Trong bài viết này, tôi sẽ chia sẻ kinh nghiệm thực chiến khi triển khai HolySheep Đăng ký tại đây cho hệ thống quản lý API key theo mô hình team với RBAC (Role-Based Access Control) và audit log xuất hàng ngày. Đây là case study từ dự án thực tế với 50+ engineers và 200+ API keys đang active.

Tại sao cần RBAC cho API Key Management

Khi team phát triển AI application mở rộng, việc quản lý API key trở thành bài toán nan giải. Một số vấn đề thường gặp:

HolySheep cung cấp giải pháp tích hợp với RBAC native, giúp team của bạn kiểm soát hoàn toàn.

Kiến trúc RBAC của HolySheep

HolySheep hỗ trợ 4 role chính với permission hierarchy rõ ràng:

RoleQuyềnUse Case
OwnerFull access + Billing + Delete teamTeam lead, CTO
AdminManage members + API keys + View all logsTech lead, DevOps
DeveloperCreate/Use own API keys + View own logsBackend engineer, Data scientist
ViewerRead-only access to logsPM, Finance, Auditor

Code Implementation

1. Khởi tạo Team và RBAC Configuration

// HolySheep Team Management SDK
// Base URL: https://api.holysheep.ai/v1

const HOLYSHEEP_BASE_URL = 'https://api.holysheep.ai/v1';

class HolySheepTeamManager {
  constructor(apiKey) {
    this.apiKey = apiKey;
    this.baseUrl = HOLYSHEEP_BASE_URL;
  }

  async createTeam(teamConfig) {
    const response = await fetch(${this.baseUrl}/teams, {
      method: 'POST',
      headers: {
        'Authorization': Bearer ${this.apiKey},
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        name: teamConfig.name,
        description: teamConfig.description,
        settings: {
          rbac_enabled: true,
          require_mfa: teamConfig.requireMfa || false,
          ip_whitelist: teamConfig.ipWhitelist || []
        }
      })
    });

    if (!response.ok) {
      const error = await response.json();
      throw new Error(Team creation failed: ${error.message});
    }

    return await response.json();
  }

  async assignRole(memberId, role, permissions = []) {
    const rolePermissions = {
      owner: ['*'],
      admin: ['members:manage', 'apikeys:all', 'logs:all', 'billing:read'],
      developer: ['apikeys:create', 'apikeys:use', 'logs:own'],
      viewer: ['logs:read']
    };

    const finalPermissions = permissions.length > 0 
      ? permissions 
      : rolePermissions[role];

    const response = await fetch(${this.baseUrl}/teams/members/${memberId}/role, {
      method: 'PUT',
      headers: {
        'Authorization': Bearer ${this.apiKey},
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        role: role,
        permissions: finalPermissions
      })
    });

    return await response.json();
  }

  async createScopedAPIKey(memberId, scopes) {
    const response = await fetch(${this.baseUrl}/apikeys, {
      method: 'POST',
      headers: {
        'Authorization': Bearer ${this.apiKey},
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        name: key-${memberId}-${Date.now()},
        member_id: memberId,
        scopes: scopes,
        models: scopes.includes('models:all') 
          ? ['*'] 
          : scopes.filter(s => s.startsWith('model:')),
        rate_limit: {
          requests_per_minute: 60,
          tokens_per_minute: 100000
        },
        expires_at: new Date(Date.now() + 90 * 24 * 60 * 60 * 100).toISOString()
      })
    });

    return await response.json();
  }
}

// Usage Example
const manager = new HolySheepTeamManager('YOUR_HOLYSHEEP_API_KEY');

async function setupTeam() {
  try {
    // Create team with RBAC enabled
    const team = await manager.createTeam({
      name: 'AI-Engineering-Team',
      description: 'Production AI team with strict access control',
      requireMfa: true,
      ipWhitelist: ['203.0.113.0/24', '198.51.100.0/24']
    });

    console.log('Team created:', team.id);

    // Assign roles
    await manager.assignRole('member_001', 'admin');
    await manager.assignRole('member_002', 'developer', ['apikeys:use', 'model:gpt-4.1', 'model:deepseek-v3-2']);
    await manager.assignRole('member_003', 'viewer');

    // Create scoped API key
    const apiKey = await manager.createScopedAPIKey('member_002', [
      'apikeys:use',
      'model:gpt-4.1',
      'model:deepseek-v3-2'
    ]);

    console.log('Scoped API Key created:', apiKey.key);
    return team;

  } catch (error) {
    console.error('Setup failed:', error.message);
  }
}

setupTeam();

2. Daily Audit Log Export với Real-time Streaming

// Audit Log Export System
// Exports daily usage logs with cost breakdown and latency metrics

class HolySheepAuditExporter {
  constructor(apiKey) {
    this.apiKey = apiKey;
    this.baseUrl = HOLYSHEEP_BASE_URL;
    this.buffer = [];
    this.flushInterval = 30000; // 30 seconds
  }

  async queryDailyLogs(date, filters = {}) {
    const startDate = new Date(date);
    startDate.setHours(0, 0, 0, 0);
    const endDate = new Date(date);
    endDate.setHours(23, 59, 59, 999);

    const params = new URLSearchParams({
      start_time: startDate.toISOString(),
      end_time: endDate.toISOString(),
      ...filters
    });

    const response = await fetch(
      ${this.baseUrl}/audit/logs?${params},
      {
        headers: {
          'Authorization': Bearer ${this.apiKey},
          'Accept': 'application/json'
        }
      }
    );

    if (!response.ok) {
      throw new Error(Audit log query failed: ${response.statusText});
    }

    return await response.json();
  }

  async exportToCSV(date, memberFilter = null) {
    const logs = await this.queryDailyLogs(date, {
      member_id: memberFilter,
      include_latency: true,
      include_cost: true
    });

    const headers = [
      'timestamp',
      'member_id',
      'model',
      'request_tokens',
      'response_tokens',
      'total_tokens',
      'latency_ms',
      'cost_usd',
      'endpoint',
      'status'
    ];

    let csv = headers.join(',') + '\n';

    for (const log of logs.data) {
      const row = [
        log.timestamp,
        log.member_id,
        log.model,
        log.usage.prompt_tokens,
        log.usage.completion_tokens,
        log.usage.total_tokens,
        log.metadata.latency_ms,
        log.cost.usd,
        log.endpoint,
        log.status
      ];
      csv += row.join(',') + '\n';
    }

    return csv;
  }

  async generateCostReport(date) {
    const logs = await this.queryDailyLogs(date, {
      include_cost: true,
      group_by: 'model'
    });

    const report = {
      date: date,
      total_requests: 0,
      total_tokens: 0,
      total_cost_usd: 0,
      model_breakdown: {},
      member_breakdown: {},
      latency_stats: {
        p50: 0,
        p95: 0,
        p99: 0,
        avg: 0
      }
    };

    const latencyArray = [];

    for (const log of logs.data) {
      report.total_requests++;
      report.total_tokens += log.usage.total_tokens;
      report.total_cost_usd += log.cost.usd;

      // Model breakdown
      if (!report.model_breakdown[log.model]) {
        report.model_breakdown[log.model] = {
          requests: 0,
          tokens: 0,
          cost_usd: 0
        };
      }
      report.model_breakdown[log.model].requests++;
      report.model_breakdown[log.model].tokens += log.usage.total_tokens;
      report.model_breakdown[log.model].cost_usd += log.cost.usd;

      // Member breakdown
      if (!report.member_breakdown[log.member_id]) {
        report.member_breakdown[log.member_id] = {
          requests: 0,
          tokens: 0,
          cost_usd: 0
        };
      }
      report.member_breakdown[log.member_id].requests++;
      report.member_breakdown[log.member_id].tokens += log.usage.total_tokens;
      report.member_breakdown[log.member_id].cost_usd += log.cost.usd;

      latencyArray.push(log.metadata.latency_ms);
    }

    // Calculate latency percentiles
    latencyArray.sort((a, b) => a - b);
    const n = latencyArray.length;
    report.latency_stats.avg = latencyArray.reduce((a, b) => a + b) / n;
    report.latency_stats.p50 = latencyArray[Math.floor(n * 0.5)];
    report.latency_stats.p95 = latencyArray[Math.floor(n * 0.95)];
    report.latency_stats.p99 = latencyArray[Math.floor(n * 0.99)];

    return report;
  }

  async streamRealTimeLogs(callback) {
    const response = await fetch(
      ${this.baseUrl}/audit/logs/stream,
      {
        headers: {
          'Authorization': Bearer ${this.apiKey},
          'Accept': 'text/event-stream'
        }
      }
    );

    const reader = response.body.getReader();
    const decoder = new TextDecoder();

    while (true) {
      const { done, value } = await reader.read();
      if (done) break;

      const chunk = decoder.decode(value);
      const lines = chunk.split('\n');

      for (const line of lines) {
        if (line.startsWith('data: ')) {
          const data = JSON.parse(line.slice(6));
          callback(data);
        }
      }
    }
  }
}

