Skip to content

implement per-wallet lock quota and rate limit#1794

Open
HayimShaul wants to merge 14 commits into
mainfrom
1640_rate_limit
Open

implement per-wallet lock quota and rate limit#1794
HayimShaul wants to merge 14 commits into
mainfrom
1640_rate_limit

Conversation

@HayimShaul

Copy link
Copy Markdown
Contributor

implement per-wallet lock quota and rate limit.
Addresses issue #1640

@HayimShaul HayimShaul added this to the Q3/26 milestone Jun 21, 2026
@HayimShaul HayimShaul self-assigned this Jun 21, 2026
@HayimShaul HayimShaul linked an issue Jun 21, 2026 that may be closed by this pull request
@HayimShaul HayimShaul marked this pull request as ready for review June 21, 2026 13:06
Comment thread docs/security/selector_resource_limits.md
Comment thread token/services/selector/simple/inmemory/locker.go Outdated
Comment thread token/services/selector/simple/inmemory/locker.go Outdated
Comment thread token/services/selector/simple/inmemory/locker.go Outdated
Comment thread token/services/selector/simple/inmemory/locker.go Outdated
Comment thread token/services/selector/simple/inmemory/ratelimiter.go Outdated
Comment thread token/services/selector/simple/inmemory/ratelimiter.go
Comment thread token/services/selector/simple/inmemory/ratelimiter_test.go
Comment thread token/services/selector/simple/selector.go
Comment thread token/services/selector/simple/selector.go
@AkramBitar AkramBitar requested a review from adecaro July 1, 2026 08:57
@adecaro

adecaro commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

if I understand correctly the concerns of the issue this PR is trying to address, the selector service needs to have a definition of a Locker whose lock function takes in input also the wallet id the tokens are selected for. Then, we need to enforce that both simple and sherdlock selectors use this function. At that point the job of the token-sdk is done. We can update the documentation and tell the developer how to provide a new implementation of the Locker interface that integrate rate limiting. The application that uses the token-sdk can already have an overall infrastructure for rate limiting (using redis, for example) and they might want to reuse it as well.

@HayimShaul

Copy link
Copy Markdown
Contributor Author

if I understand correctly the concerns of the issue this PR is trying to address, the selector service needs to have a definition of a Locker whose lock function takes in input also the wallet id the tokens are selected for. Then, we need to enforce that both simple and sherdlock selectors use this function. At that point the job of the token-sdk is done. We can update the documentation and tell the developer how to provide a new implementation of the Locker interface that integrate rate limiting. The application that uses the token-sdk can already have an overall infrastructure for rate limiting (using redis, for example) and they might want to reuse it as well.

I'm not sure I understand. Are you suggesting the rate limit be implemented by the application calling tokensdk?
Then why do we need a new Locker?

Hayim.Shaul@ibm.com added 14 commits July 12, 2026 07:49
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fix
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fmt
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fmt
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fmt
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fix
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Per-Caller and Per-Wallet Lock Quotas with Rate Limiting [HIGH]

3 participants