Documentation / @agentick/mcp / slidingWindowLimiter
Function: slidingWindowLimiter()
slidingWindowLimiter(
options):RateLimiter
Defined in: server/security/stages.ts:280
In-memory sliding-window rate limiter. Tracks request timestamps per key, trims entries older than windowMs, and rejects when the window count exceeds max.
typescript
slidingWindowLimiter({
windowMs: 60_000,
max: 100,
keyFn: (ctx, op) => `${ctx.user?.id ?? "anon"}:${op.name ?? op.type}`,
});For distributed rate limiting, replace this with a Redis-backed limiter that implements the same RateLimiter function signature.
Memory characteristics: O(max × active_keys) — each key retains at most max timestamps. Inactive keys are garbage-collected on the next request for a new key after windowMs * 2 of inactivity (lazy cleanup to avoid a background sweeper).