Skip to content
reaatechREAATECH

@reaatech/multi-tenant-mcp-rate-limiter

npm v0.1.0

Enforces per-tenant rate limits using a token-bucket algorithm via the `DefaultRateLimiter` class. It provides pluggable storage backends, including an LRU-bounded in-memory store and a Redis-backed store for distributed environments.

npm →source →

@reaatech/multi-tenant-mcp-rate-limiter

npm version License: MIT CI

Status: Pre-1.0 — APIs may change in minor versions. Pin to a specific version in production.

Per-tenant rate limiting with pluggable backends. Ships with in-memory (single-process) and Redis (distributed) stores.

Installation

terminal
npm install @reaatech/multi-tenant-mcp-rate-limiter
# or
pnpm add @reaatech/multi-tenant-mcp-rate-limiter

For the Redis store, install the optional peer:

terminal
pnpm add redis

Feature Overview

  • Fixed-window counters — Track requests per minute and tokens per minute independently.
  • LRU-bounded storage — Both built-in stores use BoundedMap internally; caller-controlled tenant IDs cannot exhaust memory.
  • Pluggable backends — Implement RateLimitStore for any storage (SQL, DynamoDB, etc.).

Quick Start

typescript
import {
  DefaultRateLimiter,
  MemoryRateLimitStore,
} from '@reaatech/multi-tenant-mcp-rate-limiter';
 
// In-memory (single-process)
const store = new MemoryRateLimitStore({
  requestsPerMinute: 100,
  tokensPerMinute: 10_000,
});
 
const limiter = new DefaultRateLimiter(store);
 
const result = await limiter.check('tenant-a', 42);
if (!result.allowed) {
  // throw MiddlewareError(MiddlewareErrorCode.RateLimitExceeded, ...)
}

Redis (distributed)

typescript
import { createClient } from 'redis';
import { DefaultRateLimiter, RedisRateLimitStore } from '@reaatech/multi-tenant-mcp-rate-limiter';
 
const redis = createClient({ url: process.env.REDIS_URL });
await redis.connect();
 
const store = new RedisRateLimitStore(redis, {
  requestsPerMinute: 200,
  tokensPerMinute: 50_000,
});
 
const limiter = new DefaultRateLimiter(store);

Exports

ExportKindDescription
RateLimiterInterfaceContract: check(tenantId, tokens?) → RateLimitResult
RateLimitStoreInterfaceContract for storage backends
RateLimitConfigInterfacePer-tenant quota: requestsPerMinute, tokensPerMinute
RateLimitResultInterfaceallowed, remainingRequests, remainingTokens, resetAt
DefaultRateLimiterClassToken-bucket engine; delegates counters to a RateLimitStore
MemoryRateLimitStoreClassIn-memory store with LRU eviction
RedisRateLimitStoreClassRedis-backed store for horizontal scaling (requires redis)

Related Packages

License

MIT

All packagesmulti-tenant-mcp overview