@lunora/ratelimit 0.0.0 → 1.0.0-alpha.1

package/dist/index.d.mts

@@ -0,0 +1,143 @@
+import { Middleware, Plugin } from '@lunora/server';
+import { Id } from '@lunora/values';
+type RateLimitKind = "fixed window" | "sliding window" | "token bucket";
+type RateLimitReason = "deny" | "rate";
+interface RateLimitConfig {
+  capacity?: number;
+  kind: RateLimitKind;
+  period: number;
+  rate: number;
+  shards?: number;
+  start?: number;
+}
+type RateLimitConfigMap<Names extends string = string> = Record<Names, RateLimitConfig>;
+interface RateLimitValue {
+  prev?: number;
+  ts: number;
+  value: number;
+}
+interface RateLimitStatus {
+  ok: boolean;
+  reason?: RateLimitReason;
+  retryAfter: number;
+}
+interface RateLimitArgs {
+  count?: number;
+  key?: string;
+  reserve?: boolean;
+  throws?: boolean;
+}
+interface RateLimitStore {
+  delete: (storageKey: string) => Promise<void> | void;
+  get: (storageKey: string) => Promise<RateLimitValue | undefined> | RateLimitValue | undefined;
+  set: (storageKey: string, value: RateLimitValue) => Promise<void> | void;
+}
+interface EvaluateOptions {
+  consume: boolean;
+  count: number;
+  now: number;
+  reserve: boolean;
+}
+interface EvaluateResult {
+  status: RateLimitStatus;
+  value: RateLimitValue | undefined;
+}
+declare const availableAt: (config: RateLimitConfig, prior: RateLimitValue | undefined, now: number) => {
+  ts: number;
+  value: number;
+};
+declare const evaluate: (config: RateLimitConfig, prior: RateLimitValue | undefined, options: EvaluateOptions) => EvaluateResult;
+interface RateLimiterOptions<Names extends string> {
+  config: RateLimitConfigMap<Names>;
+  denyList?: Iterable<string>;
+  normalize?: (key: string) => string;
+  now?: () => number;
+  random?: () => number;
+  store?: RateLimitStore;
+}
+declare class RateLimiter<Names extends string = string> {
+  private readonly config;
+  private readonly denyList;
+  private readonly normalize;
+  private readonly now;
+  private readonly store;
+  constructor(options: RateLimiterOptions<Names>);
+  check(name: Names, args?: Omit<RateLimitArgs, "reserve" | "throws">): Promise<RateLimitStatus>;
+  getValue(name: Names, args?: {
+    key?: string;
+  }): Promise<{
+    config: RateLimitConfig;
+    ts: number;
+    value: number;
+  }>;
+  limit(name: Names, args?: RateLimitArgs): Promise<RateLimitStatus>;
+  reset(name: Names, args?: {
+    key?: string;
+  }): Promise<void>;
+  private resolve;
+  private run;
+}
+type LimiterResolver<Context> = ((context: Context) => Promise<RateLimiter> | RateLimiter) | RateLimiter;
+interface RateLimitMiddlewareOptions<Context> {
+  count?: number;
+  failOpen?: boolean;
+  key?: (context: Context) => string | undefined;
+  message?: string;
+}
+declare const rateLimit: <Context>(limiter: LimiterResolver<Context>, name: string, options?: RateLimitMiddlewareOptions<Context>) => Middleware<Context, Context>;
+declare const createMemoryStore: () => RateLimitStore;
+interface SqlLike {
+  exec: <Row = Record<string, unknown>>(query: string, ...params: unknown[]) => {
+    toArray: () => Row[];
+  };
+}
+interface SqlStoreOptions {
+  sql: SqlLike;
+  table?: string;
+}
+declare const createSqlStore: (options: SqlStoreOptions) => RateLimitStore;
+interface RateLimitDatabaseIndexRange {
+  eq: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  gt: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  gte: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  lt: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  lte: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+}
+interface RateLimitDatabaseQuery {
+  first: () => Promise<Record<string, unknown> | null>;
+  withIndex: (indexName: string, range: (q: RateLimitDatabaseIndexRange) => RateLimitDatabaseIndexRange) => RateLimitDatabaseQuery;
+}
+interface RateLimitDatabase {
+  delete: <T extends string>(id: Id<T>) => Promise<void>;
+  insert: <T extends string>(table: T, document: Record<string, unknown>) => Promise<Id<T>>;
+  patch: <T extends string>(id: Id<T>, patch: Record<string, unknown>) => Promise<void>;
+  query: (table: string) => RateLimitDatabaseQuery;
+}
+interface DatabaseStoreOptions {
+  db: RateLimitDatabase;
+  index?: string;
+  keyField?: string;
+  table?: string;
+}
+declare const createDatabaseStore: (options: DatabaseStoreOptions) => RateLimitStore;
+declare const databaseRateLimit: <Context extends {
+  db: RateLimitDatabase;
+}, Names extends string = string>(config: RateLimitConfigMap<Names>, name: Names, options?: RateLimitMiddlewareOptions<Context> & {
+  store?: Omit<DatabaseStoreOptions, "db">;
+}) => Middleware<Context, Context>;
+declare class RateLimitError extends Error {
+  readonly name = "RateLimitError";
+  readonly reason: RateLimitReason | undefined;
+  readonly retryAfter: number;
+  constructor(status: RateLimitStatus, message?: string);
+}
+interface RatelimitApiContext<Context> {
+  api: (Context extends {
+    api: infer A;
+  } ? A : Record<never, never>) & {
+    ratelimit: RateLimiter;
+  };
+}
+declare const ratelimitPlugin: <Context = unknown>(limiter: LimiterResolver<Context>) => Plugin<Record<never, never>, Context, Context & RatelimitApiContext<Context>>;
+declare const VERSION = "0.0.0";
+export { type DatabaseStoreOptions as DbStoreOptions, type EvaluateOptions, type EvaluateResult, type LimiterResolver, type RateLimitArgs, type RateLimitConfig, type RateLimitConfigMap, type RateLimitDatabase as RateLimitDb, type RateLimitDatabaseIndexRange as RateLimitDbIndexRange, type RateLimitDatabaseQuery as RateLimitDbQuery, RateLimitError, type RateLimitKind, type RateLimitMiddlewareOptions, type RateLimitReason, type RateLimitStatus, type RateLimitStore, type RateLimitValue, RateLimiter, type RateLimiterOptions, type RatelimitApiContext, type SqlLike, type SqlStoreOptions, VERSION, availableAt, createDatabaseStore as createDbStore, createMemoryStore, createSqlStore, databaseRateLimit as dbRateLimit, evaluate, rateLimit, ratelimitPlugin };

package/dist/index.d.ts

@@ -0,0 +1,143 @@
+import { Middleware, Plugin } from '@lunora/server';
+import { Id } from '@lunora/values';
+type RateLimitKind = "fixed window" | "sliding window" | "token bucket";
+type RateLimitReason = "deny" | "rate";
+interface RateLimitConfig {
+  capacity?: number;
+  kind: RateLimitKind;
+  period: number;
+  rate: number;
+  shards?: number;
+  start?: number;
+}
+type RateLimitConfigMap<Names extends string = string> = Record<Names, RateLimitConfig>;
+interface RateLimitValue {
+  prev?: number;
+  ts: number;
+  value: number;
+}
+interface RateLimitStatus {
+  ok: boolean;
+  reason?: RateLimitReason;
+  retryAfter: number;
+}
+interface RateLimitArgs {
+  count?: number;
+  key?: string;
+  reserve?: boolean;
+  throws?: boolean;
+}
+interface RateLimitStore {
+  delete: (storageKey: string) => Promise<void> | void;
+  get: (storageKey: string) => Promise<RateLimitValue | undefined> | RateLimitValue | undefined;
+  set: (storageKey: string, value: RateLimitValue) => Promise<void> | void;
+}
+interface EvaluateOptions {
+  consume: boolean;
+  count: number;
+  now: number;
+  reserve: boolean;
+}
+interface EvaluateResult {
+  status: RateLimitStatus;
+  value: RateLimitValue | undefined;
+}
+declare const availableAt: (config: RateLimitConfig, prior: RateLimitValue | undefined, now: number) => {
+  ts: number;
+  value: number;
+};
+declare const evaluate: (config: RateLimitConfig, prior: RateLimitValue | undefined, options: EvaluateOptions) => EvaluateResult;
+interface RateLimiterOptions<Names extends string> {
+  config: RateLimitConfigMap<Names>;
+  denyList?: Iterable<string>;
+  normalize?: (key: string) => string;
+  now?: () => number;
+  random?: () => number;
+  store?: RateLimitStore;
+}
+declare class RateLimiter<Names extends string = string> {
+  private readonly config;
+  private readonly denyList;
+  private readonly normalize;
+  private readonly now;
+  private readonly store;
+  constructor(options: RateLimiterOptions<Names>);
+  check(name: Names, args?: Omit<RateLimitArgs, "reserve" | "throws">): Promise<RateLimitStatus>;
+  getValue(name: Names, args?: {
+    key?: string;
+  }): Promise<{
+    config: RateLimitConfig;
+    ts: number;
+    value: number;
+  }>;
+  limit(name: Names, args?: RateLimitArgs): Promise<RateLimitStatus>;
+  reset(name: Names, args?: {
+    key?: string;
+  }): Promise<void>;
+  private resolve;
+  private run;
+}
+type LimiterResolver<Context> = ((context: Context) => Promise<RateLimiter> | RateLimiter) | RateLimiter;
+interface RateLimitMiddlewareOptions<Context> {
+  count?: number;
+  failOpen?: boolean;
+  key?: (context: Context) => string | undefined;
+  message?: string;
+}
+declare const rateLimit: <Context>(limiter: LimiterResolver<Context>, name: string, options?: RateLimitMiddlewareOptions<Context>) => Middleware<Context, Context>;
+declare const createMemoryStore: () => RateLimitStore;
+interface SqlLike {
