feat: dogfood our aws api for ratelimiting

[chronark]

Summary by CodeRabbit

• Bug Fixes

  • Corrected property references and improved error handling for rate limit operations.
  • Updated documentation links for clarity.

• New Features

  • Added an optional override identifier field to rate limit responses.

• Chores

  • Updated dependency version for improved compatibility.
  • Adjusted TypeScript configuration for better bundler support.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
dashboard	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 17, 2025 8:16am
engineering	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 17, 2025 8:16am
play	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 17, 2025 8:16am
www	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 17, 2025 8:16am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 80b063e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

This set of changes updates the ratelimit package to use the latest pre-release version of the @unkey/api dependency, corrects property names from plural to singular (ratelimits to ratelimit), and updates the Unkey instance initialization parameter from baseUrl to serverURL. The error handling in the rate limiting logic is refactored to use explicit promise chains and error type checks. Additionally, the RatelimitResponse type is extended with an optional overrideId property, and the TypeScript module resolution is switched to "bundler". Documentation comments are also updated with a new URL.

Changes

File(s)	Change Summary
packages/ratelimit/package.json	Updated @unkey/api dependency from ^0.35.0 to 2.0.0-alpha.7.
packages/ratelimit/src/overrides.ts	Updated documentation URL; changed Unkey constructor param from baseUrl to serverURL; fixed property names from ratelimits to ratelimit.
packages/ratelimit/src/ratelimit.ts	Added APIError import; changed Unkey constructor param; fixed property name; refactored promise and error handling in _limit method.
packages/ratelimit/src/types.ts	Added optional overrideId property to RatelimitResponse type.
packages/ratelimit/tsconfig.json	Changed moduleResolution from "node" to "bundler".

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Ratelimit
    participant UnkeyAPI

    Client->>Ratelimit: Request rate limit check
    Ratelimit->>UnkeyAPI: Call ratelimit.limit()
    UnkeyAPI-->>Ratelimit: Response or error
    alt Success
        Ratelimit-->>Client: Return res.data (possibly with overrideId)
    else APIError
        Ratelimit-->>Client: Throw formatted Error with status, message, body
    else Other error
        Ratelimit-->>Client: Throw generic error
    end

Loading

Possibly related PRs

• feat: override methods in sdk #2668: Updates the ratelimit package to use the singular ratelimit property and adjusts override-related method calls, directly relating to property and method changes in this PR.
• feat: Add override methods and docs #2728: Modifies the overrides implementation in the ratelimit package and adds new override methods, relating to the override handling and method updates in this PR.

Suggested reviewers

• perkinsjr
• mcstepp

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Thank you for following the naming conventions for pull request titles! 🙏

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

packages/ratelimit/src/ratelimit.ts (1)

89-92: ⚠️ Potential issue

Documentation example appears incorrect

The example for "Rejecting the request" shows the same implementation as "Letting requests pass" - both return success: true. One of these should likely return success: false.

  * @example Rejecting the request
  * ```ts
- *   onError: () => ({ success: true, limit: 0, remaining: 0, reset: 0 })
+ *   onError: () => ({ success: false, limit: 0, remaining: 0, reset: 0 })
  * ```

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 04b5a15 and 85fa225.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• packages/ratelimit/package.json (1 hunks)
• packages/ratelimit/src/overrides.ts (2 hunks)
• packages/ratelimit/src/ratelimit.ts (4 hunks)
• packages/ratelimit/src/types.ts (1 hunks)
• packages/ratelimit/tsconfig.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (20)

• GitHub Check: Test Packages / Test ./internal/encryption
• GitHub Check: Test Packages / Test ./packages/cache
• GitHub Check: Test Packages / Test ./packages/api
• GitHub Check: Test Packages / Test ./packages/nextjs
• GitHub Check: Test Packages / Test ./internal/clickhouse
• GitHub Check: Test Go API Local / Test (Shard 1/8)
• GitHub Check: Test Packages / Test ./internal/resend
• GitHub Check: Test Go API Local / Test (Shard 4/8)
• GitHub Check: Test Packages / Test ./packages/hono
• GitHub Check: Test Packages / Test ./packages/rbac
• GitHub Check: Test Go API Local / Test (Shard 3/8)
• GitHub Check: Test Packages / Test ./internal/hash
• GitHub Check: Test Packages / Test ./apps/dashboard
• GitHub Check: Test Packages / Test ./internal/id
• GitHub Check: Test Packages / Test ./internal/billing
• GitHub Check: Test Agent Local / test_agent_local
• GitHub Check: Test API / API Test Local
• GitHub Check: Build / Build
• GitHub Check: autofix
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (9)

packages/ratelimit/package.json (1)

29-29:

Details

❓ Verification inconclusive

Note the use of a pre-release version for a production dependency.

You've updated to a pre-release alpha version (2.0.0-alpha.7) of @unkey/api without using a caret range. While this ensures compatibility with the specific changes you've made to accommodate the new API, be aware that:

1. This locks you to this exact alpha version
2. Pre-release versions may contain breaking changes or unstable features

Consider whether you should:

1. Pin to this exact version if you need these specific features and have tested them thoroughly
2. Use a caret range once a stable 2.0.0 is released

---

🌐 Web query:

Is @unkey/api version 2.0.0 stable or still in alpha/beta?

💡 Result:

@unkey/api version 2.0.0 is not stable and is still in alpha. The latest published version is 2.0.0-alpha.6, as indicated on the npm package page, and the maintainers explicitly state: "This SDK is not yet ready for production use" as of April 15, 2025[1][6].

Only alpha versions of 2.0.0 have been released so far (e.g., 2.0.0-alpha.1, 2.0.0-alpha.2, 2.0.0-alpha.5, 2.0.0-alpha.6), and there is no indication of a stable or general availability (GA) release[2][6].

Summary Table

Version	Status	Production-Ready?	Release Notes/Warnings
2.0.0-alpha.6	Alpha	No	"Not yet ready for production use"[1][6]

For production systems, you should wait for a stable (non-alpha/beta) release.

Citations:

• 1: https://npmjs.com/package/@unkey/api
• 2: https://www.npmjs.com/package/@unkey/api/v/0.10.3?activeTab=versions
• 3: https://www.unkey.com
• 4: https://github.com/unkeyed/speakeasy/blob/main/gen.yaml
• 5: https://www.unkey.com/changelog/2023-12-15
• 6: https://www.npmjs.com/package/@unkey/api
• 7: https://www.prisma.io/llms-full.txt
• 8: https://www.unkey.com/docs/api-reference/overview
• 9: https://www.unkey.com/changelog
• 10: https://tv.algora.io/algora/8540?t=83

---

Attention: Verify Pre-Release Dependency Usage

In packages/ratelimit/package.json on line 29, you’ve pinned @unkey/api to version 2.0.0-alpha.7. Note that according to the npm package page, all available versions of @unkey/api are still in alpha—with the latest published version being 2.0.0-alpha.6 and a clear indication that the SDK is not yet production-ready.

• Using this pre-release dependency in production carries inherent risks, as alpha versions can include unstable or breaking changes.
• The pinned version (alpha.7) does not match the latest published alpha (alpha.6); please verify that this discrepancy is intentional (e.g., a custom build or early access) and that it has been thoroughly tested.
• Consider either sticking with the published alpha version until a stable release is available or employing a caret range once version 2.0.0 reaches general availability.

packages/ratelimit/src/types.ts (1)

32-36: LGTM: Appropriate type extension with proper documentation.

The addition of the optional overrideId property to the RatelimitResponse type is well-documented and maintains backward compatibility since it's optional.

packages/ratelimit/tsconfig.json (1)

31-31:

Details

❓ Verification inconclusive

Verify moduleResolution compatibility with consumers.

Changing from "node" to "bundler" moduleResolution may affect how imports are resolved. The "bundler" option is relatively new in TypeScript and optimized for modern bundlers.

Consider potential compatibility issues:

1. Users with older TypeScript versions might encounter errors
2. Module resolution behavior differences could affect package consumers

---

🏁 Script executed:

#!/bin/bash
# Check minimum TypeScript version that supports "bundler" moduleResolution
npm info typescript@* version | grep -E "4\.[7-9]\.|5\." | head -n 1

Length of output: 78

---

Action Required – Confirm Consumer Compatibility with "bundler" Module Resolution

The updated tsconfig change sets "moduleResolution": "bundler", which is only supported in TypeScript version 5.8.3 and above. Please verify that all consumers of this package are using TypeScript 5.8.3 or later. Also, double-check that the resolution behavior differences between "node" and "bundler" do not introduce any subtle import resolution issues for consumers.

• File: packages/ratelimit/tsconfig.json (Line 31)
• Key Point: Minimum supported TypeScript version for "bundler" is 5.8.3 (as verified).
• Action: Confirm that users with older TypeScript versions are not affected or update peer dependency requirements accordingly.

packages/ratelimit/src/overrides.ts (2)

10-10: Documentation URL updated correctly.

URL has been updated from unkey.dev to app.unkey.com which aligns with the current product domain.

---

28-28: API property name consistently updated.

The property has been correctly updated from plural ratelimits to singular ratelimit in all four methods, aligning with the changes in the Unkey API.

Also applies to: 31-31, 34-34, 37-37

packages/ratelimit/src/ratelimit.ts (4)

2-2: Added import for better error handling

The import of APIError allows for type-specific error handling in the refactored promise chain.

---

172-172: API method name updated from plural to singular

Updated from ratelimits to ratelimit to align with the latest Unkey API convention.

---

180-191: Improved error handling with explicit promise chain

The refactored promise handling is more robust and provides better error messages by:

1. Using proper promise chaining with .then() and .catch()
2. Specifically handling APIError instances with detailed error information
3. Providing fallback error handling for other error types

This is a significant improvement over the previous implementation which likely used conditional checks on res.error.

---

7-119: Documentation URLs should be updated

Line 14 references "https://unkey.dev/app/settings/root-keys" but according to the PR title "feat: dogfood our aws api for ratelimiting", you might be moving to a new API. Verify if this documentation URL is still accurate.