Skip to content

feat(governance): per-token query rate limiting & quotas #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xe-nvdk merged 1 commit into from
Feb 9, 2026
Merged

feat(governance): per-token query rate limiting & quotas #191

xe-nvdk merged 1 commit into from
Feb 9, 2026

Conversation

@xe-nvdk
Copy link
Member

@xe-nvdk xe-nvdk commented Feb 9, 2026

Summary

  • Per-token sliding window rate limiting (requests/min, requests/hour) with HTTP 429 + Retry-After header
  • Per-token query quotas (max queries/hour, max queries/day) with automatic hourly/daily reset
  • Per-token max rows per query — queries stop early and return partial results
  • Per-token timeout override — enforce shorter timeouts for specific tokens
  • Default policies via [governance] config — apply limits to all tokens without explicit policies
  • Management API at /api/v1/governance/ — CRUD policies + usage inspection (admin-only, license-gated)
  • 3 new Prometheus metrics: governance_rate_limited_total, governance_quota_exhausted_total, governance_policies_active
  • License-gated behind FeatureQueryGovernance (query_governance)
  • Also untracks docs/progress/ files per updated project instructions

Test plan

  • go build ./cmd/... ./internal/... passes
  • go test ./internal/governance/... -v — 28/28 tests pass (sliding window, quota tracker, manager CRUD, enforcement, persistence)
  • Manual: start Arc with governance enabled + license, create policy with rate_limit_per_minute=5, fire 6 queries, verify 6th returns 429
  • Verify governance API returns 403 without valid enterprise license
  • Verify queries execute normally when governance is disabled

@xe-nvdk
feat(governance): add per-token query rate limiting and quotas (Enter…
7318c2c 
…prise)

Per-token sliding window rate limiting (requests/min, requests/hour),
hourly/daily query quotas, max rows per query, and per-token timeout
overrides. License-gated behind `query_governance` feature with
management API at /api/v1/governance/.

Also untracks docs/progress/ files per updated CLAUDE.md instructions.
@xe-nvdk xe-nvdk merged commit 56b6f43 into main Feb 9, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xe-nvdk