@nextsparkjs/plugin-langchain 0.1.0-beta.50 → 0.1.0-beta.51

package/api/observability/metrics/route.ts

@@ -7,6 +7,7 @@
 
 import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { queryWithRLS } from '@nextsparkjs/core/lib/db'
 
 interface MetricsRow {
@@ -24,7 +25,7 @@ const PERIOD_HOURS: Record<string, number> = {
   '30d': 24 * 30,
 }
 
-export async function GET(req: NextRequest) {
+const getHandler = async (req: NextRequest) => {
   // 1. Authenticate (superadmin only)
   const authResult = await authenticateRequest(req)
   if (!authResult.success || !authResult.user) {
@@ -108,3 +109,5 @@ export async function GET(req: NextRequest) {
     )
   }
 }
+
+export const GET = withRateLimitTier(getHandler, 'read')

package/api/observability/traces/[traceId]/route.ts

@@ -7,6 +7,7 @@
 
 import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { queryWithRLS } from '@nextsparkjs/core/lib/db'
 import type { Trace, Span } from '../../../../types/observability.types'
 
@@ -62,10 +63,10 @@ interface SpanRow {
   createdAt: Date
 }
 
-export async function GET(
+const getHandler = async (
   req: NextRequest,
   { params }: { params: Promise<{ traceId: string }> }
-) {
+) => {
   // 1. Authenticate (superadmin only)
   const authResult = await authenticateRequest(req)
   if (!authResult.success || !authResult.user) {
@@ -396,3 +397,5 @@ export async function GET(
     )
   }
 }
+
+export const GET = withRateLimitTier(getHandler, 'read')

package/api/observability/traces/route.ts

@@ -7,6 +7,7 @@
 
 import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { queryWithRLS } from '@nextsparkjs/core/lib/db'
 import type { Trace } from '../../../types/observability.types'
 
@@ -38,7 +39,7 @@ interface TraceRow {
   createdAt: Date
 }
 
-export async function GET(req: NextRequest) {
+const getHandler = async (req: NextRequest) => {
   // 1. Authenticate (superadmin only)
   const authResult = await authenticateRequest(req)
   if (!authResult.success || !authResult.user) {
@@ -203,3 +204,5 @@ export async function GET(req: NextRequest) {
     )
   }
 }
+
+export const GET = withRateLimitTier(getHandler, 'read')

package/api/sessions/route.ts

@@ -1,5 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { dbMemoryStore, CONVERSATION_LIMITS } from '../../lib/db-memory-store'
 import { config } from '../../plugin.config'
 import type {
@@ -36,7 +37,7 @@ function toApiConversationInfo(conv: {
  * Without id: returns list of all conversations
  * With id: returns single conversation details
  */
-export async function GET(req: NextRequest) {
+const getHandler = async (req: NextRequest) => {
     // 1. Auth
     const authResult = await authenticateRequest(req)
     if (!authResult.success || !authResult.user) {
@@ -103,13 +104,15 @@ export async function GET(req: NextRequest) {
     }
 }
 
+export const GET = withRateLimitTier(getHandler, 'read')
+
 /**
  * POST - Create a new conversation
  *
  * Body:
  * - name: Optional name for the conversation
  */
-export async function POST(req: NextRequest) {
+const postHandler = async (req: NextRequest) => {
     // 1. Auth
     const authResult = await authenticateRequest(req)
     if (!authResult.success || !authResult.user) {
@@ -183,6 +186,8 @@ export async function POST(req: NextRequest) {
     }
 }
 
+export const POST = withRateLimitTier(postHandler, 'write')
+
 /**
  * PATCH - Update a conversation (rename, pin/unpin)
  *
@@ -191,7 +196,7 @@ export async function POST(req: NextRequest) {
  * - name: New name (optional)
  * - isPinned: New pin status (optional)
  */
-export async function PATCH(req: NextRequest) {
+const patchHandler = async (req: NextRequest) => {
     // 1. Auth
     const authResult = await authenticateRequest(req)
     if (!authResult.success || !authResult.user) {
@@ -262,13 +267,15 @@ export async function PATCH(req: NextRequest) {
     }
 }
 
+export const PATCH = withRateLimitTier(patchHandler, 'write')
+
 /**
  * DELETE - Delete a conversation
  *
  * Body:
  * - sessionId: Session ID to delete (required)
  */
-export async function DELETE(req: NextRequest) {
+const deleteHandler = async (req: NextRequest) => {
     // 1. Auth
     const authResult = await authenticateRequest(req)
     if (!authResult.success || !authResult.user) {
@@ -330,3 +337,5 @@ export async function DELETE(req: NextRequest) {
         )
     }
 }
+
+export const DELETE = withRateLimitTier(deleteHandler, 'write')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nextsparkjs/plugin-langchain",
-  "version": "0.1.0-beta.50",
+  "version": "0.1.0-beta.51",
   "private": false,
   "main": "./plugin.config.ts",
   "requiredPlugins": [],
@@ -23,7 +23,7 @@
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "zod": "^4.0.0",
-    "@nextsparkjs/core": "0.1.0-beta.50"
+    "@nextsparkjs/core": "0.1.0-beta.51"
   },
   "nextspark": {
     "type": "plugin",