Draft
Conversation
Add a per-client-IP concurrent clone limiter to prevent a single client from monopolizing all clone capacity. When a client exceeds the configured limit, requests are rejected with 429 Too Many Requests and a Retry-After header. Configurable via max-clones-per-client in the git strategy config block. Defaults to 0 (disabled). The tracker counts in-flight clones per client IP and releases slots when clone jobs complete. New metric cachew.git.clone_rejections_total (by client IP) provides observability into rate-limited requests. Co-authored-by: Amp <amp@ampcode.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d4a57-1477-707c-bb89-5543fddff0e7
worstell
force-pushed
the
eworstell/per-client-rate-limit
branch
from
ac55e5b to
f75e12e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a per-client-IP concurrent clone limiter to prevent a single client from monopolizing all clone capacity. When a client exceeds the configured limit, requests are rejected with 429 Too Many Requests and a Retry-After header.
Changes
ratelimit.go:ClientCloneTrackertracks in-flight clone count per client IP.TryAcquirereturns a release function on success, or false when the limit is reached. Thread-safe, cleans up entries when all slots are released.Config.MaxClonesPerClient: HCL-configurable viamax-clones-per-clientin the git strategy block. Defaults to0(disabled).submitClone: Extracted fromhandleRequestto encapsulate clone submission with rate limiting. Returns 429 when the client exceeds the limit; otherwise submits the clone job and serves via spool/upstream.cachew.git.clone_rejections_total: New OTel counter withclientattribute for observability.How it works
StateEmpty,submitClonechecks the per-client tracker before submitting the clone job.max-clones-per-clientin-flight clones, a slot is acquired and the clone job is submitted. The slot is released when the clone completes.Retry-After: 30header. No clone is submitted.max-clones-per-client = 0, the default), behavior is unchanged.Testing