Skip to content

refactor(rate-limit): key free-model limit on user id for authenticated requests#3004

Open
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
chrarnoldus/free-model-rate-limit-by-user
Open

refactor(rate-limit): key free-model limit on user id for authenticated requests#3004
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
chrarnoldus/free-model-rate-limit-by-user

Conversation

@kilo-code-bot
Copy link
Copy Markdown
Contributor

@kilo-code-bot kilo-code-bot Bot commented May 2, 2026

Summary

  • Free-model rate limiting is now keyed on the authenticated user id for all authenticated requests, regardless of feature or source IP.
  • Anonymous requests continue to be rate-limited per IP address, but now count only anonymous (unauthenticated) rows in free_model_usage so the limit is not skewed by authenticated users sharing the same IP.
  • Removes the USER_RATE_LIMITED_FEATURES / isUserRateLimitedFeature / Cloudflare-IP special case for cloud-agent, code-review, and app-builder — they are handled uniformly now.

Behavioural notes:

  • resolveRateLimit now awaits auth before deciding the key. The pre-auth IP fast-path for authenticated callers is gone; the trade-off is correct per-user accounting across shared-infra IPs.
  • checkFreeModelRateLimit(ipAddress) is now anonymous-only; checkFreeModelRateLimitByUser(userId) is unchanged and used for every authenticated request.
  • checkPromotionLimit (10k/24h anonymous gate) is unaffected.

Verification

  • Exercised the changed code path by reading through apps/web/src/app/api/openrouter/[...path]/route.ts to confirm anonymous free-model requests still run through the promotion limit, and authenticated ones hit the user-keyed counter.
  • Reviewed feature-detection.test.ts to confirm only the removed helper's tests needed deletion.

Full pnpm typecheck / pnpm test / pnpm format were skipped locally (sandbox has no node_modules); CI will run them.

Visual Changes

N/A

Reviewer Notes

  • Risk: the pre-auth fast path is now gone for authenticated free-model traffic. Auth latency will add to every rate-limit decision. Auth is already kicked off in parallel earlier in the handler, so the added latency should be minimal.
  • Risk: anonymous IP counts used to include authenticated rows; after this change the anonymous 200/hr limit effectively resets for those IPs on rollout. That is intentional but worth noting.
  • No DB schema change. No new PII.

@kilo-code-bot
refactor(rate-limit): key free-model limit on user id for authenticat…
57b5d39 
…ed requests

Authenticated free-model requests are now rate-limited per user id regardless of
feature or source IP. Anonymous requests continue to be rate-limited per IP,
counting only anonymous usage so they aren't skewed by authenticated users on
shared IPs. This removes the feature/Cloudflare-IP special case that existed for
cloud-agent, code-review and app-builder.
@kilo-code-bot
Copy link
Copy Markdown
Contributor Author

kilo-code-bot Bot commented May 2, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (4 files)
  • apps/web/src/app/api/openrouter/[...path]/route.ts
  • apps/web/src/lib/feature-detection.test.ts
  • apps/web/src/lib/feature-detection.ts
  • apps/web/src/lib/free-model-rate-limiter.ts

Reviewed by gpt-5.5-2026-04-23 · 158,490 tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@chrarnoldus chrarnoldus

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrarnoldus