vastai-enterprise-rbac

Implement team access control and spending governance for Vast.ai GPU cloud. Use when managing multi-team GPU access, implementing spending controls, or setting up API key separation for different teams. Trigger with phrases like "vastai team access", "vastai RBAC", "vastai enterprise", "vastai spending controls", "vastai permissions".

1,868 stars

byjeremylongshore

View on GitHub Installation ↓

Best use case

vastai-enterprise-rbac is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using vastai-enterprise-rbac should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/vastai-enterprise-rbac/SKILL.md --create-dirs "https://raw.githubusercontent.com/jeremylongshore/claude-code-plugins-plus-skills/main/plugins/saas-packs/vastai-pack/skills/vastai-enterprise-rbac/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/vastai-enterprise-rbac/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How vastai-enterprise-rbac Compares

Feature / Agent	vastai-enterprise-rbac	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

Best AI Skills for Claude

Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.

ChatGPT vs Claude for Agent Skills

Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.

SKILL.md Source

# Vast.ai Enterprise RBAC

## Overview
Control access to Vast.ai GPU instances and spending through API key management, team-level budgets, and GPU allocation policies. Vast.ai uses a marketplace model with per-GPU-hour pricing (RTX 4090 ~$0.20/hr, A100 ~$1.50/hr, H100 ~$3.00/hr).

## Prerequisites
- Vast.ai account(s) with API keys
- Understanding of team GPU usage patterns
- Budget allocation per team/project

## Instructions

### Step 1: Team API Key Strategy

```python
# Separate API keys per team for billing isolation
# Option A: Separate Vast.ai accounts per team
# Option B: Single account with application-level controls

TEAM_CONFIGS = {
    "ml-research": {
        "api_key_env": "VASTAI_KEY_RESEARCH",
        "gpu_whitelist": ["A100", "H100_SXM"],
        "max_instances": 8,
        "daily_budget": 200.00,
        "max_dph": 4.00,
    },
    "ml-engineering": {
        "api_key_env": "VASTAI_KEY_ENGINEERING",
        "gpu_whitelist": ["RTX_4090", "A100"],
        "max_instances": 4,
        "daily_budget": 50.00,
        "max_dph": 2.00,
    },
    "data-science": {
        "api_key_env": "VASTAI_KEY_DATASCIENCE",
        "gpu_whitelist": ["RTX_4090", "RTX_3090"],
        "max_instances": 2,
        "daily_budget": 10.00,
        "max_dph": 0.30,
    },
}
```

### Step 2: Policy Enforcement Layer

```python
class VastPolicyEnforcer:
    def __init__(self, team_config):
        self.config = team_config
        self.client = VastClient(api_key=os.environ[team_config["api_key_env"]])

    def can_provision(self, gpu_name, num_gpus=1):
        """Check if provisioning is allowed by team policy."""
        if gpu_name not in self.config["gpu_whitelist"]:
            return False, f"GPU {gpu_name} not in team whitelist"

        running = len([i for i in self.client.show_instances()
                      if i.get("actual_status") == "running"])
        if running >= self.config["max_instances"]:
            return False, f"Instance limit reached ({running}/{self.config['max_instances']})"

        return True, "OK"

    def provision_with_policy(self, gpu_name, image, disk_gb=20):
        allowed, reason = self.can_provision(gpu_name)
        if not allowed:
            raise PermissionError(f"Policy violation: {reason}")

        offers = self.client.search_offers({
            "gpu_name": {"eq": gpu_name},
            "dph_total": {"lte": self.config["max_dph"]},
            "reliability2": {"gte": 0.95},
            "rentable": {"eq": True},
        })
        if not offers.get("offers"):
            raise RuntimeError("No offers matching policy constraints")

        return self.client.create_instance(
            offers["offers"][0]["id"], image, disk_gb)
```

### Step 3: Audit Logging

```python
import json, datetime

class AuditLogger:
    def __init__(self, log_file="vast_audit.jsonl"):
        self.log_file = log_file

    def log(self, team, action, details):
        entry = {
            "timestamp": datetime.datetime.utcnow().isoformat(),
            "team": team,
            "action": action,
            **details,
        }
        with open(self.log_file, "a") as f:
            f.write(json.dumps(entry) + "\n")

# Usage
audit = AuditLogger()
audit.log("ml-research", "provision", {
    "gpu": "A100", "offer_id": 12345, "dph": 1.50})
audit.log("ml-research", "destroy", {
    "instance_id": 67890, "duration_hours": 4.2, "total_cost": 6.30})
```

### Step 4: Spending Reports

```python
def team_spending_report(audit_file="vast_audit.jsonl"):
    """Generate spending report from audit log."""
    import json
    costs = {}
    with open(audit_file) as f:
        for line in f:
            entry = json.loads(line)
            if entry["action"] == "destroy" and "total_cost" in entry:
                team = entry["team"]
                costs.setdefault(team, 0)
                costs[team] += entry["total_cost"]

    print("Team Spending Report:")
    for team, cost in sorted(costs.items(), key=lambda x: -x[1]):
        print(f"  {team}: ${cost:.2f}")
```

## Output
- Team-specific API key configuration
- Policy enforcement layer (GPU whitelist, instance limits, budget caps)
- Audit logging for all provisioning and destruction events
- Spending reports per team

## Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| Policy violation on provision | GPU not in whitelist or limit reached | Request policy change or destroy idle instances |
| Budget exceeded | Team exceeded daily limit | Alert team lead; pause provisioning until next day |
| Missing API key | Environment variable not set | Configure key in secrets manager |
| Audit log missing entries | Logger not wired into all operations | Audit the code paths for missing log calls |

## Resources
- [Vast.ai Account](https://cloud.vast.ai)
- [REST API](https://vast.ai/developers/api)

## Next Steps
For migration strategies, see `vastai-migration-deep-dive`.

## Examples

**Team onboarding**: Create a new team config entry with conservative limits (2 instances, RTX 4090 only, $10/day). Increase limits after the team demonstrates responsible usage.

**Monthly chargeback**: Parse the audit log to generate per-team invoices for internal cost allocation.

Related Skills

windsurf-enterprise-rbac

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Windsurf enterprise SSO, RBAC, and organization-level controls. Use when implementing SSO/SAML, configuring role-based seat management, or setting up organization-wide Windsurf policies. Trigger with phrases like "windsurf SSO", "windsurf RBAC", "windsurf enterprise", "windsurf admin", "windsurf SAML", "windsurf team management".

webflow-enterprise-rbac

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Webflow enterprise access control — OAuth 2.0 app authorization, scope-based RBAC, per-site token isolation, workspace member management, and audit logging for compliance. Trigger with phrases like "webflow RBAC", "webflow enterprise", "webflow roles", "webflow permissions", "webflow OAuth scopes", "webflow access control", "webflow workspace members".

vercel-enterprise-rbac

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Vercel enterprise RBAC, access groups, SSO integration, and audit logging. Use when implementing team access control, configuring SAML SSO, or setting up role-based permissions for Vercel projects. Trigger with phrases like "vercel SSO", "vercel RBAC", "vercel enterprise", "vercel roles", "vercel permissions", "vercel access groups".

veeva-enterprise-rbac

1868

from jeremylongshore/claude-code-plugins-plus-skills

Veeva Vault enterprise rbac for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva enterprise rbac".

vastai-webhooks-events

1868

from jeremylongshore/claude-code-plugins-plus-skills

Build event-driven workflows around Vast.ai instance lifecycle events. Use when monitoring instance status changes, implementing auto-recovery, or building event-driven GPU orchestration. Trigger with phrases like "vastai events", "vastai instance monitoring", "vastai status changes", "vastai lifecycle events".

vastai-upgrade-migration

1868

from jeremylongshore/claude-code-plugins-plus-skills

Upgrade Vast.ai CLI, migrate API versions, and handle breaking changes. Use when upgrading vastai CLI, detecting deprecations, or migrating between API versions. Trigger with phrases like "upgrade vastai", "vastai migration", "vastai breaking changes", "update vastai CLI".

vastai-security-basics

1868

from jeremylongshore/claude-code-plugins-plus-skills

Apply Vast.ai security best practices for API keys and instance access. Use when securing API keys, hardening SSH access to GPU instances, or auditing Vast.ai security configuration. Trigger with phrases like "vastai security", "vastai secrets", "secure vastai", "vastai API key security", "vastai ssh security".

vastai-sdk-patterns

1868

from jeremylongshore/claude-code-plugins-plus-skills

Apply production-ready Vast.ai SDK patterns for Python and REST API. Use when implementing Vast.ai integrations, refactoring SDK usage, or establishing coding standards for GPU cloud operations. Trigger with phrases like "vastai SDK patterns", "vastai best practices", "vastai code patterns", "idiomatic vastai".

vastai-reference-architecture

1868

from jeremylongshore/claude-code-plugins-plus-skills

Implement Vast.ai reference architecture for GPU compute workflows. Use when designing ML training pipelines, structuring GPU orchestration, or establishing architecture patterns for Vast.ai applications. Trigger with phrases like "vastai architecture", "vastai design pattern", "vastai project structure", "vastai ml pipeline".

vastai-rate-limits

1868

from jeremylongshore/claude-code-plugins-plus-skills

Handle Vast.ai API rate limits with backoff and request optimization. Use when encountering 429 errors, implementing retry logic, or optimizing API request throughput. Trigger with phrases like "vastai rate limit", "vastai throttling", "vastai 429", "vastai retry", "vastai backoff".

vastai-prod-checklist

1868

from jeremylongshore/claude-code-plugins-plus-skills

Execute Vast.ai production deployment checklist for GPU workloads. Use when deploying training pipelines to production, preparing for large-scale GPU jobs, or auditing production readiness. Trigger with phrases like "vastai production", "deploy vastai", "vastai go-live", "vastai launch checklist".

vastai-performance-tuning

1868

from jeremylongshore/claude-code-plugins-plus-skills

Optimize Vast.ai GPU instance selection, startup time, and training throughput. Use when optimizing instance selection, reducing startup latency, or maximizing GPU utilization on rented hardware. Trigger with phrases like "vastai performance", "optimize vastai", "vastai slow", "vastai gpu utilization", "vastai throughput".