Status: research. This document does NOT constitute financial or procurement advice. Vendor API details reflect publicly-available documentation as of 2026-04-30. All pricing should be verified directly with each vendor before acting on cost estimates.
Commissioned: 2026-05-01 UTC — Kristerpher Authored by:
raxx-pm-bot(initial study, PR #750) Updated: 2026-04-30 UTC —raxx-research-botper-vendor billing API deep-dive Update source: research branchresearch/billing-vendor-api-research
The 2026-05-01 commission identified two vendors that need re-verification before the partial-go recommendation in PR #750 holds up:
/users/{user}/settings/billing/actions and the org equivalent endpoints have been
superseded by the Enhanced Billing platform, which exposes budget management endpoints
scoped to enterprise/organization budgets and admin/billing-manager identities. Personal
Pro accounts no longer have a documented programmatic billing endpoint.This update redoes the per-vendor research for the remaining nine vendors, recomputes spend-weighted coverage with the two confirmed gaps, and revises the recommendation + operator action items accordingly.
The decision shifts from partial-go (PR #750) to defer or scope-down (this update), because programmatic spend-coverage drops below the threshold once Anthropic and GitHub Actions are excluded.
Kristerpher's request (2026-05-01 UTC): add a Billing section to console.raxx.app showing
real-time monthly costs per vendor, end-of-cycle projections, color-state warnings, and
email-on-breach alerts. The hard constraint is completeness — a partial dashboard that
silently omits a spend category creates a false sense of security. The feature is only
worthwhile if every active cost source is accounted for or explicitly acknowledged as a
manually-entered line item.
The existing console epic (#146) and customer-billing console epic (#403) cover Stripe/subscription-side billing for Raxx's own customers. This study is scoped entirely to Raxx's own vendor/infrastructure costs — what Raxx pays out, not what customers pay in.
Related issue: #726 (GitHub Actions billing posture, runner strategy + cost tracking).
Each vendor was checked against the same 8 questions: 1. Does the vendor expose a billing or usage API? 2. What's the API endpoint (full path)? 3. What scope/auth is required? 4. What does the response include — current period spend, per-line-item, rate-limit info? 5. Cost to call the API. 6. Lag between charge and API visibility. 7. Plan-tier requirement (free / paid / enterprise). 8. Verdict: API-trackable / derivable / instrumentation-required / dashboard-only.
| Field | Detail |
|---|---|
| What we use | CI/CD on personal Pro account ($4/mo plan, 3,000 included min/mo). |
| Pricing model | Flat plan + overage at $0.006/min Linux. Per memory project_ci_billing.md, current burn is below 5,000 min/mo threshold. |
| Est. monthly spend | $4 base; overages $0–$58 depending on cadence. |
| Billing API | Legacy endpoints /users/{user}/settings/billing/actions and /orgs/{org}/settings/billing/actions no longer documented at docs.github.com/en/rest/billing/billing as of 2026-04-30. Page now lists only Advanced Security endpoint and links to the Enhanced Billing platform. |
| Enhanced Billing API | GET /organizations/{org}/settings/billing/budgets (and {budget_id} variants). Authenticated user must be organization admin or billing manager. Public preview as of GitHub's 2024-09 changelog. Enterprise/organization-scoped only — does not surface personal-account spend. |
| Verdict | Dashboard-only / Enterprise-only. Confirmed by Kristerpher 2026-05-01: not feasible for Raxx's current account posture. |
| Workaround | Flat $4/mo is hardcodable. Overage above 3,000 min would only be visible via the GitHub web UI billing page. Manual operator entry once per cycle if overage occurs (per #726, currently not occurring). |
| Field | Detail |
|---|---|
| What we use | DNS, CDN/proxy for raxx.* zones; CF Access for console + internal docs; Pages for Antlers; Workers (none active yet). |
| Pricing model | Free tier covers DNS + basic proxy. Workers Paid $5/mo + $0.50/M req above 10M. Pages free tier. Access free up to 50 users, then $7/user/mo. |
| Est. monthly spend | $0–$5/mo (likely $0; pre-launch user count under Access free tier; Pages free; Workers not active). |
| Billing API — zone subscription | GET /zones/{zone_id}/subscription returns rate-plan tier (free/lite/pro/pro_plus/business/enterprise/partners), price in USD, currency, current_period_start/end, frequency, state. Auth via Bearer token. Plan-tier availability not explicitly documented but works on free zones (returns the free-tier subscription record). |
| Billing API — account/usage | No public REST endpoint for "current month account-level spend" as of 2026-04-30. The "billable usage dashboard" exists in the dashboard UI; the underlying data is not exposed via documented v4 REST or GraphQL API. |
| Cost / lag | Subscription endpoint is free to call. Usage data has up to 24h lag in dashboard but is not API-accessible. |
| Verdict | Partially derivable. Zone subscription API confirms each domain's rate-plan price (sum across zones = base CF subscription cost). Workers/Pages/Access overage is not API-readable; would have to be manually entered or scraped from dashboard. |
| Notes | At pre-launch volume, summing zone subscription prices likely covers ~100% of CF spend (no Workers traffic, Pages free, Access under 50 users). Operator-confirmable monthly. |
global scope (not a read-only key)| Field | Detail |
|---|---|
| What we use | Hosting for Raptor (backend_v2). |
| Pricing model | Per-dyno-hour. Eco $5/mo, Basic $7/mo, Standard-1X $25/mo/dyno. Plus add-ons (Heroku Postgres tier, papertrail, etc.). |
| Est. monthly spend | Unknown — depends on current dyno tier and add-on stack. |
| Billing API | GET /account/invoices (list) and GET /account/invoices/{invoice_number} (detail). Platform API v3. Documented under "Invoice" resource. Returns line-item breakdown including dynos and add-ons. Not Enterprise-gated — available to all paid accounts. |
| Auth scope | Critical finding: Heroku OAuth scopes (identity, read, read-protected, write, write-protected) all explicitly exclude account information. Only the global scope grants /account/invoices/* access. The vault's HEROKU_API_KEY at /MooseQuest/heroku/ is a CLI-style API key — its scope must be confirmed; it likely is global (CLI default) but a fresh dedicated key for billing telemetry would also need global. There is no read-only-billing-only scope. |
| Cost / lag | Free to call. Current-period invoice updates in near-real-time as dyno-hours accumulate. |
| Verdict | API-trackable — but the scope requirement means the same key that reads invoices can also deploy/destroy apps. Mitigate with a separate, named, restricted-by-IP API key used only by the collector. |
Covers Lightsail + S3 + KMS in one API call.
| Field | Detail |
|---|---|
| What we use | Lightsail VPS, S3 (backups + FreeScout attachments + status snapshots), KMS keys (Infisical + console secrets). |
| Pricing model | Lightsail $5–$20/mo per bundle + $0.09/GB egress overage. S3 $0.023/GB-mo + $0.09/GB egress + per-request fees. KMS $1/key/mo + $0.03/10,000 calls. |
| Est. monthly spend | Lightsail ~$5–$20; S3 ~$1–$5; KMS ~$1–$3. Combined ~$7–$28. |
| Billing API | GetCostAndUsage (granularity DAILY/MONTHLY/HOURLY; metrics include UnblendedCost, AmortizedCost, etc.; SERVICE filter supported). GetCostForecast returns end-of-month projection natively. GetDimensionValues enumerates services. |
| IAM permissions | ce:GetCostAndUsage + ce:GetCostForecast + ce:GetDimensionValues. Dedicated read-only IAM policy. CloudWatch read-only adjunct (cloudwatch:GetMetricStatistics) needed for Lightsail NetworkOut overage projection. |
| Cost per call | $0.01 per request (confirmed from AWS Cost Explorer pricing page). Pagination counts as separate requests. Hourly granularity adds $0.01 per 1,000 usage records monthly (negligible at our scale). |
| Lag | ~24h ("Estimated" boolean in response; data lags 8–24h typically; some services up to 2 days). Cost Explorer refreshes once daily. |
| Plan tier | Available to all AWS accounts (no Enterprise gating). |
| Verdict | API-trackable — the gold-standard vendor for this feature. Daily polls = ~$0.30/mo in API fees; 4 polls/day = ~$1.20/mo. |
| Field | Detail |
|---|---|
| What we use | Transactional email — ops alerts, future user-facing emails via no-reply@raxx.app. |
| Pricing model | Free Developer 100 emails/mo (no overage allowed). Paid tiers start at 10,000 emails/mo: Basic $15/mo + $1.80/1k overage; Pro $16.50 + $1.30/1k; Platform $18 + $1.20/1k. |
| Est. monthly spend | $0–$15/mo currently (pre-launch, low volume). |
| Billing API | No account-level billing/invoice endpoint in the public Postmark API as of 2026-04-30. The API reference lists Email, Bulk, Bounce, Templates, Server, Servers, Message Streams, Messages, Domains, Sender signatures, Stats, Triggers, Webhooks, Suppressions, Data Removal. No "Account" or "Billing" or "Invoices" section. |
| Stats API (workaround) | GET /stats/outbound and /stats/outbound/sends accept fromdate + todate and return aggregated message counts. Uses X-Postmark-Server-Token (server-level, not account). To cover all servers we'd iterate per server token. |
| Cost / lag | Free to call. Counts are real-time. |
| Verdict | Derivable — multiply counts × tier-rate to compute spend. At pre-launch volume this is rounding-noise; if we move to Basic+ paid plan, the flat $15/mo is the dominant cost and the count-based overage is small-but-trackable. |
| Field | Detail |
|---|---|
| What we use | Agent orchestration — all raxx-*-bot calls. |
| Pricing model | Per-token: Claude Sonnet input ~$3/M, output ~$15/M (rates vary by model; verify at anthropic.com/pricing). |
| Est. monthly spend | $20–$200/mo (variable with agent dispatch frequency). |
| Billing API — discovery | The Admin API exposes GET /v1/organizations/cost_report returning per-day cost amounts (in cents, USD), grouped by workspace_id / description / model / token_type. The endpoint exists. |
| Plan tier requirement | Admin API docs explicitly state: "The Admin API is unavailable for individual accounts." Requires organization setup with admin role and an sk-ant-admin... admin key. Per Kristerpher 2026-05-01: Anthropic account is individual / self-serve, so Admin API is not accessible. |
| Verdict | Dashboard-only / Enterprise-org-gated. Confirmed by Kristerpher: not feasible. |
| Future option (do not implement now) | If Raxx ever upgrades to Anthropic Team plan and provisions an org admin, the cost-report endpoint would close this gap programmatically. Token-instrumentation (an internal agent_token_log table) is technically possible but is explicitly out of scope per this commission — it's a separate decision, not a card to file here. Until a future decision, this gap is a hard "instrumented-or-manual" line item. |
| Interim mitigation | Anthropic's console at console.anthropic.com → Settings → Spend Limits supports a hard monthly cap — operator should set this regardless of feature decision. |
| Field | Detail |
|---|---|
| What we use | Secrets management for vault paths /MooseQuest/..., /Raxx/.... |
| Pricing model | Free: 5 identities, 3 projects, 3 environments, 10 integrations. Pro: $18/identity/mo. Enterprise: custom. |
| Est. monthly spend | $0 (on free tier). |
| Billing API | None documented. |
| Verdict | Fixed/$0. No API needed. If Raxx upgrades to Pro, the cost is seats × $18 — flat hardcodable. |
| Field | Detail |
|---|---|
| Registrars in use | Per project memory and CF zones: raxx.app, raxx.io, getraxx.com, moosequest.net. Registrar mix unconfirmed in repo — likely Cloudflare Registrar (at-cost) for some; Namecheap/Squarespace for others. Operator action: enumerate annual costs once. |
| Pricing model | Annual flat fee per domain — typically $10–$20/yr each. Cloudflare Registrar charges at-cost (no markup). |
| Est. monthly spend | $5–$15/mo amortized across 4+ domains. |
| Billing API | None. Cloudflare Registrar inherits CF's no-billing-API gap. Namecheap, Squarespace Domains, Google Domains successor: no documented programmatic per-customer billing APIs. |
| Verdict | Fixed/hardcoded. Operator enters total annual spend once; dashboard amortizes /12. No projection or overage risk. |
| Field | Detail |
|---|---|
| What we use | Email for kris@moosequest.net (and any aliases), shared Drive. |
| Pricing model | Business Starter $6/user/mo. |
| Est. monthly spend | $6–$12/mo flat. |
| Billing API — direct customers | Admin SDK Reports API returns activity/usage events (logins, drive activity), not dollar amounts. The Reseller API supports billing for resellers, not end-customers. Google Workspace direct customers receive monthly PDF invoices via email; no documented API to retrieve current-month spend programmatically. |
| Verdict | Fixed/hardcoded. Predictable per-seat flat cost. Operator enters seat count + tier once; dashboard computes seats × tier_rate. |
| Field | Detail |
|---|---|
| What we use | Unconfirmed if Raxx has a paid 1Password Business / Teams subscription. |
| Pricing model | Teams: $4/user/mo. Business: $7.99/user/mo. Individual: $2.99/mo. Families: $4.99/mo. |
| Est. monthly spend | $0–$8/mo depending on current subscription. |
| Billing API | 1Password offers Events API (audit/security events for SIEM) and Users API (read-only members). No documented billing/subscription/invoice API in public developer docs as of 2026-04-30. |
| Plan tier for API | Events API requires Business plan. Free / Teams / Individual tiers do not have programmatic admin access. |
| Verdict | Fixed/hardcoded if subscribed; manual or dashboard-only for current-period spend regardless of tier. |
| Operator action | First confirm subscription status. If subscribed at $4–$8/seat/mo, enter as flat hardcoded line. |
| Field | Detail |
|---|---|
| What we use | MooseQuest workspace — internal team comms. Per memory, currently free tier. |
| Pricing model | Free (limited history). Pro $7.25/user/mo. Business+ / Enterprise Grid: higher. |
| Est. monthly spend | $0 currently (free tier). |
| Billing API | admin.users.list returns user list but is Enterprise Grid-only ("The features within are only available to Slack workspaces on an Enterprise plan."). Free / Pro / Business+ workspaces cannot use admin.* methods. There is no billing-amount endpoint at any tier. |
| Verdict | Fixed/hardcoded. $0 today. If upgraded to Pro: seats × $7.25/mo flat. |
Captured under §1.4 (AWS) but called out separately because it has overage risk and lag:
NetworkOut (free to read via cloudwatch:GetMetricStatistics) tracks outbound bytes in real-time. The collector compares NetworkOut vs bundle allowance and projects overage cost without waiting for Cost Explorer.Per project memory, OpenAI is not currently used. Confirmed not in scope.
