Skip to content

fix(annotator): correct rate-limiter to 5000/hr and drop redundant bucket (#230)#248

Merged
williamzujkowski merged 1 commit into
mainfrom
fix/rate-limiter-overissue-230
Jun 30, 2026
Merged

fix(annotator): correct rate-limiter to 5000/hr and drop redundant bucket (#230)#248
williamzujkowski merged 1 commit into
mainfrom
fix/rate-limiter-overissue-230

Conversation

@williamzujkowski

Copy link
Copy Markdown
Collaborator

Summary

Both the CourtListenerClient and the Annotator constructed a TokenBucket with refillRate: Math.ceil(5000/3600) = 2 per 1000ms — a sustained 7200 req/hr, ~44% over CourtListener's documented 5000/hr cap. The two buckets also double-limited the same HTTP calls, since every request flows through the client.

Fix

  • COURTLISTENER_RATE_LIMITER (new constant): refills 1 token every floor(3,600,000 / 5000) = 720ms = exactly 5000/hr, with capacity = 5000 for burst. The client uses it.
  • Remove the Annotator's redundant bucket — its field, constructor option, and the tryConsume/waitAndConsume check in annotateSection. The client is the sole HTTP choke point, so one correctly-configured limiter is sufficient (and removes double-limiting).

Tests

client.test.ts: asserts the config sustains exactly RATE_LIMIT_PER_HOUR/hour (the old refillRate:2/1000ms computes to 7200 and fails this) and caps burst at the hourly limit.

Annotator package: lint, typecheck, 118 tests green.

Closes #230

…cket (#230)

The client and the Annotator each built a TokenBucket with
refillRate=ceil(5000/3600)=2 per 1000ms — a sustained 7200 req/hr, ~44% over
CourtListener's documented 5000/hr cap. And the two buckets double-limited the
same HTTP calls, since every request goes through the client.

- Add COURTLISTENER_RATE_LIMITER: 1 token every floor(3,600,000/5000)=720ms =
  exactly 5000/hr, capacity 5000 for burst. Used by the client.
- Remove the Annotator's redundant TokenBucket (field, option, and the
  tryConsume/waitAndConsume check in annotateSection) — the client is the sole
  HTTP choke point, so one correctly-configured bucket enforces the limit.

Adds a test asserting the config sustains exactly RATE_LIMIT_PER_HOUR/hour
(the old config computes to 7200 and fails it).

Closes #230

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@williamzujkowski williamzujkowski requested a review from a team as a code owner June 30, 2026 01:55
@williamzujkowski williamzujkowski merged commit 8d21c41 into main Jun 30, 2026
3 checks passed
@williamzujkowski williamzujkowski deleted the fix/rate-limiter-overissue-230 branch June 30, 2026 02:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

security(annotator): rate limiter over-issues ~7200 req/hr vs documented 5000/hr cap, plus redundant double TokenBucket

1 participant