# Chat Gateway with Quotas and Scrubbing

## Module
AdvisoryAI

## Status
IMPLEMENTED

## Description
Chat gateway with configurable options (quotas, budgets) and service-layer chat orchestration is implemented.

## Implementation Details
- **Modules**: `src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/`, `src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/`
- **Key Classes**:
  - `AdvisoryChatService` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Services/AdvisoryChatService.cs`) - main chat service with quota enforcement
  - `AdvisoryChatQuotaService` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Services/AdvisoryChatQuotaService.cs`) - per-user/tenant quota tracking and enforcement
  - `AdvisoryChatOptions` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Options/AdvisoryChatOptions.cs`) - configurable chat options (quotas, budgets, limits)
  - `GroundingValidator` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/GroundingValidator.cs`) - validates AI responses are grounded in evidence
  - `ChatResponseStreamer` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/ChatResponseStreamer.cs`) - streams chat responses with progressive delivery
  - `ChatPromptAssembler` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/ChatPromptAssembler.cs`) - assembles prompts with scrubbing and context injection
  - `ConversationContextBuilder` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/ConversationContextBuilder.cs`) - builds conversation context with relevant data
  - `ChatEndpoints` (`src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/Endpoints/ChatEndpoints.cs`) - REST API endpoints for chat gateway
  - `RateLimitsService` (`src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/Services/RateLimitsService.cs`) - rate limiting for chat API calls
  - `AuthorizationService` (`src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/Services/AuthorizationService.cs`) - authorization checks for chat access
- **Interfaces**: `IAdvisoryChatInferenceClient`, `IAiConsentStore`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Send chat messages and verify `AdvisoryChatQuotaService` enforces per-user quotas (reject after limit exceeded)
- [ ] Configure quota limits via `AdvisoryChatOptions` and verify they are applied at runtime
- [ ] Verify `ChatPromptAssembler` scrubs sensitive data (credentials, tokens) from prompts before sending to LLM
- [ ] Verify `GroundingValidator` flags responses that lack evidence grounding
- [ ] Verify `RateLimitsService` rate-limits excessive chat API calls
- [ ] Verify `ChatResponseStreamer` delivers streaming responses with proper chunking
- [ ] Verify `AuthorizationService` rejects chat requests from unauthorized users