Token Factory Builder Path designed
Token Factory is the reference second product for AI Cloud. It is not an app packaged through the App SDK. It is a product surface with its own gateway, routes, usage semantics, scopes, product operations, and customer workflows.
The rule is simple:
Token Factory owns model-gateway behavior.
AI Cloud shared services own IAM, billing, policy, audit, evidence, registry, and status.
Builder Decision
Use this path when the team is adding:
- model endpoint routing;
- token issuance or model gateway policy;
- request metering, quota, or spend attribution;
- model provider status and incident evidence;
- product-specific controls that must still use platform IAM and billing.
Use App SDK Proof instead when the work is only packaging a launchable app runtime such as Slurm, RKE2, or Jupyter.
Product Architecture
Required Declarations
| Declaration | Minimum content |
|---|---|
| Product id | stable product id, slug, owner, lifecycle state |
| Resource model | endpoint, model, provider account, route, request, quota bucket |
| IAM | scopes, roles, service-account behavior, admin and tenant operations |
| Billing | billable usage unit, accepted usage source, pricing snapshot owner |
| Policy | tenant/project quotas, model allowlists, rate limits, override rules |
| Audit | privileged mutations, gateway policy changes, provider routing changes |
| Evidence | usage proof, provider status, release evidence, incident handoff |
| Status | gateway health, provider health, partial degradation rules |
| Portal | user guide, developer API guide, operator runbook, security controls |
API And Event Shape
Token Factory should start contract-first. A first implementation packet should name each route and event before code changes.
Data Model Starting Point
The exact schema can change. The ownership rule should not: product tables must not become a shadow IAM or billing ledger.
Implementation Order
- Register product id, scopes, usage units, audit actions, and status components.
- Add OpenAPI/AsyncAPI fragments for Token Factory routes and events.
- Add product-owned gateway package under the product boundary.
- Consume shared IAM/policy/billing/evidence interfaces.
- Add unit and contract tests for scope, quota, usage, and audit behavior.
- Add UAT for user token creation, provider failure, quota exhaustion, and billing attribution.
- Add portal user/developer/operator pages before wider handoff.
Review Questions
| Reviewer | Question |
|---|---|
| Product | Does this solve a real model-access workflow, or only expose an internal gateway? |
| Architecture | Does it consume shared services without forking platform responsibilities? |
| Security | Are token custody, scopes, provider credentials, audit, and redaction explicit? |
| Operations | Can support see gateway status, provider degradation, and usage evidence? |
| Developer | Can a builder implement the first slice from contracts and package anchors? |
Exit Criteria
Token Factory is ready for implementation only when:
- product and platform boundaries are named;
- contracts exist before handlers;
- usage and policy behavior are testable without live production providers;
- security can review token and provider credential posture;
- operations has readback and incident surfaces;
- the docs portal has user, developer, operator, architecture, and security routes for the product.
Canonical sources