@beignet/provider-rate-limit-upstash 0.0.2 → 0.0.4

package/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @beignet/provider-rate-limit-upstash
 
+## 0.0.4
+
+### Patch Changes
+
+- 8bcb31f: Mark package READMEs with Beignet's experimental alpha status and 0.0.x stability expectations.
+- d137044: Declare `@beignet/core` as a peer dependency with a lockstep version range in
+  every integration and provider package instead of a regular `"*"` dependency.
+  Installs now always resolve a single shared copy of core, so `instanceof`
+  checks such as `isContractError` and upload error identity keep working, and
+  mixed Beignet versions fail loudly at install time instead of at runtime.
+
+  If your package manager does not install peer dependencies automatically, add
+  `@beignet/core` to your app alongside these packages. `@beignet/nuqs` now also
+  declares `@beignet/react-query` as a peer dependency, and
+  `@beignet/provider-storage-s3` now expects you to install
+  `@aws-sdk/client-s3` and `@aws-sdk/s3-request-presigner` yourself, matching
+  how other providers treat their SDKs.
+
+- 603478f: Align package documentation with the canonical route registry and AppContext conventions.
+- 1a79090: Emit Node-compatible ESM: all relative imports in published packages now carry explicit .js extensions, fixing ERR_MODULE_NOT_FOUND when running the CLI or importing package dist files under plain Node.
+- 44f1192: Move first-party provider diagnostics to package-owned `beignet.provider`
+  manifest metadata and have doctor read installed provider package manifests.
+- 2aa77ca: Add static provider metadata and provider wiring diagnostics for generated apps.
+- 2da5a05: Add an `UPSTASH_ALGORITHM` option that selects between `fixed-window` (the
+  default, unchanged behavior) and `sliding-window` rate limiting. Note that
+  switching algorithms changes how counters are keyed in Redis, so in-flight
+  windows effectively reset when the algorithm changes. The provider now also
+  caches one `Ratelimit` instance per `(limit, windowSec, algorithm)` combination
+  instead of constructing a new instance on every `hit()` call.
+- 69b8c35: Rename the default rate limit key prefix from `ck:ratelimit` to `beignet:ratelimit`.
+
+  This changes the Redis key names the provider writes when `UPSTASH_PREFIX` is not set: after upgrading, in-flight rate limit windows stored under the old prefix are abandoned and counting restarts under the new prefix. Set `UPSTASH_PREFIX=ck:ratelimit` to keep the previous keys. `UPSTASH_PREFIX` is now also listed in the provider's env metadata.
+
+- 89390fe: Move the raw Upstash Redis client escape hatch to a separate port. The
+  provider now contributes `{ rateLimit: RateLimitPort, upstash: { client } }`.
+  `UpstashRateLimitPort` and `CreateUpstashRateLimitPortOptions` are replaced by
+  the exported `UpstashRateLimitProviderPorts` interface; access the raw client
+  through `ctx.ports.upstash.client` instead of casting `ctx.ports.rateLimit`.
+
+## 0.0.3
+
+### Patch Changes
+
+- Updated dependencies [3160184]
+- Updated dependencies [254ef6d]
+- Updated dependencies [4cb1784]
+- Updated dependencies [8bd9085]
+  - @beignet/core@0.0.3
+
 ## 0.0.2
 
 ### Patch Changes

package/README.md

@@ -1,5 +1,9 @@
 # @beignet/provider-rate-limit-upstash
 
+> [!CAUTION]
+> Beignet is experimental alpha software. The `0.0.x` package line is for early
+> evaluation, and APIs may change between releases while the framework settles.
+
 Upstash-backed `RateLimitPort` provider for Beignet applications.
 
 The provider installs `ctx.ports.rateLimit` using
@@ -11,12 +15,13 @@ The provider installs `ctx.ports.rateLimit` using
 - Implements the standard `RateLimitPort` interface.
 - Uses the Upstash Redis REST API, so it is serverless-friendly.
 - Supports dynamic limits per request with a configurable key prefix.
+- Supports fixed window and sliding window algorithms via `UPSTASH_ALGORITHM`.
 - Emits devtools events for allowed, blocked, and failed hits.
 
 ## Install
 
 ```bash
-bun add @beignet/provider-rate-limit-upstash @upstash/redis @upstash/ratelimit
+bun add @beignet/provider-rate-limit-upstash @beignet/core @upstash/redis @upstash/ratelimit
 ```
 
 ## Configuration
@@ -27,7 +32,19 @@ Set these environment variables:
 |----------|----------|-------------|---------|
 | `UPSTASH_REDIS_REST_URL` | Yes | Your Upstash Redis REST URL | `https://us1-properly-ancient-12345.upstash.io` |
 | `UPSTASH_REDIS_REST_TOKEN` | Yes | Your Upstash Redis REST token | `AXXXeyJpZCI6IjEy...` |
-| `UPSTASH_PREFIX` | No | Key prefix for rate limit keys (default: `ck:ratelimit`) | `myapp:ratelimit` |
+| `UPSTASH_PREFIX` | No | Key prefix for rate limit keys (default: `beignet:ratelimit`) | `myapp:ratelimit` |
+| `UPSTASH_ALGORITHM` | No | Rate limit algorithm, `fixed-window` or `sliding-window` (default: `fixed-window`) | `sliding-window` |
+
+### Choosing an algorithm
+
+- `fixed-window` (default) is the cheapest option: one counter per window. It
+  can allow short bursts at window boundaries, since a client can spend a full
+  limit at the end of one window and again at the start of the next.
+- `sliding-window` smooths those boundary bursts by weighting the previous
+  window into the current one, at the cost of slightly more Redis work per hit.
+
+Switching algorithms changes how counters are keyed in Redis, so in-flight
+windows effectively reset when you change `UPSTASH_ALGORITHM`.
 
 ### Getting Upstash credentials
 
@@ -50,7 +67,7 @@ export const server = await createNextServer({
   ports: appPorts,
   providers: [upstashRateLimitProvider],
   hooks: [createRateLimitHooks<AppContext>()],
-  createContext: ({ ports }) => ({ ports }),
+  context: ({ ports }) => ({ ports }),
   routes,
 });
 ```
@@ -62,7 +79,7 @@ policies, or use cases:
 
 ```ts
 // Example app-specific policy that rate limits by IP address
-async function checkIpRateLimit(ctx: AppCtx) {
+async function checkIpRateLimit(ctx: AppContext) {
   const result = await ctx.ports.rateLimit.hit({
     key: `ip:${ctx.ip}`,
     limit: 100,
@@ -134,7 +151,7 @@ type RateLimitMetadata = {
   };
 };
 
-async function rateLimitFromMeta(ctx: AppCtx, meta?: RateLimitMetadata) {
+async function rateLimitFromMeta(ctx: AppContext, meta?: RateLimitMetadata) {
   if (!meta?.rateLimit) return;
 
   const { max, windowSec, scope = "global" } = meta.rateLimit;
@@ -176,9 +193,12 @@ interface RateLimitResult {
 
 ## Implementation details
 
-- **Algorithm**: Uses fixed window rate limiting via `Ratelimit.fixedWindow()`
+- **Algorithm**: Uses `Ratelimit.fixedWindow()` by default, or
+  `Ratelimit.slidingWindow()` when `UPSTASH_ALGORITHM=sliding-window`
 - **Backend**: Upstash Redis REST API (serverless-compatible)
-- **Per-request configuration**: Creates a new `Ratelimit` instance for each `hit()` call to support dynamic limits
+- **Per-request configuration**: Caches one `Ratelimit` instance per
+  `(limit, windowSec, algorithm)` combination to support dynamic limits without
+  reconstructing limiters on every `hit()` call
 - **Key prefix**: Configurable prefix to avoid key collisions
 
 ## Devtools
@@ -187,26 +207,35 @@ When `@beignet/devtools` is installed before this provider, rate limit
 checks appear under the dashboard's Rate limits watcher.
 
 The provider records `rateLimit.hit` events with the key, limit, window,
-configured prefix, allowed/blocked result, remaining count, reset time,
-retry-after value, and duration. Provider failures are recorded as
+configured prefix, algorithm, allowed/blocked result, remaining count, reset
+time, retry-after value, and duration. Provider failures are recorded as
 `rateLimit.hit.failed`.
 
-## Advanced usage
-
-### Access the underlying Redis client
+## Escape hatch
 
-The provider extends the standard `RateLimitPort` with access to the underlying Upstash Redis client:
+The provider contributes the standard `rateLimit` port plus `ctx.ports.upstash`
+with the raw Upstash Redis client for operations the stable rate limit port
+does not model:
 
 ```ts
-import type { UpstashRateLimitPort } from "@beignet/provider-rate-limit-upstash";
+// Access the Redis client for advanced operations
+await ctx.ports.upstash.client.get("some:key");
+await ctx.ports.upstash.client.set("some:key", "value");
+```
 
-const rateLimit = ctx.ports.rateLimit as UpstashRateLimitPort;
+To get proper type inference for the contributed ports, extend your ports type
+with `UpstashRateLimitProviderPorts`:
 
-// Access the Redis client for advanced operations
-await rateLimit.client.get("some:key");
-await rateLimit.client.set("some:key", "value");
+```ts
+import type { UpstashRateLimitProviderPorts } from "@beignet/provider-rate-limit-upstash";
+
+type AppPorts = typeof basePorts & UpstashRateLimitProviderPorts;
+// { rateLimit: RateLimitPort; upstash: { client: Redis } }
 ```
 
+Use the stable `RateLimitPort` for normal application behavior. Use the raw
+client only when the Upstash-specific operation is intentional.
+
 ## Testing
 
 The provider includes comprehensive tests. Run them with:

package/dist/index.d.ts

@@ -6,7 +6,9 @@
  * Configuration:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -32,9 +34,15 @@
  * ```
  */
 import type { RateLimitPort } from "@beignet/core/ports";
-import { type ProviderInstrumentationTarget } from "@beignet/core/providers";
 import { Redis } from "@upstash/redis";
 import { z } from "zod";
+/**
+ * Rate limit algorithms supported by the Upstash provider.
+ *
+ * - "fixed-window": cheaper, but allows bursts at window boundaries.
+ * - "sliding-window": smoother enforcement at slightly more Redis work.
+ */
+export type UpstashRateLimitAlgorithm = "fixed-window" | "sliding-window";
 /**
  * Configuration schema for the Upstash Rate Limit provider.
  * Validates environment variables with UPSTASH_ prefix.
@@ -43,30 +51,37 @@ declare const UpstashRateLimitConfigSchema: z.ZodObject<{
     REDIS_REST_URL: z.ZodString;
     REDIS_REST_TOKEN: z.ZodString;
     PREFIX: z.ZodDefault<z.ZodString>;
+    ALGORITHM: z.ZodDefault<z.ZodEnum<{
+        "fixed-window": "fixed-window";
+        "sliding-window": "sliding-window";
+    }>>;
 }, z.core.$strip>;
 /**
  * Inferred configuration type for Upstash Rate Limit provider.
  */
 export type UpstashRateLimitConfig = z.infer<typeof UpstashRateLimitConfigSchema>;
 /**
- * Extended rate limit port interface that includes the Upstash Redis client.
- * The Upstash provider adds the underlying client for advanced operations.
+ * Escape hatch for apps that need the raw Upstash Redis client.
  */
-export interface UpstashRateLimitPort extends RateLimitPort {
+export interface UpstashRateLimitEscapeHatch {
     /**
-     * The underlying Upstash Redis client instance.
-     * Use this for advanced operations not covered by the rate limit interface.
+     * Raw Upstash Redis client.
+     * Use this for Upstash operations the stable rate limit port does not model.
      */
     client: Redis;
 }
 /**
- * Options for the internal Upstash rate-limit port factory.
+ * Ports contributed by the Upstash rate limit provider.
  */
-export interface CreateUpstashRateLimitPortOptions {
+export interface UpstashRateLimitProviderPorts {
+    /**
+     * Beignet rate limit port backed by Upstash.
+     */
+    rateLimit: RateLimitPort;
     /**
-     * Optional provider instrumentation target.
+     * Raw Upstash Redis client escape hatch.
      */
-    instrumentation?: ProviderInstrumentationTarget;
+    upstash: UpstashRateLimitEscapeHatch;
 }
 /**
  * Upstash rate limit provider that extends ports with rate limiting capabilities.
@@ -74,7 +89,9 @@ export interface CreateUpstashRateLimitPortOptions {
  * Configuration via environment variables:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -89,8 +106,15 @@ export declare const upstashRateLimitProvider: import("@beignet/core/providers")
     REDIS_REST_URL: z.ZodString;
     REDIS_REST_TOKEN: z.ZodString;
     PREFIX: z.ZodDefault<z.ZodString>;
+    ALGORITHM: z.ZodDefault<z.ZodEnum<{
+        "fixed-window": "fixed-window";
+        "sliding-window": "sliding-window";
+    }>>;
 }, z.core.$strip>, {
-    rateLimit: UpstashRateLimitPort;
-}>;
+    rateLimit: RateLimitPort;
+    upstash: {
+        client: Redis;
+    };
+}, unknown, void>;
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAmB,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAGL,KAAK,6BAA6B,EACnC,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,QAAA,MAAM,4BAA4B;;;;iBAkBhC,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,oBAAqB,SAAQ,aAAa;IACzD;;;OAGG;IACH,MAAM,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD;;OAEG;IACH,eAAe,CAAC,EAAE,6BAA6B,CAAC;CACjD;AAiHD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,wBAAwB;;;;;;EAyBnC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAmB,MAAM,qBAAqB,CAAC;AAO1E,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;GAKG;AACH,MAAM,MAAM,yBAAyB,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAE1E;;;GAGG;AACH,QAAA,MAAM,4BAA4B;;;;;;;;iBA4BhC,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,MAAM,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C;;OAEG;IACH,SAAS,EAAE,aAAa,CAAC;IACzB;;OAEG;IACH,OAAO,EAAE,2BAA2B,CAAC;CACtC;AA6ID;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;iBAiCnC,CAAC"}

