Skip to content

feat: add rate limiting and metrics (Issues #6, #3) #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
avrabe merged 1 commit into from
Jan 17, 2026
Merged

feat: add rate limiting and metrics (Issues #6, #3) #34

avrabe merged 1 commit into from
Jan 17, 2026

Conversation

@avrabe
Copy link
Contributor

@avrabe avrabe commented Jan 17, 2026

Summary

Implements both remaining open issues in a single PR:

Rate Limiting (Issue #6)

  • RateLimiter with sliding window algorithm
  • RetryPolicy with exponential backoff
  • Server rate limit header parsing (X-RateLimit-*, Retry-After)
  • Default limits: Fulcio 10/min, Rekor 20/min, OIDC 5/min
  • New error variants: RateLimitExceeded, RateLimitedByServer

Metrics (Issue #3)

  • SigningMetrics with atomic counters
  • LabeledCounter for failure tracking by reason
  • Histogram for latency percentiles
  • Prometheus exposition format export
  • Global metrics instance via global_metrics()

Design Decisions

  • No external dependencies - uses only std (atomic counters, HashMap)
  • Lightweight - ~800 lines total, well-documented
  • Thread-safe - all types are Send + Sync
  • Prometheus-compatible - standard exposition format

Test plan

  • Rate limiter unit tests (window, blocking, reset)
  • Retry policy tests (backoff calculation, caps)
  • Metrics counter tests
  • Histogram tests
  • Prometheus export format tests
  • All 523 existing tests pass

Closes #6
Closes #3

@avrabe
feat: add rate limiting and metrics (Issues #6, #3)
0b65cdd 
Rate limiting (Issue #6):
- RateLimiter with sliding window algorithm
- RetryPolicy with exponential backoff
- Server rate limit header parsing (X-RateLimit-*, Retry-After)
- Default limits: Fulcio 10/min, Rekor 20/min, OIDC 5/min
- New error variants: RateLimitExceeded, RateLimitedByServer

Metrics (Issue #3):
- SigningMetrics with atomic counters for signing/validation
- LabeledCounter for failure tracking by reason
- Histogram for latency percentiles
- Prometheus exposition format export
- Global metrics instance for easy integration

Both modules are lightweight (std only) and well-tested.
@avrabe avrabe merged commit efd3689 into main Jan 17, 2026
9 checks passed
@avrabe avrabe deleted the feat/rate-limiting-and-metrics branch January 17, 2026 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@avrabe