@joint-ops/hitlimit-bun 1.2.0 → 1.4.0

package/README.md

@@ -2,7 +2,9 @@
 
 > Rate limiting built for Bun. Not ported — built.
 
-**12.38M ops/sec** on memory. **8.32M at 10K IPs**. Native bun:sqlite. Atomic Redis Lua. Postgres. Zero dependencies.
+<!-- BENCH:BUN_HERO -->
+**7.73M ops/sec** on memory. **5.57M at 10K IPs**. Native bun:sqlite. Atomic Redis Lua. Postgres. Zero dependencies.
+<!-- /BENCH:BUN_HERO -->
 
 ```bash
 bun add @joint-ops/hitlimit-bun
@@ -94,35 +96,123 @@ new Elysia()
 
 ---
 
-## 4 Storage Backends
+## Pick Your Store
 
-All built in. No extra packages to install.
+Every store is built in. Swap one line — your rate limiting code stays the same.
+
+```
+               Single Server                          Multi-Server
+          ┌──────────────────────┐          ┌──────────────────────────┐
+          │  Memory  │  SQLite   │          │  Redis   │  Postgres    │
+          │  (default) (bun:sqlite)         │  Valkey  │  MongoDB     │
+          │                      │          │  Dragonfly  MySQL       │
+          └──────────────────────┘          └──────────────────────────┘
+             No dependencies at all            Your existing infra, zero lock-in
+```
+
+<!-- BENCH:BUN_STORE_TABLE -->
+| Store | Ops/sec | Latency | When to use |
+|-------|---------|---------|-------------|
+| Memory | 5,574,103 | 179ns | Single server, maximum speed |
+| bun:sqlite | 372,247 | 2.7μs | Single server, need persistence |
+| MongoDB | 2,132 | 469μs | Multi-server / NoSQL infrastructure |
+<!-- /BENCH:BUN_STORE_TABLE -->
+
+> Redis, Valkey, DragonflyDB, Postgres, and MySQL are network-bound (~200–3,500 ops/sec). Benchmarks at [hitlimit.jointops.dev/docs/benchmarks](https://hitlimit.jointops.dev/docs/benchmarks).
+
+### The pattern is always the same
 
 ```typescript
 import { hitlimit } from '@joint-ops/hitlimit-bun'
+import { ______Store } from '@joint-ops/hitlimit-bun/stores/______'
+
+Bun.serve({ fetch: hitlimit({ store: ______Store({ /* config */ }) }, handler) })
+```
 
-// Memory (default) — fastest, no config
-Bun.serve({ fetch: hitlimit({}, handler) })
+<details>
+<summary><b>Memory</b> — default, zero config</summary>
 
-// bun:sqlite — persists across restarts, native performance
+```typescript
+Bun.serve({ fetch: hitlimit({}, handler) }) // that's it
+```
+</details>
+
+<details>
+<summary><b>bun:sqlite</b> — native, no N-API, no FFI, survives restarts</summary>
+
+```typescript
 import { sqliteStore } from '@joint-ops/hitlimit-bun'
 Bun.serve({ fetch: hitlimit({ store: sqliteStore({ path: './ratelimit.db' }) }, handler) })
+```
+No peer dependency — `bun:sqlite` is built into Bun.
+</details>
+
+<details>
+<summary><b>Redis</b> — distributed, atomic Lua scripts</summary>
 
-// Redis — distributed, atomic Lua scripts
+```typescript
 import { redisStore } from '@joint-ops/hitlimit-bun/stores/redis'
 Bun.serve({ fetch: hitlimit({ store: redisStore({ url: 'redis://localhost:6379' }) }, handler) })
+```
+Peer dep: `ioredis`
+</details>
+
+<details>
+<summary><b>Valkey</b> — open-source Redis fork, drop-in replacement</summary>
 
-// Postgres — distributed, atomic upserts
+```typescript
+import { valkeyStore } from '@joint-ops/hitlimit-bun/stores/valkey'
+Bun.serve({ fetch: hitlimit({ store: valkeyStore({ url: 'redis://localhost:6379' }) }, handler) })
+```
+Peer dep: `ioredis`
+</details>
+
+<details>
+<summary><b>DragonflyDB</b> — Redis-compatible, higher throughput</summary>
+
+```typescript
+import { dragonflyStore } from '@joint-ops/hitlimit-bun/stores/dragonfly'
+Bun.serve({ fetch: hitlimit({ store: dragonflyStore({ url: 'redis://localhost:6379' }) }, handler) })
+```
+Peer dep: `ioredis`
+</details>
+
+<details>
+<summary><b>PostgreSQL</b> — use your existing database</summary>
+
+```typescript
 import { postgresStore } from '@joint-ops/hitlimit-bun/stores/postgres'
 Bun.serve({ fetch: hitlimit({ store: postgresStore({ url: 'postgres://localhost:5432/mydb' }) }, handler) })
 ```
+Peer dep: `pg`
+</details>
 
-| Store | Ops/sec | Latency | When to use |
-|-------|---------|---------|-------------|
-| Memory | 8,320,000 | 120ns | Single server, maximum speed |
-| bun:sqlite | 325,000 | 3.1μs | Single server, need persistence |
-| Redis | 6,700 | 148μs | Multi-server / distributed |
-| Postgres | 3,700 | 273μs | Multi-server / already using Postgres |
+<details>
+<summary><b>MongoDB</b> — NoSQL, TTL indexes, MEAN/MERN stacks</summary>
+
+```typescript
+import { mongoStore } from '@joint-ops/hitlimit-bun/stores/mongodb'
+import { MongoClient } from 'mongodb'
+
+const client = new MongoClient('mongodb://localhost:27017')
+const db = client.db('myapp')
+Bun.serve({ fetch: hitlimit({ store: mongoStore({ db }) }, handler) })
+```
+Peer dep: `mongodb`
+</details>
+
+<details>
+<summary><b>MySQL</b> — SQL distributed, LAMP stacks</summary>
+
+```typescript
+import { mysqlStore } from '@joint-ops/hitlimit-bun/stores/mysql'
+import mysql from 'mysql2/promise'
+
+const pool = mysql.createPool('mysql://root@localhost:3306/mydb')
+Bun.serve({ fetch: hitlimit({ store: mysqlStore({ pool }) }, handler) })
+```
+Peer dep: `mysql2`
+</details>
 
 ---
 
@@ -130,14 +220,18 @@ Bun.serve({ fetch: hitlimit({ store: postgresStore({ url: 'postgres://localhost:
 
 ### Bun vs Node.js — Memory Store, 10K unique IPs
 
+<!-- BENCH:BUN_VS_NODE_TABLE -->
 | Runtime | Ops/sec | |
 |---------|---------|---|
-| **Bun** | **8,320,000** | ████████████████████ |
-| Node.js | 3,160,000 | ████████ |
+| **Bun** | **5,574,103** | ████████████████████ |
+| Node.js | 4,082,874 | ███████████████ |
+<!-- /BENCH:BUN_VS_NODE_TABLE -->
 
-Bun leads at 10K IPs (8.32M vs 3.16M) and single-IP (12.38M vs 4.83M). Same library, same algorithm, **memory store**. For Redis, Postgres, and cross-store breakdowns, see the [full benchmark results](https://github.com/JointOps/hitlimit-monorepo/tree/main/benchmarks). Controlled-environment microbenchmarks with transparent methodology. Run them yourself.
+<!-- BENCH:BUN_VS_NODE_TEXT -->
+Bun leads at 10K IPs (5.57M vs 4.08M) and single-IP (7.73M vs 5.96M). Same library, same algorithm, **memory store**. For Redis, Postgres, and cross-store breakdowns, see the [full benchmark results](https://github.com/JointOps/hitlimit-monorepo/tree/main/benchmarks). Controlled-environment microbenchmarks with transparent methodology. Run them yourself.
+<!-- /BENCH:BUN_VS_NODE_TEXT -->
 
-### Why bun:sqlite is faster than better-sqlite3
+### Why bun:sqlite doesn't need bindings
 
 ```
 Node.js: JS → N-API → C++ binding → SQLite

package/dist/stores/dragonfly.d.ts

@@ -0,0 +1,9 @@
+import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+export interface DragonflyStoreOptions {
+    /** DragonflyDB connection URL. Default: 'redis://localhost:6379' */
+    url?: string;
+    /** Key prefix for all rate limit keys. Default: 'hitlimit:' */
+    keyPrefix?: string;
+}
+export declare function dragonflyStore(options?: DragonflyStoreOptions): HitLimitStore;
+//# sourceMappingURL=dragonfly.d.ts.map

package/dist/stores/dragonfly.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dragonfly.d.ts","sourceRoot":"","sources":["../../src/stores/dragonfly.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAG9D,MAAM,WAAW,qBAAqB;IACpC,oEAAoE;IACpE,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,aAAa,CAE7E"}

