@stimulcross/rate-limiter 0.0.1 → 0.0.2

package/README.md

@@ -5,3 +5,23 @@ A collection of rate limiters designed primarily for **outbound request throttli
 They are suited for client-side usage to respect third-party limits or protect internal resources.
 
 While it is technically possible to use these limiters for server-side traffic backed by a distributed store like Redis, it is **not recommended**. The algorithms evaluate state within the application process, so distributed usage requires multiple network operations per request introducing significant round-trip latency.
+
+## Installation
+
+**npm**
+
+```
+npm add @stimulcross/rate-limiter
+```
+
+**pnpm**
+
+```
+pnpm add @stimulcross/rate-limiter
+```
+
+**yarn**
+
+```
+yarn add @stimulcross/rate-limiter
+```

package/lib/core/cancellable.js

@@ -0,0 +1 @@
+export {};

package/lib/core/clock.js

@@ -0,0 +1 @@
+export {};

package/lib/core/decision.js

@@ -0,0 +1 @@
+export {};

package/lib/core/rate-limit-policy.js

@@ -0,0 +1 @@
+export {};

package/lib/core/rate-limiter-status.js

@@ -0,0 +1 @@
+export {};

package/lib/core/rate-limiter.js

@@ -0,0 +1 @@
+export {};

package/lib/core/state-storage.js

@@ -0,0 +1 @@
+export {};

package/lib/enums/rate-limit-error-code.js

@@ -0,0 +1,26 @@
+/**
+ * Rate limiter error codes.
+ */
+export var RateLimitErrorCode;
+(function (RateLimitErrorCode) {
+    /**
+     * Indicates that the limit has been reached.
+     */
+    RateLimitErrorCode["LimitExceeded"] = "LIMIT_EXCEEDED";
+    /**
+     * Indicates that the execution queue is full.
+     */
+    RateLimitErrorCode["QueueOverflow"] = "QUEUE_OVERFLOW";
+    /**
+     * Indicates that the task has expired.
+     */
+    RateLimitErrorCode["Expired"] = "EXPIRED";
+    /**
+     * Indicates that a task was cleared before it was executed.
+     */
+    RateLimitErrorCode["Destroyed"] = "DESTROYED";
+    /**
+     * Indicates that a task was canceled via abort controller before it was executed.
+     */
+    RateLimitErrorCode["Cancelled"] = "CANCELLED";
+})(RateLimitErrorCode || (RateLimitErrorCode = {}));

package/lib/errors/custom.error.js

@@ -0,0 +1,12 @@
+/** @internal */
+export class CustomError extends Error {
+    constructor(message) {
+        super(message);
+        Object.setPrototypeOf(this, new.target.prototype);
+        // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+        Error.captureStackTrace?.(this, new.target.constructor);
+    }
+    get name() {
+        return this.constructor.name;
+    }
+}

package/lib/errors/invalid-cost.error.js

@@ -0,0 +1,25 @@
+import { CustomError } from './custom.error.js';
+/**
+ * Error thrown when the cost is invalid.
+ *
+ * The cost must be a positive integer or zero.
+ */
+export class InvalidCostError extends CustomError {
+    _cost;
+    constructor(message, _cost) {
+        super(message);
+        this._cost = _cost;
+    }
+    get cost() {
+        return this._cost;
+    }
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    toJSON() {
+        return {
+            name: this.name,
+            message: this.message,
+            cost: this._cost,
+            stack: this.stack,
+        };
+    }
+}

