Rate limiting
Token-bucket rate limiter keyed by user, IP, or API key — with Redis/Upstash support for multi-host deployments.
Without a rate limiter, a single user can exhaust your API budget or trigger abuse at scale. createRateLimiter enforces a token-bucket policy per request key and returns a retryAfterMs value you can forward directly in the retry-after header.
import { createRateLimiter } from '@agentskit/core/security'
const limiter = createRateLimiter({
capacity: 10,
refillPerSecond: 1,
keyBy: (req) => req.userId,
})
app.post('/chat', async (req) => {
const { allowed, retryAfterMs } = await limiter.take(req)
if (!allowed) return new Response('Too Many Requests', { status: 429, headers: { 'retry-after': `${Math.ceil(retryAfterMs / 1000)}` } })
// ... run agent
})#Storage
In-memory storage works for a single host. For multi-host deployments, pass a { get, set } adapter backed by Redis, Upstash, or any key/value store.
#Related
Explore nearby
- PeerSecurity
Six primitives for production agents: PII redaction, injection detection, rate limiting, audit log, sandbox enforcement, and HITL approvals.
- PeerPII redaction
Strip emails, phones, SSNs, and API keys from messages before they reach the model or get written to logs.
- PeerPrompt injection
Detect instruction-hijacking patterns in user input, tool results, and RAG chunks before they reach the model.