halt-rate 0.1.0

package/dist/index.js

@@ -0,0 +1,782 @@
+'use strict';
+
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/core/policy.ts
+var KeyStrategy = /* @__PURE__ */ ((KeyStrategy2) => {
+  KeyStrategy2["IP"] = "ip";
+  KeyStrategy2["USER"] = "user";
+  KeyStrategy2["API_KEY"] = "api_key";
+  KeyStrategy2["COMPOSITE"] = "composite";
+  KeyStrategy2["CUSTOM"] = "custom";
+  return KeyStrategy2;
+})(KeyStrategy || {});
+var Algorithm = /* @__PURE__ */ ((Algorithm2) => {
+  Algorithm2["TOKEN_BUCKET"] = "token_bucket";
+  Algorithm2["FIXED_WINDOW"] = "fixed_window";
+  Algorithm2["SLIDING_WINDOW"] = "sliding_window";
+  Algorithm2["LEAKY_BUCKET"] = "leaky_bucket";
+  return Algorithm2;
+})(Algorithm || {});
+function normalizePolicy(policy) {
+  const normalized = {
+    name: policy.name,
+    limit: policy.limit,
+    window: policy.window,
+    algorithm: policy.algorithm ?? "token_bucket" /* TOKEN_BUCKET */,
+    keyStrategy: policy.keyStrategy ?? "ip" /* IP */,
+    burst: policy.burst ?? Math.floor(policy.limit * 1.2),
+    cost: policy.cost ?? 1,
+    blockDuration: policy.blockDuration ?? void 0,
+    keyExtractor: policy.keyExtractor ?? void 0,
+    exemptions: policy.exemptions ?? []
+  };
+  if (normalized.limit <= 0) {
+    throw new Error("limit must be positive");
+  }
+  if (normalized.window <= 0) {
+    throw new Error("window must be positive");
+  }
+  if (normalized.cost <= 0) {
+    throw new Error("cost must be positive");
+  }
+  if (normalized.burst < normalized.limit) {
+    throw new Error("burst must be >= limit");
+  }
+  return normalized;
+}
+
+// src/core/extractors.ts
+var extractors_exports = {};
+__export(extractors_exports, {
+  HEALTH_CHECK_PATHS: () => HEALTH_CHECK_PATHS,
+  extractApiKey: () => extractApiKey,
+  extractIp: () => extractIp,
+  extractPath: () => extractPath,
+  extractUserId: () => extractUserId,
+  isHealthCheck: () => isHealthCheck,
+  isPrivateIp: () => isPrivateIp
+});
+var HEALTH_CHECK_PATHS = /* @__PURE__ */ new Set([
+  "/health",
+  "/ping",
+  "/ready",
+  "/healthz",
+  "/livez"
+]);
+var PRIVATE_IP_PATTERNS = [
+  /^127\./,
+  /^10\./,
+  /^172\.(1[6-9]|2\d|3[01])\./,
+  /^192\.168\./,
+  /^::1$/,
+  /^fc00:/
+];
+function extractIp(request, trustedProxies = []) {
+  let clientIp = null;
+  if (request.socket?.remoteAddress) {
+    clientIp = request.socket.remoteAddress;
+  } else if (request.ip) {
+    clientIp = request.ip;
+  } else if (request.connection?.remoteAddress) {
+    clientIp = request.connection.remoteAddress;
+  }
+  if (!clientIp) {
+    return null;
+  }
+  clientIp = clientIp.replace(/^::ffff:/, "");
+  if (trustedProxies.length > 0 && isTrustedProxy(clientIp, trustedProxies)) {
+    const forwarded = getForwardedFor(request);
+    if (forwarded) {
+      return forwarded;
+    }
+  }
+  return clientIp;
+}
+function getForwardedFor(request) {
+  const headers = request.headers || {};
+  const forwarded = headers["x-forwarded-for"] || headers["X-Forwarded-For"];
+  if (forwarded) {
+    return forwarded.split(",")[0].trim();
+  }
+  return null;
+}
+function isTrustedProxy(ip, trustedProxies) {
+  return trustedProxies.some((proxy) => {
+    if (proxy.includes("/")) {
+      return ip.startsWith(proxy.split("/")[0].split(".").slice(0, -1).join("."));
+    }
+    return ip === proxy;
+  });
+}
+function isPrivateIp(ip) {
+  return PRIVATE_IP_PATTERNS.some((pattern) => pattern.test(ip));
+}
+function isHealthCheck(path) {
+  return HEALTH_CHECK_PATHS.has(path);
+}
+function extractUserId(request) {
+  if (request.user?.id) {
+    return String(request.user.id);
+  }
+  if (request.userId) {
+    return String(request.userId);
+  }
+  return null;
+}
+function extractApiKey(request) {
+  const headers = request.headers || {};
+  const apiKey = headers["x-api-key"] || headers["X-API-Key"] || headers["authorization"] || headers["Authorization"];
+  if (apiKey) {
+    if (apiKey.startsWith("Bearer ")) {
+      return apiKey.substring(7);
+    }
+    return apiKey;
+  }
+  return null;
+}
+function extractPath(request) {
+  if (request.nextUrl?.pathname) {
+    return request.nextUrl.pathname;
+  }
+  if (request.path) {
+    return request.path;
+  }
+  if (request.url) {
+    try {
+      const url = new URL(request.url, "http://localhost");
+      return url.pathname;
+    } catch {
+      return request.url;
+    }
+  }
+  return null;
+}
+
+// src/algorithms/token-bucket.ts
+var TokenBucket = class {
+  constructor(capacity, rate, window) {
+    this.capacity = capacity;
+    this.rate = rate / window;
+    this.window = window;
+  }
+  /**
+   * Check if request is allowed and consume tokens.
+   */
+  checkAndConsume(currentTokens, lastRefill, cost, now = Date.now() / 1e3) {
+    const elapsed = now - lastRefill;
+    const refillAmount = elapsed * this.rate;
+    const newTokens = Math.min(this.capacity, currentTokens + refillAmount);
+    const tokensNeeded = this.capacity - newTokens;
+    const resetAt = Math.floor(now + tokensNeeded / this.rate);
+    if (newTokens >= cost) {
+      const tokensAfterConsume = newTokens - cost;
+      const remaining = Math.floor(tokensAfterConsume);
+      return {
+        decision: {
+          allowed: true,
+          limit: Math.floor(this.rate * this.window),
+          remaining,
+          resetAt
+        },
+        newTokens: tokensAfterConsume,
+        newLastRefill: now
+      };
+    } else {
+      const tokensDeficit = cost - newTokens;
+      const retryAfter = Math.floor(tokensDeficit / this.rate) + 1;
+      return {
+        decision: {
+          allowed: false,
+          limit: Math.floor(this.rate * this.window),
+          remaining: 0,
+          resetAt,
+          retryAfter
+        },
+        newTokens,
+        newLastRefill: lastRefill
+        // Don't update last_refill on rejection
+      };
+    }
+  }
+  /**
+   * Get initial state for a new key.
+   */
+  initialState(now = Date.now() / 1e3) {
+    return {
+      tokens: this.capacity,
+      lastRefill: now
+    };
+  }
+};
+
+// src/algorithms/fixed-window.ts
+var FixedWindow = class {
+  constructor(limit, window) {
+    this.limit = limit;
+    this.window = window;
+  }
+  /**
+   * Check if request is allowed and increment counter.
+   */
+  checkAndConsume(currentCount, windowStart, cost, now = Date.now() / 1e3) {
+    const timeSinceStart = now - windowStart;
+    if (timeSinceStart >= this.window) {
+      currentCount = 0;
+      windowStart = now;
+    }
+    const resetAt = Math.floor(windowStart + this.window);
+    if (currentCount + cost <= this.limit) {
+      const newCount = currentCount + cost;
+      const remaining = this.limit - newCount;
+      return {
+        decision: {
+          allowed: true,
+          limit: this.limit,
+          remaining,
+          resetAt
+        },
+        newCount,
+        newWindowStart: windowStart
+      };
+    } else {
+      const retryAfter = Math.floor(resetAt - now) + 1;
+      return {
+        decision: {
+          allowed: false,
+          limit: this.limit,
+          remaining: 0,
+          resetAt,
+          retryAfter
+        },
+        newCount: currentCount,
+        newWindowStart: windowStart
+      };
+    }
+  }
+  /**
+   * Get initial state for a new key.
+   */
+  initialState(now = Date.now() / 1e3) {
+    return {
+      count: 0,
+      windowStart: now
+    };
+  }
+};
+
+// src/algorithms/sliding-window.ts
+var SlidingWindow = class {
+  constructor(limit, window, precision = 10) {
+    this.limit = limit;
+    this.window = window;
+    this.precision = precision;
+    this.bucketSize = window / precision;
+  }
+  /**
+   * Check if request is allowed and update buckets.
+   */
+  checkAndConsume(buckets, cost, now = Date.now() / 1e3) {
+    const currentBucket = Math.floor(now / this.bucketSize);
+    const cutoffBucket = currentBucket - this.precision;
+    const newBuckets = {};
+    for (const [bucketIdStr, count] of Object.entries(buckets)) {
+      const bucketId = parseInt(bucketIdStr, 10);
+      if (bucketId > cutoffBucket) {
+        newBuckets[bucketId] = count;
+      }
+    }
+    const totalCount = Object.values(newBuckets).reduce((sum, count) => sum + count, 0);
+    const bucketIds = Object.keys(newBuckets).map((id) => parseInt(id, 10));
+    const oldestBucket = bucketIds.length > 0 ? Math.min(...bucketIds) : currentBucket;
+    const resetAt = Math.floor((oldestBucket + this.precision + 1) * this.bucketSize);
+    if (totalCount + cost <= this.limit) {
+      newBuckets[currentBucket] = (newBuckets[currentBucket] || 0) + cost;
+      const remaining = this.limit - (totalCount + cost);
+      return {
+        decision: {
+          allowed: true,
+          limit: this.limit,
+          remaining,
+          resetAt
+        },
+        newBuckets
+      };
+    } else {
+      const retryAfter = Math.floor(this.bucketSize) + 1;
+      return {
+        decision: {
+          allowed: false,
+          limit: this.limit,
+          remaining: 0,
+          resetAt,
+          retryAfter
+        },
+        newBuckets
+      };
+    }
+  }
+  /**
+   * Get initial state for a new key.
+   */
+  initialState() {
+    return {};
+  }
+};
+
+// src/algorithms/leaky-bucket.ts
+var LeakyBucket = class {
+  constructor(capacity, leakRate, window) {
+    this.capacity = capacity;
+    this.leakRate = leakRate;
+    this.window = window;
+  }
+  /**
+   * Check if request is allowed and update bucket level.
+   */
+  checkAndConsume(currentLevel, lastLeak, cost, now = Date.now() / 1e3) {
+    const elapsed = now - lastLeak;
+    const leaked = elapsed * this.leakRate;
+    let newLevel = Math.max(0, currentLevel - leaked);
+    let resetAt;
+    if (newLevel > 0) {
+      const timeToEmpty = newLevel / this.leakRate;
+      resetAt = Math.floor(now + timeToEmpty);
+    } else {
+      resetAt = Math.floor(now);
+    }
+    if (newLevel + cost <= this.capacity) {
+      newLevel += cost;
+      const remaining = Math.floor(this.capacity - newLevel);
+      return {
+        decision: {
+          allowed: true,
+          limit: this.capacity,
+          remaining,
+          resetAt
+        },
+        newLevel,
+        newLastLeak: now
+      };
+    } else {
+      const spaceNeeded = newLevel + cost - this.capacity;
+      const retryAfter = Math.floor(spaceNeeded / this.leakRate) + 1;
+      return {
+        decision: {
+          allowed: false,
+          limit: this.capacity,
+          remaining: 0,
+          resetAt,
+          retryAfter
+        },
+        newLevel,
+        newLastLeak: now
+      };
+    }
+  }
+  /**
+   * Get initial state for a new key.
+   */
+  initialState(now = Date.now() / 1e3) {
+    return {
+      level: 0,
+      lastLeak: now
+    };
+  }
+};
+
+// src/core/limiter.ts
+var RateLimiter = class {
+  constructor(options) {
+    this.store = options.store;
+    this.policyOrResolver = options.policy;
+    this.trustedProxies = options.trustedProxies ?? [];
+    this.exemptPrivateIps = options.exemptPrivateIps ?? true;
+    this.algorithmCache = /* @__PURE__ */ new Map();
+    this.otelTracer = options.otelTracer;
+    this.metricsRecorder = options.metricsRecorder;
+  }
+  /**
+   * Check if request is allowed under rate limit.
+   */
+  /**
+   * Check if request is allowed under rate limit.
+   * This method is async because policy resolution may be async (e.g. DB lookup).
+   */
+  async check(request, cost) {
+    const resolved = typeof this.policyOrResolver === "function" ? await this.policyOrResolver(request) : this.policyOrResolver;
+    const policy = normalizePolicy(resolved);
+    const requestCost = cost ?? policy.cost;
+    if (this.isExempt(request, policy)) {
+      const resp = {
+        allowed: true,
+        limit: policy.limit,
+        remaining: policy.limit,
+        resetAt: Math.floor(Date.now() / 1e3 + policy.window)
+      };
+      this.metricsRecorder?.("halt.request.exempt", { policy: policy.name }, 1);
+      return resp;
+    }
+    const key = this.extractKey(request, policy);
+    if (!key) {
+      const resp = {
+        allowed: true,
+        limit: policy.limit,
+        remaining: policy.limit,
+        resetAt: Math.floor(Date.now() / 1e3 + policy.window)
+      };
+      this.metricsRecorder?.("halt.request.no_key", { policy: policy.name }, 1);
+      return resp;
+    }
+    const storageKey = `halt:${policy.name}:${key}`;
+    let algorithm = this.algorithmCache.get(policy.name);
+    if (!algorithm) {
+      if (policy.algorithm === "token_bucket" /* TOKEN_BUCKET */) {
+        algorithm = new TokenBucket(policy.burst, policy.limit, policy.window);
+      } else if (policy.algorithm === "fixed_window" /* FIXED_WINDOW */) {
+        algorithm = new FixedWindow(policy.limit, policy.window);
+      } else if (policy.algorithm === "sliding_window" /* SLIDING_WINDOW */) {
+        algorithm = new SlidingWindow(policy.limit, policy.window);
+      } else if (policy.algorithm === "leaky_bucket" /* LEAKY_BUCKET */) {
+        const leakRate = policy.limit / policy.window;
+        algorithm = new LeakyBucket(policy.burst, leakRate, policy.window);
+      } else {
+        throw new Error(`Algorithm ${policy.algorithm} not implemented`);
+      }
+      this.algorithmCache.set(policy.name, algorithm);
+    }
+    const span = this.otelTracer?.startSpan?.("halt.check", { attributes: { policy: policy.name, key } });
+    const state = this.store.get(storageKey);
+    let decision;
+    if (algorithm instanceof TokenBucket) {
+      let tokens;
+      let lastRefill;
+      if (!state) {
+        const initialState = algorithm.initialState();
+        tokens = initialState.tokens;
+        lastRefill = initialState.lastRefill;
+      } else {
+        tokens = state.tokens;
+        lastRefill = state.lastRefill;
+      }
+      const result = algorithm.checkAndConsume(tokens, lastRefill, requestCost);
+      decision = result.decision;
+      const ttl = policy.window * 2;
+      this.store.set(storageKey, { tokens: result.newTokens, lastRefill: result.newLastRefill }, ttl);
+    } else if (algorithm instanceof FixedWindow) {
+      let count;
+      let windowStart;
+      if (!state) {
+        const initialState = algorithm.initialState();
+        count = initialState.count;
+        windowStart = initialState.windowStart;
+      } else {
+        count = state.count;
+        windowStart = state.windowStart;
+      }
+      const result = algorithm.checkAndConsume(count, windowStart, requestCost);
+      decision = result.decision;
+      const ttl = policy.window * 2;
+      this.store.set(storageKey, { count: result.newCount, windowStart: result.newWindowStart }, ttl);
+    } else if (algorithm instanceof SlidingWindow) {
+      const buckets = state || algorithm.initialState();
+      const result = algorithm.checkAndConsume(buckets, requestCost);
+      decision = result.decision;
+      const ttl = policy.window * 2;
+      this.store.set(storageKey, result.newBuckets, ttl);
+    } else if (algorithm instanceof LeakyBucket) {
+      let level;
+      let lastLeak;
+      if (!state) {
+        const initialState = algorithm.initialState();
+        level = initialState.level;
+        lastLeak = initialState.lastLeak;
+      } else {
+        level = state.level;
+        lastLeak = state.lastLeak;
+      }
+      const result = algorithm.checkAndConsume(level, lastLeak, requestCost);
+      decision = result.decision;
+      const ttl = policy.window * 2;
+      this.store.set(storageKey, { level: result.newLevel, lastLeak: result.newLastLeak }, ttl);
+    } else {
+      throw new Error(`Algorithm ${typeof algorithm} not supported`);
+    }
+    this.metricsRecorder?.("halt.request.checked", { policy: policy.name, allowed: String(decision.allowed) }, 1);
+    if (decision.allowed) {
+      this.metricsRecorder?.("halt.request.allowed", { policy: policy.name }, 1);
+    } else {
+      this.metricsRecorder?.("halt.request.blocked", { policy: policy.name }, 1);
+    }
+    span?.end?.();
+    return decision;
+  }
+  /**
+   * Extract rate limit key from request based on policy strategy.
+   */
+  extractKey(request, policy) {
+    if (policy.keyExtractor) {
+      return policy.keyExtractor(request);
+    }
+    if (policy.keyStrategy === "ip" /* IP */) {
+      return extractIp(request, this.trustedProxies);
+    }
+    if (policy.keyStrategy === "user" /* USER */) {
+      return extractUserId(request);
+    }
+    if (policy.keyStrategy === "api_key" /* API_KEY */) {
+      return extractApiKey(request);
+    }
+    if (policy.keyStrategy === "composite" /* COMPOSITE */) {
+      const user = extractUserId(request);
+      const apiKey = extractApiKey(request);
+      const ip = extractIp(request, this.trustedProxies);
+      if (user && ip) {
+        return `${user}:${ip}`;
+      } else if (apiKey && ip) {
+        return `${apiKey}:${ip}`;
+      } else if (user) {
+        return user;
+      } else if (apiKey) {
+        return apiKey;
+      } else {
+        return ip;
+      }
+    }
+    return null;
+  }
+  /**
+   * Check if request is exempt from rate limiting.
+   */
+  isExempt(request, policy) {
+    const path = extractPath(request);
+    if (path && isHealthCheck(path)) {
+      return true;
+    }
+    if (path && (policy.exemptions ?? []).includes(path)) {
+      return true;
+    }
+    if (this.exemptPrivateIps) {
+      const ip2 = extractIp(request, this.trustedProxies);
+      if (ip2 && isPrivateIp(ip2)) {
+        return true;
+      }
+    }
+    const ip = extractIp(request, this.trustedProxies);
+    if (ip && (policy.exemptions ?? []).includes(ip)) {
+      return true;
+    }
+    return false;
+  }
+};
+
+// src/core/decision.ts
+function toHeaders(decision) {
+  const headers = {
+    "RateLimit-Limit": String(decision.limit),
+    "RateLimit-Remaining": String(Math.max(0, decision.remaining)),
+    "RateLimit-Reset": String(decision.resetAt)
+  };
+  if (!decision.allowed && decision.retryAfter !== void 0) {
+    headers["Retry-After"] = String(decision.retryAfter);
+  }
+  return headers;
+}
+
+// src/stores/memory.ts
+var InMemoryStore = class {
+  constructor() {
+    this.data = /* @__PURE__ */ new Map();
+  }
+  get(key) {
+    this.cleanupExpired(key);
+    const entry = this.data.get(key);
+    return entry?.value ?? null;
+  }
+  set(key, value, ttl) {
+    const entry = { value };
+    if (ttl !== void 0) {
+      entry.expiry = Date.now() + ttl * 1e3;
+    }
+    this.data.set(key, entry);
+  }
+  increment(key, delta = 1, ttl) {
+    this.cleanupExpired(key);
+    const entry = this.data.get(key);
+    const current = typeof entry?.value === "number" ? entry.value : 0;
+    const newValue = current + delta;
+    const newEntry = { value: newValue };
+    if (!entry && ttl !== void 0) {
+      newEntry.expiry = Date.now() + ttl * 1e3;
+    } else if (entry?.expiry) {
+      newEntry.expiry = entry.expiry;
+    }
+    this.data.set(key, newEntry);
+    return newValue;
+  }
+  delete(key) {
+    this.data.delete(key);
+  }
+  cleanupExpired(key) {
+    const entry = this.data.get(key);
+    if (entry?.expiry && Date.now() >= entry.expiry) {
+      this.data.delete(key);
+    }
+  }
+  /**
+   * Clean up all expired keys.
+   */
+  cleanupAllExpired() {
+    const now = Date.now();
+    let count = 0;
+    for (const [key, entry] of this.data.entries()) {
+      if (entry.expiry && now >= entry.expiry) {
+        this.data.delete(key);
+        count++;
+      }
+    }
+    return count;
+  }
+};
+
+// src/presets/index.ts
+var presets_exports = {};
+__export(presets_exports, {
+  AUTH_ENDPOINTS: () => AUTH_ENDPOINTS,
+  EXPENSIVE_OPS: () => EXPENSIVE_OPS,
+  GENEROUS_API: () => GENEROUS_API,
+  PLAN_BUSINESS: () => PLAN_BUSINESS,
+  PLAN_ENTERPRISE: () => PLAN_ENTERPRISE,
+  PLAN_FREE: () => PLAN_FREE,
+  PLAN_PRO: () => PLAN_PRO,
+  PLAN_STARTER: () => PLAN_STARTER,
+  PLAN_TIERS: () => PLAN_TIERS,
+  PUBLIC_API: () => PUBLIC_API,
+  STRICT_API: () => STRICT_API,
+  getPlanPolicy: () => getPlanPolicy
+});
+var PUBLIC_API = {
+  name: "public_api",
+  limit: 100,
+  window: 60,
+  // 1 minute
+  burst: 120,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "ip" /* IP */
+};
+var AUTH_ENDPOINTS = {
+  name: "auth_endpoints",
+  limit: 5,
+  window: 60,
+  // 1 minute
+  burst: 10,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "ip" /* IP */,
+  blockDuration: 300
+  // 5 minute cooldown after limit exceeded
+};
+var EXPENSIVE_OPS = {
+  name: "expensive_ops",
+  limit: 10,
+  window: 3600,
+  // 1 hour
+  burst: 15,
+  cost: 10,
+  // Each request costs 10 tokens
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var STRICT_API = {
+  name: "strict_api",
+  limit: 20,
+  window: 60,
+  // 1 minute
+  burst: 25,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "api_key" /* API_KEY */
+};
+var GENEROUS_API = {
+  name: "generous_api",
+  limit: 1e3,
+  window: 60,
+  // 1 minute
+  burst: 1200,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "ip" /* IP */
+};
+var PLAN_FREE = {
+  name: "free_plan",
+  limit: 100,
+  window: 3600,
+  // 100 requests per hour
+  burst: 120,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var PLAN_STARTER = {
+  name: "starter_plan",
+  limit: 500,
+  window: 3600,
+  // 500 requests per hour
+  burst: 600,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var PLAN_PRO = {
+  name: "pro_plan",
+  limit: 2e3,
+  window: 3600,
+  // 2000 requests per hour
+  burst: 2500,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var PLAN_BUSINESS = {
+  name: "business_plan",
+  limit: 5e3,
+  window: 3600,
+  // 5000 requests per hour
+  burst: 6e3,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var PLAN_ENTERPRISE = {
+  name: "enterprise_plan",
+  limit: 2e4,
+  window: 3600,
+  // 20000 requests per hour
+  burst: 25e3,
+  algorithm: "token_bucket" /* TOKEN_BUCKET */,
+  keyStrategy: "user" /* USER */
+};
+var PLAN_TIERS = {
+  free: PLAN_FREE,
+  starter: PLAN_STARTER,
+  pro: PLAN_PRO,
+  business: PLAN_BUSINESS,
+  enterprise: PLAN_ENTERPRISE
+};
+function getPlanPolicy(planName) {
+  const normalized = planName.toLowerCase();
+  if (!(normalized in PLAN_TIERS)) {
+    throw new Error(
+      `Invalid plan: ${planName}. Valid plans: ${Object.keys(PLAN_TIERS).join(", ")}`
+    );
+  }
+  return PLAN_TIERS[normalized];
+}
+
+exports.Algorithm = Algorithm;
+exports.InMemoryStore = InMemoryStore;
+exports.KeyStrategy = KeyStrategy;
+exports.RateLimiter = RateLimiter;
+exports.extractors = extractors_exports;
+exports.normalizePolicy = normalizePolicy;
+exports.presets = presets_exports;
+exports.toHeaders = toHeaders;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map