Skip to content

feat: implement user-based daily publish rate limiting (#21) #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implement user-based daily publish rate limiting (#21) #491

wants to merge 1 commit into from

Conversation

nagarwal-godaddy
Copy link

@nagarwal-godaddy nagarwal-godaddy commented Sep 16, 2025
edited
Loading

Motivation and Context

Issue #21

How Has This Been Tested?

  • All existing tests updated for new method signatures
  • New tests for concurrent requests, exemptions, and user-specific limits

Breaking Changes

N/A

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

  • Rate limit by authenticated user authMethodSubject based off of wip: daily publish limits #378
  • Admin bypass via hasGlobalPermissions parameter from auth handler
  • Atomic database operations with separate publish_attempts table
  • Integrated rate limiting directly into registry service
  • Support for rate limit exemptions with wildcard patterns
  • Comprehensive test coverage including concurrent request handling

Configuration:

  • MCP_REGISTRY_RATE_LIMIT_ENABLED: Enable/disable rate limiting (default: true)
  • MCP_REGISTRY_RATE_LIMIT_PER_DAY: Daily publish limit per user (default: 10)
  • MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS: Comma-separated exempt users/patterns

Database changes:

  • New table: publish_attempts tracking auth_method_subject instead of namespace
  • Atomic check-and-increment operation prevents race conditions

@nagarwal-godaddy nagarwal-godaddy force-pushed the feature/issue-21-daily-publish-limits branch 2 times, most recently from e2cf510 to 547242e Compare September 16, 2025 07:37
feat: implement user-based daily publish rate limiting (modelcontextp…
aa84790 
…rotocol#21)

- Rate limit by authenticated user (authMethodSubject) instead of namespace
- Admin bypass via hasGlobalPermissions parameter from auth handler
- Atomic database operations with separate publish_attempts table
- Integrated rate limiting directly into registry service
- Support for rate limit exemptions with wildcard patterns
- Comprehensive test coverage including concurrent request handling

Configuration:
- MCP_REGISTRY_RATE_LIMIT_ENABLED: Enable/disable rate limiting (default: true)
- MCP_REGISTRY_RATE_LIMIT_PER_DAY: Daily publish limit per user (default: 10)
- MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS: Comma-separated exempt users/patterns

Database changes:
- New table: publish_attempts tracking auth_method_subject instead of namespace
- Atomic check-and-increment operation prevents race conditions

Testing:
- All existing tests updated for new method signatures
- New tests for concurrent requests, exemptions, and user-specific limits
@nagarwal-godaddy nagarwal-godaddy force-pushed the feature/issue-21-daily-publish-limits branch from 547242e to aa84790 Compare September 16, 2025 07:58
@nagarwal-godaddy
Copy link
Author

@domdomegg @tadasant I put together these changes based on #21 and an earlier PR #378 for reference. I’d love to start contributing to the project, and this seemed like a good place to begin since it hadn’t had much recent discussion.

Happy to adjust and work through updates once you’ve had a chance to review, looking forward to your feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nagarwal-godaddy