package/lib/errors/rate-limit.error.js

@@ -0,0 +1,74 @@
+import { RateLimitErrorCode } from '../enums/rate-limit-error-code.js';
+/**
+ * An error thrown when a rate limit is exceeded.
+ *
+ * This error has a {@link code} property that indicates the type of error.
+ *
+ * The `code` can be:
+ * - `LIMIT_EXCEEDED` - When the rate limit is exceeded.
+ * - `QUEUE_OVERFLOW` - When the queue is full (if the limiter has a queue and the capacity has been exceeded).
+ * - `EXPIRED` - When the task has expired (waited too long in the queue). This is related to the `maxWaitMs` option.
+ *			   **NOTE:** This is never thrown if the task is executing too long. Such scenarios should be handled by the
+ *			   task itself.
+ * - `DESTROYED` - When the task is destroyed due to the rate limiter's `clear()` or `destroy()` methods.
+ * - `CANCELLED` - When the task is cancelled using an abort signal.
+ */
+export class RateLimitError extends Error {
+    _code;
+    _retryAt;
+    /** @internal */
+    constructor(code, retryAt, message) {
+        if (!message) {
+            switch (code) {
+                case RateLimitErrorCode.LimitExceeded: {
+                    message = `Rate limit exceeded.${retryAt ? ` Retry at ${new Date(retryAt).toISOString()}.` : ''}`;
+                    break;
+                }
+                case RateLimitErrorCode.QueueOverflow: {
+                    message = 'Queue overflow.';
+                    break;
+                }
+                case RateLimitErrorCode.Expired: {
+                    message = 'Task expired.';
+                    break;
+                }
+                case RateLimitErrorCode.Destroyed: {
+                    message = 'Task destroyed.';
+                    break;
+                }
+                case RateLimitErrorCode.Cancelled: {
+                    message = 'Task cancelled.';
+                    break;
+                }
+                // No default
+            }
+        }
+        super(message);
+        this._code = code;
+        this._retryAt = retryAt ?? null;
+    }
+    /**
+     * The error code.
+     */
+    get code() {
+        return this._code;
+    }
+    /**
+     * The timestamp (in milliseconds) when the task can be retried.
+     *
+     * Can be `null` if the retry time is not known.
+     */
+    get retryAt() {
+        return this._retryAt ?? null;
+    }
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    toJSON() {
+        return {
+            name: this.name,
+            message: this.message,
+            code: this._code,
+            retryAt: this._retryAt,
+            stack: this.stack,
+        };
+    }
+}

package/{src/errors/rate-limiter-destroyed.error.ts → lib/errors/rate-limiter-destroyed.error.js}

@@ -2,7 +2,7 @@
  * An error thrown when running a task on a destroyed rate limiter.
  */
 export class RateLimiterDestroyedError extends Error {
-	constructor() {
-		super('Rate limiter has been destroyed and cannot be used.');
-	}
+    constructor() {
+        super('Rate limiter has been destroyed and cannot be used.');
+    }
 }

package/lib/index.js

@@ -0,0 +1,4 @@
+export { RateLimitError } from './errors/rate-limit.error.js';
+export { RateLimiterDestroyedError } from './errors/rate-limiter-destroyed.error.js';
+export { InvalidCostError } from './errors/invalid-cost.error.js';
+export { RateLimitErrorCode } from './enums/rate-limit-error-code.js';

package/lib/interfaces/rate-limiter-options.js

@@ -0,0 +1 @@
+export {};

package/lib/interfaces/rate-limiter-queue-options.js

@@ -0,0 +1 @@
+export {};

package/lib/interfaces/rate-limiter-run-options.js

@@ -0,0 +1 @@
+export {};

package/lib/limiters/abstract-rate-limiter.js

@@ -0,0 +1,132 @@
+import { Priority } from '@stimulcross/ds-policy-priority-queue';
+import { createLogger, LogLevel } from '@stimulcross/logger';
+import { RateLimitErrorCode } from '../enums/rate-limit-error-code.js';
+import { RateLimitError } from '../errors/rate-limit.error.js';
+import { RateLimiterDestroyedError } from '../errors/rate-limiter-destroyed.error.js';
+import { defaultClock } from '../runtime/default-clock.js';
+import { InMemoryStateStore } from '../runtime/in-memory-state-store.js';
+import { RateLimiterExecutor } from '../runtime/rate-limiter.executor.js';
+import { generateRandomString } from '../utils/generate-random-string.js';
+const DEFAULT_KEY_PREFIX = 'limiter';
+/** @internal */
+export class AbstractRateLimiter {
+    _logger;
+    _clock;
+    _store;
+    _executor;
+    _getStoreKey;
+    _generateId;
+    _isDestroyed = false;
+    constructor(options) {
+        this._logger = createLogger(new.target.name, { minLevel: 'WARNING', ...options?.loggerOptions });
+        this._clock = options?.clock ?? defaultClock;
+        this._store = options?.store ?? new InMemoryStateStore(this._clock);
+        this._executor = new RateLimiterExecutor(this._logger, this._clock, options?.queue);
+        this._getStoreKey =
+            options?.key && typeof options.key === 'function'
+                ? options.key
+                : (key) => (key ? `${DEFAULT_KEY_PREFIX}:${key}` : DEFAULT_KEY_PREFIX);
+        this._generateId = options?.idGenerator ?? generateRandomString;
+    }
+    async run(fn, options = {}) {
+        const ctx = {
+            id: options.id ?? this._generateId(),
+            key: this._getStoreKey(options.key),
+            cost: options.cost ?? 1,
+            limitBehavior: options.limitBehavior,
+            priority: options.priority,
+            signal: options.signal,
+            maxWaitMs: options.maxWaitMs,
+        };
+        await this._ensureCanExecute(ctx);
+        return await this._runInternal(fn, ctx);
+    }
+    async getStatus(key) {
+        const now = this._clock.now();
+        const state = await this._store.get(this._getStoreKey(key));
+        return this._policy.getStatus(state ?? this._policy.getInitialState(now), now);
+    }
+    async clear(key) {
+        this._executor.clear();
+        const storeKey = this._getStoreKey(key);
+        this._shouldPrintDebug && this._logger.debug(`[CLR] [key: ${storeKey}]`);
+        await this._store.acquireLock?.(storeKey);
+        try {
+            await this._store.delete(storeKey);
+        }
+        finally {
+            await this._store.releaseLock?.(storeKey);
+        }
+    }
+    async destroy() {
+        if (this._isDestroyed) {
+            return;
+        }
+        this._shouldPrintDebug && this._logger.debug('[KILL] Destroying limiter');
+        this._isDestroyed = true;
+        this._executor.clear();
+        await this._store.destroy?.();
+    }
+    get _shouldPrintDebug() {
+        return this._logger.minLevel >= LogLevel.DEBUG;
+    }
+    async _execute(fn, runAt, storeTtlMs, ctx, expiresAt) {
+        await this._ensureCanExecute(ctx);
+        try {
+            return await this._executor.execute(fn, runAt, {
+                id: ctx.id,
+                key: ctx.key,
+                priority: ctx.priority,
+                signal: ctx.signal,
+                expiresAt,
+            });
+        }
+        catch (e) {
+            if (this._shouldRevert(e)) {
+                await this._store.acquireLock?.(ctx.key);
+                try {
+                    const currentState = await this._store.get(ctx.key);
+                    if (currentState) {
+                        const revertedState = this._policy.revert(currentState, ctx.cost, this._clock.now());
+                        await this._store.set(ctx.key, revertedState, storeTtlMs);
+                        this._shouldPrintDebug &&
+                            this._logger.debug(`[RVRT] [id: ${ctx.id}, key: ${ctx.key}, cost: ${ctx.cost}] - ${this._getDebugStateString(revertedState)}`);
+                    }
+                }
+                catch (e_) {
+                    this._logger.error(`[ERR] [id: ${ctx.id}, key: ${ctx.key}, cost: ${ctx.cost}] - Revert failed`, e_);
+                }
+                finally {
+                    await this._store.releaseLock?.(ctx.key);
+                }
+            }
+            throw e;
+        }
+    }
+    _shouldRevert(e) {
+        return e instanceof RateLimitError && e.code !== RateLimitErrorCode.LimitExceeded;
+    }
+    async _ensureCanExecute(ctx) {
+        if (this._executor.isQueueFull) {
+            this._shouldPrintDebug &&
+                this._logger.debug(`[DROP OVERFLOW] [id: ${ctx.id}, key: ${ctx.key}] - prt: ${ctx.priority ?? Priority.Normal} | q: ${this._executor.queueSize}/${this._executor.queueCapacity}`);
+            let retryAt;
+            const state = await this._store.get(this._getStoreKey());
+            if (state) {
+                const status = this._policy.getStatus(state, this._clock.now());
+                retryAt = Array.isArray(status)
+                    ? Math.min(...status.map(s => s.nextAvailableAt))
+                    : status.nextAvailableAt;
+            }
+            throw new RateLimitError(RateLimitErrorCode.QueueOverflow, retryAt);
+        }
+        if (ctx.signal?.aborted) {
+            this._logger.debug(`[DROP CANCELLED] [id: ${ctx.id}, key: ${ctx.key}] - prt: ${ctx.priority} | q: ${this._executor.queueSize}/${this._executor.queueCapacity}`);
+            throw new RateLimitError(RateLimitErrorCode.Cancelled);
+        }
+        if (this._isDestroyed) {
+            this._logger.debug(`[DROP DESTROYED] [id: ${ctx.id}, key: ${ctx.key}] - prt: ${ctx.priority ?? Priority.Normal} | q: ${this._executor.queueSize}/${this._executor.queueCapacity}}`);
+            throw new RateLimiterDestroyedError();
+        }
+    }
+}

