Rate Limit and Retry for Models

[grll]

Add a quite popular feature request: Rate Limit and Retry support for models.

It is implemented as a wrapper like the InstrumentedModel. It leverages aiolimiter for a simple implementation of the leaking bucket algorithm for rate limit while retry leverage the tenacity library.

Usage:

```python
model = RateLimitedModel(
    "anthropic:claude-3-7-sonnet-latest",
    limiter=AsyncLimiter(1, 1),
    retryer=AsyncRetrying(stop=stop_after_attempt(3)),
)
agent = Agent(model=model)
```

[grll]

Fixes #1732
Fixes #782

[DouweM]

@grll Nice work! Looks like we still have some failing tests, let me know if you'd like some guidance there.

As for the code, can we please reduce the duplication a bit by moving the if self.limiter:/else stuff to an inline function called from both sides of the if self.retry:/else branch?

[tekumara]

+1 this is nicely done.

@grll @DouweM what do you think about having a GCRA implementation as implemented by something like https://github.com/ZhuoZhuoCrayon/throttled-py ?

It's a more efficient variant of the leaky bucket algorithm without its downsides (ie: doesn't need a background "drip" process). See https://brandur.org/rate-limiting

[grll]

@grll Nice work! Looks like we still have some failing tests, let me know if you'd like some guidance there.

As for the code, can we please reduce the duplication a bit by moving the if self.limiter:/else stuff to an inline function called from both sides of the if self.retry:/else branch?

Hey thanks for review, I will have a look was indeed struggling a bit with the test in the CI while it was working ok locally need to investigate a bit more. I can also have a look at the refactor you suggested!

[grll]

+1 this is nicely done.

@grll @DouweM what do you think about having a GCRA implementation as implemented by something like https://github.com/ZhuoZhuoCrayon/throttled-py ?

It's a more efficient variant of the leaky bucket algorithm without its downsides (ie: doesn't need a background "drip" process). See https://brandur.org/rate-limiting

Hey thanks for the suggestion, the initial goal with using aiolimiter was to keep things as simple as possible but we could instead integrated with throttled-py in order to let user choose from various algorithm / redis backend as well.

[ZhuoZhuoCrayon]

+1 this is nicely done.
@grll @DouweM what do you think about having a GCRA implementation as implemented by something like https://github.com/ZhuoZhuoCrayon/throttled-py ?
It's a more efficient variant of the leaky bucket algorithm without its downsides (ie: doesn't need a background "drip" process). See https://brandur.org/rate-limiting

Hey thanks for the suggestion, the initial goal with using aiolimiter was to keep things as simple as possible but we could instead integrated with throttled-py in order to let user choose from various algorithm / redis backend as well.

@grll I am the developer of throttled-py. throttled-py provides flexible current limiting strategies and storage backend configurations. I am very willing to participate in the discussion and implementation of this PR.

[grll]

+1 this is nicely done.
@grll @DouweM what do you think about having a GCRA implementation as implemented by something like https://github.com/ZhuoZhuoCrayon/throttled-py ?
It's a more efficient variant of the leaky bucket algorithm without its downsides (ie: doesn't need a background "drip" process). See https://brandur.org/rate-limiting

Hey thanks for the suggestion, the initial goal with using aiolimiter was to keep things as simple as possible but we could instead integrated with throttled-py in order to let user choose from various algorithm / redis backend as well.

@grll I am the developer of throttled-py. throttled-py provides flexible current limiting strategies and storage backend configurations. I am very willing to participate in the discussion and implementation of this PR.

Hey @ZhuoZhuoCrayon thanks for jumping in and great work in throttled-py. I am concerned about one thing here is that asyncio support is limited in the current implementatino of throttled-py. What is the current status around asyncio?

[ZhuoZhuoCrayon]

+1 this is nicely done.
@grll @DouweM what do you think about having a GCRA implementation as implemented by something like https://github.com/ZhuoZhuoCrayon/throttled-py ?
It's a more efficient variant of the leaky bucket algorithm without its downsides (ie: doesn't need a background "drip" process). See https://brandur.org/rate-limiting

Hey thanks for the suggestion, the initial goal with using aiolimiter was to keep things as simple as possible but we could instead integrated with throttled-py in order to let user choose from various algorithm / redis backend as well.

@grll I am the developer of throttled-py. throttled-py provides flexible current limiting strategies and storage backend configurations. I am very willing to participate in the discussion and implementation of this PR.