package/dist/index.js

@@ -6,7 +6,9 @@
  * Configuration:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -52,46 +54,59 @@ const UpstashRateLimitConfigSchema = z.object({
     /**
      * Optional prefix for keys used by this rate limiter.
      * Helps avoid collisions if you reuse the same Redis for multiple things.
-     * Defaults to "ck:ratelimit".
+     * Defaults to "beignet:ratelimit".
      */
-    PREFIX: z.string().default("ck:ratelimit"),
+    PREFIX: z.string().default("beignet:ratelimit"),
+    /**
+     * Optional rate limit algorithm.
+     * "fixed-window" is cheaper but bursty at window boundaries.
+     * "sliding-window" is smoother at slightly more Redis work.
+     * Switching algorithms changes how counters are keyed in Redis, so existing
+     * windows effectively reset when the algorithm changes.
+     * Defaults to "fixed-window".
+     */
+    ALGORITHM: z.enum(["fixed-window", "sliding-window"]).default("fixed-window"),
 });
 function errorMessage(error) {
     return error instanceof Error ? error.message : String(error);
 }
 /**
  * Creates an Upstash-backed RateLimitPort implementation.
- *
- * @param config - Validated Upstash configuration
- * @returns A RateLimitPort implementation using Upstash
  */
-function createUpstashRateLimitPort(config, options = {}) {
+function createUpstashRateLimitPort(options) {
     const instrumentation = createProviderInstrumentation(options.instrumentation, {
         providerName: "rate-limit-upstash",
         watcher: "rateLimit",
     });
-    const redis = new Redis({
-        url: config.REDIS_REST_URL,
-        token: config.REDIS_REST_TOKEN,
-    });
-    const prefix = config.PREFIX;
+    const redis = options.client;
+    const prefix = options.prefix;
+    const algorithm = options.algorithm;
+    // Upstash's Ratelimit fixes the limiter config at construction time, so we
+    // keep one instance per (limit, windowSec, algorithm). Rate limit configs
+    // come from contract metadata, so the cardinality is tiny and an unbounded
+    // Map is fine.
+    const limiters = new Map();
+    function limiterFor(limit, windowSec) {
+        const cacheKey = `${algorithm}:${limit}:${windowSec}`;
+        const cached = limiters.get(cacheKey);
+        if (cached) {
+            return cached;
+        }
+        const ratelimit = new Ratelimit({
+            redis,
+            limiter: algorithm === "sliding-window"
+                ? Ratelimit.slidingWindow(limit, `${windowSec} s`)
+                : Ratelimit.fixedWindow(limit, `${windowSec} s`),
+            prefix,
+        });
+        limiters.set(cacheKey, ratelimit);
+        return ratelimit;
+    }
     const port = {
         async hit({ key, limit, windowSec }) {
             const startedAt = Date.now();
             try {
-                // Create a new Ratelimit instance for each call with the specified limit and window.
-                // This is necessary because Upstash's Ratelimit is configured with a specific
-                // limit/window at construction time, and we need dynamic limits per call.
-                // Performance note: Creating instances is lightweight as Upstash uses HTTP-based
-                // REST API calls, not persistent connections. The actual rate limiting logic
-                // happens server-side at Upstash.
-                const ratelimit = new Ratelimit({
-                    redis,
-                    // Use fixed window algorithm - simple and effective
-                    // Alternative: Ratelimit.slidingWindow(limit, `${windowSec} s`)
-                    limiter: Ratelimit.fixedWindow(limit, `${windowSec} s`),
-                    prefix,
-                });
+                const ratelimit = limiterFor(limit, windowSec);
                 const result = await ratelimit.limit(key);
                 const allowed = result.success;
                 // result.remaining is the number of remaining requests in the window
@@ -115,6 +130,7 @@ function createUpstashRateLimitPort(config, options = {}) {
                         limit,
                         windowSec,
                         prefix,
+                        algorithm,
                         allowed,
                         remaining,
                         resetAt: resetAt?.toISOString() ?? null,
