How Octorato does per-client FinOps: attribution + hard budget caps

An Octorato runs one operator's "brain" across many sealed client arms. The moment you do that, one question decides whether you have a business or a money pit: which client's actions burned which tokens — and can you stop one client from running you to a $4,000 bill?

This is the part people bolt on after the first surprise invoice. In Octorato it's native, because the architecture forces it. Here's exactly how it works — and, just as importantly, where it's an estimate vs. a hard guarantee.

Attribution: per arm, not per request

Every client is a sealed arm — its own repo/workspace. Cost is aggregated from local session logs at list price, keyed by repo path. So the unit of attribution is the arm (the client), rolled up across its sessions.

Being honest about the granularity: this is an estimate, not a billing-grade per-request meter. There's a small unattributed remainder, and it's list-price math, not your negotiated rate. The project says so out loud rather than implying precision it doesn't have — you can't price what you can't measure, but you also shouldn't pretend to measure what you estimate.

Enforcement: a hook that refuses the tool

Tracking that client X spent $40 is step one. Stopping X from spending $4,000 is the step that actually protects you — and it's the part most frameworks skip.

Octorato's budget gate is real code:

• budget-check.py exits non-zero when an arm's grace-adjusted cap is burned through.
• A PreToolUse hook refuses the expensive tool (sub-agent spawn, browser automation, etc.) before it runs.
• Three tiers: alert → warn → hard_stop.

The honest caveat: it arms itself only once you set a per-arm cap in budgets.yaml. The mechanism is real; the precision is opt-in.

Why isolation gives you FinOps for free

The trick isn't a billing module bolted on top — it's the cell wall. The same wall that isolates a client is the wall that meters them. Because an arm never sees another arm, its session logs are already a clean per-client ledger. The arm is the ledger.

That's also the wager on the right side of the Gartner prediction that 40% of agentic-AI projects get cancelled by 2027 over unmanaged cost.

Try it

• White paper: https://www.dataqbs.com/octorato
• Source (MIT): https://github.com/CarlosCaPe/octorato

One brain, sealed arms, one ledger per client — because the arm is the ledger. 🐙