DR-6663 Added rate limiter to create import

[aidankmcalister]

Summary by CodeRabbit

• New Features
  • Rate limiting now applied to programmatic database creation (5 requests per 60 seconds)
  • Improved rate limit error responses with detailed information including retry timing and usage metrics

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	claim-db-worker	46b9bf2	Commit Preview URL Branch Preview URL	Dec 28 2025, 05:30 PM

[coderabbitai]

Walkthrough

This change introduces programmatic-specific rate limiting for database creation. A new optional source parameter ("programmatic" | "cli") is threaded through the client library to distinguish creation origins. The worker applies rate limiting (5 requests per 60 seconds per IP) for programmatic requests, and enhanced error handling parses rate-limit responses to return structured limit information.

Changes

Cohort / File(s)	Summary
Type Definitions create-db/src/types.ts	Added optional rateLimitInfo property to DatabaseError interface with fields for retryAfterMs, currentCount, and maxRequests.
Source Parameter Threading create-db/src/index.ts, create-db/src/database.ts	Added optional source?: "programmatic" | "cli" parameter to distinguish creation origins; programmatic paths supply source = "programmatic" while CLI paths use default "cli"; updated createDatabaseCore to forward source in worker payload.
Rate Limit Error Handling create-db/src/database.ts	Extended 429 response handling to parse RATE_LIMIT_EXCEEDED errors and return structured result with rateLimitInfo object; preserves fallback to generic 429 handling if parsing fails.
Worker Rate Limiting Configuration & Implementation create-db-worker/wrangler.jsonc, create-db-worker/src/index.ts	Added PROGRAMMATIC_RATE_LIMITER binding (5 req/60s); implemented programmatic-specific rate limiting in /create flow that keys by client IP, returns 429 with detailed error on limit exceeded, and 503 on limiter errors.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Rate limiting logic in create-db-worker/src/index.ts — Verify correct IP-based key generation, proper error code responses (429 vs. 503), and Retry-After header compliance.
• Error parsing in create-db/src/database.ts — Ensure RATE_LIMIT_EXCEEDED parsing logic correctly extracts rateLimitInfo and gracefully falls back to generic handling on parse failure.
• Type safety of rateLimitInfo — Confirm optional property and nested object structure are handled correctly downstream.

Possibly related PRs

• fix: add ratelimiting key #57 — Modifies rate-limiting logic to key by client IP address; directly overlaps with the programmatic rate limiter implementation in this PR.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding rate limiting functionality to the create database import feature. It directly corresponds to the primary objective of this PR.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Preview CLIs & Workers are live!

Test the CLIs locally under tag pr73-DR-6663-rate-limiting-import-20324781629:

npx create-db@pr73
npx create-pg@pr73
npx create-postgres@pr73

Worker URLs
• Create-DB Worker: https://create-db-temp.prisma.io
• Claim-DB Worker: https://create-db.prisma.io

These will live as long as this PR exists under tag pr73-DR-6663-rate-limiting-import-20324781629.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

create-db/src/rate-limiter.ts (2)

21-37: Consider clarifying method name to reflect side effect.

The checkLimit() method both checks the limit AND records the request (line 35). While this works correctly for the use case, the name suggests it's read-only. Consider renaming to make the side effect explicit, e.g., tryAcquire() or checkAndRecord().

This is a minor naming concern and doesn't affect correctness.

---

21-37: Consider extracting duplicate cleanup logic.

The request cleanup logic is duplicated between checkLimit() (lines 25-27) and getCurrentCount() (lines 63-65). Consider extracting this into a private method:

🔎 View refactoring suggestion

+  /**
+   * Remove expired requests from tracking
+   * @private
+   */
+  private cleanupExpiredRequests(): void {
+    const now = Date.now();
+    this.requests = this.requests.filter(
+      (record) => now - record.timestamp < WINDOW_MS
+    );
+  }
+
   checkLimit(): boolean {
-    const now = Date.now();
-
-    // Remove expired requests outside the time window
-    this.requests = this.requests.filter(
-      (record) => now - record.timestamp < WINDOW_MS
-    );
+    this.cleanupExpiredRequests();

     // Check if we've exceeded the limit
     if (this.requests.length >= MAX_REQUESTS) {
       return false;
     }

     // Add this request to the tracking
-    this.requests.push({ timestamp: now });
+    this.requests.push({ timestamp: Date.now() });
     return true;
   }

   getCurrentCount(): number {
-    const now = Date.now();
-    this.requests = this.requests.filter(
-      (record) => now - record.timestamp < WINDOW_MS
-    );
+    this.cleanupExpiredRequests();
     return this.requests.length;
   }

Also applies to: 61-67

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c2dec54 and c0b1b65.

📒 Files selected for processing (4)

• create-db/__tests__/rate-limiter.test.ts (1 hunks)
• create-db/src/index.ts (2 hunks)
• create-db/src/rate-limiter.ts (1 hunks)
• create-db/src/types.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

create-db/src/index.ts (1)

create-db/src/rate-limiter.ts (1)

• globalRateLimiter (84-84)

create-db/__tests__/rate-limiter.test.ts (1)

create-db/src/rate-limiter.ts (1)

• globalRateLimiter (84-84)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Workers Builds: create-db-worker
• GitHub Check: Workers Builds: claim-db-worker

🔇 Additional comments (4)

create-db/src/types.ts (1)

57-61: LGTM!

The rateLimitInfo property addition is well-structured and appropriately optional. The fields clearly convey retry timing and limit context for rate-limited errors.

create-db/src/index.ts (2)

35-35: LGTM!

The import is clean and brings in the global rate limiter instance for use in the create function.

---

394-410: Verify per-process rate limiting is acceptable for your deployment model.

The rate limit check is correctly positioned and the error response is well-structured. However, note that the in-memory rate limiter is per-process—if multiple instances run concurrently (e.g., in a cluster, serverless functions, or containers), each maintains its own independent limit.

For a CLI tool, this is typically acceptable. But if create() is called from long-running services or serverless environments with multiple instances, users could exceed the intended global limit.

Consider whether distributed rate limiting (e.g., Redis-based) is needed for your deployment scenarios, or document the per-process limitation clearly.

create-db/src/rate-limiter.ts (1)

1-84: LGTM! Well-designed rate limiter with correct concurrency handling.

The implementation is solid:

• ✓ Synchronous methods are safe in Node.js's single-threaded event loop (no race conditions)
• ✓ Fixed limits as documented (security feature)
• ✓ Clean API with clear method responsibilities
• ✓ Correct window-based rate limiting logic

The per-process, in-memory design is appropriate for a CLI tool. Note that this won't enforce limits across multiple running instances, which is acceptable for the use case.

[github-actions]

✅ Preview CLIs & Workers are live!

Test the CLIs locally under tag pr73-DR-6663-rate-limiting-import-20341570038:

npx create-db@pr73
npx create-pg@pr73
npx create-postgres@pr73

Worker URLs
• Create-DB Worker: https://create-db-temp.prisma.io
• Claim-DB Worker: https://create-db.prisma.io

These will live as long as this PR exists under tag pr73-DR-6663-rate-limiting-import-20341570038.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0b1b65 and 46b9bf2.

📒 Files selected for processing (4)

• create-db-worker/src/index.ts (3 hunks)
• create-db-worker/wrangler.jsonc (1 hunks)
• create-db/src/database.ts (3 hunks)
• create-db/src/index.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

create-db/src/index.ts (1)

create-db/src/database.ts (1)

• createDatabaseCore (12-154)

create-db-worker/src/index.ts (2)

claim-db-worker/worker-configuration.d.ts (1)

• env (6913-6913)

create-db-worker/worker-configuration.d.ts (1)

• env (6794-6794)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Workers Builds: claim-db-worker
• GitHub Check: Workers Builds: create-db-worker

🔇 Additional comments (8)

create-db-worker/src/index.ts (3)

9-9: LGTM!

The PROGRAMMATIC_RATE_LIMITER binding is correctly added to the Env interface, matching the new binding in wrangler.jsonc.

---

134-134: LGTM!

The source field properly restricts values to the expected union type.

---

175-189: Good fail-closed behavior for programmatic requests.

Returning a 503 when the rate limiter is unavailable is the correct security posture for programmatic API access, preventing abuse during outages.

create-db-worker/wrangler.jsonc (1)

43-51: LGTM!

The stricter rate limit (5 requests per 60 seconds) for programmatic access is appropriately configured with a separate namespace, allowing independent rate tracking from general API traffic.

create-db/src/database.ts (2)

17-18: LGTM!

The source parameter is correctly added with the appropriate type and defaulting behavior.

---

44-57: Good defensive parsing with structured error propagation.

The try/catch around JSON parsing ensures graceful fallback if the response format changes, while properly extracting rateLimitInfo when available from programmatic rate limit responses.

create-db/src/index.ts (2)

77-90: LGTM!

The source parameter is properly threaded through the wrapper function to the core implementation.

---

395-400: LGTM!

The programmatic create() function correctly passes source: "programmatic" to enable the stricter rate limiting on the worker side, while cliRunId is appropriately set to undefined since there's no CLI session.