+  exec: <Row = Record<string, unknown>>(query: string, ...params: unknown[]) => {
+    toArray: () => Row[];
+  };
+}
+interface SqlStoreOptions {
+  sql: SqlLike;
+  table?: string;
+}
+declare const createSqlStore: (options: SqlStoreOptions) => RateLimitStore;
+interface RateLimitDatabaseIndexRange {
+  eq: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  gt: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  gte: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  lt: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+  lte: (field: string, value: unknown) => RateLimitDatabaseIndexRange;
+}
+interface RateLimitDatabaseQuery {
+  first: () => Promise<Record<string, unknown> | null>;
+  withIndex: (indexName: string, range: (q: RateLimitDatabaseIndexRange) => RateLimitDatabaseIndexRange) => RateLimitDatabaseQuery;
+}
+interface RateLimitDatabase {
+  delete: <T extends string>(id: Id<T>) => Promise<void>;
+  insert: <T extends string>(table: T, document: Record<string, unknown>) => Promise<Id<T>>;
+  patch: <T extends string>(id: Id<T>, patch: Record<string, unknown>) => Promise<void>;
+  query: (table: string) => RateLimitDatabaseQuery;
+}
+interface DatabaseStoreOptions {
+  db: RateLimitDatabase;
+  index?: string;
+  keyField?: string;
+  table?: string;
+}
+declare const createDatabaseStore: (options: DatabaseStoreOptions) => RateLimitStore;
+declare const databaseRateLimit: <Context extends {
+  db: RateLimitDatabase;
+}, Names extends string = string>(config: RateLimitConfigMap<Names>, name: Names, options?: RateLimitMiddlewareOptions<Context> & {
+  store?: Omit<DatabaseStoreOptions, "db">;
+}) => Middleware<Context, Context>;
+declare class RateLimitError extends Error {
+  readonly name = "RateLimitError";
+  readonly reason: RateLimitReason | undefined;
+  readonly retryAfter: number;
+  constructor(status: RateLimitStatus, message?: string);
+}
+interface RatelimitApiContext<Context> {
+  api: (Context extends {
+    api: infer A;
+  } ? A : Record<never, never>) & {
+    ratelimit: RateLimiter;
+  };
+}
+declare const ratelimitPlugin: <Context = unknown>(limiter: LimiterResolver<Context>) => Plugin<Record<never, never>, Context, Context & RatelimitApiContext<Context>>;
+declare const VERSION = "0.0.0";
+export { type DatabaseStoreOptions as DbStoreOptions, type EvaluateOptions, type EvaluateResult, type LimiterResolver, type RateLimitArgs, type RateLimitConfig, type RateLimitConfigMap, type RateLimitDatabase as RateLimitDb, type RateLimitDatabaseIndexRange as RateLimitDbIndexRange, type RateLimitDatabaseQuery as RateLimitDbQuery, RateLimitError, type RateLimitKind, type RateLimitMiddlewareOptions, type RateLimitReason, type RateLimitStatus, type RateLimitStore, type RateLimitValue, RateLimiter, type RateLimiterOptions, type RatelimitApiContext, type SqlLike, type SqlStoreOptions, VERSION, availableAt, createDatabaseStore as createDbStore, createMemoryStore, createSqlStore, databaseRateLimit as dbRateLimit, evaluate, rateLimit, ratelimitPlugin };

package/dist/index.mjs

@@ -0,0 +1,11 @@
+export { availableAt, evaluate } from './packem_shared/availableAt-D5GyJtxT.mjs';
+export { default as dbRateLimit } from './packem_shared/dbRateLimit-C4nMF5cN.mjs';
+export { default as RateLimitError } from './packem_shared/RateLimitError-YOUfRzXc.mjs';
+export { rateLimit } from './packem_shared/rateLimit-uQxVMZfh.mjs';
+export { ratelimitPlugin } from './packem_shared/ratelimitPlugin-D5_-KV1T.mjs';
+export { RateLimiter } from './packem_shared/RateLimiter-CeElVjB0.mjs';
+export { createDbStore, createMemoryStore, createSqlStore } from './packem_shared/createDbStore-L1kD1g1n.mjs';
+
+const VERSION = "0.0.0";
+
+export { VERSION };

package/dist/packem_shared/RateLimitError-YOUfRzXc.mjs

@@ -0,0 +1,18 @@
+const describe = (status) => {
+  if (status.reason === "deny") {
+    return "request denied (deny list)";
+  }
+  return Number.isFinite(status.retryAfter) ? `rate limit exceeded; retry after ${String(Math.ceil(status.retryAfter))}ms` : "rate limit exceeded";
+};
+class RateLimitError extends Error {
+  name = "RateLimitError";
+  reason;
+  retryAfter;
+  constructor(status, message) {
+    super(message ?? describe(status));
+    this.reason = status.reason;
+    this.retryAfter = status.retryAfter;
+  }
+}
+
+export { RateLimitError as default };