| Field | Detail |
|---|---|
| What we use | Not yet active. Drop-in if GH Actions burn exceeds 5,000 min/mo (per memory project_ci_billing.md and ADR-0033). |
| Pricing model | ~$0.0008/min for 2vCPU runners. |
| Billing API | No public billing API confirmed. Smaller vendor — likely manual/dashboard-only. |
| Verdict | N/A pending activation. If activated, GH Actions minute logs serve as a count proxy; Ubicloud minutes cost is multiplied externally. |
| Vendor | Mid-est. monthly spend | Verdict | Category |
|---|---|---|---|
| GitHub Actions | $15 ($4 base + $11 overage if any) | Dashboard-only / Enterprise-API-only | Black hole / fixed-base |
| Cloudflare | $2 | Zone-subscription API only; usage dashboard-only | Derivable for sub; fixed for usage |
| Heroku | $20 | Invoice API works (requires global scope) |
API-trackable |
| AWS (Lightsail + S3 + KMS) | $15 | Cost Explorer + Forecast | API-trackable |
| Postmark | $3 | Counts API; no invoice API | Derivable |
| Anthropic API | $60 | Admin API exists but org-only; we are individual | Black hole (instrument or manual) |
| Infisical | $0 | No API; free tier | Fixed/$0 |
| Domain registrars | $8 | No API across registrars | Fixed/hardcoded |
| Google Workspace | $9 | No direct-customer billing API | Fixed/hardcoded |
| 1Password | $2 (if subscribed) | No billing API | Fixed/hardcoded |
| Slack | $0 | Free tier; admin API Enterprise-only anyway | Fixed/$0 |
| Ubicloud | $0 (inactive) | N/A | N/A |
Best-estimate total monthly spend (mid-estimate):
| Vendor | Mid est. |
|---|---|
| GitHub Actions | $15 |
| Cloudflare | $2 |
| Heroku | $20 |
| AWS (all) | $15 |
| Postmark | $3 |
| Anthropic API | $60 |
| Infisical | $0 |
| Domains (amortized) | $8 |
| Google Workspace | $9 |
| 1Password | $2 |
| Slack | $0 |
| Total | $134 |
Coverage by category (spend-weighted, mid-estimate):
| Category | Vendors | $ covered | % of $134 |
|---|---|---|---|
| API-trackable (current-month spend via API) | Heroku, AWS | $35 | 26% |
| Derivable (counts × rate) | Cloudflare (zone sub), Postmark | $5 | 4% |
| Fixed/hardcoded (flat predictable, no API needed) | GitHub Actions base ($4), Infisical, Domains, Google Workspace, 1Password, Slack | $23 | 17% |
| Manual / instrumented (operator-entered each cycle, or future internal telemetry) | Anthropic ($60), GitHub Actions overage ($11) | $71 | 53% |
| Black hole (no path) | (none — all vendors land in one of the rows above) | $0 | 0% |
Combined "trackable without manual operator intervention each cycle": API-trackable ($35) + Derivable ($5) + Fixed-hardcoded ($23) = $63 of $134 = 47%.
Combined "trackable + operator-entered manual": $63 + $71 manual = $134 of $134 = 100% of spend — but only if the operator enters Anthropic + GH Actions overage figures every cycle.
PR #750 estimated 77% programmatic coverage assuming Anthropic + GitHub Actions were both either API-trackable or instrumentable. With both confirmed gaps:
| Scenario | Programmatic coverage | Notes |
|---|---|---|
| PR #750 baseline (Anthropic API confirmed, GH API working) | 77% | Now invalidated |
| PR #750 with Anthropic via internal token instrumentation | ~89% | Still possible as a separate future card; out of scope here |
| This update — both confirmed gaps, no instrumentation | 47% | Below 80% bar |
| This update + Anthropic instrumentation card filed separately | ~83% | Crosses bar but requires separate decision |
The 47% figure assumes the operator does not enter manual values. If the operator commits to a reliable monthly manual-entry workflow for Anthropic + GH Actions overage, total coverage approaches 100% — but this is exactly the "false sense of security" risk Kristerpher flagged: a dashboard with manual-entry blanks is only as accurate as the operator's monthly diligence.
Rationale: programmatic coverage at 47% sits well under the 80% bar. Closing the gap requires either (a) Anthropic Team-plan upgrade + admin-key provisioning, or (b) an internal token-instrumentation card, or (c) accepting manual operator entry as a permanent mode. None of those are decided today. Building the full real-time-projection-with-alerts feature on top of a 47% base creates the exact misleading-completeness risk that sparked this commission.
Path A — Defer entirely until Anthropic gap closes. Wait until either Raxx upgrades Anthropic to Team tier OR the token-instrumentation card is approved + shipped. Re-run this study at that point. No console work between now and then.
Path B — Scope-down to "Fixed-Cost Dashboard" (recommended). Ship a reduced version that covers only the categories where coverage is high: - AWS (Cost Explorer API — real-time, projected) - Heroku (invoice API — real-time, projected) - Cloudflare (zone subscriptions — flat per-zone) - Plus all flat/fixed items: Infisical, domains, Google Workspace, 1Password, Slack, GitHub Actions $4 base.
This ships ~$58 of $134 = ~43% of spend with full programmatic confidence, plus another $5 derivable (Postmark + CF usage proxy) = ~$63 / 47% confident.
Explicitly excludes Anthropic + GH Actions overage. The dashboard shows a banner:
"Variable LLM and CI overage costs (estimated $60–$80/mo) are not tracked in this view. See Anthropic console + GitHub billing page for those figures."
This is honest, not misleading. Operator gets value (real visibility into the half they can track) without the risk of manual-entry-rot in the half they can't.
Path C — Full build with manual-entry blanks (NOT recommended). Build the full feature, accept that Anthropic + GH overage are operator-entered each cycle, label them clearly. Risk: operator forgets to enter monthly, dashboard silently under-reports, false confidence. Violates the completeness constraint.
Path A is also defensible. Path C should be rejected unless Kristerpher explicitly accepts the manual-entry-rot risk.
The PR #750 operator-action list had 11 items, several of which assumed Anthropic + GH APIs were viable. Revised list:
| # | Action | Priority | Rationale |
|---|---|---|---|
| 1 | DROP — GitHub PAT for billing. No personal-account API. Skip. | — | Confirmed Enterprise-only. |
| 2 | DROP — Anthropic billing API check. Already confirmed unavailable on individual tier. | — | Confirmed by Kristerpher. |
| 3 | KEEP (interim only) — Anthropic console spend limit. console.anthropic.com → Settings → Spend Limits → set monthly cap. Click-only, no API. |
High | Independent of dashboard decision. |
| 4 | Path B trigger — Heroku API key with global scope. Heroku dashboard → Account Settings → API Key → generate new key. Vault path: /Raxx/Console/Billing/HEROKU_API_KEY. Note: existing HEROKU_API_KEY at /MooseQuest/heroku/ may already have global scope (CLI default) — operator can re-use OR provision a separate billing-only key for blast-radius isolation. |
High (if Path B) | Required for invoice endpoint. |
| 5 | Path B trigger — AWS IAM read-only billing key. Create IAM policy with ce:GetCostAndUsage, ce:GetCostForecast, ce:GetDimensionValues, cloudwatch:GetMetricStatistics. Vault: /Raxx/Console/Billing/AWS_BILLING_*. |
High (if Path B) | Required for AWS coverage. |
| 6 | Path B trigger — Cloudflare API token with Zone:Read. Create token at dash.cloudflare.com/profile/api-tokens with Zone → Zone → Read permission across all zones. Vault: /Raxx/Console/Billing/CLOUDFLARE_BILLING_TOKEN. |
Medium (if Path B) | Required for zone subscription API. |
| 7 | Operator data-entry one-time — domain renewal totals. Log into each registrar (CF Registrar, Namecheap/Squarespace/etc.) and tally annual renewal cost per domain. Sum across all owned domains. | Low | Feeds the static amortized line. |
| 8 | Operator confirmation — 1Password subscription status. Is Raxx paying for 1Password Business / Teams, or using Family / Individual? Confirms whether $0 or $2–$8/mo line is needed. | Low | Affects $2/mo line. |
| 9 | Operator confirmation — Google Workspace seat count. How many active seats on moosequest.net? Multiply by tier rate. |
Low | Affects $6–$12/mo line. |
| 10 | DROP — Cloudflare feature request for billing API. Listed in PR #750 as "file feature request." Workers/Pages/Access overage API may eventually exist but not on our timeline. Skip until needed. | — | Path B doesn't depend on this. |
| 11 | Postmark Account Token confirmation. Verify X-Postmark-Account-Token exists at account.postmarkapp.com (separate from per-server tokens). Vault: /Raxx/Console/Billing/POSTMARK_ACCOUNT_TOKEN. |
Low (if Path B) | Required only if Postmark crosses into Basic+ paid tier. |
Items intentionally omitted from this revision: - Token-instrumentation for Anthropic — explicitly out of scope per commission rules. - GitHub Enterprise Cloud upgrade — not contemplated; cost vastly exceeds the visibility benefit. - Cloudflare workaround feature requests — too long-tail to commit to.
Q1: Are we comfortable shipping a dashboard that omits Anthropic + GH overage entirely
(with a "see vendor console" banner for those two)?
├── Yes → Path B (Fixed-Cost Dashboard)
│ ├── Provision keys per items 4, 5, 6 above (~1–2 hours operator time)
│ ├── PM files implementation cards for collectors: AWS, Heroku, CF zones
│ ├── PM files cards for fixed-line entries: domains, GWS, 1Password,
│ │ Slack, Infisical, GH base $4
│ └── Rough LOE estimate: ~10 dev-days (vs ~20 in PR #750)
│
└── No → Q2
Q2: Are we willing to upgrade Anthropic to Team tier ($30 minimum/mo for 5 seats)
OR approve a separate token-instrumentation card?
├── Yes → Path A (defer full feature until that lands; revisit study)
│
└── No → Path A (defer) OR Path C (full build with manual blanks, accepting risk)
Strongly recommend Path A — Path C trades one risk (no dashboard)
for a worse risk (dashboard with hidden gaps).
The UX in PR #750 §3 still applies for Path B with two changes:
api, derived, manual, fixed. The manual type is reserved for future use
if Path C is ever revisited.Color thresholds, alerts, drill-in views all carry forward unchanged.
Carried from PR #750 §4 with two simplifications:
anthropic_collector.py from Phase 2.cloudflare_subscription_collector.py to sum zone subscription prices.Schema unchanged. Aggregator unchanged. Alert pipeline unchanged.
LOE estimate (revised):
| Phase | PR #750 dev-days | This update |
|---|---|---|
| Phase 1: Discovery + auth | 2.5 | 1.5 (fewer keys to provision) |
| Phase 2: Collectors | 5.5 | 3.0 (no Anthropic instrumentation; no GH overage; add CF subs) |
| Phase 3: Aggregator | 1.0 | 1.0 |
| Phase 4: Console UI | 4.75 | 4.5 (smaller card grid; "not in this view" footer) |
| Phase 5: Alert pipeline | 2.0 | 1.5 (no Anthropic threshold) |
| Phase 6: GH Actions workflow (collector cron) | 1.0 | 1.0 |
| Total | ~17 dev-days | ~12.5 dev-days |
Path B saves ~4 dev-days vs PR #750's full plan; the tradeoff is the Anthropic + GH overage ~$71 of mid-estimate spend remaining off-dashboard.
global scope required for /account/invoices/*)GetCostAndUsage reference — https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.htmldocs/business/ci-cost-analysis-2026-04-25.mdThe sections below are the original full study from PR #750 (
raxx-pm-bot, 2026-04-30). They are retained verbatim so reviewers can compare the original assumptions (Anthropic API trackable, GitHub Actions REST billing endpoint working) against the updated findings above. Where the two diverge, the revised sections (1–8) above are authoritative; the appendix is historical context.
| Field | Detail |
|---|---|
| What we use | CI/CD — every PR triggers ci.yml + ci-pr.yml; nightly security scan |
| Pricing model | Flat plan (Pro $4/mo = 3,000 min/mo included) + overage at $0.006/min Linux |
| Est. monthly spend | $4 base; overages $0–$58 depending on cadence (see docs/business/ci-cost-analysis-2026-04-25.md) |
| Billing API | GET /user/settings/billing/actions — returns total_minutes_used, total_paid_minutes_used, included_minutes, minutes_used_breakdown per OS |
| API auth | GitHub PAT with read:user (personal) or read:org (org) scope. Read-only. |
| Quota visible? | Yes — included_minutes + total_minutes_used both returned. Minute-overage cost is derivable. |
| Coverage | feasible |
| Notes | Storage overage (GET /user/settings/billing/packages) also available; artifact storage at $0.07/GB-mo. Minute cost is deterministic: (used_minutes − included_minutes) × $0.006 when positive. |
| Field | Detail |
|---|---|
| What we use | DNS, CDN/proxy for all raxx.* domains; Cloudflare Access (Zero Trust) for console + internal docs; Workers for edge functions (if/when); Pages for Antlers deploys |
| Pricing model | Free tier covers DNS + basic proxy. Workers Paid ($5/mo + $0.50/million requests above 10M). Pages: free tier. Access/Zero Trust: free up to 50 users, then $7/user/mo |
| Est. monthly spend | ~$0–$5/mo currently (likely on free tier for Access given pre-launch user count; Pages free) |
| Billing API | Gap — no public REST billing API as of 2026-04-30. Cloudflare's dashboard shows invoice totals at Account → Billing → Invoices, but there is no documented REST endpoint for programmatic cost retrieval in the v4 API. The GraphQL Analytics API returns request/bandwidth metrics but not dollar amounts. |
| API auth | N/A (no billing API confirmed) |
| Quota visible? | Workers invocation count is available via GraphQL Analytics API (workerInvocationsAdaptive). Request count is measurable; dollar translation requires applying the rate manually. |
| Coverage | partial — can derive Workers spend from invocation counts; cannot get a confirmed dollar figure via API |
| Notes | Operator action required: file a feature request with Cloudflare support for a billing export API. As a workaround, the console could store the operator-entered monthly invoice amount and display it alongside live metrics. Cloudflare invoices are downloadable as PDFs from the dashboard; no machine-readable export exists. |
| Field | Detail |
|---|---|
| What we use | Hosting for Raptor (backend_v2) on Heroku dynos |
| Pricing model | Per-dyno-hour; plan-dependent. Eco dynos $5/mo; Basic $7/mo; Standard-1X $25/mo/dyno |
| Est. monthly spend | Unknown — depends on current dyno tier and quantity |
| Billing API | GET /account/invoices (list of past invoices) + GET /account/invoices/current (current period, in-progress). Both return line-item breakdowns. Platform API v3. |
| API auth | Heroku Platform API key (Bearer token). Read-only key is possible via Heroku's API token management. |
| Quota visible? | Current period invoice updates in near-real-time as dyno-hours accumulate. |
| Coverage | feasible |
| Notes | Heroku also has GET /account for current plan + GET /apps/{app}/formation to enumerate dynos. Current-period invoice is a live accumulating document, not a snapshot — projection logic should use day-of-month to extrapolate. |
All three AWS services share a single billing API surface — AWS Cost Explorer — so they are addressed together.
| Field | Detail |
|---|---|
| What we use | Lightsail: VPS instances for infrastructure (DB, internal services). S3: object storage (backups, artifacts, FreeScout). KMS: key management for Infisical + console secrets |
| Pricing model | Lightsail: flat monthly per bundle (e.g., $5/mo for 1 vCPU/1 GB) + $0.09/GB egress above included allowance. S3: $0.023/GB-mo storage + $0.09/GB egress + per-request fees. KMS: $1/key/mo + $0.03/10,000 API calls |
| Est. monthly spend | Lightsail ~$5–$20/mo; S3 ~$1–$5/mo; KMS ~$1–$3/mo |
| Billing API | AWS Cost Explorer API: GetCostAndUsage with SERVICE dimension filter. Returns actual and forecasted spend per service per period. Also: GetCostForecast for end-of-month projection. |
| API auth | IAM user or role with ce:GetCostAndUsage + ce:GetCostForecast permissions. Read-only policy is straightforward. Note: Cost Explorer API costs $0.01 per API call — budget 1 call/hour max. |
| Quota visible? | Cost Explorer returns actual spend by day, not byte-counts or request-counts. Egress overage for Lightsail requires comparing against included-transfer allowance (hardcoded per bundle tier). |
| Coverage | feasible |
| Notes | A single IAM read-only role scoped to ce:* can cover all three AWS services in one call. GetCostForecast projects end-of-month spend natively. Cost Explorer data lags by ~24 hours (yesterday's costs appear today). The collector must tolerate this lag and display data with a "as of [date]" caveat. Cost Explorer itself is not free — each GetCostAndUsage call is $0.01. A nightly poll (1 call/day) adds ~$0.30/mo. An hourly poll would be ~$7.20/mo — recommend daily or 4x/day maximum. |
| Field | Detail |
|---|---|
| What we use | Transactional email — ops alerts, notification emails, potential future user-facing emails via no-reply@raxx.app |
| Pricing model | Per-email sent. Developer plan: 100 emails/mo free. Starter $15/mo for 10,000 emails/mo. |
| Est. monthly spend | Likely $0 currently (pre-launch, low volume, on free Developer plan) |
| Billing API | Postmark Account API: GET /servers/{serverID}/stats/outbound returns message counts by date range. GET /accounts/invoices — needs research: not definitively confirmed in public docs as of 2026-04-30. The Stats API returns counts; billing-period dollar amounts are unclear without accessing the billing portal directly. |
| API auth | Account API token (separate from Server API token). Read-only account token available. |
| Quota visible? | Email count is available via Stats API. At a known per-email rate, dollar amount is derivable from count. |
| Coverage | partial — email count is fetchable and dollar-translatable; billing-period invoice total needs research confirmation |
| Notes | Operator action: confirm whether Postmark's Account API /accounts/invoices endpoint exists and returns current-period data. If not, derive cost from outbound_stats.count × rate_per_email. At pre-launch volumes this is a negligible line item ($0–$15/mo). |
| Field | Detail |
|---|---|
| What we use | Agent orchestration — all raxx-*-bot agent calls consume Claude tokens. Session costs scale with agent dispatch frequency. |
| Pricing model | Per-token: input + output. Claude Sonnet 4.6 is the agent model. Pricing: input ~$3/M tokens, output ~$15/M tokens (approximate; verify at anthropic.com/pricing). |
| Est. monthly spend | Unknown — highly variable with agent dispatch frequency. Pre-launch could be $20–$200/mo at current cadence. |
| Billing API | Gap — needs research. Anthropic's console at console.anthropic.com shows usage and spend. As of 2026-04-30, Anthropic does not publish a documented REST API for programmatic billing retrieval. The console dashboard has usage charts and cost breakdown but no API endpoint. |
| API auth | N/A (no confirmed billing API) |
| Quota visible? | Anthropic's console shows token usage and cost by model/day. No programmatic access confirmed. |
| Coverage | gap — no confirmed billing API |
| Notes | This is a meaningful gap because Anthropic spend is variable (not flat) and can spike significantly during agent-heavy weeks. Operator action: check whether Anthropic has added a /v1/usage or billing endpoint since this study. If not, operator should manually enter a monthly estimate from the Anthropic console. Alternatively, token counts can be tracked internally by instrumenting agent calls in the console's own telemetry — this is the best workaround given the API gap. |
| Field | Detail |
|---|---|
| What we use | Secrets management for all vault paths (/MooseQuest/..., /Raxx/...) |
| Pricing model | Free tier: 5 members, unlimited secrets, community cloud. Paid Team: $8/user/mo adds SSO/SAML + advanced audit log. |
| Est. monthly spend | $0 currently (on free tier) |
| Billing API | Needs research. Infisical is open-source; billing is handled via Stripe on their hosted service. No documented programmatic billing API found in public Infisical API docs as of 2026-04-30. |
| Coverage | gap (but $0 cost, so low impact) |
| Notes | At $0 spend on free tier, this is a no-impact gap. If Raxx ever upgrades to Team tier, the cost is flat per-seat — operator can enter it manually. |
| Field | Detail |
|---|---|
| What we use | raxx.app, raxx.io, getraxx.com, moosequest.net, and any others registered |
| Pricing model | Annual flat fee per domain — $10–$20/yr per domain typical |
| Est. monthly spend | ~$5–$15/mo amortized across all domains |
| Billing API | Registrar-dependent. Most consumer registrars (Namecheap, Google Domains successor Squarespace Domains, Cloudflare Registrar) do not expose billing APIs. Cloudflare Registrar has no billing API (same gap as CF above). |
| Coverage | gap |
| Notes | Annual cost is predictable and can be hardcoded as a monthly amortized line item ($total_yearly_spend / 12). Recommend: operator enters total annual domain cost once; dashboard shows it as a static amortized line. No API needed; no projection needed (no overage risk). |
| Field | Detail |
|---|---|
| What we use | Email for MooseQuest (kris@moosequest.net) and potentially business aliases |
| Pricing model | Business Starter $6/user/mo |
| Est. monthly spend | $6–$12/mo depending on seat count |
| Billing API | Google Workspace Admin SDK: GET https://www.googleapis.com/admin/reports/v1/usage/dates/{date} returns service usage. The Reseller API covers billing for resellers, not end-customers. Direct billing-cost API for non-reseller customers: needs research — the Admin SDK usage reports return activity/usage metrics but not dollar amounts for standard (non-reseller) accounts. |
| Coverage | partial — usage data available; dollar amounts unclear |
| Notes | At $6–$12/mo flat rate, this is a good candidate for manual entry. The cost is predictable, non-overage, and requires no API. Mark it as "operator-entered flat monthly" in the dashboard. |
| Field | Detail |
|---|---|
| What we use | Password manager — if subscribed at team/business tier |
| Pricing model | Teams: $4/user/mo. Individual: $2.99/mo |
| Est. monthly spend | Unknown — unclear if currently subscribed or using free tier / family plan |
| Billing API | No documented 1Password billing API in public docs. 1Password Connect (their secrets integration) does not expose billing endpoints. |
| Coverage | gap |
| Notes | Operator action: confirm current subscription status. If subscribed, enter as flat monthly manual line. If using individual plan, $2.99/mo is the fixed amount. |
| Field | Detail |
|---|---|
| What we use | Internal team communication — MooseQuest workspace |
| Pricing model | Pro: $7.25/user/mo (annual). Free: limited history. |
| Est. monthly spend | Likely $0 (free tier per memory: workspace is on free plan) |
| Billing API | Slack Admin API has no billing endpoint. admin.users.list can return user counts for calculating estimated cost, but no dollar-amount endpoint. |
| Coverage | gap (but $0 on free tier) |
| Notes | If upgraded to Pro tier, enter as flat monthly manual line. Free tier = $0, dashboard shows $0 static. |
Captured under §1.4 (AWS) but called out separately because it has overage risk:
NetworkOut (available via CloudWatch API) to track outbound bytes. This is free to read. The collector can check NetworkOut vs bundle allowance and project overage cost directly without waiting for Cost Explorer.Per project memory, OpenAI is not currently used. Confirmed not in scope. If added later, OpenAI has a usage API at GET /v1/usage (organization-level) that returns token counts by date — billing derivation is possible.
| Field | Detail |
|---|---|
| What we use | Not yet active. Contingency drop-in runner if GitHub Actions burn exceeds 5,000 min/mo (per #726 and memory: project_ci_billing.md) |
| Pricing model | Pay-per-minute (~$0.0008/min for 2vCPU runners) |
| Billing API | Needs research. Ubicloud is a smaller vendor; no billing API confirmed in public docs. |
| Coverage | needs research (not yet active) |
| Notes | Low priority — only relevant if Ubicloud runners are enabled. If activated, check whether Ubicloud has a usage API. If not, GitHub Actions minutes × cost rate is the proxy (Ubicloud minutes are visible in GH Actions logs). |
| Vendor | Monthly spend est. | Billing API coverage | Category |
|---|---|---|---|
| GitHub Actions | $4 + $0–$58 overage | Full — REST endpoint, minute counts + overage derivable | feasible |
| Cloudflare | $0–$5 | Partial — invocation metrics only, no dollar API | partial |
| Heroku | Unknown | Full — live current-period invoice via API | feasible |
| AWS (Lightsail + S3 + KMS) | $7–$28 | Full — Cost Explorer + GetCostForecast |
feasible |
| Postmark | $0–$15 | Partial — count API; invoice API unconfirmed | partial |
| Anthropic API | $20–$200 (variable) | Gap — no confirmed billing API | gap |
| Infisical | $0 | Gap — no billing API (but $0) | gap/$0 |
| Domain registrars | $5–$15 amortized | Gap — no API; static annual cost | gap/static |
| Google Workspace | $6–$12 flat | Partial — no dollar API; flat predictable | partial/flat |
| 1Password | $0–$5 flat | Gap — no billing API | gap/flat |
| Slack | $0 | Gap — no billing API (but $0) | gap/$0 |
| AWS Lightsail egress | Included + $0 overage risk | Partial — CloudWatch NetworkOut metrics available | partial |
Establishing coverage requires a spend-weighted view, not a vendor-count view.
Best-estimate total monthly spend (excluding Anthropic spikes):
| Vendor | Low est. | High est. | Mid est. |
|---|---|---|---|
| GitHub Actions | $4 | $62 | $15 |
| Cloudflare | $0 | $5 | $2 |
| Heroku | $5 | $50 | $20 |
| AWS (all) | $7 | $30 | $15 |
| Postmark | $0 | $15 | $3 |
| Anthropic API | $20 | $200 | $60 |
| Infisical | $0 | $0 | $0 |
| Domains (amortized) | $5 | $15 | $8 |
| Google Workspace | $6 | $12 | $9 |
| 1Password | $0 | $5 | $2 |
| Slack | $0 | $0 | $0 |
| Total | $47 | $394 | $134 |
Coverage by API status (mid-estimate basis):
| Category | Vendors | Mid est. spend | % of total |
|---|---|---|---|
| Fully feasible (API exists) | GitHub Actions, Heroku, AWS | $50 | 37% |
| Partial (metrics derivable) | Cloudflare, Postmark, AWS Lightsail egress | $7 | 5% |
| Gap — variable/unpredictable | Anthropic API | $60 | 45% |
| Gap — flat/predictable (manual entry viable) | Domains, Google Workspace, 1Password | $19 | 14% |
Without Anthropic: feasible + partial covers ~$57 of ~$74 non-Anthropic spend = 77% — just under the 80% threshold at mid-estimates.
With manual entry for flat-cost gap vendors (domains, Google Workspace, 1Password): flat gaps become 100% "known" even without APIs. That brings coverage to ~$76 of ~$74 non-Anthropic spend — effectively 100% of non-Anthropic spend.
The Anthropic gap is the critical open question. Anthropic is the single largest variable cost and has no confirmed billing API.
Two coverage scenarios:
| Scenario | Anthropic coverage | Programmatic coverage | Total coverage |
|---|---|---|---|
| A — Anthropic API confirmed | Full | 89% programmatic | ~100% with manual-entry-for-flats |
| B — Anthropic gap persists (instrumentation workaround) | Internal token telemetry | 89% programmatic + internal proxy | ~100% with workaround |
| C — No Anthropic coverage at all | None | 53% programmatic | 55% — below threshold, feature misleading |
Conclusion: Scenario C is not acceptable under Kristerpher's constraint. The feature goes or does not go based on whether Anthropic can be covered — either via their API (Scenario A) or internal token instrumentation (Scenario B).
New top-level console nav item: Billing — positioned after Status, before Security. Separate from the customer-billing console (#403), which is about what customers pay Raxx. This section is what Raxx pays vendors.
Applied per vendor and to the aggregate card:
| State | Threshold | Color |
|---|---|---|
| On track | < 70% of monthly budget | Green |
| Approaching | 70–89% | Yellow |
| Near breach | 90–99% | Red |
| Breached | >= 100% OR current + projected > budget | Red with pulse animation |
Budget is defined as "expected monthly cost" — either the flat plan cost (for known-flat vendors) or a rolling 3-month average (for variable vendors). Operator can override per vendor.
┌─────────────────────────────────────────────────────────┐
│ Billing Collector (cron job, runs in console process) │
│ │
│ Per-vendor modules: │
│ github_collector.py → GitHub Billing API │
│ heroku_collector.py → Heroku Platform API │
│ aws_collector.py → AWS Cost Explorer API │
│ cloudflare_collector.py → CF GraphQL Analytics API │
│ postmark_collector.py → Postmark Stats API │
│ anthropic_collector.py → internal token telemetry │
│ manual_entry_store.py → operator-entered values │
└─────────────┬───────────────────────────────────────────┘
│ write snapshots
▼
┌─────────────────────────────────────────────────────────┐
│ Postgres table: vendor_billing_snapshots │
│ (vendor, period_start, period_end, fetched_at, │
│ current_spend_cents, projected_spend_cents, │
│ coverage_type, raw_payload, is_manual_entry) │
└─────────────┬───────────────────────────────────────────┘
│ read
▼
┌─────────────────────────────────────────────────────────┐
│ Aggregator (runs after each collection cycle) │
│ - Sums vendor snapshots into period_total │
│ - Computes projection: (spend_to_date / days_elapsed) │
│ × days_in_month │
│ - Writes aggregate row to vendor_billing_snapshots │
│ where vendor = '_aggregate' │
└─────────────┬───────────────────────────────────────────┘
│ read
▼
┌─────────────────────────────────────────────────────────┐
│ Console UI — Blueprint: billing.py │
│ - GET /billing → dashboard view │
│ - GET /billing/<vendor> → drill-in view │
│ - POST /billing/manual → update manual-entry values │
│ - GET /api/billing/summary → JSON for polling/refresh │
└─────────────────────────────────────────────────────────┘
│ trigger
▼
┌─────────────────────────────────────────────────────────┐
│ Alerter (runs after aggregator) │
│ - Compares projected spend vs budget thresholds │
│ - Deduplicates: one alert per vendor per breach/cycle │
│ - Sends via Postmark (no-reply@raxx.app) │
│ - Writes alert_sent=True to alert_state table │
└─────────────────────────────────────────────────────────┘
Existing console uses SQLite for development. The billing snapshot table can start in SQLite (single-writer, append-only, low frequency) and migrate to Postgres when the console moves to a multi-process deployment. The vendor_billing_snapshots table is a natural append-only log with no contention risk.
Schema sketch:
CREATE TABLE vendor_billing_snapshots (
id INTEGER PRIMARY KEY AUTOINCREMENT,
vendor TEXT NOT NULL, -- 'github', 'heroku', 'aws', '_aggregate', etc.
period_start DATE NOT NULL, -- first day of billing cycle
period_end DATE NOT NULL, -- last day of billing cycle
fetched_at TIMESTAMP NOT NULL,
current_spend_cents INTEGER NOT NULL, -- spend to date, in cents
projected_spend_cents INTEGER, -- end-of-cycle projection, in cents
coverage_type TEXT NOT NULL, -- 'api', 'derived', 'manual', 'instrumented'
is_manual_entry BOOLEAN NOT NULL DEFAULT FALSE,
raw_payload TEXT, -- JSON blob from vendor API response
notes TEXT -- human-readable caveat if any
);
CREATE INDEX idx_vbs_vendor_period ON vendor_billing_snapshots (vendor, period_start);
CREATE TABLE billing_alert_state (
id INTEGER PRIMARY KEY AUTOINCREMENT,
vendor TEXT NOT NULL,
threshold TEXT NOT NULL, -- 'approaching', 'near_breach', 'breached'
period DATE NOT NULL, -- billing cycle start date
fired_at TIMESTAMP,
email_sent BOOLEAN NOT NULL DEFAULT FALSE
);
CREATE UNIQUE INDEX idx_bas_dedup ON billing_alert_state (vendor, threshold, period);
The console currently uses Flask's application context. The collector runs as a scheduled cron (APScheduler within the Flask process, or a separate GH Actions workflow job). Recommended: GH Actions nightly job (billing-collect.yml) that hits a console API endpoint to trigger collection, keeping the console stateless as a runner. AWS Cost Explorer rate guidance: maximum 4 calls/day to stay under $0.50/mo in API costs.
