Summary
totalSpent in src/core/budgetManager.ts is an in-memory variable. On any process restart, crash, or serverless cold start, the counter resets to zero. The monthlyLimit parameter implies persistent month-long enforcement, but this cannot be achieved with in-memory state.
Affected File
src/core/budgetManager.ts
private totalSpent = 0; // reset on every process start
Impact
In a serverless environment (e.g., AWS Lambda, Vercel Functions), each function invocation starts a fresh process with totalSpent = 0. The monthly budget is never actually enforced across invocations.
Suggested Fix
Persist totalSpent to an external store (Redis, DynamoDB, a file with atomic writes) and restore it on initialization via importState().
Severity
High
Summary
totalSpentinsrc/core/budgetManager.tsis an in-memory variable. On any process restart, crash, or serverless cold start, the counter resets to zero. ThemonthlyLimitparameter implies persistent month-long enforcement, but this cannot be achieved with in-memory state.Affected File
src/core/budgetManager.tsImpact
In a serverless environment (e.g., AWS Lambda, Vercel Functions), each function invocation starts a fresh process with
totalSpent = 0. The monthly budget is never actually enforced across invocations.Suggested Fix
Persist
totalSpentto an external store (Redis, DynamoDB, a file with atomic writes) and restore it on initialization viaimportState().Severity
High