Hey @ZhuoZhuoCrayon thanks for jumping in and great work in throttled-py. I am concerned about one thing here is that asyncio support is limited in the current implementatino of throttled-py. What is the current status around asyncio?

@grll Features are in the development branch and a stable version will be released this weekend

[grll]

@DouweM or @dmontagu any thoughts on the above?

[ZhuoZhuoCrayon]

Hi, @grll and @tekumara !

throttled-py asynchronous support has been officially released in v2.1.0.

The core API is the same for synchronous and asynchronous code, just replace from throttled import ... with from throttled.asyncio import ... in your code:

import asyncio
from throttled.asyncio import RateLimiterType, Throttled, rate_limiter, store, utils

throttle = Throttled(
    using=RateLimiterType.GCRA.value,
    quota=rate_limiter.per_sec(1_000, burst=1_000),
    store=store.MemoryStore(),
)


async def call_api() -> bool:
    result = await throttle.limit("/ping", cost=1)
    return result.limited


async def main():
    benchmark: utils.Benchmark = utils.Benchmark()
    denied_num: int = sum(await benchmark.async_serial(call_api, 100_000))
    print(f"❌ Denied: {denied_num} requests")

if __name__ == "__main__":
    asyncio.run(main())

I think GCRA has lower performance overhead and smoother throttling. At the same time, making the storage backend optional can increase subsequent scalability. Anyway, adding throttling and retries to the model is very cool, thank you!

[DouweM]

@ZhuoZhuoCrayon Thanks a ton, throttled looks great!

@grll Are you up for changing this PR to use throttled instead?

[grll]

@ZhuoZhuoCrayon Thanks a ton, throttled looks great!

@grll Are you up for changing this PR to use throttled instead?

Sure happy to!

[ZhuoZhuoCrayon]

Hi @grll ,
Could you share the current progress on this PR?
Is there anything I can assist with to move it forward? 😊

[grll]

@ZhuoZhuoCrayon thanks for the reminder, busy times. I am on it now! I will switch throttled and fix the CI :)

[grll]

@ZhuoZhuoCrayon

I have made the changes but it seems throttled is not working as expected unless I am doing something wrong:

#!/usr/bin/env python3
import asyncio
import time
from throttled.asyncio import RateLimiterType, Throttled, rate_limiter, store


async def test_throttled():
    # Create a throttle that allows 2 requests per second
    throttle = Throttled(
        using=RateLimiterType.GCRA.value,
        quota=rate_limiter.per_sec(2),
        store=store.MemoryStore(),
    )

    print("Testing Throttled rate limiter...")
    start_time = time.time()

    # Make 5 sequential requests
    for i in range(5):
        await throttle.limit('default', cost=1)
        print(f"Request {i+1} completed at {time.time() - start_time:.2f}s")

    total_time = time.time() - start_time
    print(f"\nTotal time for 5 requests at 2/sec: {total_time:.2f}s")
    print(f"Expected time: ~2.0s (5 requests / 2 per sec - 1)")


if __name__ == "__main__":
    asyncio.run(test_throttled())

Produces:

Testing Throttled rate limiter...
Request 1 completed at 0.00s
Request 2 completed at 0.00s
Request 3 completed at 0.00s
Request 4 completed at 0.00s
Request 5 completed at 0.00s

Total time for 5 requests at 2/sec: 0.00s
Expected time: ~2.0s (5 requests / 2 per sec - 1)

[ZhuoZhuoCrayon]

@grll

In function call mode, limit returns RateLimitResult immediately. You can use RateLimitResult.limited to determine whether the rate limit is triggered:

    # Make 5 sequential requests
    for i in range(5):
        await result = throttle.limit('default', cost=1)
        # Here's the problem.
        assert result.limited

You can specify a timeout to enable wait-and-retry behavior, The rate limiter will retry automatically, returns the final RateLimitResult when the request is allowed or timeout reached:

    # Make 5 sequential requests
    for i in range(5):
        # Set timeout=5 to enable wait-and-retry (max wait 5 second), returns the final RateLimitResult.
        await result = throttle.limit('default', cost=1, timeout=5)
        assert result.limited

In addition, in decorator, and context manager modes, triggering current limiting will throw LimitedError:

#!/usr/bin/env python3
import asyncio
import time
from throttled.asyncio import RateLimiterType, Throttled, rate_limiter, store, exceptions


async def test_throttled():
    # Create a throttle that allows 2 requests per second
    throttle = Throttled(
        key='default',
        # You can use `timeout` to enable wait-retry mode.
        # timeout=1,
        using=RateLimiterType.GCRA.value,
        quota=rate_limiter.per_sec(2),
        store=store.MemoryStore(),
    )

    print("Testing Throttled rate limiter...")
    start_time = time.time()

