-- Supabase → SQL Editor → New query CREATE TABLE user_usage ( id uuid DEFAULT gen_random_uuid() PRIMARY KEY, user_id uuid REFERENCES auth.users(id) ON DELETE CASCADE, month_key text NOT NULL, msg_count integer DEFAULT 0, token_input bigint DEFAULT 0, token_output bigint DEFAULT 0, updated_at timestamptz DEFAULT now(), UNIQUE(user_id, month_key) ); ALTER TABLE user_usage ENABLE ROW LEVEL SECURITY; CREATE POLICY "read own" ON user_usage FOR SELECT USING(auth.uid()=user_id); CREATE INDEX idx_usage ON user_usage(user_id, month_key);

CREATE OR REPLACE FUNCTION check_and_increment_usage( p_user_id uuid, p_plan text, p_tokens_in integer DEFAULT 0, p_tokens_out integer DEFAULT 0 ) RETURNS jsonb LANGUAGE plpgsql SECURITY DEFINER AS $$ DECLARE v_month text := to_char(now(),'YYYY-MM'); v_limit integer; v_count integer; BEGIN v_limit := CASE p_plan WHEN 'free' THEN 15 WHEN 'pro' THEN 500 WHEN 'enterprise' THEN 2000 ELSE 15 END; INSERT INTO user_usage(user_id,month_key,msg_count) VALUES(p_user_id,v_month,0) ON CONFLICT(user_id,month_key) DO NOTHING; SELECT msg_count INTO v_count FROM user_usage WHERE user_id=p_user_id AND month_key=v_month FOR UPDATE; IF p_plan='free' AND v_count>=v_limit THEN RETURN jsonb_build_object('allowed',false,'count',v_count,'limit',v_limit); END IF; UPDATE user_usage SET msg_count=msg_count+1,token_input=token_input+p_tokens_in, token_output=token_output+p_tokens_out,updated_at=now() WHERE user_id=p_user_id AND month_key=v_month; RETURN jsonb_build_object('allowed',true,'count',v_count+1, 'limit',v_limit,'throttle',(v_count+1)>(v_limit*0.8)); END; $$;

// middleware/fairUse.js const { createClient } = require('@supabase/supabase-js') const THROTTLE = { free:0, pro:2000, enterprise:1000 } async function checkFairUse(req, res, next) { const { id:userId, plan } = req.user const sb = createClient(process.env.SUPABASE_URL, process.env.SUPABASE_SERVICE_KEY) const { data, error } = await sb.rpc('check_and_increment_usage', { p_user_id:userId, p_plan:plan }) if (error) return next() // fail-open if (!data.allowed) return res.status(429).json({ error:'monthly_limit_reached', message:'Límite mensual alcanzado. Actualiza tu plan.', upgrade:'https://app.kova.ai/upgrade' }) if (data.throttle && THROTTLE[plan]>0) await new Promise(r=>setTimeout(r,THROTTLE[plan])) res.setHeader('X-Usage-Count', data.count) res.setHeader('X-Usage-Limit', data.limit) res.setHeader('X-Usage-Pct', Math.round(data.count/data.limit*100)) req.usage = data; return next() } module.exports = { checkFairUse }

const { checkFairUse } = require('../middleware/fairUse') export default async function handler(req, res) { await authMiddleware(req, res, async () => { await checkFairUse(req, res, async () => { // ✅ Solo llega aquí si tiene cupo const resp = await anthropic.messages.create({ model: 'claude-sonnet-4-6', max_tokens:1000, system: req.body.systemPrompt, messages: req.body.messages, }) res.json({ content: resp.content[0].text }) }) }) }

export function useUsageGuard() { const [usage, setUsage] = useState({count:0,limit:500,pct:0}) const updateFromHeaders = useCallback(headers => { setUsage({ count:parseInt(headers.get('x-usage-count')||'0'), limit:parseInt(headers.get('x-usage-limit')||'500'), pct: parseInt(headers.get('x-usage-pct')||'0'), }) },[]) return { usage, updateFromHeaders, isNearLimit: usage.pct>=80, isAtLimit: usage.pct>=100 } }

-- Supabase → Extensions → habilitar pg_cron SELECT cron.schedule('cleanup','0 0 1 * *',$$ DELETE FROM user_usage WHERE month_key<to_char(now()-INTERVAL '3 months','YYYY-MM');$$); CREATE VIEW v_current_usage AS SELECT p.email, p.plan, uu.msg_count, ROUND(uu.msg_count::numeric/CASE p.plan WHEN 'free' THEN 15 WHEN 'pro' THEN 500 WHEN 'enterprise' THEN 2000 END*100,1) AS usage_pct FROM user_usage uu JOIN profiles p ON p.id=uu.user_id WHERE uu.month_key=to_char(now(),'YYYY-MM');