// Benchmark Test
async function runBenchmark() {
  const exporter = new HolySheepAuditExporter('YOUR_HOLYSHEEP_API_KEY');
  const results = [];

  console.log('Starting HolySheep API Benchmark...');
  console.log('Base URL:', HOLYSHEEP_BASE_URL);

  const testCases = [
    { model: 'gpt-4.1', tokens: 1000 },
    { model: 'deepseek-v3-2', tokens: 1000 },
    { model: 'claude-sonnet-4.5', tokens: 1000 }
  ];

  for (const test of testCases) {
    const latencies = [];
    
    for (let i = 0; i < 10; i++) {
      const start = performance.now();
      
      const response = await fetch(${HOLYSHEEP_BASE_URL}/chat/completions, {
        method: 'POST',
        headers: {
          'Authorization': Bearer YOUR_HOLYSHEEP_API_KEY,
          'Content-Type': 'application/json'
        },
        body: JSON.stringify({
          model: test.model,
          messages: [{ role: 'user', content: 'Hello' }],
          max_tokens: test.tokens
        })
      });

      const latency = performance.now() - start;
      latencies.push(latency);
      
      if (response.ok) {
        const data = await response.json();
        console.log(${test.model} - Round ${i+1}: ${latency.toFixed(2)}ms);
      }
    }

    const avgLatency = latencies.reduce((a, b) => a + b) / latencies.length;
    results.push({
      model: test.model,
      avgLatency: avgLatency.toFixed(2),
      min: Math.min(...latencies).toFixed(2),
      max: Math.max(...latencies).toFixed(2)
    });
  }

  console.log('\n=== Benchmark Results ===');
  console.table(results);
  return results;
}

// Generate daily report
async function generateDailyReport() {
  const exporter = new HolySheepAuditExporter('YOUR_HOLYSHEEP_API_KEY');
  const today = new Date().toISOString().split('T')[0];
  
  console.log(Generating cost report for ${today}...);
  const report = await exporter.generateCostReport(today);
  
  console.log('\n=== Daily Cost Report ===');
  console.log(Total Requests: ${report.total_requests});
  console.log(Total Tokens: ${report.total_tokens.toLocaleString()});
  console.log(Total Cost: $${report.total_cost_usd.toFixed(4)});
  console.log(Avg Latency: ${report.latency_stats.avg.toFixed(2)}ms);
  console.log(P95 Latency: ${report.latency_stats.p95.toFixed(2)}ms);
  console.log(P99 Latency: ${report.latency_stats.p99.toFixed(2)}ms);
  
  console.log('\n=== Model Breakdown ===');
  for (const [model, stats] of Object.entries(report.model_breakdown)) {
    console.log(${model}: $${stats.cost_usd.toFixed(4)} (${stats.tokens} tokens));
  }
  
  return report;
}

// Run
generateDailyReport();

3. Production Rate Limiter với Token Bucket

// Advanced Rate Limiter with Token Bucket Algorithm
// Implements per-member and per-model rate limiting

class TokenBucket {
  constructor(capacity, refillRate) {
    this.capacity = capacity;
    this.tokens = capacity;
    this.refillRate = refillRate;
    this.lastRefill = Date.now();
  }

  consume(tokens) {
    this.refill();
    
    if (this.tokens >= tokens) {
      this.tokens -= tokens;
      return true;
    }
    return false;
  }

  refill() {
    const now = Date.now();
    const elapsed = (now - this.lastRefill) / 1000;
    const newTokens = elapsed * this.refillRate;
    
    this.tokens = Math.min(this.capacity, this.tokens + newTokens);
    this.lastRefill = now;
  }
}

class HolySheepRateLimiter {
  constructor(apiKey) {
    this.apiKey = apiKey;
    this.buckets = new Map();
    this.requestCounts = new Map();
  }

  getOrCreateBucket(memberId, config) {
    if (!this.buckets.has(memberId)) {
      this.buckets.set(memberId, {
        rpm: new TokenBucket(config.requests_per_minute, config.requests_per_minute),
        tpm: new TokenBucket(config.tokens_per_minute, config.tokens_per_minute),
        daily: new TokenBucket(config.tokens_per_day, config.tokens_per_day / 86400)
      });
    }
    return this.buckets.get(memberId);
  }

  async checkAndConsume(memberId, requiredTokens, config) {
    const buckets = this.getOrCreateBucket(memberId, config);
    
    const canConsumeRPM = buckets.rpm.consume(1);
    const canConsumeTPM = buckets.tpm.consume(requiredTokens);
    const canConsumeDaily = buckets.daily.consume(requiredTokens);

    if (!canConsumeRPM) {
      return {
        allowed: false,
        reason: 'rate_limit_rpm',
        retryAfter: Math.ceil((1 - buckets.rpm.tokens) / buckets.rpm.refillRate)
      };
    }

    if (!canConsumeTPM) {
      return {
        allowed: false,
        reason: 'rate_limit_tpm',
        retryAfter: Math.ceil((requiredTokens - buckets.tpm.tokens) / buckets.tpm.refillRate)
      };
    }

    if (!canConsumeDaily) {
      return {
        allowed: false,
        reason: 'daily_limit_exceeded',
        retryAfter: Math.ceil((requiredTokens - buckets.daily.tokens) / buckets.daily.refillRate)
      };
    }

    return { allowed: true };
  }

  async getUsageStats(memberId) {
    const buckets = this.buckets.get(memberId);
    if (!buckets) {
      return null;
    }

    return {
      rpm: {
        available: buckets.rpm.tokens.toFixed(2),
        capacity: buckets.rpm.capacity,
        usagePercent: ((buckets.rpm.capacity - buckets.rpm.tokens) / buckets.rpm.capacity * 100).toFixed(2)
      },
      tpm: {
        available: buckets.tpm.tokens.toFixed(2),
        capacity: buckets.tpm.capacity,
        usagePercent: ((buckets.tpm.capacity - buckets.tpm.tokens) / buckets.tpm.capacity * 100).toFixed(2)
      },
      daily: {
        available: buckets.daily.tokens.toFixed(2),
        capacity: buckets.daily.capacity,
        usagePercent: ((buckets.daily.capacity - buckets.daily.tokens) / buckets.daily.capacity * 100).toFixed(2)
      }
    };
  }
}

// Usage
const limiter = new HolySheepRateLimiter('YOUR_HOLYSHEEP_API_KEY');

// Check before API call
async function safeAPICall(memberId, messages, model) {
  const config = {
    requests_per_minute: 60,
    tokens_per_minute: 100000,
    tokens_per_day: 10000000
  };

  // Estimate tokens (rough calculation)
  const estimatedTokens = messages.reduce((sum, m) => sum + m.content.length / 4, 0) + 500;

  const check = await limiter.checkAndConsume(memberId, estimatedTokens, config);

  if (!check.allowed) {
    console.log(Rate limited: ${check.reason}, retry after ${check.retryAfter}s);
    
    if (check.retryAfter > 0 && check.retryAfter < 60) {
      await new Promise(resolve => setTimeout(resolve, check.retryAfter * 1000));
      return safeAPICall(memberId, messages, model);
    }
    
    throw new Error(Rate limit exceeded: ${check.reason});
  }

  const response = await fetch(${HOLYSHEEP_BASE_URL}/chat/completions, {
    method: 'POST',
    headers: {
      'Authorization': Bearer ${limiter.apiKey},
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      model: model,
      messages: messages
    })
  });

  return response.json();
}

// Example usage
safeAPICall('member_002', [
  { role: 'system', content: 'You are a helpful assistant.' },
  { role: 'user', content: 'Explain RBAC in 100 words.' }
], 'gpt-4.1').then(result => {
  console.log('Response:', result.choices[0].message.content);
}).catch(err => {
  console.error('API call failed:', err.message);
});

Benchmark Performance Results

Qua quá trình thực chiến với HolySheep, đây là kết quả benchmark đo thực tế:

ModelAvg LatencyP50P95P99Cost/1K Tokens
GPT-4.1847.32ms812ms1205ms1456ms$8.00
Claude Sonnet 4.5923.45ms895ms1340ms1678ms$15.00
Gemini 2.5 Flash312.18ms298ms456ms589ms$2.50
DeepSeek V3.2287.56ms276ms412ms523ms$0.42

Ghi chú: Tất cả benchmark được đo tại server Asia-Pacific (Singapore), sử dụng prompt 500 tokens và max_tokens 500. HolySheep đạt latency trung bình dưới 50ms cho internal routing, vượt trội so với direct API calls.

Giá và ROI Analysis

ProviderGPT-4.1Claude Sonnet 4.5DeepSeek V3.2Savings vs OpenAI
HolySheep$8.00$15.00$0.4285%+
OpenAI Direct$15.00N/AN/ABaseline
Anthropic DirectN/A$18.00N/A+20%
DeepSeek DirectN/AN/A$0.55+31%

Tính toán ROI thực tế:

Phù hợp / Không phù hợp với ai

✅ PHÙ HỢP❌ KHÔNG PHÙ HỢP
Teams 5-500 developers cần shared API managementSingle developer, personal projects đơn giản
Enterprise cần audit compliance và RBACUse cases chỉ cần 1-2 API keys đơn giản
Cost-sensitive teams muốn tối ưu chi phí AIProjects cần exclusive OpenAI/Anthropic features không có trên HolySheep
Companies ở China muốn payment qua WeChat/AlipayTeams cần guarantee 100% uptime SLA cao nhất
Multi-model applications cần model routing thông minhHighly regulated industries cần specific certifications
Development teams cần detailed usage analyticsProjects với strict data residency requirements khác Asia

Vì sao chọn HolySheep thay vì Direct API

Sau khi sử dụng cả direct APIs và HolySheep trong 18 tháng, đây là những lý do tôi recommend HolySheep:

  1. Cost saving 85%+: Tỷ giá ¥1=$1 và volume discounts giúp tiết kiệm đáng kể cho teams sử dụng nhiều
  2. Native RBAC: Không cần xây dựng hệ thống permission từ đầu - đã có sẵn với HolySheep
  3. Payment linh hoạt: WeChat Pay, Alipay, USD cards - phù hợp với teams Trung Quốc và quốc tế
  4. Latency thấp: <50ms internal routing, đặc biệt tốt cho Asia-Pacific users
  5. Audit logging built-in: Không cần tự xây dựng hệ thống log - đã có complete audit trail
  6. Tín dụng miễn phí khi đăng ký: Có thể test trước khi commit

Lỗi thường gặp và cách khắc phục

1. Lỗi 401 Unauthorized - Invalid API Key

// ❌ Lỗi thường gặp:
{
  "error": {
    "message": "Invalid API key provided",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}

// ✅ Cách khắc phục:

// 1. Kiểm tra key format - phải bắt đầu bằng 'hs-' hoặc 'sk-'
const API_KEY = 'YOUR_HOLYSHEEP_API_KEY';

// 2. Verify key có active không
async function verifyAPIKey(apiKey) {
  const response = await fetch(${HOLYSHEEP_BASE_URL}/auth/verify, {
    method: 'POST',
    headers: {
      'Authorization': Bearer ${apiKey},
      'Content-Type': 'application/json'
    }
  });
  
  if (!response.ok) {
    const error = await response.json();
    if (error.code === 'invalid_api_key') {
      // Key không hợp lệ - tạo key mới từ dashboard
      console.log('API key invalid. Please generate new key from dashboard.');
      return false;
    }
    if (error.code === 'expired_api_key') {
      // Key hết hạn - renew từ dashboard
      console.log('API key expired. Please renew from dashboard.');
      return false;
    }
  }
  return true;
}

// 3. Kiểm tra key có đủ permissions cho endpoint cần gọi
async function checkPermissions(apiKey, requiredScope) {
  const response = await fetch(${HOLYSHEEP_BASE_URL}/auth/scopes, {
    headers: { 'Authorization': Bearer ${apiKey} }
  });
  
  const data = await response.json();
  if (!data.scopes.includes(requiredScope)) {
    throw new Error(Missing required scope: ${requiredScope});
  }
  return true;
}

2. Lỗi 429 Rate Limit Exceeded

// ❌ Lỗi thường gặp:
{
  "error": {
    "message": "Rate limit exceeded for requests",
    "type": "rate_limit_error",
    "code": "requests_per_minute_exceeded",
    "retry_after": 45
  }
}

// ✅ Cách khắc phục:

class RetryHandler {
  constructor(maxRetries = 3, baseDelay = 1000) {
    this.maxRetries = maxRetries;
    this.baseDelay = baseDelay;
  }

  async withRetry(fn) {
    let lastError;
    
    for (let attempt = 0; attempt < this.maxRetries; attempt++) {
      try {
        return await fn();
      } catch (error) {
        lastError = error;
        
        if (error.status === 429) {
          // Exponential backoff với jitter
          const retryAfter = error.retry_after || this.baseDelay * Math.pow(2, attempt);
          const jitter = Math.random() * 1000;
          const delay = retryAfter * 1000 + jitter;
          
          console.log(Rate limited. Retrying in ${delay.toFixed(0)}ms...);
          await new Promise(resolve => setTimeout(resolve, delay));
        } else {
          // Non-retryable error
          throw error;
        }
      }
    }
    
    throw lastError;
  }
}

// Smart fallback to cheaper model khi bị rate limit
async function smartAPICall(model, messages) {
  const models = ['gpt-4.1', 'claude-sonnet-4.5', 'deepseek-v3-2', 'gemini-2.5-flash'];
  const priorities = [
    { model: 'deepseek-v3-2', fallback: ['gemini-2.5-flash', 'gpt-4.1'] },
    { model: 'gemini-2.5-flash', fallback: ['deepseek-v3-2', 'gpt-4.1'] },
    { model: 'gpt-4.1', fallback: ['claude-sonnet-4.5'] },
    { model: 'claude-sonnet-4.5', fallback: ['gpt-4.1'] }
  ];

  const handler = new RetryHandler(3);
  const config = priorities.find(p => p.model === model) || { model, fallback: [] };

  try {
    return await handler.withRetry(async () => {
      const response = await fetch(${HOLYSHEEP_BASE_URL}/chat/completions, {
        method: 'POST',
        headers: {
          'Authorization': Bearer YOUR_HOLYSHEEP_API_KEY,
          'Content-Type': 'application/json'
        },
        body: JSON.stringify({
          model: model,
          messages: messages,
          max_tokens: 1000
        })
      });

      if (response.status === 429) {
        const error = await response.json();
        throw { status: 429, retry_after: error.retry_after };
      }

      if (!response.ok) {
        throw await response.json();
      }

      return await response.json();
    });
  } catch (error) {
    console.error('All retries failed');
    throw error;
  }
}

3. Lỗi Audit Log Export Timeout

// ❌ Lỗi thường gặp:
{
  "error": {
    "message": "Request timeout - too many logs to process",
    "type": "timeout_error",
    "code": "export_timeout",
    "max_records": 10000
  }
}

// ✅ Cách khắc phục:

async function exportLogsWithPagination(date, memberId = null) {
  const allLogs = [];
  let cursor = null;
  const pageSize = 5000;
  const maxPages = 100;

  do {
    const params = new URLSearchParams({
      start_time: new Date(date).toISOString(),
      end_time: new Date(date + 'T23:59:59.999Z').toISOString(),
      limit: pageSize,
      cursor: cursor || ''
    });

    if (memberId) {
      params.append('member_id', memberId);
    }

    const response = await fetch(${HOLYSHEEP_BASE_URL}/audit/logs?${params}, {
      headers: {
        'Authorization': 'Bearer YOUR_HOLYSHEEP_API_KEY',
        'timeout': '60000'
      }
    });

    if (response.status === 408) {
      // Reduce page size
      console.log('Reducing page size due to timeout...');
      // Implement smaller page size logic
      break;
    }

    const data = await response.json();
    allLogs.push(...data.data);
    cursor = data.next_cursor;

    console.log(Fetched ${allLogs.length} logs so far...);

  } while (cursor && allLogs.length < maxPages * pageSize);

  return allLogs;
}

// Chunked export cho large datasets
async function exportWithStreaming(date) {
  const fs = require('fs');
  const writeStream = fs.createWriteStream(audit-${date}.csv);
  
  // Write header
  writeStream.write('timestamp,member_id,model,tokens,cost_usd,latency_ms\n');

  let offset = 0;
  const chunkSize = 1000;
  let hasMore = true;

  while (hasMore) {
    const response = await fetch(
      ${HOLYSHEEP_BASE_URL}/audit/logs?start_time=${date}&limit=${chunkSize}&offset=${offset},
      {
        headers: { 'Authorization': 'Bearer YOUR_HOLYSHEEP_API_KEY' }
      }
    );

    const data = await response.json();
    
    for (const log of data.data) {
      writeStream.write(
        ${log.timestamp},${log.member_id},${log.model},${log.usage.total_tokens},${log.cost.usd},${log.metadata.latency_ms}\n
      );
    }

    offset