package/dist/stores/dragonfly.js

@@ -0,0 +1,133 @@
+// @bun
+// src/stores/redis.ts
+import Redis from "ioredis";
+var HIT_SCRIPT = `
+local key = KEYS[1]
+local windowMs = tonumber(ARGV[1])
+local count = redis.call('INCR', key)
+local ttl = redis.call('PTTL', key)
+if ttl < 0 then
+  redis.call('PEXPIRE', key, windowMs)
+  ttl = windowMs
+end
+return {count, ttl}
+`;
+var HIT_WITH_BAN_SCRIPT = `
+local hitKey = KEYS[1]
+local banKey = KEYS[2]
+local violationKey = KEYS[3]
+local windowMs = tonumber(ARGV[1])
+local limit = tonumber(ARGV[2])
+local banThreshold = tonumber(ARGV[3])
+local banDurationMs = tonumber(ARGV[4])
+
+-- Check ban first
+local banTTL = redis.call('PTTL', banKey)
+if banTTL > 0 then
+  return {-1, banTTL, 1, 0}
+end
+
+-- Hit counter
+local count = redis.call('INCR', hitKey)
+local ttl = redis.call('PTTL', hitKey)
+if ttl < 0 then
+  redis.call('PEXPIRE', hitKey, windowMs)
+  ttl = windowMs
+end
+
+-- Track violations if over limit
+local banned = 0
+local violations = 0
+if count > limit then
+  violations = redis.call('INCR', violationKey)
+  local vTTL = redis.call('PTTL', violationKey)
+  if vTTL < 0 then
+    redis.call('PEXPIRE', violationKey, banDurationMs)
+  end
+  if violations >= banThreshold then
+    redis.call('SET', banKey, '1', 'PX', banDurationMs)
+    banned = 1
+  end
+end
+return {count, ttl, banned, violations}
+`;
+
+class RedisStore {
+  redis;
+  prefix;
+  banPrefix;
+  violationPrefix;
+  constructor(options = {}) {
+    this.redis = new Redis(options.url ?? "redis://localhost:6379");
+    this.prefix = options.keyPrefix ?? "hitlimit:";
+    this.banPrefix = (options.keyPrefix ?? "hitlimit:") + "ban:";
+    this.violationPrefix = (options.keyPrefix ?? "hitlimit:") + "violations:";
+    this.redis.defineCommand("hitlimitHit", {
+      numberOfKeys: 1,
+      lua: HIT_SCRIPT
+    });
+    this.redis.defineCommand("hitlimitHitWithBan", {
+      numberOfKeys: 3,
+      lua: HIT_WITH_BAN_SCRIPT
+    });
+  }
+  async hit(key, windowMs, _limit) {
+    const redisKey = this.prefix + key;
+    const result = await this.redis.hitlimitHit(redisKey, windowMs);
+    const count = result[0];
+    const ttl = result[1];
+    return { count, resetAt: Date.now() + ttl };
+  }
+  async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
+    const hitKey = this.prefix + key;
+    const banKey = this.banPrefix + key;
+    const violationKey = this.violationPrefix + key;
+    const result = await this.redis.hitlimitHitWithBan(hitKey, banKey, violationKey, windowMs, limit, banThreshold, banDurationMs);
+    const count = result[0];
+    const ttl = result[1];
+    const banned = result[2] === 1;
+    const violations = result[3];
+    if (count === -1) {
+      return { count: 0, resetAt: Date.now() + ttl, banned: true, violations: 0, banExpiresAt: Date.now() + ttl };
+    }
+    return {
+      count,
+      resetAt: Date.now() + ttl,
+      banned,
+      violations,
+      banExpiresAt: banned ? Date.now() + banDurationMs : 0
+    };
+  }
+  async isBanned(key) {
+    const result = await this.redis.exists(this.banPrefix + key);
+    return result === 1;
+  }
+  async ban(key, durationMs) {
+    await this.redis.set(this.banPrefix + key, "1", "PX", durationMs);
+  }
+  async recordViolation(key, windowMs) {
+    const redisKey = this.violationPrefix + key;
+    const count = await this.redis.incr(redisKey);
+    if (count === 1) {
+      await this.redis.pexpire(redisKey, windowMs);
+    }
+    return count;
+  }
+  async reset(key) {
+    await this.redis.del(this.prefix + key, this.banPrefix + key, this.violationPrefix + key);
+  }
+  async shutdown() {
+    await this.redis.quit();
+  }
+}
+function redisStore(options) {
+  return new RedisStore(options);
+}
+
+// src/stores/dragonfly.ts
+function dragonflyStore(options) {
+  return new RedisStore(options);
+}
+export {
+  dragonflyStore
+};

package/dist/stores/mongodb.d.ts

@@ -0,0 +1,11 @@
+import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+export interface MongoStoreOptions {
+    /** MongoDB Db instance (from MongoClient.db()) */
+    db: any;
+    /** Collection name prefix. Default: 'hitlimit' */
+    collectionPrefix?: string;
+    /** Skip TTL index creation (if you manage indexes yourself). Default: false */
+    skipIndexCreation?: boolean;
+}
+export declare function mongoStore(options: MongoStoreOptions): HitLimitStore;
+//# sourceMappingURL=mongodb.d.ts.map

package/dist/stores/mongodb.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongodb.d.ts","sourceRoot":"","sources":["../../src/stores/mongodb.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAE7F,MAAM,WAAW,iBAAiB;IAChC,kDAAkD;IAClD,EAAE,EAAE,GAAG,CAAA;IACP,kDAAkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,+EAA+E;IAC/E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AA+KD,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa,CAEpE"}

package/dist/stores/mongodb.js

@@ -0,0 +1,133 @@
+// @bun
+// src/stores/mongodb.ts
+class MongoStore {
+  db;
+  prefix;
+  indexesReady = null;
+  ready;
+  constructor(options) {
+    this.db = options.db;
+    this.prefix = options.collectionPrefix ?? "hitlimit";
+    if (options.skipIndexCreation) {
+      this.ready = true;
+    } else {
+      this.ready = false;
+      this.indexesReady = this.createIndexes().then(() => {
+        this.ready = true;
+      });
+    }
+  }
+  col(name) {
+    return this.db.collection(`${this.prefix}_${name}`);
+  }
+  async createIndexes() {
+    await this.col("hits").createIndex({ expireAt: 1 }, { expireAfterSeconds: 0 });
+    await this.col("bans").createIndex({ expireAt: 1 }, { expireAfterSeconds: 0 });
+    await this.col("violations").createIndex({ expireAt: 1 }, { expireAfterSeconds: 0 });
+    await this.col("hits").createIndex({ key: 1 }, { unique: true });
+    await this.col("bans").createIndex({ key: 1 }, { unique: true });
+    await this.col("violations").createIndex({ key: 1 }, { unique: true });
+  }
+  async atomicIncrement(collection, key, windowMs) {
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const expireAt = new Date(resetAt);
+    try {
+      const result = await collection.findOneAndUpdate({ key, resetAt: { $gt: now } }, {
+        $inc: { count: 1 },
+        $setOnInsert: { key, resetAt, expireAt }
+      }, { upsert: true, returnDocument: "after" });
+      return { count: result.count, resetAt: result.resetAt };
+    } catch (err) {
+      if (err?.code === 11000) {
+        const replaced = await collection.findOneAndUpdate({ key, resetAt: { $lte: now } }, { $set: { count: 1, resetAt, expireAt } }, { returnDocument: "after" });
+        if (replaced) {
+          return { count: replaced.count, resetAt: replaced.resetAt };
+        }
+        return this.atomicIncrement(collection, key, windowMs);
+      }
+      throw err;
+    }
+  }
+  async hit(key, windowMs, _limit) {
+    if (!this.ready)
+      await this.indexesReady;
+    return this.atomicIncrement(this.col("hits"), key, windowMs);
+  }
+  async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
+    if (!this.ready)
+      await this.indexesReady;
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const banExpiresAt = now + banDurationMs;
+    const ban = await this.col("bans").findOne({ key, expiresAt: { $gt: now } });
+    if (ban) {
+      return {
+        count: 0,
+        resetAt,
+        banned: true,
+        violations: 0,
+        banExpiresAt: ban.expiresAt
+      };
+    }
+    const hitResult = await this.atomicIncrement(this.col("hits"), key, windowMs);
+    const hitCount = hitResult.count;
+    const hitResetAt = hitResult.resetAt;
+    if (hitCount > limit) {
+      const violationResult = await this.atomicIncrement(this.col("violations"), key, banDurationMs);
+      const violations = violationResult.count;
+      const shouldBan = violations >= banThreshold;
+      if (shouldBan) {
+        await this.col("bans").updateOne({ key }, { $set: { expiresAt: banExpiresAt, expireAt: new Date(banExpiresAt) } }, { upsert: true });
+      }
+      return {
+        count: hitCount,
+        resetAt: hitResetAt,
+        banned: shouldBan,
+        violations,
+        banExpiresAt: shouldBan ? banExpiresAt : 0
+      };
+    }
+    return {
+      count: hitCount,
+      resetAt: hitResetAt,
+      banned: false,
+      violations: 0,
+      banExpiresAt: 0
+    };
+  }
+  async isBanned(key) {
+    if (!this.ready)
+      await this.indexesReady;
+    const ban = await this.col("bans").findOne({ key, expiresAt: { $gt: Date.now() } });
+    return ban !== null;
+  }
+  async ban(key, durationMs) {
+    if (!this.ready)
+      await this.indexesReady;
+    const expiresAt = Date.now() + durationMs;
+    await this.col("bans").updateOne({ key }, { $set: { expiresAt, expireAt: new Date(expiresAt) } }, { upsert: true });
+  }
+  async recordViolation(key, windowMs) {
+    if (!this.ready)
+      await this.indexesReady;
+    const result = await this.atomicIncrement(this.col("violations"), key, windowMs);
+    return result.count;
+  }
+  async reset(key) {
+    if (!this.ready)
+      await this.indexesReady;
+    await Promise.all([
+      this.col("hits").deleteOne({ key }),
+      this.col("bans").deleteOne({ key }),
+      this.col("violations").deleteOne({ key })
+    ]);
+  }
+  shutdown() {}
+}
+function mongoStore(options) {
+  return new MongoStore(options);
+}
+export {
+  mongoStore
+};

package/dist/stores/mysql.d.ts

@@ -0,0 +1,13 @@
+import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+export interface MySQLStoreOptions {
+    /** mysql2/promise Pool instance */
+    pool: any;
+    /** Table name prefix. Default: 'hitlimit' */
+    tablePrefix?: string;
+    /** Cleanup interval in ms. Default: 60000 (1 minute) */
+    cleanupInterval?: number;
+    /** Skip table creation (if you manage schema yourself). Default: false */
+    skipTableCreation?: boolean;
+}
+export declare function mysqlStore(options: MySQLStoreOptions): HitLimitStore;
+//# sourceMappingURL=mysql.d.ts.map

package/dist/stores/mysql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql.d.ts","sourceRoot":"","sources":["../../src/stores/mysql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAE7F,MAAM,WAAW,iBAAiB;IAChC,mCAAmC;IACnC,IAAI,EAAE,GAAG,CAAA;IACT,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,wDAAwD;IACxD,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AA2ND,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa,CAEpE"}

package/dist/stores/mysql.js

@@ -0,0 +1,195 @@
+// @bun
+// src/stores/mysql.ts
+class MySQLStore {
+  pool;
+  prefix;
+  cleanupTimer = null;
+  tablesReady = null;
+  ready;
+  constructor(options) {
+    this.pool = options.pool;
+    this.prefix = options.tablePrefix ?? "hitlimit";
+    if (options.skipTableCreation) {
+      this.ready = true;
+    } else {
+      this.ready = false;
+      this.tablesReady = this.createTables().then(() => {
+        this.ready = true;
+      });
+    }
+    const interval = options.cleanupInterval ?? 60000;
+    this.cleanupTimer = setInterval(() => this.cleanup(), interval);
+    if (typeof this.cleanupTimer.unref === "function") {
+      this.cleanupTimer.unref();
+    }
+  }
+  async createTables() {
+    await this.pool.execute(`
+      CREATE TABLE IF NOT EXISTS ${this.prefix}_hits (
+        \`key\` VARCHAR(255) NOT NULL PRIMARY KEY,
+        count INT NOT NULL DEFAULT 1,
+        reset_at BIGINT NOT NULL
+      ) ENGINE=InnoDB
+    `);
+    await this.pool.execute(`
+      CREATE TABLE IF NOT EXISTS ${this.prefix}_bans (
+        \`key\` VARCHAR(255) NOT NULL PRIMARY KEY,
+        expires_at BIGINT NOT NULL
+      ) ENGINE=InnoDB
+    `);
+    await this.pool.execute(`
+      CREATE TABLE IF NOT EXISTS ${this.prefix}_violations (
+        \`key\` VARCHAR(255) NOT NULL PRIMARY KEY,
+        count INT NOT NULL DEFAULT 1,
+        reset_at BIGINT NOT NULL
+      ) ENGINE=InnoDB
+    `);
+  }
+  async hit(key, windowMs, _limit) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const conn = await this.pool.getConnection();
+    try {
+      await conn.execute(`
+        INSERT INTO ${this.prefix}_hits (\`key\`, count, reset_at)
+        VALUES (?, LAST_INSERT_ID(1), ?)
+        ON DUPLICATE KEY UPDATE
+          count = LAST_INSERT_ID(IF(reset_at <= ?, 1, count + 1)),
+          reset_at = IF(reset_at <= ?, ?, reset_at)
+      `, [key, resetAt, now, now, resetAt]);
+      const [rows] = await conn.execute(`SELECT LAST_INSERT_ID() AS count, reset_at FROM ${this.prefix}_hits WHERE \`key\` = ?`, [key]);
+      return { count: Number(rows[0].count), resetAt: Number(rows[0].reset_at) };
+    } finally {
+      conn.release();
+    }
+  }
+  async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const banExpiresAt = now + banDurationMs;
+    const [banRows] = await this.pool.execute(`SELECT expires_at FROM ${this.prefix}_bans WHERE \`key\` = ? AND expires_at > ?`, [key, now]);
+    if (banRows.length > 0) {
+      return {
+        count: 0,
+        resetAt,
+        banned: true,
+        violations: 0,
+        banExpiresAt: Number(banRows[0].expires_at)
+      };
+    }
+    const conn = await this.pool.getConnection();
+    try {
+      await conn.execute(`
+        INSERT INTO ${this.prefix}_hits (\`key\`, count, reset_at)
+        VALUES (?, LAST_INSERT_ID(1), ?)
+        ON DUPLICATE KEY UPDATE
+          count = LAST_INSERT_ID(IF(reset_at <= ?, 1, count + 1)),
+          reset_at = IF(reset_at <= ?, ?, reset_at)
+      `, [key, resetAt, now, now, resetAt]);
+      const [hitRows] = await conn.execute(`SELECT LAST_INSERT_ID() AS count, reset_at FROM ${this.prefix}_hits WHERE \`key\` = ?`, [key]);
+      const hitCount = Number(hitRows[0].count);
+      const hitResetAt = Number(hitRows[0].reset_at);
+      if (hitCount > limit) {
+        await conn.execute(`
+          INSERT INTO ${this.prefix}_violations (\`key\`, count, reset_at)
+          VALUES (?, LAST_INSERT_ID(1), ?)
+          ON DUPLICATE KEY UPDATE
+            count = LAST_INSERT_ID(IF(reset_at <= ?, 1, count + 1)),
+            reset_at = IF(reset_at <= ?, ?, reset_at)
+        `, [key, banExpiresAt, now, now, banExpiresAt]);
+        const [violRows] = await conn.execute(`SELECT LAST_INSERT_ID() AS count FROM ${this.prefix}_violations WHERE \`key\` = ?`, [key]);
+        const violations = Number(violRows[0].count);
+        const shouldBan = violations >= banThreshold;
+        if (shouldBan) {
+          await conn.execute(`
+            INSERT INTO ${this.prefix}_bans (\`key\`, expires_at) VALUES (?, ?)
+            ON DUPLICATE KEY UPDATE expires_at = ?
+          `, [key, banExpiresAt, banExpiresAt]);
+        }
+        return {
+          count: hitCount,
+          resetAt: hitResetAt,
+          banned: shouldBan,
+          violations,
+          banExpiresAt: shouldBan ? banExpiresAt : 0
+        };
+      }
+      return {
+        count: hitCount,
+        resetAt: hitResetAt,
+        banned: false,
+        violations: 0,
+        banExpiresAt: 0
+      };
+    } finally {
+      conn.release();
+    }
+  }
+  async isBanned(key) {
+    if (!this.ready)
+      await this.tablesReady;
+    const [rows] = await this.pool.execute(`SELECT 1 FROM ${this.prefix}_bans WHERE \`key\` = ? AND expires_at > ?`, [key, Date.now()]);
+    return rows.length > 0;
+  }
+  async ban(key, durationMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    const expiresAt = Date.now() + durationMs;
+    await this.pool.execute(`
+      INSERT INTO ${this.prefix}_bans (\`key\`, expires_at) VALUES (?, ?)
+      ON DUPLICATE KEY UPDATE expires_at = ?
+    `, [key, expiresAt, expiresAt]);
+  }
+  async recordViolation(key, windowMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const conn = await this.pool.getConnection();
+    try {
+      await conn.execute(`
+        INSERT INTO ${this.prefix}_violations (\`key\`, count, reset_at) VALUES (?, LAST_INSERT_ID(1), ?)
+        ON DUPLICATE KEY UPDATE
+          count = LAST_INSERT_ID(IF(reset_at <= ?, 1, count + 1)),
+          reset_at = IF(reset_at <= ?, ?, reset_at)
+      `, [key, resetAt, now, now, resetAt]);
+      const [rows] = await conn.execute(`SELECT LAST_INSERT_ID() AS count FROM ${this.prefix}_violations WHERE \`key\` = ?`, [key]);
+      return Number(rows[0].count);
+    } finally {
+      conn.release();
+    }
+  }
+  async reset(key) {
+    if (!this.ready)
+      await this.tablesReady;
+    await Promise.all([
+      this.pool.execute(`DELETE FROM ${this.prefix}_hits WHERE \`key\` = ?`, [key]),
+      this.pool.execute(`DELETE FROM ${this.prefix}_bans WHERE \`key\` = ?`, [key]),
+      this.pool.execute(`DELETE FROM ${this.prefix}_violations WHERE \`key\` = ?`, [key])
+    ]);
+  }
+  async cleanup() {
+    try {
+      const now = Date.now();
+      await this.pool.execute(`DELETE FROM ${this.prefix}_hits WHERE reset_at <= ?`, [now]);
+      await this.pool.execute(`DELETE FROM ${this.prefix}_bans WHERE expires_at <= ?`, [now]);
+      await this.pool.execute(`DELETE FROM ${this.prefix}_violations WHERE reset_at <= ?`, [now]);
+    } catch {}
+  }
+  shutdown() {
+    if (this.cleanupTimer) {
+      clearInterval(this.cleanupTimer);
+      this.cleanupTimer = null;
+    }
+  }
+}
+function mysqlStore(options) {
+  return new MySQLStore(options);
+}
+export {
+  mysqlStore
+};

package/dist/stores/redis.d.ts

@@ -1,7 +1,23 @@
-import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+import type { HitLimitStore, HitWithBanResult, StoreResult } from '@joint-ops/hitlimit-types';
 export interface RedisStoreOptions {
     url?: string;
     keyPrefix?: string;
 }
+export declare const HIT_SCRIPT = "\nlocal key = KEYS[1]\nlocal windowMs = tonumber(ARGV[1])\nlocal count = redis.call('INCR', key)\nlocal ttl = redis.call('PTTL', key)\nif ttl < 0 then\n  redis.call('PEXPIRE', key, windowMs)\n  ttl = windowMs\nend\nreturn {count, ttl}\n";
+export declare const HIT_WITH_BAN_SCRIPT = "\nlocal hitKey = KEYS[1]\nlocal banKey = KEYS[2]\nlocal violationKey = KEYS[3]\nlocal windowMs = tonumber(ARGV[1])\nlocal limit = tonumber(ARGV[2])\nlocal banThreshold = tonumber(ARGV[3])\nlocal banDurationMs = tonumber(ARGV[4])\n\n-- Check ban first\nlocal banTTL = redis.call('PTTL', banKey)\nif banTTL > 0 then\n  return {-1, banTTL, 1, 0}\nend\n\n-- Hit counter\nlocal count = redis.call('INCR', hitKey)\nlocal ttl = redis.call('PTTL', hitKey)\nif ttl < 0 then\n  redis.call('PEXPIRE', hitKey, windowMs)\n  ttl = windowMs\nend\n\n-- Track violations if over limit\nlocal banned = 0\nlocal violations = 0\nif count > limit then\n  violations = redis.call('INCR', violationKey)\n  local vTTL = redis.call('PTTL', violationKey)\n  if vTTL < 0 then\n    redis.call('PEXPIRE', violationKey, banDurationMs)\n  end\n  if violations >= banThreshold then\n    redis.call('SET', banKey, '1', 'PX', banDurationMs)\n    banned = 1\n  end\nend\nreturn {count, ttl, banned, violations}\n";
+export declare class RedisStore implements HitLimitStore {
+    private redis;
+    private prefix;
+    private banPrefix;
+    private violationPrefix;
+    constructor(options?: RedisStoreOptions);
+    hit(key: string, windowMs: number, _limit: number): Promise<StoreResult>;
+    hitWithBan(key: string, windowMs: number, limit: number, banThreshold: number, banDurationMs: number): Promise<HitWithBanResult>;
+    isBanned(key: string): Promise<boolean>;
+    ban(key: string, durationMs: number): Promise<void>;
+    recordViolation(key: string, windowMs: number): Promise<number>;
+    reset(key: string): Promise<void>;
+    shutdown(): Promise<void>;
+}
 export declare function redisStore(options?: RedisStoreOptions): HitLimitStore;
 //# sourceMappingURL=redis.d.ts.map

package/dist/stores/redis.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/stores/redis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAG7F,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAmJD,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,aAAa,CAErE"}
+{"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/stores/redis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAG7F,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAGD,eAAO,MAAM,UAAU,iPAUtB,CAAA;AAGD,eAAO,MAAM,mBAAmB,s9BAsC/B,CAAA;AAED,qBAAa,UAAW,YAAW,aAAa;IAC9C,OAAO,CAAC,KAAK,CAAO;IACpB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,eAAe,CAAQ;gBAEnB,OAAO,GAAE,iBAAsB;IAiBrC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IASxE,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA4BhI,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAS/D,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQjC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAGhC;AAED,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,aAAa,CAErE"}

package/dist/stores/redis.js

@@ -124,5 +124,8 @@ function redisStore(options) {
   return new RedisStore(options);
 }
 export {
-  redisStore
+  redisStore,
+  RedisStore,
+  HIT_WITH_BAN_SCRIPT,
+  HIT_SCRIPT
 };

package/dist/stores/sqlite.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/stores/sqlite.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AAE3E,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAgHD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAEvE"}
+{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/stores/sqlite.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AAE3E,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAiHD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAEvE"}

package/dist/stores/sqlite.js

@@ -17,6 +17,7 @@ class BunSqliteStore {
   cleanupTimer;
   constructor(options = {}) {
     this.db = new Database(options.path ?? ":memory:");
+    this.db.exec("PRAGMA journal_mode = WAL");
     this.db.exec(`
       CREATE TABLE IF NOT EXISTS hitlimit (
         key TEXT PRIMARY KEY,

package/dist/stores/valkey.d.ts

@@ -0,0 +1,9 @@
+import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+export interface ValkeyStoreOptions {
+    /** Valkey connection URL. Default: 'redis://localhost:6379' */
+    url?: string;
+    /** Key prefix for all rate limit keys. Default: 'hitlimit:' */
+    keyPrefix?: string;
+}
+export declare function valkeyStore(options?: ValkeyStoreOptions): HitLimitStore;
+//# sourceMappingURL=valkey.d.ts.map

package/dist/stores/valkey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"valkey.d.ts","sourceRoot":"","sources":["../../src/stores/valkey.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAG9D,MAAM,WAAW,kBAAkB;IACjC,+DAA+D;IAC/D,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAEvE"}