package/lib/limiters/composite.policy.js

@@ -0,0 +1,72 @@
+import { validateCost } from '../utils/validate-cost.js';
+/** @internal */
+export class CompositePolicy {
+    _policies;
+    constructor(_policies) {
+        this._policies = _policies;
+    }
+    get policies() {
+        return this._policies;
+    }
+    getInitialState(now) {
+        return this._policies.map(policy => policy.getInitialState(now));
+    }
+    getStatus(states, now) {
+        const result = [];
+        for (let i = 0; i < this._policies.length; i++) {
+            const policy = this._policies[i];
+            const state = states[i];
+            const info = policy.getStatus(state, now);
+            result.push(info);
+        }
+        return result;
+    }
+    evaluate(states, now, cost, shouldReserve) {
+        if (cost === undefined) {
+            cost = 1;
+        }
+        else {
+            validateCost(cost);
+        }
+        const results = [];
+        let compositeDecision = 'allow';
+        let maxRetryAt = 0;
+        let maxRunAt = 0;
+        for (let i = 0; i < this._policies.length; i++) {
+            const policy = this._policies[i];
+            const state = states[i];
+            const result = policy.evaluate(state, now, cost, shouldReserve);
+            results.push(result);
+            if (result.decision.kind === 'deny') {
+                compositeDecision = 'deny';
+                maxRetryAt = Math.max(maxRetryAt, result.decision.retryAt);
+            }
+            else if (result.decision.kind === 'delay') {
+                if (compositeDecision !== 'deny') {
+                    compositeDecision = 'delay';
+                }
+                maxRunAt = Math.max(maxRunAt, result.decision.runAt);
+            }
+        }
+        if (compositeDecision === 'deny') {
+            const nextState = results.map((res, i) => res.decision.kind === 'deny' ? res.nextState : this._policies[i].revert(res.nextState, cost, now));
+            return {
+                decision: { kind: 'deny', retryAt: maxRetryAt },
+                nextState,
+            };
+        }
+        if (compositeDecision === 'delay') {
+            return {
+                decision: { kind: 'delay', runAt: maxRunAt },
+                nextState: results.map(res => res.nextState),
+            };
+        }
+        return {
+            decision: { kind: 'allow' },
+            nextState: results.map(res => res.nextState),
+        };
+    }
+    revert(states, cost, now) {
+        return states.map((state, i) => this._policies[i].revert(state, cost, now));
+    }
+}

package/lib/limiters/fixed-window/fixed-window.limiter.js

@@ -0,0 +1,84 @@
+import { LogLevel } from '@stimulcross/logger';
+import { FixedWindowPolicy } from './fixed-window.policy.js';
+import { RateLimitErrorCode } from '../../enums/rate-limit-error-code.js';
+import { RateLimitError } from '../../errors/rate-limit.error.js';
+import { AbstractRateLimiter } from '../abstract-rate-limiter.js';
+import { CompositePolicy } from '../composite.policy.js';
+/**
+ * Fixed Window rate limiter.
+ *
+ * Designed primarily for client-side use to respect third-party limits or protect resources.
+ * While this can be used as a server-side limiter with custom distributed storage
+ * (e.g., Redis), it is best-effort and not recommended due to high network round-trip latency.
+ *
+ * Key features:
+ * - **Composite limits** - supports multiple windows simultaneously (e.g., 10 per second AND 1000 per hour)
+ * - **Queueing & overflow** - optionally enqueues excess requests up to a maximum allowed overflow capacity
+ * - **Concurrency** - limits how many requests can be executed simultaneously
+ * - **Priority** - supports task priorities (with fairness and custom policy) to execute critical requests first
+ * - **Cancellation** - supports `AbortSignal` to safely remove pending requests from the queue
+ * - **Expiration** - automatically drops queued requests that wait longer than the allowed `maxWaitMs`
+ * - **Auto-rollback** - reverts spent quota if an enqueued task is canceled or expired
+ */
+export class FixedWindowLimiter extends AbstractRateLimiter {
+    _defaultLimitBehaviour;
+    _defaultMaxWaitMs;
+    _maxWindowSizeMs;
+    _policy;
+    constructor(options) {
+        super(options);
+        this._defaultLimitBehaviour = options.limitBehavior ?? 'reject';
+        if (options.queue?.maxWaitMs) {
+            this._defaultMaxWaitMs = options.queue.maxWaitMs;
+        }
+        this._policy = new CompositePolicy(Array.isArray(options.limitOptions)
+            ? options.limitOptions.map(({ limit, windowMs }) => new FixedWindowPolicy(limit, windowMs))
+            : [new FixedWindowPolicy(options.limitOptions.limit, options.limitOptions.windowMs)]);
+        this._maxWindowSizeMs = Math.max(...this._policy.policies.map(policy => policy.windowMs));
+    }
+    async _runInternal(fn, ctx) {
+        const now = this._clock.now();
+        let runAt;
+        let storeTtlMs;
+        await this._store.acquireLock?.(ctx.key);
+        try {
+            const state = (await this._store.get(ctx.key)) ?? this._policy.getInitialState(this._clock.now());
+            const finalLimitBehavior = ctx.limitBehavior ?? this._defaultLimitBehaviour;
+            const { decision, nextState } = this._policy.evaluate(state, now, ctx.cost, finalLimitBehavior === 'enqueue');
+            if (decision.kind === 'deny') {
+                this._logger.debug(`[DENY] [id: ${ctx.id}, key: ${ctx.key}] - Retry: +${decision.retryAt - now}ms`);
+                throw new RateLimitError(RateLimitErrorCode.LimitExceeded, decision.retryAt);
+            }
+            runAt = decision.kind === 'delay' ? decision.runAt : now;
+            storeTtlMs = Math.max(this._maxWindowSizeMs, runAt - now + this._maxWindowSizeMs);
+            await this._store.set(ctx.key, nextState, storeTtlMs);
+            this._printDebug(decision, nextState, now, ctx);
+        }
+        finally {
+            await this._store.releaseLock?.(ctx.key);
+        }
+        const finalMaxWaitMs = ctx.maxWaitMs ?? this._defaultMaxWaitMs;
+        const expiresAt = finalMaxWaitMs ? now + finalMaxWaitMs : undefined;
+        return await this._execute(fn, runAt, storeTtlMs, ctx, expiresAt);
+    }
+    _getDebugStateString(state) {
+        const result = [];
+        for (const [i, { used, reserved }] of state.entries()) {
+            const { windowMs, limit } = this._policy.policies[i];
+            result.push(`w/l: ${windowMs}/${limit}; u/r: ${used}/${reserved}`);
+        }
+        return result.join(', ');
+    }
+    _printDebug(decision, nextState, now, ctx) {
+        if (this._logger.minLevel < LogLevel.DEBUG) {
+            return;
+        }
+        const debugStateString = this._getDebugStateString(nextState);
+        if (decision.kind === 'delay') {
+            this._logger.debug(`[DELAY] [id: ${ctx.id}, key: ${ctx.key}] +${decision.runAt - now}ms - ${debugStateString}`);
+        }
+        else {
+            this._logger.debug(`[ALLOW] [id: ${ctx.id}, key: ${ctx.key}] - ${debugStateString}`);
+        }
+    }
+}

package/lib/limiters/fixed-window/fixed-window.options.js

@@ -0,0 +1 @@
+export {};

