Skip to main content

zeph_config/
rate_limit.rs

1// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3
4use serde::{Deserialize, Serialize};
5
6fn default_shell_limit() -> usize {
7    30
8}
9
10fn default_web_limit() -> usize {
11    20
12}
13
14fn default_memory_limit() -> usize {
15    60
16}
17
18fn default_mcp_limit() -> usize {
19    40
20}
21
22fn default_other_limit() -> usize {
23    60
24}
25
26fn default_cooldown_secs() -> u64 {
27    30
28}
29
30/// Configuration for the tool rate limiter, nested under `[security.rate_limit]`.
31///
32/// Disabled by default. All limits are calls per 60-second window.
33#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
34pub struct RateLimitConfig {
35    /// Master switch. When `false`, all checks are no-ops.
36    #[serde(default)]
37    pub enabled: bool,
38    /// Maximum shell tool calls per minute.
39    #[serde(default = "default_shell_limit")]
40    pub shell_calls_per_minute: usize,
41    /// Maximum web tool calls per minute.
42    #[serde(default = "default_web_limit")]
43    pub web_calls_per_minute: usize,
44    /// Maximum memory tool calls per minute.
45    #[serde(default = "default_memory_limit")]
46    pub memory_calls_per_minute: usize,
47    /// Maximum MCP tool calls per minute.
48    #[serde(default = "default_mcp_limit")]
49    pub mcp_calls_per_minute: usize,
50    /// Maximum other tool calls per minute.
51    #[serde(default = "default_other_limit")]
52    pub other_calls_per_minute: usize,
53    /// Seconds the circuit breaker stays tripped after a limit is exceeded.
54    #[serde(default = "default_cooldown_secs")]
55    pub circuit_breaker_cooldown_secs: u64,
56}
57
58impl Default for RateLimitConfig {
59    fn default() -> Self {
60        Self {
61            enabled: false,
62            shell_calls_per_minute: default_shell_limit(),
63            web_calls_per_minute: default_web_limit(),
64            memory_calls_per_minute: default_memory_limit(),
65            mcp_calls_per_minute: default_mcp_limit(),
66            other_calls_per_minute: default_other_limit(),
67            circuit_breaker_cooldown_secs: default_cooldown_secs(),
68        }
69    }
70}