@@ -134,6 +150,7 @@ function createUpstashRateLimitPort(config, options = {}) {
                         limit,
                         windowSec,
                         prefix,
+                        algorithm,
                         durationMs: Date.now() - startedAt,
                         error: errorMessage(error),
                     },
@@ -141,7 +158,6 @@ function createUpstashRateLimitPort(config, options = {}) {
                 throw error;
             }
         },
-        client: redis,
     };
     return port;
 }
@@ -151,7 +167,9 @@ function createUpstashRateLimitPort(config, options = {}) {
  * Configuration via environment variables:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -173,14 +191,22 @@ export const upstashRateLimitProvider = createProvider({
             throw new Error("[upstashRateLimitProvider] Missing config. " +
                 "Please set UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN environment variables.");
         }
-        const instrumentation = createProviderInstrumentation(ports, {
-            providerName: "rate-limit-upstash",
-            watcher: "rateLimit",
+        const client = new Redis({
+            url: config.REDIS_REST_URL,
+            token: config.REDIS_REST_TOKEN,
         });
-        const rateLimitPort = createUpstashRateLimitPort(config, {
-            instrumentation,
+        const rateLimit = createUpstashRateLimitPort({
+            client,
+            prefix: config.PREFIX,
+            algorithm: config.ALGORITHM,
+            instrumentation: ports,
         });
-        return { ports: { rateLimit: rateLimitPort } };
+        return {
+            ports: {
+                rateLimit,
+                upstash: { client },
+            },
+        };
     },
 });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,cAAc,EACd,6BAA6B,GAE9B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C;;;OAGG;IACH,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAEhC;;OAEG;IACH,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAE5B;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC;CAC3C,CAAC,CAAC;AA+BH,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAS,0BAA0B,CACjC,MAA8B,EAC9B,UAA6C,EAAE;IAE/C,MAAM,eAAe,GAAG,6BAA6B,CACnD,OAAO,CAAC,eAAe,EACvB;QACE,YAAY,EAAE,oBAAoB;QAClC,OAAO,EAAE,WAAW;KACrB,CACF,CAAC;IACF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,GAAG,EAAE,MAAM,CAAC,cAAc;QAC1B,KAAK,EAAE,MAAM,CAAC,gBAAgB;KAC/B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAE7B,MAAM,IAAI,GAAyB;QACjC,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,IAAI,CAAC;gBACH,qFAAqF;gBACrF,8EAA8E;gBAC9E,0EAA0E;gBAC1E,iFAAiF;gBACjF,6EAA6E;gBAC7E,kCAAkC;gBAClC,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;oBAC9B,KAAK;oBACL,oDAAoD;oBACpD,gEAAgE;oBAChE,OAAO,EAAE,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,SAAS,IAAI,CAAC;oBACvD,MAAM;iBACP,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAE1C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;gBAE/B,qEAAqE;gBACrE,MAAM,SAAS,GACb,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEjE,0DAA0D;gBAC1D,MAAM,OAAO,GACX,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEnE,MAAM,eAAe,GAAG;oBACtB,OAAO;oBACP,SAAS;oBACT,OAAO;oBACP,iBAAiB,EACf,OAAO,IAAI,OAAO,IAAI,IAAI;wBACxB,CAAC,CAAC,IAAI;wBACN,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;iBACtE,CAAC;gBAEF,eAAe,CAAC,MAAM,CAAC;oBACrB,IAAI,EAAE,eAAe;oBACrB,KAAK,EAAE,gBAAgB;oBACvB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,iBAAiB;oBACxD,OAAO,EAAE;wBACP,GAAG;wBACH,KAAK;wBACL,SAAS;wBACT,MAAM;wBACN,OAAO;wBACP,SAAS;wBACT,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,IAAI;wBACvC,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;wBACpD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;qBACnC;iBACF,CAAC,CAAC;gBAEH,OAAO,eAAe,CAAC;YACzB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,MAAM,CAAC;oBACrB,IAAI,EAAE,sBAAsB;oBAC5B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,uBAAuB;oBAChC,OAAO,EAAE;wBACP,GAAG;wBACH,KAAK;wBACL,SAAS;wBACT,MAAM;wBACN,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;wBAClC,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC;qBAC3B;iBACF,CAAC,CAAC;gBACH,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,EAAE,KAAK;KACd,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,cAAc,CAAC;IACrD,IAAI,EAAE,oBAAoB;IAE1B,MAAM,EAAE;QACN,MAAM,EAAE,4BAA4B;QACpC,SAAS,EAAE,UAAU;KACtB;IAED,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,6CAA6C;gBAC3C,uFAAuF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,6BAA6B,CAAC,KAAK,EAAE;YAC3D,YAAY,EAAE,oBAAoB;YAClC,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,0BAA0B,CAAC,MAAM,EAAE;YACvD,eAAe;SAChB,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,CAAC;IACjD,CAAC;CACF,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EACL,cAAc,EACd,6BAA6B,GAE9B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAUxB;;;GAGG;AACH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C;;;OAGG;IACH,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAEhC;;OAEG;IACH,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAE5B;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAE/C;;;;;;;OAOG;IACH,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC;CAC9E,CAAC,CAAC;AAwDH,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,OAA0C;IAE1C,MAAM,eAAe,GAAG,6BAA6B,CACnD,OAAO,CAAC,eAAe,EACvB;QACE,YAAY,EAAE,oBAAoB;QAClC,OAAO,EAAE,WAAW;KACrB,CACF,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,2EAA2E;IAC3E,0EAA0E;IAC1E,2EAA2E;IAC3E,eAAe;IACf,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE9C,SAAS,UAAU,CAAC,KAAa,EAAE,SAAiB;QAClD,MAAM,QAAQ,GAAG,GAAG,SAAS,IAAI,KAAK,IAAI,SAAS,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;YAC9B,KAAK;YACL,OAAO,EACL,SAAS,KAAK,gBAAgB;gBAC5B,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,SAAS,IAAI,CAAC;gBAClD,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,SAAS,IAAI,CAAC;YACpD,MAAM;SACP,CAAC,CAAC;QACH,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAClC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,IAAI,GAAkB;QAC1B,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBAE/C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAE1C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;gBAE/B,qEAAqE;gBACrE,MAAM,SAAS,GACb,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEjE,0DAA0D;gBAC1D,MAAM,OAAO,GACX,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEnE,MAAM,eAAe,GAAG;oBACtB,OAAO;oBACP,SAAS;oBACT,OAAO;oBACP,iBAAiB,EACf,OAAO,IAAI,OAAO,IAAI,IAAI;wBACxB,CAAC,CAAC,IAAI;wBACN,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;iBACtE,CAAC;gBAEF,eAAe,CAAC,MAAM,CAAC;oBACrB,IAAI,EAAE,eAAe;oBACrB,KAAK,EAAE,gBAAgB;oBACvB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,iBAAiB;oBACxD,OAAO,EAAE;wBACP,GAAG;wBACH,KAAK;wBACL,SAAS;wBACT,MAAM;wBACN,SAAS;wBACT,OAAO;wBACP,SAAS;wBACT,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,IAAI;wBACvC,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;wBACpD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;qBACnC;iBACF,CAAC,CAAC;gBAEH,OAAO,eAAe,CAAC;YACzB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,eAAe,CAAC,MAAM,CAAC;oBACrB,IAAI,EAAE,sBAAsB;oBAC5B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,uBAAuB;oBAChC,OAAO,EAAE;wBACP,GAAG;wBACH,KAAK;wBACL,SAAS;wBACT,MAAM;wBACN,SAAS;wBACT,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;wBAClC,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC;qBAC3B;iBACF,CAAC,CAAC;gBACH,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,cAAc,CAAC;IACrD,IAAI,EAAE,oBAAoB;IAE1B,MAAM,EAAE;QACN,MAAM,EAAE,4BAA4B;QACpC,SAAS,EAAE,UAAU;KACtB;IAED,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,6CAA6C;gBAC3C,uFAAuF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,cAAc;YAC1B,KAAK,EAAE,MAAM,CAAC,gBAAgB;SAC/B,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,0BAA0B,CAAC;YAC3C,MAAM;YACN,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,eAAe,EAAE,KAAK;SACvB,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE;gBACL,SAAS;gBACT,OAAO,EAAE,EAAE,MAAM,EAAE;aACoB;SAC1C,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@beignet/provider-rate-limit-upstash",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "type": "module",
   "description": "Upstash-based rate limit provider for Beignet - adds rate limit port using Upstash Redis",
   "main": "./dist/index.js",
@@ -53,12 +53,12 @@
     "node": ">=18.0.0"
   },
   "peerDependencies": {
+    "@beignet/core": ">=0.0.3 <1.0.0",
     "@upstash/ratelimit": "^2.0.0",
     "@upstash/redis": "^1.0.0"
   },
   "dependencies": {
-    "zod": "^4.0.0",
-    "@beignet/core": "*"
+    "zod": "^4.0.0"
   },
   "devDependencies": {
     "@beignet/devtools": "*",
@@ -67,5 +67,39 @@