package/dist/stores/valkey.js

@@ -0,0 +1,133 @@
+// @bun
+// src/stores/redis.ts
+import Redis from "ioredis";
+var HIT_SCRIPT = `
+local key = KEYS[1]
+local windowMs = tonumber(ARGV[1])
+local count = redis.call('INCR', key)
+local ttl = redis.call('PTTL', key)
+if ttl < 0 then
+  redis.call('PEXPIRE', key, windowMs)
+  ttl = windowMs
+end
+return {count, ttl}
+`;
+var HIT_WITH_BAN_SCRIPT = `
+local hitKey = KEYS[1]
+local banKey = KEYS[2]
+local violationKey = KEYS[3]
+local windowMs = tonumber(ARGV[1])
+local limit = tonumber(ARGV[2])
+local banThreshold = tonumber(ARGV[3])
+local banDurationMs = tonumber(ARGV[4])
+
+-- Check ban first
+local banTTL = redis.call('PTTL', banKey)
+if banTTL > 0 then
+  return {-1, banTTL, 1, 0}
+end
+
+-- Hit counter
+local count = redis.call('INCR', hitKey)
+local ttl = redis.call('PTTL', hitKey)
+if ttl < 0 then
+  redis.call('PEXPIRE', hitKey, windowMs)
+  ttl = windowMs
+end
+
+-- Track violations if over limit
+local banned = 0
+local violations = 0
+if count > limit then
+  violations = redis.call('INCR', violationKey)
+  local vTTL = redis.call('PTTL', violationKey)
+  if vTTL < 0 then
+    redis.call('PEXPIRE', violationKey, banDurationMs)
+  end
+  if violations >= banThreshold then
+    redis.call('SET', banKey, '1', 'PX', banDurationMs)
+    banned = 1
+  end
+end
+return {count, ttl, banned, violations}
+`;
+
+class RedisStore {
+  redis;
+  prefix;
+  banPrefix;
+  violationPrefix;
+  constructor(options = {}) {
+    this.redis = new Redis(options.url ?? "redis://localhost:6379");
+    this.prefix = options.keyPrefix ?? "hitlimit:";
+    this.banPrefix = (options.keyPrefix ?? "hitlimit:") + "ban:";
+    this.violationPrefix = (options.keyPrefix ?? "hitlimit:") + "violations:";
+    this.redis.defineCommand("hitlimitHit", {
+      numberOfKeys: 1,
+      lua: HIT_SCRIPT
+    });
+    this.redis.defineCommand("hitlimitHitWithBan", {
+      numberOfKeys: 3,
+      lua: HIT_WITH_BAN_SCRIPT
+    });
+  }
+  async hit(key, windowMs, _limit) {
+    const redisKey = this.prefix + key;
+    const result = await this.redis.hitlimitHit(redisKey, windowMs);
+    const count = result[0];
+    const ttl = result[1];
+    return { count, resetAt: Date.now() + ttl };
+  }
+  async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
+    const hitKey = this.prefix + key;
+    const banKey = this.banPrefix + key;
+    const violationKey = this.violationPrefix + key;
+    const result = await this.redis.hitlimitHitWithBan(hitKey, banKey, violationKey, windowMs, limit, banThreshold, banDurationMs);
+    const count = result[0];
+    const ttl = result[1];
+    const banned = result[2] === 1;
+    const violations = result[3];
+    if (count === -1) {
+      return { count: 0, resetAt: Date.now() + ttl, banned: true, violations: 0, banExpiresAt: Date.now() + ttl };
+    }
+    return {
+      count,
+      resetAt: Date.now() + ttl,
+      banned,
+      violations,
+      banExpiresAt: banned ? Date.now() + banDurationMs : 0
+    };
+  }
+  async isBanned(key) {
+    const result = await this.redis.exists(this.banPrefix + key);
+    return result === 1;
+  }
+  async ban(key, durationMs) {
+    await this.redis.set(this.banPrefix + key, "1", "PX", durationMs);
+  }
+  async recordViolation(key, windowMs) {
+    const redisKey = this.violationPrefix + key;
+    const count = await this.redis.incr(redisKey);
+    if (count === 1) {
+      await this.redis.pexpire(redisKey, windowMs);
+    }
+    return count;
+  }
+  async reset(key) {
+    await this.redis.del(this.prefix + key, this.banPrefix + key, this.violationPrefix + key);
+  }
+  async shutdown() {
+    await this.redis.quit();
+  }
+}
+function redisStore(options) {
+  return new RedisStore(options);
+}
+
+// src/stores/valkey.ts
+function valkeyStore(options) {
+  return new RedisStore(options);
+}
+export {
+  valkeyStore
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joint-ops/hitlimit-bun",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "Ultra-fast Bun-native rate limiting - Memory-first with 6M+ ops/sec for Bun.serve, Elysia & Hono",
   "author": {
     "name": "Shayan M Hussain",
@@ -23,6 +23,14 @@
     {
       "name": "sultandilaram",
       "url": "https://github.com/sultandilaram"
+    },
+    {
+      "name": "MoizYousuf",
+      "url": "https://github.com/MoizYousuf"
+    },
+    {
+      "name": "shoaib-tumi",
+      "url": "https://github.com/shoaib-tumi"
     }
   ],
   "license": "MIT",
@@ -86,7 +94,20 @@
     "bun-framework",
     "lightweight",
     "zero-dependency",
-    "esm"
+    "esm",
+    "valkey",
+    "valkey-rate-limit",
+    "dragonfly",
+    "dragonflydb",
+    "dragonfly-rate-limit",
+    "redis-alternative",
+    "mongodb",
+    "mongodb-rate-limit",
+    "mongoose-rate-limit",
+    "mysql",
+    "mysql-rate-limit",
+    "mysql2-rate-limit",
+    "database-rate-limit"
   ],
   "type": "module",
   "main": "./dist/index.js",
@@ -127,6 +148,26 @@
       "types": "./dist/stores/postgres.d.ts",
       "bun": "./dist/stores/postgres.js",
       "import": "./dist/stores/postgres.js"
+    },
+    "./stores/valkey": {
+      "types": "./dist/stores/valkey.d.ts",
+      "bun": "./dist/stores/valkey.js",
+      "import": "./dist/stores/valkey.js"
+    },
+    "./stores/dragonfly": {
+      "types": "./dist/stores/dragonfly.d.ts",
+      "bun": "./dist/stores/dragonfly.js",
+      "import": "./dist/stores/dragonfly.js"
+    },
+    "./stores/mongodb": {
+      "types": "./dist/stores/mongodb.d.ts",
+      "bun": "./dist/stores/mongodb.js",
+      "import": "./dist/stores/mongodb.js"
+    },
+    "./stores/mysql": {
+      "types": "./dist/stores/mysql.d.ts",
+      "bun": "./dist/stores/mysql.js",
+      "import": "./dist/stores/mysql.js"
     }
   },
   "files": [
@@ -134,18 +175,20 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "build": "bun build ./src/index.ts ./src/elysia.ts ./src/hono.ts ./src/stores/memory.ts ./src/stores/redis.ts ./src/stores/sqlite.ts ./src/stores/postgres.ts --outdir=./dist --target=bun --external=elysia --external=hono --external=ioredis --external=pg --external=@sinclair/typebox && tsc --emitDeclarationOnly",
+    "build": "bun build ./src/index.ts ./src/elysia.ts ./src/hono.ts ./src/stores/memory.ts ./src/stores/redis.ts ./src/stores/sqlite.ts ./src/stores/postgres.ts ./src/stores/valkey.ts ./src/stores/dragonfly.ts ./src/stores/mongodb.ts ./src/stores/mysql.ts --outdir=./dist --root=./src --target=bun --external=elysia --external=hono --external=ioredis --external=pg --external=mongodb --external=mysql2 --external=@sinclair/typebox && tsc --emitDeclarationOnly",
     "clean": "rm -rf dist",
     "test": "bun test",
     "test:watch": "bun test --watch"
   },
   "dependencies": {
-    "@joint-ops/hitlimit-types": "1.2.0"
+    "@joint-ops/hitlimit-types": "1.4.0"
   },
   "peerDependencies": {
     "elysia": ">=1.0.0",
     "hono": ">=4.0.0",
     "ioredis": ">=5.0.0",
+    "mongodb": ">=6.0.0",
+    "mysql2": ">=3.0.0",
     "pg": ">=8.0.0"
   },
   "peerDependenciesMeta": {
@@ -158,6 +201,12 @@
     "ioredis": {
       "optional": true
     },
+    "mongodb": {
+      "optional": true
+    },
+    "mysql2": {
+      "optional": true
+    },
     "pg": {
       "optional": true
     }
@@ -169,6 +218,8 @@
     "elysia": "^1.0.0",
     "hono": "^4.11.9",
     "ioredis": "^5.3.0",
+    "mongodb": "^7.1.0",
+    "mysql2": "^3.18.2",
     "pg": "^8.13.0",
     "typescript": "^5.3.0"
   }