package/lib/limiters/fixed-window/fixed-window.policy.js

@@ -0,0 +1,120 @@
+import { validateCost } from '../../utils/validate-cost.js';
+/** @internal */
+export class FixedWindowPolicy {
+    _limit;
+    _windowMs;
+    _maxReserved;
+    constructor(_limit, _windowMs, _maxReserved = Number.POSITIVE_INFINITY) {
+        this._limit = _limit;
+        this._windowMs = _windowMs;
+        this._maxReserved = _maxReserved;
+        if (!Number.isSafeInteger(_limit) || _limit <= 0) {
+            throw new Error(`Invalid limit: ${_limit}. Must be a positive integer.`);
+        }
+        if (!Number.isSafeInteger(_windowMs) || _windowMs <= 0) {
+            throw new Error(`Invalid windowMs: ${_windowMs}. Must be a positive integer.`);
+        }
+        if (_maxReserved < 0 || (_maxReserved !== Number.POSITIVE_INFINITY && !Number.isSafeInteger(_maxReserved))) {
+            throw new Error(`Invalid maxReserved: ${_maxReserved}. Must be a positive integer or Infinity.`);
+        }
+    }
+    get limit() {
+        return this._limit;
+    }
+    get windowMs() {
+        return this._windowMs;
+    }
+    getInitialState() {
+        return { windowStart: 0, used: 0, reserved: 0 };
+    }
+    getStatus(state, now) {
+        const { windowStart, used, reserved } = this._syncState(state, now);
+        const windowEnd = windowStart + this._windowMs;
+        let nextAvailableAt;
+        if (used < this._limit) {
+            nextAvailableAt = windowStart;
+        }
+        else {
+            const blockedWindows = Math.floor((used + reserved) / this._limit);
+            nextAvailableAt = windowStart + blockedWindows * this._windowMs;
+        }
+        const windowsToClear = Math.ceil((used + reserved) / this._limit);
+        const resetAt = windowStart + Math.max(1, windowsToClear) * this._windowMs;
+        return {
+            windowStart,
+            windowEnd,
+            limit: this._limit,
+            used,
+            reserved,
+            remaining: Math.max(0, this._limit - used),
+            nextAvailableAt,
+            resetAt,
+        };
+    }
+    evaluate(state, now, cost, shouldReserve) {
+        validateCost(cost, this._limit);
+        const { windowStart, used, reserved } = this._syncState(state, now);
+        const currentTotal = used + cost;
+        if (reserved === 0 && currentTotal <= this._limit) {
+            return {
+                decision: { kind: 'allow' },
+                nextState: { windowStart, used: currentTotal, reserved: 0 },
+            };
+        }
+        if (shouldReserve) {
+            if (reserved + cost > this._maxReserved) {
+                const deficit = reserved + cost - this._maxReserved;
+                const windowsToWait = Math.ceil(deficit / this._limit);
+                const retryAt = windowStart + Math.max(1, windowsToWait) * this._windowMs;
+                return this._deny(windowStart, used, reserved, retryAt);
+            }
+            const totalItems = used + reserved + cost;
+            const windowIndex = Math.floor((totalItems - 1) / this._limit);
+            const runAt = windowStart + windowIndex * this._windowMs;
+            return {
+                decision: { kind: 'delay', runAt },
+                nextState: {
+                    windowStart,
+                    used,
+                    reserved: reserved + cost,
+                },
+            };
+        }
+        const windowsToWait = Math.ceil((used + reserved + cost - this._limit) / this._limit);
+        const retryAt = windowStart + Math.max(1, windowsToWait) * this._windowMs;
+        return this._deny(windowStart, used, reserved, retryAt);
+    }
+    revert(state, cost, now) {
+        let { used, reserved, windowStart } = this._syncState(state, now);
+        if (reserved >= cost) {
+            reserved -= cost;
+        }
+        else {
+            const remainder = cost - reserved;
+            reserved = 0;
+            used = Math.max(0, used - remainder);
+        }
+        return { windowStart, used, reserved };
+    }
+    _deny(start, used, reserved, retryAt) {
+        return {
+            decision: { kind: 'deny', retryAt },
+            nextState: { windowStart: start, used, reserved },
+        };
+    }
+    _syncState(state, now) {
+        const currentWindowStart = Math.max(Math.floor(now / this._windowMs) * this._windowMs, state.windowStart);
+        if (currentWindowStart <= state.windowStart) {
+            return state;
+        }
+        let { reserved } = state;
+        const windowsPassed = Math.floor((currentWindowStart - state.windowStart) / this._windowMs);
+        const burnableWindows = windowsPassed - 1;
+        if (burnableWindows > 0 && reserved > 0) {
+            reserved = Math.max(0, reserved - burnableWindows * this._limit);
+        }
+        const used = Math.min(reserved, this._limit);
+        reserved = Math.max(0, reserved - used);
+        return { windowStart: currentWindowStart, used, reserved };
+    }
+}

package/lib/limiters/fixed-window/fixed-window.state.js

@@ -0,0 +1 @@
+export {};

package/lib/limiters/fixed-window/fixed-window.status.js

@@ -0,0 +1 @@
+export {};

package/lib/limiters/fixed-window/index.js

@@ -0,0 +1 @@
+export { FixedWindowLimiter } from './fixed-window.limiter.js';