Skip to content

Add client-side rate limiting for AI API calls #91

Description

@sfloess

Part of #32: Security Hardening - API Key Storage and Input Sanitization

Scope

Implement client-side rate limiting to prevent accidental API quota exhaustion and protect against runaway request loops.

What to do

  • Implement a token-bucket or sliding-window rate limiter in the ai/common module (or each client if common module does not yet exist)
  • Configure per-provider default rate limits based on documented API limits
  • Make rate limits configurable in the settings panel
  • When rate limit is hit, queue the request or show a user notification with estimated wait time
  • Add a cooldown mechanism for rapid repeated failures (exponential backoff)

Acceptance criteria

  • Each AI client enforces a configurable requests-per-minute limit
  • Rate limit hits produce a user-visible notification (not a silent failure)
  • Default limits are set conservatively per provider
  • Rapid-fire clicking "Send" does not flood the API

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions