Stats
Actions
Tags
From acc
Generates PHP 8.4 rate limiter pattern with token bucket, sliding window, fixed window algorithms, Redis storage, and unit tests for API protection and request throttling.
How this skill is triggered — by the user, by Claude, or both
Slash command
/acc:create-rate-limiterThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Creates Rate Limiter pattern infrastructure for request throttling and API protection.
Creates Rate Limiter pattern infrastructure for request throttling and API protection.
| Scenario | Example |
|---|---|
| API protection | Prevent abuse |
| Resource throttling | Database connection limits |
| Fair usage | Per-user request limits |
| Burst protection | Spike handling |
Path: src/Infrastructure/Resilience/RateLimiter/
RateLimiterInterface.php — Common interfaceRateLimitResult.php — Result value object with headersRateLimitExceededException.php — Exception with retry infoStorageInterface.php — Storage abstractionChoose based on use case:
TokenBucketRateLimiter.php — For APIs with burst allowanceSlidingWindowRateLimiter.php — For strict per-time limitsFixedWindowRateLimiter.php — For simple rate limitingRedisStorage.php — Production storage with TTL{Algorithm}RateLimiterTest.php — Algorithm testsRateLimitResultTest.php — Result value object tests| Component | Path |
|---|---|
| All Classes | src/Infrastructure/Resilience/RateLimiter/ |
| Unit Tests | tests/Unit/Infrastructure/Resilience/RateLimiter/ |
| Component | Pattern | Example |
|---|---|---|
| Interface | RateLimiterInterface | RateLimiterInterface |
| Token Bucket | TokenBucketRateLimiter | TokenBucketRateLimiter |
| Sliding Window | SlidingWindowRateLimiter | SlidingWindowRateLimiter |
| Fixed Window | FixedWindowRateLimiter | FixedWindowRateLimiter |
| Result | RateLimitResult | RateLimitResult |
| Exception | RateLimitExceededException | RateLimitExceededException |
| Test | {ClassName}Test | TokenBucketRateLimiterTest |
interface RateLimiterInterface
{
public function attempt(string $key, int $tokens = 1): RateLimitResult;
public function getRemainingTokens(string $key): int;
public function getRetryAfter(string $key): ?int;
public function reset(string $key): void;
}
final readonly class RateLimitResult
{
public static function allowed(int $remaining, int $limit, \DateTimeImmutable $resetsAt): self;
public static function denied(int $limit, int $retryAfter, \DateTimeImmutable $resetsAt): self;
public function isAllowed(): bool;
public function isDenied(): bool;
public function toHeaders(): array; // X-RateLimit-* headers
}
// Create limiter
$limiter = new TokenBucketRateLimiter(
capacity: 100,
refillRate: 10.0, // 10 tokens per second
clock: $clock,
storage: new RedisStorage($redis)
);
// Check limit
$result = $limiter->attempt('user:123');
if ($result->isDenied()) {
throw new RateLimitExceededException(
key: 'user:123',
limit: $result->limit,
retryAfterSeconds: $result->retryAfterSeconds
);
}
// Add headers to response
foreach ($result->toHeaders() as $name => $value) {
$response = $response->withHeader($name, (string) $value);
}
| Algorithm | Burst Handling | Memory | Precision | Use Case |
|---|---|---|---|---|
| Token Bucket | Good (configurable) | Low | Medium | APIs with burst allowance |
| Sliding Window | Limited | High | High | Strict per-time limits |
| Fixed Window | Poor (boundary issues) | Low | Low | Simple rate limiting |
| Anti-pattern | Problem | Solution |
|---|---|---|
| No Redis/Shared Storage | Per-instance limits | Use shared storage |
| Missing Headers | Client can't adapt | Return X-RateLimit-* headers |
| Single Algorithm | Doesn't fit all cases | Choose per use case |
| No Retry-After | Client spams | Always return retry timing |
| Synchronous Blocking | Thread blocking | Use non-blocking check |
For complete PHP templates and examples, see:
references/templates.md — All algorithm implementationsreferences/examples.md — Middleware example and testsnpx claudepluginhub dykyi-roman/awesome-claude-code --plugin accCovers rate limiting algorithms like token bucket, leaky bucket, fixed/sliding windows, and distributed patterns for API throttling and quotas.
Implements API rate limiting with sliding windows, token buckets, quotas using Redis and libraries for Node.js, Python/FastAPI, Java. Protects endpoints from excessive requests with headers and 429 responses.
Controls request throughput with token bucket, sliding window, and fixed window algorithms to protect APIs from abuse, enforce usage quotas, and prevent service overload using Redis.