package/dist/packem_shared/RateLimiter-CeElVjB0.mjs

@@ -0,0 +1,122 @@
+import { availableAt, evaluate } from './availableAt-D5GyJtxT.mjs';
+import RateLimitError from './RateLimitError-YOUfRzXc.mjs';
+import { createMemoryStore } from './createDbStore-L1kD1g1n.mjs';
+
+const storageKeyFor = (name, key) => key === void 0 ? encodeURIComponent(name) : `${encodeURIComponent(name)}:${encodeURIComponent(key)}`;
+const hashToShard = (storageKey, shards) => {
+  let hash = 0;
+  for (let index = 0; index < storageKey.length; index += 1) {
+    hash = hash * 31 + storageKey.charCodeAt(index) | 0;
+  }
+  return Math.abs(hash) % shards;
+};
+const perShardConfig = (config, shards) => shards > 1 ? { ...config, capacity: (config.capacity ?? config.rate) / shards, rate: config.rate / shards } : config;
+const shardKeysFor = (name, key, shards) => {
+  const base = storageKeyFor(name, key);
+  return shards > 1 ? Array.from({ length: shards }, (_, shard) => `${base}#${String(shard)}`) : [base];
+};
+class RateLimiter {
+  config;
+  denyList;
+  normalize;
+  now;
+  store;
+  constructor(options) {
+    this.config = options.config;
+    this.denyList = new Set(options.denyList);
+    this.normalize = options.normalize ?? ((key) => key);
+    this.now = options.now ?? Date.now;
+    this.store = options.store ?? createMemoryStore();
+    for (const [name, config] of Object.entries(this.config)) {
+      if (config.shards !== void 0 && (!Number.isInteger(config.shards) || config.shards < 1)) {
+        throw new Error(`rate limit "${name}": shards must be a positive integer`);
+      }
+      if (!Number.isFinite(config.period) || config.period <= 0) {
+        throw new Error(`rate limit "${name}": period must be a positive number`);
+      }
+      if (!Number.isFinite(config.rate) || config.rate <= 0) {
+        throw new Error(`rate limit "${name}": rate must be a positive number`);
+      }
+      if (config.capacity !== void 0 && (!Number.isFinite(config.capacity) || config.capacity < 0)) {
+        throw new Error(`rate limit "${name}": capacity must be a non-negative number`);
+      }
+    }
+  }
+  /** Peek at whether a request would be permitted without consuming. */
+  async check(name, args = {}) {
+    return this.run(name, args, false);
+  }
+  /**
+   * Read the current config and the units admittable right now for a
+   * `(name, key)` pair. The value is projected forward to the current clock
+   * (token-bucket refill, fixed-window rollover, sliding-window decay), not
+   * the last persisted figure. For a sharded limit it reads only the single
+   * shard `limit()`/`run()` would route this key to — the sibling shards are
+   * never touched by this key, so summing them would over-report.
+   */
+  async getValue(name, args = {}) {
+    const config = this.resolve(name);
+    const shards = config.shards ?? 1;
+    const now = this.now();
+    const normalizedKey = args.key === void 0 ? void 0 : this.normalize(args.key);
+    if (shards > 1) {
+      const base = storageKeyFor(name, normalizedKey);
+      const storageKey = `${base}#${String(hashToShard(base, shards))}`;
+      const current2 = availableAt(perShardConfig(config, shards), await this.store.get(storageKey), now);
+      return { config, ts: current2.ts, value: current2.value };
+    }
+    const current = availableAt(config, await this.store.get(storageKeyFor(name, normalizedKey)), now);
+    return { config, ts: current.ts, value: current.value };
+  }
+  /** Consume capacity. Returns the outcome, or throws when `args.throws` is set. */
+  async limit(name, args = {}) {
+    return this.run(name, args, true);
+  }
+  /** Clear accounting for a `(name, key)` pair (e.g. on successful login). */
+  async reset(name, args = {}) {
+    const shards = this.resolve(name).shards ?? 1;
+    const normalizedKey = args.key === void 0 ? void 0 : this.normalize(args.key);
+    await Promise.all(shardKeysFor(name, normalizedKey, shards).map((storageKey) => Promise.resolve(this.store.delete(storageKey))));
+  }
+  resolve(name) {
+    const config = this.config[name];
+    if (!config) {
+      throw new Error(`rate limit "${name}" is not configured`);
+    }
+    return config;
+  }
+  async run(name, args, consume) {
+    const config = this.resolve(name);
+    const normalizedKey = args.key === void 0 ? void 0 : this.normalize(args.key);
+    if (normalizedKey !== void 0 && (this.denyList.has(normalizedKey) || this.denyList.has(args.key))) {
+      const status2 = { ok: false, reason: "deny", retryAfter: Number.POSITIVE_INFINITY };
+      if (args.throws) {
+        throw new RateLimitError(status2);
+      }
+      return status2;
+    }
+    const count = args.count ?? 1;
+    if (!Number.isInteger(count) || count <= 0) {
+      throw new Error(`rate limit "${name}": count must be a positive integer`);
+    }
+    const shards = config.shards ?? 1;
+    const base = storageKeyFor(name, normalizedKey);
+    const storageKey = shards > 1 ? `${base}#${String(hashToShard(base, shards))}` : base;
+    const prior = await this.store.get(storageKey);
+    const { status, value } = evaluate(perShardConfig(config, shards), prior, {
+      consume,
+      count,
+      now: this.now(),
+      reserve: args.reserve ?? false
+    });
+    if (value !== void 0) {
+      await this.store.set(storageKey, value);
+    }
+    if (!status.ok && args.throws) {
+      throw new RateLimitError(status);
+    }
+    return status;
+  }
+}
+
+export { RateLimiter };

package/dist/packem_shared/availableAt-D5GyJtxT.mjs

@@ -0,0 +1,117 @@
+const capacityOf = (config) => config.capacity ?? config.rate;
+const tokenBucket = (config, prior, options) => {
+  const capacity = capacityOf(config);
+  const ratePerMs = config.rate / config.period;
+  const base = prior ?? { ts: options.now, value: capacity };
+  const elapsed = Math.max(0, options.now - base.ts);
+  const available = Math.min(capacity, base.value + elapsed * ratePerMs);
+  if (available >= options.count) {
+    const value = { ts: options.now, value: available - options.count };
+    return { status: { ok: true, retryAfter: 0 }, value: options.consume ? value : void 0 };
+  }
+  const deficit = options.count - available;
+  const retryAfter = Math.ceil(deficit / ratePerMs);
+  if (options.consume && options.reserve && options.count <= capacity) {
+    return { status: { ok: true, retryAfter }, value: { ts: options.now, value: available - options.count } };
+  }
+  return { status: { ok: false, reason: "rate", retryAfter }, value: void 0 };
+};
+const fixedWindow = (config, prior, options) => {
+  const capacity = capacityOf(config);
+  const start = config.start ?? 0;
+  const windowStart = start + Math.floor((options.now - start) / config.period) * config.period;
+  let base;
+  if (!prior || prior.ts < windowStart) {
+    const carry = prior && config.capacity !== void 0 ? Math.max(0, prior.value) : 0;
+    base = { ts: windowStart, value: Math.min(capacity, carry + config.rate) };
+  } else {
+    base = prior;
+  }
+  if (base.value >= options.count) {
+    const value = { ts: base.ts, value: base.value - options.count };
+    return { status: { ok: true, retryAfter: 0 }, value: options.consume ? value : void 0 };
+  }
+  const retryAfter = base.ts + config.period - options.now;
+  if (options.consume && options.reserve && options.count <= capacity) {
+    return { status: { ok: true, retryAfter }, value: { ts: base.ts, value: base.value - options.count } };
+  }
+  if (options.count > capacity) {
+    throw new Error(`@lunora/ratelimit: requested count ${String(options.count)} exceeds the limiter capacity ${String(capacity)}`);
+  }
+  return { status: { ok: false, reason: "rate", retryAfter }, value: void 0 };
+};
+const slidingWindow = (config, prior, options) => {
+  const limit = config.rate;
+  const { period } = config;
+  const start = config.start ?? 0;
+  const windowStart = start + Math.floor((options.now - start) / period) * period;
+  const elapsed = options.now - windowStart;
+  const weight = (period - elapsed) / period;
+  let previousCount = 0;
+  let currentCount = 0;
+  if (prior?.ts === windowStart) {
+    previousCount = prior.prev ?? 0;
+    currentCount = prior.value;
+  } else if (prior?.ts === windowStart - period) {
+    previousCount = prior.value;
+  }
+  const estimated = previousCount * weight + currentCount;
+  const admit = estimated + options.count <= limit;
+  const retryAfter = () => {
+    const headroomNow = limit - currentCount - options.count;
+    if (previousCount > 0 && headroomNow >= 0) {
+      return Math.ceil(period - elapsed - headroomNow * period / previousCount);
+    }
+    const headroomNext = limit - options.count;
+    const intoNext = currentCount > 0 ? Math.max(0, period - headroomNext * period / currentCount) : 0;
+    return Math.ceil(period - elapsed + intoNext);
+  };
+  if (admit || options.consume && options.reserve && options.count <= limit) {
+    const value = { prev: previousCount, ts: windowStart, value: currentCount + options.count };
+    return { status: { ok: true, retryAfter: admit ? 0 : retryAfter() }, value: options.consume ? value : void 0 };
+  }
+  if (options.count > limit) {
+    throw new Error(`@lunora/ratelimit: requested count ${String(options.count)} exceeds the limiter capacity ${String(limit)}`);
+  }
+  return { status: { ok: false, reason: "rate", retryAfter: retryAfter() }, value: void 0 };
+};
+const availableAt = (config, prior, now) => {
+  if (config.kind === "token bucket") {
+    const capacity = capacityOf(config);
+    const ratePerMs = config.rate / config.period;
+    const base = prior ?? { ts: now, value: capacity };
+    const elapsed = Math.max(0, now - base.ts);
+    return { ts: now, value: Math.min(capacity, base.value + elapsed * ratePerMs) };
+  }
+  const start = config.start ?? 0;
+  const windowStart = start + Math.floor((now - start) / config.period) * config.period;
+  if (config.kind === "sliding window") {
+    const elapsed = now - windowStart;
+    const weight = (config.period - elapsed) / config.period;
+    let previousCount = 0;
+    let currentCount = 0;
+    if (prior?.ts === windowStart) {
+      previousCount = prior.prev ?? 0;
+      currentCount = prior.value;
+    } else if (prior?.ts === windowStart - config.period) {
+      previousCount = prior.value;
+    }
+    return { ts: windowStart, value: Math.max(0, config.rate - (previousCount * weight + currentCount)) };
+  }
+  if (!prior || prior.ts < windowStart) {
+    const carry = prior && config.capacity !== void 0 ? Math.max(0, prior.value) : 0;
+    return { ts: windowStart, value: Math.min(capacityOf(config), carry + config.rate) };
+  }
+  return { ts: prior.ts, value: prior.value };
+};
+const evaluate = (config, prior, options) => {
+  if (config.kind === "token bucket") {
+    return tokenBucket(config, prior, options);
+  }
+  if (config.kind === "sliding window") {
+    return slidingWindow(config, prior, options);
+  }
+  return fixedWindow(config, prior, options);
+};
+
+export { availableAt, evaluate };

package/dist/packem_shared/createDbStore-L1kD1g1n.mjs

@@ -0,0 +1,103 @@
+const createMemoryStore = () => {
+  const map = /* @__PURE__ */ new Map();
+  return {
+    delete: (storageKey) => {
+      map.delete(storageKey);
+    },
+    get: (storageKey) => map.get(storageKey),
+    set: (storageKey, value) => {
+      map.set(storageKey, value);
+    }
+  };
+};
+const runSql = (sql, query, ...params) => {
+  const runner = sql.exec;
+  return runner.call(sql, query, ...params).toArray();
+};
+const createSqlStore = (options) => {
+  const { sql } = options;
+  const table = options.table ?? "_lunora_rate_limits";
+  runSql(sql, `CREATE TABLE IF NOT EXISTS "${table}" (k TEXT PRIMARY KEY, value REAL NOT NULL, ts INTEGER NOT NULL, prev REAL)`);
+  return {
+    delete: (storageKey) => {
+      runSql(sql, `DELETE FROM "${table}" WHERE k = ?`, storageKey);
+    },
+    get: (storageKey) => {
+      const rows = runSql(sql, `SELECT value, ts, prev FROM "${table}" WHERE k = ?`, storageKey);
+      const row = rows[0];
+      if (!row) {
+        return void 0;
+      }
+      const value = { ts: row.ts, value: row.value };
+      if (row.prev !== null) {
+        value.prev = row.prev;
+      }
+      return value;
+    },
+    set: (storageKey, value) => {
+      runSql(
+        sql,
+        `INSERT INTO "${table}" (k, value, ts, prev) VALUES (?, ?, ?, ?) ON CONFLICT(k) DO UPDATE SET value = excluded.value, ts = excluded.ts, prev = excluded.prev`,
+        storageKey,
+        value.value,
+        value.ts,
+        // SQL bind: a missing `prev` must bind as SQL NULL, not undefined.
+        // eslint-disable-next-line unicorn/no-null -- SQLite/D1 bind parameters require null for a NULL column
+        value.prev ?? null
+      );
+    }
+  };
+};
+const createDatabaseStore = (options) => {
+  const { db } = options;
+  const table = options.table ?? "rateLimits";
+  const index = options.index ?? "by_key";
+  const keyField = options.keyField ?? "key";
+  const idCache = /* @__PURE__ */ new Map();
+  const find = async (storageKey) => {
+    const row = await db.query(table).withIndex(index, (q) => q.eq(keyField, storageKey)).first();
+    idCache.set(storageKey, row ? row._id : void 0);
+    return row;
+  };
+  const resolveId = async (storageKey) => {
+    if (idCache.has(storageKey)) {
+      return idCache.get(storageKey);
+    }
+    await find(storageKey);
+    return idCache.get(storageKey);
+  };
+  return {
+    delete: async (storageKey) => {
+      const id = await resolveId(storageKey);
+      if (id !== void 0) {
+        await db.delete(id);
+      }
+      idCache.delete(storageKey);
+    },
+    get: async (storageKey) => {
+      const row = await find(storageKey);
+      if (!row) {
+        return void 0;
+      }
+      const value = { ts: row.ts, value: row.value };
+      if (row.prev !== null && row.prev !== void 0) {
+        value.prev = row.prev;
+      }
+      return value;
+    },
+    set: async (storageKey, value) => {
+      const id = await resolveId(storageKey);
+      const document = { [keyField]: storageKey, ts: value.ts, value: value.value };
+      if (value.prev !== void 0) {
+        document.prev = value.prev;
+      }
+      if (id === void 0) {
+        idCache.set(storageKey, await db.insert(table, document));
+      } else {
+        await db.patch(id, document);
+      }
+    }
+  };
+};
+
+export { createDatabaseStore as createDbStore, createMemoryStore, createSqlStore };

package/dist/packem_shared/dbRateLimit-C4nMF5cN.mjs

@@ -0,0 +1,7 @@
+import { rateLimit } from './rateLimit-uQxVMZfh.mjs';
+import { RateLimiter } from './RateLimiter-CeElVjB0.mjs';
+import { createDbStore as createDatabaseStore } from './createDbStore-L1kD1g1n.mjs';
+
+const databaseRateLimit = (config, name, options = {}) => rateLimit((context) => new RateLimiter({ config, store: createDatabaseStore({ db: context.db, ...options.store }) }), name, options);
+
+export { databaseRateLimit as default };