feat: add job lifecycle controls abuse policies and retention operations

src/config.js

@@ -54,6 +54,7 @@ const parsed = {
   betterAuthSecret: strFromEnv("BETTER_AUTH_SECRET", "dev-better-auth-secret"),
   betterAuthBasePath: strFromEnv("BETTER_AUTH_BASE_PATH", "/api/auth"),
   betterAuthDevPassword: strFromEnv("BETTER_AUTH_DEV_PASSWORD", "xartaudio-dev-password"),
+  internalApiToken: strFromEnv("INTERNAL_API_TOKEN", ""),
   convexDeploymentUrl: strFromEnv("CONVEX_DEPLOYMENT_URL", ""),
   convexAuthToken: strFromEnv("CONVEX_AUTH_TOKEN", ""),
   convexStateQuery: strFromEnv("CONVEX_STATE_QUERY", "state:getLatestSnapshot"),
@@ -83,6 +84,11 @@ const parsed = {
     authPerMinute: intFromEnv("AUTH_RPM", 30),
     actionPerMinute: intFromEnv("ACTION_RPM", 60),
   },
+  abuse: {
+    maxJobsPerUserPerDay: intFromEnv("ABUSE_MAX_JOBS_PER_USER_PER_DAY", 0),
+    cooldownSec: intFromEnv("ABUSE_COOLDOWN_SEC", 0),
+    denyUserIds: listFromEnv("ABUSE_DENY_USER_IDS", []),
+  },
   credit: {
     baseCredits: intFromEnv("BASE_CREDITS", 1),
     includedChars: intFromEnv("INCLUDED_CHARS", 25000),
@@ -99,6 +105,7 @@ const ConfigSchema = z.object({
   betterAuthSecret: z.string().min(1),
   betterAuthBasePath: z.string().min(1),
   betterAuthDevPassword: z.string().min(8),
+  internalApiToken: z.string(),
   convexDeploymentUrl: z.string(),
   convexAuthToken: z.string(),
   convexStateQuery: z.string().min(1),
@@ -128,6 +135,11 @@ const ConfigSchema = z.object({
     authPerMinute: z.number().int().positive(),
     actionPerMinute: z.number().int().positive(),
   }),
+  abuse: z.object({
+    maxJobsPerUserPerDay: z.number().int().nonnegative(),
+    cooldownSec: z.number().int().nonnegative(),
+    denyUserIds: z.array(z.string().min(1)),
+  }),
   credit: z.object({
     baseCredits: z.number().int().positive(),
     includedChars: z.number().int().positive(),