Qyndex

Cost-Aware LLM Deployment: Avoiding the $10k Surprise Bill

Three patterns that keep the monthly bill under $200/mo while still using frontier models where they earn it.

  • #ai
  • #cost
  • #operations
Cost-Aware LLM Deployment: Avoiding the $10k Surprise Bill

TL;DR

Three patterns turn an LLM-heavy product from "$10k/mo and climbing" into "$200/mo and predictable" without giving up frontier-model quality where it actually matters: per-agent budgets, the cost-guard fallback, and Grafana spend monitoring. The hard part is wiring all three before the first 4-figure invoice — not after.

Section 1 — The cost-guard pattern

A cost guard is a thin layer in front of every LLM call that:

  1. Tracks tokens-out per agent per month.
  2. Compares to the agent's monthly budget.
  3. On 80% threshold breach, swaps the routed model from frontier to local for the rest of the month.
  4. Pings Slack so the operator sees the swap before users see degraded output.

Worked example from apps/orchestrator/qyndex_orchestrator/cost_guard.py:

class CostGuard:
    def route(self, *, agent: str, task: str) -> ModelChoice:
        spent_pct = self.spend_tracker.percent_of_budget(agent)
        if spent_pct >= 0.80:
            self.notify_slack(
                f"agent={agent} hit {spent_pct:.0%} of monthly budget; "
                f"falling back to local model for the rest of the month"
            )
            return self.local_fallback_for(agent)
        return self.config.routing[agent].primary

Why it works:

  • The model router is the only path that calls a paid API. Every agent goes through it. There is no escape hatch where someone imports anthropic.Anthropic() directly — that pattern breaks the guarantee and we lint against it.
  • The 80% threshold lets the operator react before the swap. 100% thresholds give a binary cliff; 80% gives a heads-up.
  • "Swap to local for the rest of the month" is the fallback we can always afford. A local Llama-3.3-70B produces lower-quality output, but it does not produce a $10k invoice.

Section 2 — Per-agent budgets

A single global budget is the wrong shape: one runaway agent eats the budget for everyone.

We split the budget along the supervisor graph (Architecture §8):

# config/models.yaml
agents:
  researcher:
    primary: claude-sonnet-4
    fallback: llama-3.3-70b-local
    monthly_budget_usd: 30   # high; researcher fans out
  writer_hero:
    primary: claude-sonnet-4
    fallback: claude-haiku-4
    monthly_budget_usd: 60   # hero scripts are the brand voice
  writer_bulk:
    primary: llama-3.3-70b-local
    fallback: llama-3.3-70b-local
    monthly_budget_usd: 0    # local-only by design
  qc_critic:
    primary: claude-sonnet-4
    fallback: claude-opus-4   # iter-3 escalation; *more* expensive on fallback
    monthly_budget_usd: 40

Two patterns hide in this config:

  • Local-only agents have monthly_budget_usd: 0 and a local primary. The cost guard is still in the path so the agent participates in observability, but the dollar arithmetic is trivially zero.
  • Escalation agents (here, qc_critic) have a more expensive fallback because the third QC iteration is precisely when we want Opus's better judgment. The cost guard's "fall back when over budget" path overrides this and replaces the fallback with a local model — quality drops, but the bill stops.

The total monthly target is $200 — well under the per-call costs of naive "always use Sonnet" routing on the same workload (~$2k/mo).

Section 3 — Fallback to local

Local-model fallback is the load-bearing piece. The two implementation choices that bite:

Choice 1: ollama vs. vLLM

We run Ollama for the local Llama-3.3-70B / Qwen-2.5-72B routes. vLLM is faster, but it is a real service; Ollama is a CLI that the orchestrator spawns on demand, so a fresh laptop boots into "fully fallback-capable" with one brew install ollama. The 30% throughput penalty vs. vLLM is worth the operational simplicity for a Phase-1 solo-founder build.

Choice 2: when to fall back per-call vs. per-agent

The cost guard does per-agent fallback (swap for the rest of the month). Some products do per-call fallback (use cheap model on attempt 1, retry with frontier on failure). Per-call is wrong for us because:

  • The QC critic's whole job is consistency. Swapping its model per-call makes the rubric scores incomparable across attempts.
  • Per-call fallback hides cost spikes — the budget breach is invisible until it is too late.

Per-agent fallback is the cleaner abstraction. The operator sees the swap in Slack, the agent's output style stays consistent within a month, and the cost arithmetic is predictable.

Section 4 — Monitoring spend with Grafana

The cost guard writes one row per LLM call to a model_calls table:

CREATE TABLE model_calls (
  id          UUID PRIMARY KEY,
  agent       TEXT NOT NULL,
  model       TEXT NOT NULL,
  prompt_tok  INT NOT NULL,
  output_tok  INT NOT NULL,
  cost_usd    NUMERIC(10,4) NOT NULL,
  ts          TIMESTAMPTZ NOT NULL DEFAULT now()
);

Three Grafana panels we keep on the wall:

  1. Spend per agent (this month, vs budget). Bar chart, with a red line at 80% (the cost-guard threshold). When a bar crosses the line you have already gotten the Slack ping — but the chart tells you which agent and how fast it is climbing.
  2. Token rate per agent. Tokens/min, 1h rolling. A sudden spike in the researcher means the seed-source list grew silently. A spike in the QC critic means content is regressing on the rubric and Reflexion is retrying more.
  3. Cost-per-campaign distribution. Histogram of campaign bundles' end-to-end cost. The long tail is where bills come from; a campaign at p99 is a campaign that hit Reflexion's max iters and escalated and went over budget.

These three panels live in ops/grafana/dashboards/llm_spend.json — the same Grafana that backs the orchestrator's request metrics. One dashboard, two data sources.

Section 5 — What we explicitly do NOT do

  • No prompt-caching as a cost lever. Anthropic's prompt caching is great for latency, but pricing it as a cost guarantee is fragile — the cache hit rate depends on traffic patterns we cannot fully control. We use it for latency only and ignore it in the budget arithmetic.
  • No "automatic budget bumping" on Slack approval. The temptation to add a "click here to add $50 this month" Slack action is real; we resist it. The 80% breach should be a moment for the operator to think, not click through.
  • No paid OpenAI tier as a primary. OpenAI is in the routing config as an image fallback only (gpt-image-1). Anthropic Claude for text, local for bulk; we keep the per-vendor surface narrow so rate limits and spend live in one place.

Closing

Cost-aware LLM deployment is not "use the cheap model" — it is "use the right model for each agent, and make the fallback automatic before the bill arrives". Per-agent budgets make the arithmetic local; the cost-guard pattern makes the fallback automatic; Grafana makes the breach visible.

If you want the worked-example PDF version with the cost-guard and fallback patterns in copy-paste form, grab the gated download.

For the upstream architecture decision (when to even reach for an agent loop in the first place), see Agent Loop Architecture.

Drafted by AI agents, reviewed by Shravan.