Skip to content

feat(daemon): wildcard '*' bypass for rate-limit whitelists (PILOT-343/344/345)#226

Merged
TeoSlayer merged 4 commits into
mainfrom
fix/pilot-342-345-wildcard-bypass
Jun 7, 2026
Merged

feat(daemon): wildcard '*' bypass for rate-limit whitelists (PILOT-343/344/345)#226
TeoSlayer merged 4 commits into
mainfrom
fix/pilot-342-345-wildcard-bypass

Conversation

@TeoSlayer

Copy link
Copy Markdown
Collaborator

Adds wildcard token (* or all) to each rate-limit whitelist env. When present, every source bypasses the rate limit regardless of the rest of the list — for service-agent boxes that should accept all callers without rate-limiting.

Hot path: each whitelist has a separate atomic.Bool that's checked before the existing map lookup, so wildcard mode is one atomic load per packet. Empty whitelist + wildcard=false preserves existing behaviour.

Service-agent deploy: PILOT_SYN_WHITELIST=*, PILOT_REPLY_WHITELIST=*, PILOT_REKEY_WHITELIST=* — that's the whole config.

@TeoSlayer TeoSlayer requested a review from Alexgodoroja as a code owner June 7, 2026 07:57
@TeoSlayer TeoSlayer merged commit 9189a23 into main Jun 7, 2026
8 checks passed
@TeoSlayer TeoSlayer deleted the fix/pilot-342-345-wildcard-bypass branch June 7, 2026 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant