chore: harden relay plan validation to prevent billing bypass and plan-state drift #20

2026-04-16T19:33:22Z

userAdityaa commented

2026-04-16 19:33:22 +00:00

Summary

This change closes a billing integrity gap where arbitrary relay plan IDs could be accepted by API writes and later bypass billing sync behavior. The system now validates plan IDs at write time and enforces known-plan semantics in billing and paid-relay classification.

Behavior after change

Unknown plan IDs are rejected during relay create/update.
Existing unknown plan IDs encountered in billing sync produce explicit errors instead of silent skip.
Only known paid plans are treated as billable.
Free plan and paid capability toggles (Blossom/LiveKit) are enforced consistently.

closes #18

### Summary This change closes a billing integrity gap where arbitrary relay plan IDs could be accepted by API writes and later bypass billing sync behavior. The system now validates plan IDs at write time and enforces known-plan semantics in billing and paid-relay classification. ### Behavior after change * Unknown plan IDs are rejected during relay create/update. * Existing unknown plan IDs encountered in billing sync produce explicit errors instead of silent skip. * Only known paid plans are treated as billable. * Free plan and paid capability toggles (Blossom/LiveKit) are enforced consistently. closes #18

userAdityaa added 1 commit 2026-04-16 19:33:23 +00:00

chore: harden relay plan validation to prevent billing bypass and plan-state drift 4a4d949786

hodlbod merged commit 334f05783f into master

2026-04-16 21:35:44 +00:00

hodlbod referenced this issue from a commit

2026-04-16 21:35:44 +00:00

chore: harden relay plan validation to prevent billing bypass and plan-state drift (#20)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coracle/caravel#20

Allow edits from maintainers