Skip to content

Implement rate-limiting based on session ID #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 15, 2025
Merged

Implement rate-limiting based on session ID #30

merged 6 commits into from
May 15, 2025

Conversation

@nimishamehta5
Copy link
Contributor

@nimishamehta5 nimishamehta5 commented May 7, 2025
edited
Loading

Fixes: #22

This implements a rate-limiter based on the session ID that is automatically set in the context by mark3labs/mcp-go.

We use the Tool Middleware functionality to implement this. An example of a middleware that's built already in the mcp-go library is the WithRecovery handler.

We set per-tool rate limits, and we use the Fixed Window algorithm to implement the rate limiter.

I had to modify the WithTimeoutContext to save the session ID as the new background context overwrites the session ID otherwise. And if we do not create a new context, we get ctx deadline exceeded errors from the k8s apiserver (at least when testing locally).

@nimishamehta5 nimishamehta5 force-pushed the rate-limit-session-id branch from 1773958 to f972cff Compare May 7, 2025 00:46
@nimishamehta5 nimishamehta5 changed the title Implement basic rate-limiting based on session ID [WIP] Implement basic rate-limiting based on session ID May 7, 2025
@nimishamehta5 nimishamehta5 force-pushed the rate-limit-session-id branch from f972cff to 153edfb Compare May 13, 2025 05:27
@nimishamehta5 nimishamehta5 changed the title [WIP] Implement basic rate-limiting based on session ID Implement rate-limiting based on session ID May 13, 2025
JAORMX
JAORMX reviewed May 13, 2025
View reviewed changes
pkg/ratelimit/config.go Outdated
"delete_resource": 30, // 30 requests per minute (0.5 per second)

// Default for any other tool
"default": defaultLimit,
Copy link
Collaborator

@JAORMX JAORMX May 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's fine for this PR but, could we us constants for these? And we could re-use those whend eclaring tools

Copy link
Contributor

@ChrisJBurns ChrisJBurns May 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above +1, I'd also wonder if we could make these configurable. So that users can decide how much they want their API servers to be hit

Copy link
Contributor Author

@nimishamehta5 nimishamehta5 May 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JAORMX - not sure if you meant to extract the tool names into consts, I saw that it had been done in another commit, but event after rebasing I extracted those into a common types/ package, PTAL

@ChrisJBurns - good suggestion, will address that in a future PR - added a TODO comment for now

ChrisJBurns
ChrisJBurns approved these changes May 13, 2025
View reviewed changes
Copy link
Contributor

@ChrisJBurns ChrisJBurns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for all the contributions @nimishamehta5 !! 🚀

Possibly one for the future (unless it's easy to slot into this PR), but could we also make the limits configurable someway so users can control how much their API servers get hit?

That and @JAORMX constant changes would be great!

@nimishamehta5
Implement basic rate-limiting based on session ID
c57aaeb 
Fixes: StacklokLabs#22

Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5
doesn't block, but no session IDs
53b1387 
Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5
working implementation
bff1ef2 
Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5
extract constants to common package
6ef5491 
Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5
fix rebase and extract into common types
4defaa1 
Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5 nimishamehta5 force-pushed the rate-limit-session-id branch from 7e725f3 to 4defaa1 Compare May 14, 2025 08:06
@nimishamehta5
fix lint issues
990eac7 
Signed-off-by: Nimisha Mehta <nimishamehta5@gmail.com>
@nimishamehta5 nimishamehta5 force-pushed the rate-limit-session-id branch from 37da173 to 990eac7 Compare May 14, 2025 08:16
@JAORMX JAORMX merged commit 111e180 into StacklokLabs:main May 15, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChrisJBurns ChrisJBurns ChrisJBurns approved these changes

@JAORMX JAORMX JAORMX approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement rate-limiting

3 participants

@nimishamehta5 @JAORMX @ChrisJBurns