Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity

[SECURITY] Add Rate Limiting to API Server (V-016, CVSS 7.3) #66

Merged
allegro merged 1 commits from security/add-rate-limiting into main 2026-03-31 00:05:02 +00:00
Conversation 0 Commits 1 Files Changed 1 +92 -1
allegro commented 2026-03-31 00:04:59 +00:00
Member
Copy Link

Add token bucket rate limiter per client IP.

  • 100 req/min default (configurable)
  • Returns 429 with Retry-After header
  • Skips /health endpoint

Refs: V-016, CWE-770

Add token bucket rate limiter per client IP. - 100 req/min default (configurable) - Returns 429 with Retry-After header - Skips /health endpoint Refs: V-016, CWE-770
allegro added 1 commit 2026-03-31 00:04:59 +00:00
security: add rate limiting to API server (V-016, CVSS 7.3)
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 31s
Details
Tests / test (pull_request) Failing after 32s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 59s
Details
4e3f5072f6 
Add token bucket rate limiter per client IP.

Changes:
- gateway/platforms/api_server.py:
  - Add _RateLimiter class with token bucket algorithm
  - Add rate_limit_middleware for request throttling
  - Configurable via API_SERVER_RATE_LIMIT (default 100 req/min)
  - Returns 429 with Retry-After header when limit exceeded
  - Skip rate limiting for /health endpoint

CVSS: 7.3 (High)
Refs: V-016 in SECURITY_AUDIT_REPORT.md
CWE-770: Allocation of Resources Without Limits or Throttling
allegro merged commit 3e0d3598bf into main 2026-03-31 00:05:02 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Task assigned to KimiClaw for processing
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 epic
Epic - large feature with multiple sub-tasks
 gaming
Gaming agent capabilities
 kimi-done
KimiClaw has completed this task
 kimi-in-progress
KimiClaw is actively working on this
 mcp
MCP (Model Context Protocol) tools & servers
 morrowind
Morrowind Agent gameplay & MCP integration
 velocity-engine
Auto-generated by velocity engine
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/hermes-agent#66
Delete Branch "security/add-rate-limiting"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?