    # Make 5 sequential requests
    for i in range(5):
        # If no timeout is set, exceptions.LimitedError will be thrown on the third execution.
        async with throttle:
            print(f"Request {i+1} completed at {time.time() - start_time:.2f}s")

    total_time = time.time() - start_time
    print(f"\nTotal time for 5 requests at 2/sec: {total_time:.2f}s")


if __name__ == "__main__":
    asyncio.run(test_throttled())

[ZhuoZhuoCrayon]

@grll per_sec(2) is equivalent to per_sec(2, burst=2), which means allows 2 requests per second, and allows 2 burst requests(🪣 Bucket's capacity). In other words, this limiter will consume the burst after 2 requests. If timeout>=0.5 is set, the above example will complete all requests in 1.5 seconds (the burst is consumed immediately, and the 3 requests will be filled in the subsequent 1.5s)：

#!/usr/bin/env python3
import asyncio
import time
from throttled.asyncio import RateLimiterType, Throttled, rate_limiter, store


async def test_throttled():
    # Create a throttle that allows 2 requests per second
    throttle = Throttled(
        using=RateLimiterType.GCRA.value,
        quota=rate_limiter.per_sec(2),
        store=store.MemoryStore(),
    )

    print("Testing Throttled rate limiter...")
    start_time = time.time()

    # Make 5 sequential requests
    for i in range(5):
        # ⏳ Set timeout=0.5 to enable wait-and-retry (max wait 0.5 second)
        await throttle.limit('default', cost=1, timeout=0.5)
        print(f"Request {i+1} completed at {time.time() - start_time:.2f}s")

    total_time = time.time() - start_time
    print(f"\nTotal time for 5 requests at 2/sec: {total_time:.2f}s")
    print(f"Expected time: ~1.5s")


if __name__ == "__main__":
    asyncio.run(test_throttled())

Testing Throttled rate limiter...
------------- Burst----------------------------
Request 1 completed at 0.00s
Request 2 completed at 0.00s
-----------------------------------------------
------------ Refill: 0.5 tokens per second ------
Request 3 completed at 0.50s
Request 4 completed at 1.00s
Request 5 completed at 1.50s
-----------------------------------------------

Total time for 5 requests at 2/sec: 1.50s
Expected time: ~1.5s

[grll]

@DouweM look like we are ready for a review!

PS: That's definetly the toughest CI I have ever seen but I guess coming from typing experts no surprise here. Anyway I got to the bottom of it.

[ZhuoZhuoCrayon]

@DouweM @grll

Could we consider verifying the rate limit result(RateLimitResult.limited=False When the rate limit is still exceeded after the timeout) at this point and raising a LimitedError (or another exception compliant with the pydantic-ai specification)?

For example:

if self.limiter:
    await result = self.limiter.limit(key, cost, timeout)
    # 💡 Check if the limit has been exceeded.
    if result.limited:
        raise RuntimeError('Rate limit exceeded.')
return await super().request(...)

I am concerned that skipping the check and still executing the request after exceeding the rate limit may cause the model to encounter unpredictable third-party exception errors.

[grll]

Yes good point I will adjust

[grll]

@DouweM any chance we get some review soon on this? I will address the point above but wanted to also combine with your feedback if possible

[DouweM]

Would it make sense to move these to the initializer? Or could they be values on the limiter that's passed? Users don't call request and request_stream directly, so they wouldn't have an obvious way to set these values.

[ZhuoZhuoCrayon]

Maybe we can move the parameters to the initialization stage:

throttle = Throttled(
    using='gcra',
    quota=rate_limiter.per_sec(1_000, burst=1_000),
    # store can be omitted, the global MemoryStore is provided by default.
    # store=MemoryStore(),
    key='default',
    cost=1,
    timeout=30
)

[DouweM]

What's the implication of this value being the same for all models (unless it's overwritten)? Should we use a different value for each model/agent?

[ZhuoZhuoCrayon]

@grll @DouweM The target of rate limiting is the LLMs API, which is different for each model and needs to be independent. Can we use self.model_name as the default key unless a specific key already exists for the limiter?

if self.limiter:
    # 💡 Priority: self.limiter.key > self.model_name.
    await result = self.limiter.limit(self.limiter.key or self.model_name)
    ....
...

[DouweM]

@ZhuoZhuoCrayon I think that makes sense, but let's add in the provider as well: {self.system}:{self.model_name}

[DouweM]

@Kludex What do you think of these being included by default? Should we put them in an optional dependency group?

[DouweM]

Let's add these to a new optional dependency group called rate_limiting, and add a try:/except ImportError: block to models/rate_limited.py like we have on providers/openai.py that suggests installing with that dependency group.

[DouweM]

We already do some testing with fake failing models in tests/models/test_fallback.py. Could we borrow the approach taken there using FunctionModel?

[DouweM]

Can you update your uv, reset uv.lock to the version from main, and run make install again? We should see only a handful of changes here for the new packages, not "2,071 additions, 2,049 deletions" :)

[ZhuoZhuoCrayon]

@grll Besides making dependencies optional, perhaps we could address other reviews first?

@DouweM @Kludex Looking forward to your suggestions regarding the discussion above. 😊

[DouweM]

@ZhuoZhuoCrayon What exactly did you want our take on? 😄 I assumed the conversation between you and @grll about how throttled works would just affect the implementation here, but let me know if there's something in particular you needed our opinion on!

[DouweM]

@grll I had a chat about this with @Kludex, and we've got a few thoughts!

1. Does this actually address running into request rate limiting error frequently for openAI models #782 in the most appropriate way? I'd expect us to want to specifically handle HTTP status 429 and look at the response headers to know when the API wants us to try again. That'd require some model-class specific logic, but it'd work out of the box, would wait exactly as much as necessary, and not require you to come up with your own throttling rules like quota=rate_limiter.per_sec(2).

   As implemented, the RateLimitedModel effectively lets you make your own model/agent rate limited from the perspective of its end users, which could potentially be useful in some scenarios, but it doesn't seem to address the model API rate limiting issue directly or optimally.

2. Letting the user specify that a model should retry its request a couple of times when it fails for non-rate-limiting reasons, similar to OpenAI's max_retries mentioned in Easier way of configuring max_retries for OpenAI and Azure clients/providers #1732, can be useful if APIs are unstable. For that simple case, using a separate model class ideally wouldn't be necessary: we could add a new request_retries option on Agent, like we already have output_retries and retries (which should really be tool_retries).

If we try to separately 1) allow request retries and 2) handle API rate limits, I think we'd end up with a different implementation than what we got here by conflating them as they are.

What do you think? My bad for letting you run in this direction for a bit before properly thinking it through 😅

[grll]

@grll I had a chat about this with @Kludex, and we've got a few thoughts!

1. Does this actually address running into request rate limiting error frequently for openAI models #782 in the most appropriate way? I'd expect us to want to specifically handle HTTP status 429 and look at the response headers to know when the API wants us to try again. That'd require some model-class specific logic, but it'd work out of the box, would wait exactly as much as necessary, and not require you to come up with your own throttling rules like quota=rate_limiter.per_sec(2).

   As implemented, the RateLimitedModel effectively lets you make your own model/agent rate limited from the perspective of its end users, which could potentially be useful in some scenarios, but it doesn't seem to address the model API rate limiting issue directly or optimally.

2. Letting the user specify that a model should retry its request a couple of times when it fails for non-rate-limiting reasons, similar to OpenAI's max_retries mentioned in Easier way of configuring max_retries for OpenAI and Azure clients/providers #1732, can be useful if APIs are unstable. For that simple case, using a separate model class ideally wouldn't be necessary: we could add a new request_retries option on Agent, like we already have output_retries and retries (which should really be tool_retries).

If we try to separately 1) allow request retries and 2) handle API rate limits, I think we'd end up with a different implementation than what we got here by conflating them as they are.

What do you think? My bad for letting you run in this direction for a bit before properly thinking it through 😅

Hey @DouweM no worries at all, this week is really packed with events, but I have in my todos to review your proposal to split. One thing that came to mind is that OpenAI is one thing but I am not sure all providers populate retry headers in a consistent and similar way so we might have challenges there

[Kludex]

Those headers are widely used. Every serious provider should have it.

[DouweM]

@grll I'm closing this PR as it's been a few weeks with no response; if you're still interested in implementing this feel free to reopen it!

[grll]

@grll I'm closing this PR as it's been a few weeks with no response; if you're still interested in implementing this feel free to reopen it!

@DouweM I still have it in the back of my mind but need to dedicate a bit of time on it. Is it something that you would need still?

[DouweM]

@grll If we could make it use the rate limit headers, definitely!

[DouweM]

#2282 implements support for HTTP 429 with respect for the Retry-After header