     "@upstash/ratelimit": "^2.0.7",
     "@upstash/redis": "^1.35.7",
     "typescript": "^5.3.0"
+  },
+  "beignet": {
+    "provider": {
+      "displayName": "Upstash rate-limit provider",
+      "ports": [
+        "rateLimit",
+        "upstash"
+      ],
+      "appPorts": [
+        {
+          "name": "rateLimit",
+          "type": "RateLimitPort"
+        }
+      ],
+      "env": [
+        "UPSTASH_REDIS_REST_URL",
+        "UPSTASH_REDIS_REST_TOKEN",
+        "UPSTASH_PREFIX",
+        "UPSTASH_ALGORITHM"
+      ],
+      "requiredEnv": [
+        "UPSTASH_REDIS_REST_URL",
+        "UPSTASH_REDIS_REST_TOKEN"
+      ],
+      "watchers": [
+        "rateLimit"
+      ],
+      "registration": {
+        "required": true,
+        "tokens": [
+          "upstashRateLimitProvider"
+        ]
+      }
+    }
   }
 }

package/src/index.ts

@@ -6,7 +6,9 @@
  * Configuration:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -42,6 +44,14 @@ import { Ratelimit } from "@upstash/ratelimit";
 import { Redis } from "@upstash/redis";
 import { z } from "zod";
 
+/**
+ * Rate limit algorithms supported by the Upstash provider.
+ *
+ * - "fixed-window": cheaper, but allows bursts at window boundaries.
+ * - "sliding-window": smoother enforcement at slightly more Redis work.
+ */
+export type UpstashRateLimitAlgorithm = "fixed-window" | "sliding-window";
+
 /**
  * Configuration schema for the Upstash Rate Limit provider.
  * Validates environment variables with UPSTASH_ prefix.
@@ -61,9 +71,19 @@ const UpstashRateLimitConfigSchema = z.object({
   /**
    * Optional prefix for keys used by this rate limiter.
    * Helps avoid collisions if you reuse the same Redis for multiple things.
-   * Defaults to "ck:ratelimit".
+   * Defaults to "beignet:ratelimit".
    */
-  PREFIX: z.string().default("ck:ratelimit"),
+  PREFIX: z.string().default("beignet:ratelimit"),
+
+  /**
+   * Optional rate limit algorithm.
+   * "fixed-window" is cheaper but bursty at window boundaries.
+   * "sliding-window" is smoother at slightly more Redis work.
+   * Switching algorithms changes how counters are keyed in Redis, so existing
+   * windows effectively reset when the algorithm changes.
+   * Defaults to "fixed-window".
+   */
+  ALGORITHM: z.enum(["fixed-window", "sliding-window"]).default("fixed-window"),
 });
 
 /**
@@ -74,21 +94,46 @@ export type UpstashRateLimitConfig = z.infer<
 >;
 
 /**
- * Extended rate limit port interface that includes the Upstash Redis client.
- * The Upstash provider adds the underlying client for advanced operations.
+ * Escape hatch for apps that need the raw Upstash Redis client.
  */
-export interface UpstashRateLimitPort extends RateLimitPort {
+export interface UpstashRateLimitEscapeHatch {
   /**
-   * The underlying Upstash Redis client instance.
-   * Use this for advanced operations not covered by the rate limit interface.
+   * Raw Upstash Redis client.
+   * Use this for Upstash operations the stable rate limit port does not model.
    */
   client: Redis;
 }
 
+/**
+ * Ports contributed by the Upstash rate limit provider.
+ */
+export interface UpstashRateLimitProviderPorts {
+  /**
+   * Beignet rate limit port backed by Upstash.
+   */
+  rateLimit: RateLimitPort;
+  /**
+   * Raw Upstash Redis client escape hatch.
+   */
+  upstash: UpstashRateLimitEscapeHatch;
+}
+
 /**
  * Options for the internal Upstash rate-limit port factory.
  */
-export interface CreateUpstashRateLimitPortOptions {
+interface CreateUpstashRateLimitPortOptions {
+  /**
+   * Upstash Redis client used for rate limit counters.
+   */
+  client: Redis;
+  /**
+   * Prefix for keys used by this rate limiter.
+   */
+  prefix: string;
+  /**
+   * Rate limit algorithm used for every bucket served by this port.
+   */
+  algorithm: UpstashRateLimitAlgorithm;
   /**
    * Optional provider instrumentation target.
    */
@@ -101,14 +146,10 @@ function errorMessage(error: unknown): string {
 
 /**
  * Creates an Upstash-backed RateLimitPort implementation.
- *
- * @param config - Validated Upstash configuration
- * @returns A RateLimitPort implementation using Upstash
  */
 function createUpstashRateLimitPort(
-  config: UpstashRateLimitConfig,
-  options: CreateUpstashRateLimitPortOptions = {},
-): UpstashRateLimitPort {
+  options: CreateUpstashRateLimitPortOptions,
+): RateLimitPort {
   const instrumentation = createProviderInstrumentation(
     options.instrumentation,
     {
@@ -116,31 +157,41 @@ function createUpstashRateLimitPort(
       watcher: "rateLimit",
     },
   );
-  const redis = new Redis({
-    url: config.REDIS_REST_URL,
-    token: config.REDIS_REST_TOKEN,
-  });
+  const redis = options.client;
+  const prefix = options.prefix;
+  const algorithm = options.algorithm;
 
-  const prefix = config.PREFIX;
+  // Upstash's Ratelimit fixes the limiter config at construction time, so we
+  // keep one instance per (limit, windowSec, algorithm). Rate limit configs
+  // come from contract metadata, so the cardinality is tiny and an unbounded
+  // Map is fine.
+  const limiters = new Map<string, Ratelimit>();
 
-  const port: UpstashRateLimitPort = {
+  function limiterFor(limit: number, windowSec: number): Ratelimit {
+    const cacheKey = `${algorithm}:${limit}:${windowSec}`;
+    const cached = limiters.get(cacheKey);
+    if (cached) {
+      return cached;
+    }
+
+    const ratelimit = new Ratelimit({
+      redis,
+      limiter:
+        algorithm === "sliding-window"
+          ? Ratelimit.slidingWindow(limit, `${windowSec} s`)
+          : Ratelimit.fixedWindow(limit, `${windowSec} s`),
+      prefix,
+    });
+    limiters.set(cacheKey, ratelimit);
+    return ratelimit;
+  }
+
+  const port: RateLimitPort = {
     async hit({ key, limit, windowSec }): Promise<RateLimitResult> {
       const startedAt = Date.now();
 
       try {
-        // Create a new Ratelimit instance for each call with the specified limit and window.
-        // This is necessary because Upstash's Ratelimit is configured with a specific
-        // limit/window at construction time, and we need dynamic limits per call.
-        // Performance note: Creating instances is lightweight as Upstash uses HTTP-based
-        // REST API calls, not persistent connections. The actual rate limiting logic
-        // happens server-side at Upstash.
-        const ratelimit = new Ratelimit({
-          redis,
-          // Use fixed window algorithm - simple and effective
-          // Alternative: Ratelimit.slidingWindow(limit, `${windowSec} s`)
-          limiter: Ratelimit.fixedWindow(limit, `${windowSec} s`),
-          prefix,
-        });
+        const ratelimit = limiterFor(limit, windowSec);
 
         const result = await ratelimit.limit(key);
 
@@ -173,6 +224,7 @@ function createUpstashRateLimitPort(
             limit,
             windowSec,
             prefix,
+            algorithm,
             allowed,
             remaining,
             resetAt: resetAt?.toISOString() ?? null,
@@ -192,6 +244,7 @@ function createUpstashRateLimitPort(
             limit,
             windowSec,
             prefix,
+            algorithm,
             durationMs: Date.now() - startedAt,
             error: errorMessage(error),
           },
@@ -199,8 +252,6 @@ function createUpstashRateLimitPort(
         throw error;
       }
     },
-
-    client: redis,
   };
 
   return port;
@@ -212,7 +263,9 @@ function createUpstashRateLimitPort(
  * Configuration via environment variables:
  * - UPSTASH_REDIS_REST_URL: Upstash Redis REST URL (required)
  * - UPSTASH_REDIS_REST_TOKEN: Upstash Redis REST token (required)
- * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "ck:ratelimit")
+ * - UPSTASH_PREFIX: Optional prefix for rate limit keys (default: "beignet:ratelimit")
+ * - UPSTASH_ALGORITHM: Optional rate limit algorithm, "fixed-window" or
+ *   "sliding-window" (default: "fixed-window")
  *
  * @example
  * ```ts
@@ -239,13 +292,21 @@ export const upstashRateLimitProvider = createProvider({
       );
     }
 
-    const instrumentation = createProviderInstrumentation(ports, {
-      providerName: "rate-limit-upstash",
-      watcher: "rateLimit",
+    const client = new Redis({
+      url: config.REDIS_REST_URL,
+      token: config.REDIS_REST_TOKEN,
     });
-    const rateLimitPort = createUpstashRateLimitPort(config, {
-      instrumentation,
+    const rateLimit = createUpstashRateLimitPort({
+      client,
+      prefix: config.PREFIX,
+      algorithm: config.ALGORITHM,
+      instrumentation: ports,
     });
-    return { ports: { rateLimit: rateLimitPort } };
+    return {
+      ports: {
+        rateLimit,
+        upstash: { client },
+      } satisfies UpstashRateLimitProviderPorts,
+    };
   },
 });