npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/rate-limit/__tests__/resolver.integration.ts ADDED Viewed

@@ -0,0 +1,189 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { RateLimitError } from "../../errors";
+import { createTestRedis, type TestRedis } from "../../stack";
+import { createRateLimitResolver, type RateLimitResolver } from "../resolver";
+let testRedis: TestRedis;
+let resolver: RateLimitResolver;
+// Controllable clock so tests can advance time deterministically without
+// real waits. Production passes Date.now; tests inject this so refill
+// behaviour is observable in milliseconds.
+let mockNowMs: number;
+beforeAll(async () => {
+  testRedis = await createTestRedis();
+});
+afterAll(async () => {
+  await testRedis.cleanup();
+});
+beforeEach(async () => {
+  await testRedis.flushNamespace();
+  mockNowMs = 1_700_000_000_000; // arbitrary fixed start
+  resolver = createRateLimitResolver({
+    redis: testRedis.redis,
+    keyPrefix: "test:rl:",
+    nowMs: () => mockNowMs,
+  });
+});
+describe("createRateLimitResolver — token bucket basics", () => {
+  test("first N requests within limit are allowed, N+1 is rejected", async () => {
+    const config = { limit: 5, windowSeconds: 60 };
+    const decisions = [];
+    for (let i = 0; i < 5; i++) {
+      decisions.push(await resolver.check("user:42", config));
+    }
+    expect(decisions.every((d) => d.allowed)).toBe(true);
+    expect(decisions.map((d) => d.remaining)).toEqual([4, 3, 2, 1, 0]);
+    const sixth = await resolver.check("user:42", config);
+    expect(sixth.allowed).toBe(false);
+    expect(sixth.remaining).toBe(0);
+    expect(sixth.retryAfterSeconds).toBeGreaterThan(0);
+  });
+  test("buckets are isolated by key — different user has fresh bucket", async () => {
+    const config = { limit: 2, windowSeconds: 60 };
+    await resolver.check("user:a", config);
+    await resolver.check("user:a", config);
+    const aBlocked = await resolver.check("user:a", config);
+    expect(aBlocked.allowed).toBe(false);
+    const bFirst = await resolver.check("user:b", config);
+    expect(bFirst.allowed).toBe(true);
+    expect(bFirst.remaining).toBe(1);
+  });
+  test("refill: after window/2 the bucket has limit/2 tokens back", async () => {
+    const config = { limit: 10, windowSeconds: 10 };
+    // Drain the bucket
+    for (let i = 0; i < 10; i++) await resolver.check("refill:user", config);
+    const drained = await resolver.check("refill:user", config);
+    expect(drained.allowed).toBe(false);
+    // Advance 5s = window/2 → ~5 tokens refilled
+    mockNowMs += 5000;
+    const decisions = [];
+    for (let i = 0; i < 5; i++) {
+      decisions.push(await resolver.check("refill:user", config));
+    }
+    expect(decisions.every((d) => d.allowed)).toBe(true);
+    // Sixth in this batch should be blocked again — only 5 tokens were refilled.
+    const overshoot = await resolver.check("refill:user", config);
+    expect(overshoot.allowed).toBe(false);
+  });
+  test("refill caps at limit — long idle does not exceed bucket size", async () => {
+    const config = { limit: 5, windowSeconds: 10 };
+    await resolver.check("idle:user", config);
+    // Advance 10× the window → bucket would overflow without the cap.
+    mockNowMs += 10 * 10 * 1000;
+    const decisions = [];
+    for (let i = 0; i < 5; i++) {
+      decisions.push(await resolver.check("idle:user", config));
+    }
+    expect(decisions.every((d) => d.allowed)).toBe(true);
+    const blocked = await resolver.check("idle:user", config);
+    expect(blocked.allowed).toBe(false);
+  });
+});
+describe("createRateLimitResolver — cost", () => {
+  test("cost: 5 deducts 5 tokens at once", async () => {
+    const config = { limit: 10, windowSeconds: 60, cost: 5 };
+    const first = await resolver.check("cost:user", config);
+    expect(first.allowed).toBe(true);
+    expect(first.remaining).toBe(5);
+    const second = await resolver.check("cost:user", config);
+    expect(second.allowed).toBe(true);
+    expect(second.remaining).toBe(0);
+    const third = await resolver.check("cost:user", config);
+    expect(third.allowed).toBe(false);
+  });
+  test("cost > limit: never allowed", async () => {
+    const config = { limit: 5, windowSeconds: 60, cost: 10 };
+    const decision = await resolver.check("over:user", config);
+    expect(decision.allowed).toBe(false);
+  });
+});
+describe("createRateLimitResolver — concurrency", () => {
+  test("100 parallel requests at limit=10 — exactly 10 are allowed", async () => {
+    const config = { limit: 10, windowSeconds: 60 };
+    // 100 concurrent calls. Lua atomicity → exactly `limit` of them
+    // come back allowed=true; the rest are rejected. No double-spend.
+    const results = await Promise.all(
+      Array.from({ length: 100 }, () => resolver.check("race:user", config)),
+    );
+    const allowedCount = results.filter((d) => d.allowed).length;
+    expect(allowedCount).toBe(10);
+  });
+});
+describe("createRateLimitResolver — peek", () => {
+  test("peek returns the same state across consecutive calls — no token deduction", async () => {
+    const config = { limit: 5, windowSeconds: 60 };
+    // Drain 2 tokens via real check() so the bucket is at remaining=3.
+    await resolver.check("peek:user", config);
+    await resolver.check("peek:user", config);
+    // Three back-to-back peeks at the SAME wallclock — remaining must
+    // not move. If peek mutated state, each call would deduct/refill
+    // and the numbers would drift.
+    const a = await resolver.peek("peek:user", config);
+    const b = await resolver.peek("peek:user", config);
+    const c = await resolver.peek("peek:user", config);
+    expect(a.remaining).toBe(3);
+    expect(b.remaining).toBe(3);
+    expect(c.remaining).toBe(3);
+    // After 100 peeks, the next real check still sees remaining=3-1=2.
+    // Proves peek doesn't shift the refill timestamp either — if it did,
+    // the next refill maths would over-credit and remaining would jump.
+    for (let i = 0; i < 100; i++) await resolver.peek("peek:user", config);
+    const next = await resolver.check("peek:user", config);
+    expect(next.remaining).toBe(2);
+  });
+  test("peek on a fresh bucket reports the full limit available", async () => {
+    const config = { limit: 7, windowSeconds: 60 };
+    const decision = await resolver.peek("peek:fresh", config);
+    expect(decision.allowed).toBe(true);
+    expect(decision.remaining).toBe(7);
+    expect(decision.limit).toBe(7);
+    // Fresh bucket → no need to wait for a refill.
+    expect(decision.retryAfterSeconds).toBe(0);
+  });
+});
+describe("createRateLimitResolver — enforce", () => {
+  test("enforce throws RateLimitError with the bucket details when blocked", async () => {
+    const config = { limit: 1, windowSeconds: 60 };
+    await resolver.enforce("enf:user", config);
+    let thrown: unknown;
+    try {
+      await resolver.enforce("enf:user", config);
+    } catch (e) {
+      thrown = e;
+    }
+    expect(thrown).toBeInstanceOf(RateLimitError);
+    const err = thrown as RateLimitError;
+    expect(err.httpStatus).toBe(429);
+    expect(err.code).toBe("rate_limited");
+    expect(err.details.bucket).toBe("enf:user");
+    expect(err.details.limit).toBe(1);
+    expect(err.details.windowSeconds).toBe(60);
+    expect(err.details.retryAfterSeconds).toBeGreaterThan(0);
+    expect(err.details.resetAt).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+  });
+});

package/src/rate-limit/bucket.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import type { RateLimitOption, SessionUser } from "../engine/types";
+// Build the Redis bucket key for a handler-level rate limit. Format:
+//   <handler>:<dimension-tag>:<dimension-value>
+// Dimension-tag keeps buckets disjoint when the same tenant/user shows up
+// in multiple bucket strategies — `user+handler` and `user` for the same
+// user are independent buckets.
+export type BucketContext = {
+  readonly handlerName: string;
+  readonly user: SessionUser;
+  readonly ip: string | undefined;
+};
+export type BucketResult =
+  | { readonly kind: "key"; readonly key: string }
+  | { readonly kind: "skip"; readonly reason: string };
+export function buildBucketKey(option: RateLimitOption, ctx: BucketContext): BucketResult {
+  switch (option.per) {
+    case "user":
+      return { kind: "key", key: `user:${ctx.user.id}` };
+    case "tenant":
+      return { kind: "key", key: `tenant:${ctx.user.tenantId}` };
+    case "ip":
+      if (!ctx.ip) return { kind: "skip", reason: "no_ip" };
+      return { kind: "key", key: `ip:${ctx.ip}` };
+    case "user+handler":
+      return { kind: "key", key: `user+handler:${ctx.user.id}:${ctx.handlerName}` };
+    case "tenant+handler":
+      return { kind: "key", key: `tenant+handler:${ctx.user.tenantId}:${ctx.handlerName}` };
+    case "ip+handler":
+      if (!ctx.ip) return { kind: "skip", reason: "no_ip" };
+      return { kind: "key", key: `ip+handler:${ctx.ip}:${ctx.handlerName}` };
+  }
+}

package/src/rate-limit/index.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export { type BucketContext, type BucketResult, buildBucketKey } from "./bucket";
+export {
+  type AuthEndpointRateLimitOptions,
+  authEndpointRateLimit,
+  type GlobalIpRateLimitOptions,
+  globalIpRateLimit,
+} from "./middleware";
+export {
+  createRateLimitResolver,
+  type RateLimitConfig,
+  type RateLimitDecision,
+  type RateLimitResolver,
+  type RateLimitResolverOptions,
+} from "./resolver";

package/src/rate-limit/middleware.ts ADDED Viewed

@@ -0,0 +1,152 @@
+import type { Context, MiddlewareHandler } from "hono";
+import { requestContext } from "../api/request-context";
+import { RateLimitError, serializeError } from "../errors";
+import type { RateLimitDecision, RateLimitResolver } from "./resolver";
+// Hono middleware factories for L1 (Global-IP) and L2 (Auth-Endpoints).
+//
+// Both share the same response shape on 429 — RFC 6585 status, the
+// X-RateLimit-* headers IETF draft uses, and a structured JSON body
+// produced by the central serializeError() so L1/L2/L3 share the
+// `error.code`, `i18nKey`, `details`, `requestId`, `timestamp` envelope.
+//
+// Fail-mode policy (from docs/plans/features/core-rate-limiting.md):
+//   L1/L2 — **fail-closed** when Redis is down. The caller is most
+//           likely an attacker; refusing service is safer than letting
+//           an unbounded flood through.
+//   L3   — fail-open (handled in dispatcher path). App availability
+//           wins for known heavy handlers when Redis blips.
+export type GlobalIpRateLimitOptions = {
+  readonly resolver: RateLimitResolver;
+  readonly limit?: number;
+  readonly windowSeconds?: number;
+  // Override IP extraction — useful when behind a non-standard proxy.
+  // Default: x-forwarded-for first hop.
+  readonly extractIp?: (c: Context) => string | undefined;
+  // Hook for ops logging when fail-closed fires (Redis down). Default:
+  // emits to console.error so the misbehaviour is loud at minimum.
+  readonly onFailClosed?: (err: unknown) => void;
+};
+export function globalIpRateLimit(opts: GlobalIpRateLimitOptions): MiddlewareHandler {
+  const limit = opts.limit ?? 1000;
+  const windowSeconds = opts.windowSeconds ?? 60;
+  const extractIp = opts.extractIp ?? defaultExtractIp;
+  const onFailClosed = opts.onFailClosed ?? defaultOnFailClosed("l1-global-ip");
+  return async (c, next) => {
+    const ip = extractIp(c);
+    if (!ip) {
+      // No IP and no override → can't bucket. Pass-through; deployments
+      // that care about that hardening should pin extractIp explicitly.
+      return next();
+    }
+    try {
+      const decision = await opts.resolver.check(`l1:${ip}`, { limit, windowSeconds });
+      if (!decision.allowed) {
+        return respondRateLimited(c, decision, `l1:${ip}`);
+      }
+      setRateLimitHeaders(c, decision);
+    } catch (e) {
+      // Fail-closed: refuse rather than let a flood through with no cap.
+      // resolver.check never throws RateLimitError (only enforce does),
+      // so any throw here is an infrastructure failure (Redis down).
+      onFailClosed(e);
+      return c.json(
+        { error: { code: "rate_limit_unavailable", message: "Rate limiter unavailable" } },
+        503,
+      );
+    }
+    await next();
+  };
+}
+export type AuthEndpointRateLimitOptions = {
+  readonly resolver: RateLimitResolver;
+  readonly limit?: number;
+  readonly windowSeconds?: number;
+  // Optional target extractor for account-aware bucketing. When set,
+  // the bucket key is `l2:${ip}:${target}` — adds account isolation on
+  // top of IP. Default: bucket on `l2:${ip}:${path}` (IP + route),
+  // which catches naive IP-flood without consuming the request body.
+  readonly extractTarget?: (c: Context) => string | undefined | Promise<string | undefined>;
+  readonly extractIp?: (c: Context) => string | undefined;
+  readonly onFailClosed?: (err: unknown) => void;
+};
+export function authEndpointRateLimit(opts: AuthEndpointRateLimitOptions): MiddlewareHandler {
+  const limit = opts.limit ?? 5;
+  const windowSeconds = opts.windowSeconds ?? 60;
+  const extractIp = opts.extractIp ?? defaultExtractIp;
+  const extractTarget = opts.extractTarget;
+  const onFailClosed = opts.onFailClosed ?? defaultOnFailClosed("l2-auth-endpoints");
+  return async (c, next) => {
+    const ip = extractIp(c);
+    if (!ip) return next();
+    const target = (await extractTarget?.(c)) ?? c.req.path;
+    const bucket = `l2:${ip}:${target}`;
+    try {
+      const decision = await opts.resolver.check(bucket, { limit, windowSeconds });
+      if (!decision.allowed) {
+        return respondRateLimited(c, decision, bucket);
+      }
+      setRateLimitHeaders(c, decision);
+    } catch (e) {
+      onFailClosed(e);
+      return c.json(
+        { error: { code: "rate_limit_unavailable", message: "Rate limiter unavailable" } },
+        503,
+      );
+    }
+    await next();
+  };
+}
+function defaultExtractIp(c: Context): string | undefined {
+  const xff = c.req.header("x-forwarded-for");
+  return xff?.split(",")[0]?.trim() || undefined;
+}
+function defaultOnFailClosed(label: string): (err: unknown) => void {
+  return (err) => {
+    // Loud by default — fail-closed for an unknown reason is an ops
+    // signal, not something to swallow silently. Production deploys
+    // override this with a structured logger; the default keeps the
+    // noise visible if no logger is wired.
+    // biome-ignore lint/suspicious/noConsole: ops-visible fallback when no logger is wired
+    console.error(`[rate-limit ${label}] fail-closed (refusing request):`, err);
+  };
+}
+function setRateLimitHeaders(c: Context, decision: RateLimitDecision): void {
+  c.header("X-RateLimit-Limit", String(decision.limit));
+  c.header("X-RateLimit-Remaining", String(decision.remaining));
+  // Unix-epoch seconds — matches the de-facto industry standard (GitHub,
+  // Twitter, AWS) and stays consistent with Retry-After, which is also
+  // seconds. Previously this emitted an ISO-Instant string; proxies and
+  // client libs that parse as integer would silently see NaN.
+  c.header("X-RateLimit-Reset", String(Math.floor(decision.resetAt.epochMilliseconds / 1000)));
+}
+function respondRateLimited(c: Context, decision: RateLimitDecision, bucket: string): Response {
+  // Build a RateLimitError so the wire shape is identical to the L3
+  // dispatcher path. serializeError adds i18nKey, requestId, timestamp —
+  // fields a hand-rolled body would silently miss.
+  const err = new RateLimitError({
+    bucket,
+    limit: decision.limit,
+    windowSeconds: decision.windowSeconds,
+    remaining: decision.remaining,
+    retryAfterSeconds: decision.retryAfterSeconds,
+    resetAt: decision.resetAt.toString(),
+  });
+  c.header("Retry-After", String(Math.max(1, decision.retryAfterSeconds)));
+  setRateLimitHeaders(c, decision);
+  const reqId = requestContext.get()?.requestId;
+  return c.json(serializeError(err, reqId), 429);
+}

package/src/rate-limit/resolver.ts ADDED Viewed

@@ -0,0 +1,267 @@
+import type Redis from "ioredis";
+import { RateLimitError } from "../errors";
+import { RedisKeys } from "../pipeline/redis-keys";
+// Token-Bucket rate limiter, atomic via Redis Lua. One round-trip per
+// check — the script computes the bucket state inline and either deducts
+// or rejects.
+//
+// Why Token Bucket: bursts are allowed up to `limit`, refill is steady
+// at `limit / windowSeconds` per second. Sliding window would be more
+// fair but needs more Redis ops; fixed window is simpler but gives 2x
+// burst at boundaries. Token Bucket sits in the right trade-off zone.
+//
+// Storage layout per bucket:
+//   <key> hash with two fields:
+//     tokens  — float, current tokens in the bucket
+//     ts      — last refill timestamp (ms since epoch)
+//   TTL = 2 × windowSeconds (long enough to not lose state across refill,
+//         short enough to clean up dead buckets)
+//
+// The Lua script does: load → refill based on elapsed time → check cost
+// → deduct or reject. Returns [allowed, remaining, resetAfterMs].
+// KEYS[1] — bucket key
+// ARGV[1] — limit (max tokens)
+// ARGV[2] — refillRatePerMs (limit / (windowSeconds * 1000))
+// ARGV[3] — cost (tokens to deduct, default 1)
+// ARGV[4] — nowMs (server time, passed in for testability + drift safety)
+// ARGV[5] — ttlSeconds (key TTL)
+//
+// Returns: { allowed (1|0), remainingTokens (int floor), retryAfterMs (int) }
+//
+// The peek script (TOKEN_BUCKET_PEEK_LUA) below is the same logic minus
+// the HMSET — used by ops queries to inspect a bucket without nudging
+// the refill timestamp. Two scripts so neither has to grow a "writeback"
+// flag and a state-machine.
+const TOKEN_BUCKET_LUA = `
+local key = KEYS[1]
+local limit = tonumber(ARGV[1])
+local refillRatePerMs = tonumber(ARGV[2])
+local cost = tonumber(ARGV[3])
+local nowMs = tonumber(ARGV[4])
+local ttl = tonumber(ARGV[5])
+local data = redis.call('HMGET', key, 'tokens', 'ts')
+local tokens = tonumber(data[1])
+local ts = tonumber(data[2])
+if tokens == nil then
+  tokens = limit
+  ts = nowMs
+else
+  local elapsed = math.max(0, nowMs - ts)
+  tokens = math.min(limit, tokens + elapsed * refillRatePerMs)
+  ts = nowMs
+end
+local allowed = 0
+local retryAfterMs = 0
+if tokens >= cost then
+  tokens = tokens - cost
+  allowed = 1
+else
+  -- Time until enough tokens accumulate to satisfy this request.
+  local deficit = cost - tokens
+  retryAfterMs = math.ceil(deficit / refillRatePerMs)
+end
+redis.call('HMSET', key, 'tokens', tokens, 'ts', ts)
+redis.call('EXPIRE', key, ttl)
+return { allowed, math.floor(tokens), retryAfterMs }
+`;
+// Read-only peek. Same refill maths, but writes nothing back — the
+// bucket state at peek time stays identical to the state the next real
+// check() would see. Used by ops/status queries that must not deduct
+// tokens or shift the refill timestamp.
+//
+// KEYS[1] — bucket key
+// ARGV[1] — limit
+// ARGV[2] — refillRatePerMs
+// ARGV[3] — nowMs
+//
+// Returns: { remainingTokens (int floor), retryAfterMs (int — until 1 token available) }
+const TOKEN_BUCKET_PEEK_LUA = `
+local key = KEYS[1]
+local limit = tonumber(ARGV[1])
+local refillRatePerMs = tonumber(ARGV[2])
+local nowMs = tonumber(ARGV[3])
+local data = redis.call('HMGET', key, 'tokens', 'ts')
+local tokens = tonumber(data[1])
+local ts = tonumber(data[2])
+if tokens == nil then
+  tokens = limit
+else
+  local elapsed = math.max(0, nowMs - ts)
+  tokens = math.min(limit, tokens + elapsed * refillRatePerMs)
+end
+local retryAfterMs = 0
+if tokens < 1 then
+  retryAfterMs = math.ceil((1 - tokens) / refillRatePerMs)
+end
+return { math.floor(tokens), retryAfterMs }
+`;
+export type RateLimitDecision = {
+  readonly allowed: boolean;
+  readonly limit: number;
+  readonly remaining: number;
+  readonly retryAfterSeconds: number;
+  readonly windowSeconds: number;
+  readonly resetAt: Temporal.Instant;
+};
+export type RateLimitConfig = {
+  readonly limit: number;
+  readonly windowSeconds: number;
+  readonly cost?: number;
+};
+export type RateLimitResolver = {
+  // Atomic check + deduct. Returns the decision and current bucket state
+  // — caller decides whether to throw RateLimitError or proceed.
+  check(bucket: string, config: RateLimitConfig): Promise<RateLimitDecision>;
+  // Convenience: throws RateLimitError when blocked. Useful inside the
+  // dispatcher / middleware code-paths where the failure shape is fixed.
+  enforce(bucket: string, config: RateLimitConfig): Promise<RateLimitDecision>;
+  // Read-only inspection: returns the same shape as check() but never
+  // mutates the bucket — no token deduction, no refill-timestamp update.
+  // Use for ops/status queries (e.g. "kumiko rl status user:42") that
+  // must observe the bucket without disturbing it.
+  peek(bucket: string, config: Omit<RateLimitConfig, "cost">): Promise<RateLimitDecision>;
+};
+export type RateLimitResolverOptions = {
+  readonly redis: Redis;
+  // Override the prefix for tests. Production uses RedisKeys.rateLimit.
+  readonly keyPrefix?: string;
+  // Override the time source for tests. Production uses Date.now().
+  readonly nowMs?: () => number;
+};
+type LuaResult = readonly [number, number, number];
+// We register the script once per Redis client via defineCommand so each
+// check is a single round-trip with the script already cached on the
+// server (ioredis falls back to LOADing the script if the SHA is
+// missing). Using defineCommand also keeps the call-site idiomatic
+// (`redis.kumikoRateLimit(...)`) instead of building raw protocol calls.
+type CommandClient = Redis & {
+  kumikoRateLimit(
+    key: string,
+    limit: string,
+    refillRatePerMs: string,
+    cost: string,
+    nowMs: string,
+    ttlSeconds: string,
+  ): Promise<LuaResult>;
+  kumikoRateLimitPeek(
+    key: string,
+    limit: string,
+    refillRatePerMs: string,
+    nowMs: string,
+  ): Promise<readonly [number, number]>;
+};
+const REGISTERED = new WeakSet<Redis>();
+function ensureCommand(redis: Redis): CommandClient {
+  if (!REGISTERED.has(redis)) {
+    redis.defineCommand("kumikoRateLimit", {
+      numberOfKeys: 1,
+      lua: TOKEN_BUCKET_LUA,
+    });
+    redis.defineCommand("kumikoRateLimitPeek", {
+      numberOfKeys: 1,
+      lua: TOKEN_BUCKET_PEEK_LUA,
+    });
+    REGISTERED.add(redis);
+  }
+  return redis as CommandClient;
+}
+export function createRateLimitResolver(opts: RateLimitResolverOptions): RateLimitResolver {
+  const client = ensureCommand(opts.redis);
+  const prefix = opts.keyPrefix ?? RedisKeys.rateLimit;
+  const now = opts.nowMs ?? (() => Date.now());
+  async function check(bucket: string, config: RateLimitConfig): Promise<RateLimitDecision> {
+    const cost = config.cost ?? 1;
+    const refillRatePerMs = config.limit / (config.windowSeconds * 1000);
+    const ttlSeconds = Math.max(1, config.windowSeconds * 2);
+    const nowMs = now();
+    const [allowedFlag, remaining, retryAfterMs] = await client.kumikoRateLimit(
+      `${prefix}${bucket}`,
+      String(config.limit),
+      String(refillRatePerMs),
+      String(cost),
+      String(nowMs),
+      String(ttlSeconds),
+    );
+    const retryAfterSeconds = Math.ceil(retryAfterMs / 1000);
+    const resetAt = Temporal.Instant.fromEpochMilliseconds(nowMs + retryAfterMs);
+    return {
+      allowed: allowedFlag === 1,
+      limit: config.limit,
+      remaining,
+      retryAfterSeconds,
+      windowSeconds: config.windowSeconds,
+      resetAt,
+    };
+  }
+  async function enforce(bucket: string, config: RateLimitConfig): Promise<RateLimitDecision> {
+    const decision = await check(bucket, config);
+    if (decision.allowed) return decision;
+    throw new RateLimitError({
+      bucket,
+      limit: decision.limit,
+      windowSeconds: decision.windowSeconds,
+      remaining: decision.remaining,
+      retryAfterSeconds: decision.retryAfterSeconds,
+      resetAt: decision.resetAt.toString(),
+    });
+  }
+  async function peek(
+    bucket: string,
+    config: Omit<RateLimitConfig, "cost">,
+  ): Promise<RateLimitDecision> {
+    const refillRatePerMs = config.limit / (config.windowSeconds * 1000);
+    const nowMs = now();
+    const [remaining, retryAfterMs] = await client.kumikoRateLimitPeek(
+      `${prefix}${bucket}`,
+      String(config.limit),
+      String(refillRatePerMs),
+      String(nowMs),
+    );
+    const retryAfterSeconds = Math.ceil(retryAfterMs / 1000);
+    const resetAt = Temporal.Instant.fromEpochMilliseconds(nowMs + retryAfterMs);
+    return {
+      // peek doesn't deduct, so a "would-be" allowed flag is meaningful:
+      // true iff at least one token is available right now.
+      allowed: remaining >= 1,
+      limit: config.limit,
+      remaining,
+      retryAfterSeconds,
+      windowSeconds: config.windowSeconds,
+      resetAt,
+    };
+  }
+  return { check, enforce, peek };
+}