Add metrics for rate-limited requests

tadasant · claude · tadasant · commit 358b21a0569a · 2025-12-09T08:02:32.000-08:00
Add mcp_registry.http.rate_limited counter to track when requests are blocked by rate limiting. This enables monitoring rate limit activity over time via Prometheus. - Add RateLimitedRequests counter to telemetry.Metrics - Add OnRateLimited callback to rate limiter config - Wire up metrics in server initialization - Add test for callback behavior 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/internal/api/ratelimit/ratelimit.go b/internal/api/ratelimit/ratelimit.go
@@ -13,6 +13,10 @@ import (
 	"golang.org/x/time/rate"
 )
 
+// OnRateLimitedFunc is a callback invoked when a request is rate limited.
+// It receives the client IP that was blocked.
+type OnRateLimitedFunc func(ip string)
+
 // Config holds the rate limiting configuration
 type Config struct {
 	// RequestsPerMinute is the maximum number of requests allowed per minute per IP
@@ -26,6 +30,9 @@ type Config struct {
 	// MaxVisitors is the maximum number of visitor entries to track (memory protection).
 	// When exceeded, oldest entries are evicted. Default: 100000.
 	MaxVisitors int
+	// OnRateLimited is an optional callback invoked when a request is rate limited.
+	// Used for recording metrics.
+	OnRateLimited OnRateLimitedFunc
 }
 
 // DefaultConfig returns the default rate limiting configuration
@@ -260,6 +267,11 @@ func (rl *RateLimiter) Middleware(next http.Handler) http.Handler {
 		ip := getClientIP(r)
 
 		if !rl.Allow(ip) {
+			// Record the rate-limited request if callback is configured
+			if rl.config.OnRateLimited != nil {
+				rl.config.OnRateLimited(ip)
+			}
+
 			w.Header().Set("Content-Type", "application/problem+json")
 			w.Header().Set("Retry-After", "60")
 			w.WriteHeader(http.StatusTooManyRequests)
diff --git a/internal/api/ratelimit/ratelimit_test.go b/internal/api/ratelimit/ratelimit_test.go
@@ -419,3 +419,66 @@ func TestDefaultConfig(t *testing.T) {
 		t.Errorf("missing skip paths: %v", expectedSkipPaths)
 	}
 }
+
+func TestOnRateLimitedCallback(t *testing.T) {
+	var callbackCount int
+	var lastIP string
+
+	cfg := ratelimit.Config{
+		RequestsPerMinute: 1,
+		RequestsPerHour:   100,
+		CleanupInterval:   time.Hour,
+		SkipPaths:         []string{},
+		MaxVisitors:       1000,
+		OnRateLimited: func(ip string) {
+			callbackCount++
+			lastIP = ip
+		},
+	}
+	rl := ratelimit.New(cfg)
+	defer rl.Stop()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	middleware := rl.Middleware(handler)
+
+	// First request should succeed, no callback
+	req := httptest.NewRequest(http.MethodGet, "/test", nil)
+	req.RemoteAddr = "192.168.1.100:12345"
+	w := httptest.NewRecorder()
+	middleware.ServeHTTP(w, req)
+
+	if callbackCount != 0 {
+		t.Errorf("callback should not be called on allowed request, got %d calls", callbackCount)
+	}
+
+	// Second request should be blocked, callback should fire
+	req2 := httptest.NewRequest(http.MethodGet, "/test", nil)
+	req2.RemoteAddr = "192.168.1.100:12346"
+	w2 := httptest.NewRecorder()
+	middleware.ServeHTTP(w2, req2)
+
+	if w2.Code != http.StatusTooManyRequests {
+		t.Errorf("expected status %d, got %d", http.StatusTooManyRequests, w2.Code)
+	}
+
+	if callbackCount != 1 {
+		t.Errorf("callback should be called once, got %d calls", callbackCount)
+	}
+
+	if lastIP != "192.168.1.100" {
+		t.Errorf("expected IP 192.168.1.100, got %s", lastIP)
+	}
+
+	// Third request also blocked, callback should fire again
+	req3 := httptest.NewRequest(http.MethodGet, "/test", nil)
+	req3.RemoteAddr = "192.168.1.100:12347"
+	w3 := httptest.NewRecorder()
+	middleware.ServeHTTP(w3, req3)
+
+	if callbackCount != 2 {
+		t.Errorf("callback should be called twice, got %d calls", callbackCount)
+	}
+}
diff --git a/internal/api/server.go b/internal/api/server.go
@@ -81,6 +81,11 @@ func NewServer(cfg *config.Config, registryService service.RegistryService, metr
 			CleanupInterval:   10 * time.Minute,
 			SkipPaths:         []string{"/health", "/ping", "/metrics"},
 			MaxVisitors:       100000,
+			OnRateLimited: func(_ string) {
+				if metrics != nil {
+					metrics.RateLimitedRequests.Add(context.Background(), 1)
+				}
+			},
 		}
 		rateLimiter = ratelimit.New(rateLimitConfig)
 		handler = rateLimiter.Middleware(handler)
diff --git a/internal/telemetry/metrics.go b/internal/telemetry/metrics.go
@@ -32,6 +32,9 @@ type Metrics struct {
 
 	// Up tracks the health of the service
 	Up metric.Int64Gauge
+
+	// RateLimitedRequests tracks requests blocked by rate limiting
+	RateLimitedRequests metric.Int64Counter
 }
 
 // ShutdownFunc is a delegate that shuts down the OpenTelemetry components.
@@ -73,11 +76,20 @@ func NewMetrics(meter metric.Meter) (*Metrics, error) {
 		return nil, fmt.Errorf("failed to create service up gauge: %w", err)
 	}
 
+	rateLimited, err := meter.Int64Counter(
+		Namespace+".http.rate_limited",
+		metric.WithDescription("Total number of requests blocked by rate limiting"),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create rate limited counter: %w", err)
+	}
+
 	return &Metrics{
-		Requests:        req,
-		RequestDuration: reqDuration,
-		ErrorCount:      errCount,
-		Up:              up,
+		Requests:            req,
+		RequestDuration:     reqDuration,
+		ErrorCount:          errCount,
+		Up:                  up,
+		RateLimitedRequests: rateLimited,
 	}, nil
 }
 