Since Anthropic has no confirmed billing API, the internal workaround is:
console/app/services/agent_dispatcher.py or similar).model, input_tokens, output_tokens, timestamp to an agent_token_log table.anthropic_collector.py reads from this table, applies the current per-token rate (stored in a config table), and produces a current_spend_cents estimate.| Task | LOE | Notes |
|---|---|---|
Create GitHub PAT with read:user billing scope |
0.25d | Operator action |
| Create Heroku API key (read-only) | 0.25d | Operator action |
Create AWS IAM policy billing-read-only + key |
0.5d | Dev: write IAM policy JSON; Operator: provision key |
| Verify Anthropic billing API exists (or not) | 0.5d | Research + Anthropic support ticket if needed |
| Verify Postmark Account API invoice endpoint | 0.25d | Check docs + test call |
| Cloudflare: confirm no billing API + request feature | 0.25d | Support ticket to CF; workaround plan |
| Store all billing API keys in Infisical vault | 0.5d | Dev: add to vault path + console secrets service |
| Phase 1 total | ~2.5 dev-days + operator actions |
| Vendor | LOE | Complexity |
|---|---|---|
| GitHub Actions collector | 0.5d | Simple REST call; response well-documented |
| Heroku collector | 0.5d | Simple REST call; current invoice parsing |
| AWS Cost Explorer collector | 1d | boto3 + multi-service filter + lag handling |
| Cloudflare derived collector | 1d | GraphQL API + rate-to-dollar translation logic |
| Postmark collector | 0.5d | Stats API + rate translation; fallback to manual |
| Anthropic instrumentation (token logger) | 1.5d | Wrap existing agent calls; new DB table; rate config |
| Manual entry store (flat-cost vendors) | 0.5d | Simple POST endpoint + config table |
| Phase 2 total | ~5.5 dev-days |
| Task | LOE |
|---|---|
| Aggregator: sum snapshots, derive projection | 0.5d |
| Unit tests for projection math | 0.5d |
| Phase 3 total | 1 dev-day |
| Task | LOE |
|---|---|
New billing.py blueprint + routes |
0.5d |
| Dashboard template (vendor cards, aggregate card) | 1.5d |
| Per-vendor drill-in template + trend chart | 1.5d |
| Color-state CSS + pulse animation | 0.5d |
| Manual entry form + POST handler | 0.5d |
Nav addition to base.html |
0.25d |
| Phase 4 total | ~4.75 dev-days |
| Task | LOE |
|---|---|
| Alert state table migration | 0.25d |
| Alerter logic: threshold evaluation + dedup | 0.5d |
| Postmark email template for alerts | 0.5d |
| Alert config UI (thresholds, email destinations) | 0.5d |
| Integration test: alert fires on simulated breach | 0.25d |
| Phase 5 total | ~2 dev-days |
| Task | LOE |
|---|---|
billing-collect.yml workflow (nightly + manual trigger) |
0.5d |
Console endpoint POST /api/internal/billing/collect (HMAC-protected) |
0.5d |
| Phase 6 total | ~1 dev-day |
| Phase | Dev-days |
|---|---|
| Phase 1: Discovery + auth | 2.5 |
| Phase 2: Collectors | 5.5 |
| Phase 3: Aggregator | 1.0 |
| Phase 4: Console UI | 4.75 |
| Phase 5: Alert pipeline | 2.0 |
| Phase 6: GH Actions workflow | 1.0 |
| Total | ~17 dev-days |
Buffer (integration, edge cases, unexpected API quirks): add 20% = ~20 dev-days end-to-end.
This is sizeable but front-loaded by Phase 1 decisions — if Anthropic's billing API does not exist and the token-instrumentation path is rejected, approximately 6 dev-days of work falls away (Anthropic collector + agent wrapping). That would reduce LOE to ~14 dev-days.
The billing telemetry dashboard is feasible — but only with a bounded workaround for the two largest gaps.
Condition 1 (mandatory): Anthropic API coverage must be resolved before implementation begins. The recommended path is internal token instrumentation (Phase 2, Anthropic collector via agent_token_log). This is technically sound and gives accurate spend data. If Kristerpher accepts this approach, the Anthropic gap is closed.
Condition 2 (acceptable): Cloudflare, Postmark, Google Workspace, domains, and 1Password can be covered by derived metrics + operator manual entry. These are predictable, low-volatility costs. The dashboard must show "estimated" or "operator-entered" badges clearly on those cards so there is no false precision.
With both conditions met: coverage is ~100% (full API for GitHub/Heroku/AWS; instrumentation for Anthropic; manual/derived for flat/partial vendors). The feature satisfies Kristerpher's completeness constraint.
Without Condition 1: Anthropic is 45% of variable spend with no visibility. The feature would be misleading. Do not build.
To deliver value quickly and validate the architecture before all collectors are built:
GetCostForecast), covers Lightsail + S3 + KMS in one call.These four cover ~70% of estimated mid-range spend programmatically and are all technically confirmed feasible. Ship these four, then add Cloudflare/Postmark/manual-entry vendors in Phase 2.
These are required regardless of the final go/no-go decision. The first three are needed to properly scope the decision itself.
| # | Action | Priority | Blocking? |
|---|---|---|---|
| 1 | Confirm Anthropic billing API status. Check console.anthropic.com → Usage → API section; open a support ticket if no programmatic endpoint is documented. This resolves the largest gap. |
High | Yes — blocks go/no-go |
| 2 | Confirm Postmark Account API invoice endpoint. Make a test call to GET /accounts/invoices with the Account API token to verify it returns current-period data. |
Medium | No — workaround exists |
| 3 | Confirm Heroku dyno configuration. Run heroku dyno:list --app <app-name> to establish current dyno tier + count for baseline spend estimate. |
Medium | No — needed for accuracy |
| 4 | Create GitHub billing-read PAT. GitHub → Settings → Developer settings → PATs → create token with read:user scope. Store in Infisical at /Raxx/Console/Billing/GITHUB_BILLING_TOKEN. |
High | Blocks Phase 2 |
| 5 | Create Heroku API key (read-only). Heroku dashboard → Account Settings → API Key → generate. Store in Infisical at /Raxx/Console/Billing/HEROKU_API_KEY. |
High | Blocks Phase 2 |
| 6 | Create AWS IAM policy + access key for Cost Explorer. Policy: ce:GetCostAndUsage, ce:GetCostForecast, cloudwatch:GetMetricStatistics (for Lightsail NetworkOut). Store in Infisical at /Raxx/Console/Billing/AWS_BILLING_*. |
High | Blocks Phase 2 |
| 7 | Confirm 1Password subscription status. Is Raxx paying for 1Password or using a personal plan? If team/business, note the monthly cost for manual entry. | Low | No |
| 8 | Confirm Google Workspace seat count and plan. How many seats are active? Used for calculating the fixed monthly cost for manual-entry line item. | Low | No |
| 9 | File Cloudflare feature request for billing API. Navigate to the Cloudflare Community or open a support ticket asking for a /accounts/{account_id}/billing/usage REST endpoint. Even if it is never built, it starts the clock. |
Low | No |
| 10 | Compile total annual domain registration costs. Sum all registered domain renewal dates and costs (raxx.app, raxx.io, getraxx.com, moosequest.net, etc.). This feeds the amortized monthly line item. | Low | No |
| 11 | Set Anthropic usage alert in console. Until the billing API gap is resolved, enable Anthropic's own spend alert in console.anthropic.com → Settings → Spend Limits as an interim protection. |
High | No (interim mitigation) |
The following items remain unresolved as of 2026-04-30 and must be answered before implementation cards are written:
GET /accounts/invoices return current-period data? Determines whether Postmark is "feasible" or stays "partial".Once Kristerpher has confirmed items 1 and 3, the PM can file the full set of implementation cards (~15 cards across Phases 2–6).