewall that sits between applications and multiple LLM providers (OpenAI, Anthropic, etc.) to enforce budgets, rate limits, and safety policies before requests reach the LLM.

The backend must be secure, scalable, and suitable for public API consumption.

Create the initial backend for PromptShield AI with the following requirements:

1. Core Concept
PromptShield AI acts as a proxy API for LLM calls. Applications send standard chat/completion payloads to PromptShield, which enforces usage policies, budgets, and risk checks before forwarding requests to LLM providers.

2. Database Schema (Postgres)
Design tables for:
- tenants (org_id, name, plan, created_at)
- api_keys (key, tenant_id, status, last_used_at)
- users (user_id, tenant_id, role)
- llm_providers (provider, model, cost_per_1k_tokens)
- usage_logs (tenant_id, user_id, feature, provider, model, tokens_in, tokens_out, cost, timestamp)
- budgets (tenant_id, scope_type, limit_amount, period, reset_at)
- policies (policy_id, tenant_id, type, rule_json, enabled)
- ... (additional tables as needed)

3. API Endpoints
Define RESTful endpoints for:
- /v1/chat (proxy chat request)
- /v1/completions (proxy completion request)
- /admin/keys (CRUD API keys)
- /admin/budgets (CRUD budgets)
- /admin/policies (CRUD policies)
- /admin/usage (retrieve usage analytics)

4. Business Logic
- Validate API key and associate request with tenant.
- Check tenant’s budget; reject if limit exceeded.
- Run prompt through safety policy engine; block if risky.
- Select cheapest provider/model that satisfies policy constraints.
- Forward request, capture token usage, compute cost, store in usage_logs.
- Return response to caller.

5. Security & Scalability
- Rate‑limit per API key.
- Store secrets securely (e.g., encrypted columns).
- Use background jobs for async logging and billing.
- Design for horizontal scaling (stateless API layer).

Provide the XanoScript code snippets, schema definitions (SQL), and example API specifications (OpenAPI v3).