Getting Started

Prerequisites

Go 1.25+ — Download Go
Git — to clone the repository
Optional: Redis, if you want distributed counters

Quick Start (Local)

Clone & install dependencies

git clone https://github.com/suresh-p26/RLAAS.git
cd rlaas
go mod tidy

Run the server

go run ./cmd/rlaas-server

The server starts on :8080 (HTTP) and :9090 (gRPC) by default.

Environment Variables RLAAS_POLICY_FILE — policy file path (default: examples/policies.json)
RLAAS_GRPC_ADDR — gRPC listen address (default: :9090)
RLAAS_INVALIDATION_TARGETS — comma-separated sidecar base URLs

Make your first check

curl (Linux / macOS)

curl -X POST http://localhost:8080/v1/check \
  -H "Content-Type: application/json" \
  -d '{
    "request_id": "req-1",
    "org_id": "acme",
    "tenant_id": "retail",
    "signal_type": "http",
    "operation": "charge",
    "endpoint": "/v1/charge",
    "method": "POST",
    "user_id": "u1"
  }'

PowerShell (Windows)

$body = @{
  request_id = "req-1"
  org_id = "acme"
  tenant_id = "retail"
  signal_type = "http"
  operation = "charge"
  endpoint = "/v1/charge"
  method = "POST"
  user_id = "u1"
} | ConvertTo-Json

Invoke-RestMethod -Method Post -Uri "http://localhost:8080/v1/check" `
  -ContentType "application/json" -Body $body

Expected Response

{
  "allowed": true,
  "action": "allow",
  "reason": "within_limit",
  "remaining": 99
}

(Optional) Run the sidecar

go run ./cmd/rlaas-agent

Sidecar listens on :18080. It syncs policies from the upstream server and serves local decisions.

Sidecar Variables RLAAS_AGENT_LISTEN — listen address (default: :18080)
RLAAS_UPSTREAM_HTTP — upstream server (default: http://localhost:8080)
RLAAS_AGENT_SYNC_SECS — sync interval in seconds (default: 30)

Run tests & benchmarks

# Run all tests
go test ./...

# Run benchmarks
go test ./benchmarks -run ^$ -bench . -benchmem

Choose Your Integration Model

Option A: Centralized HTTP

Send RequestContext to POST /v1/check
Read allowed, action, reason, remaining, retry_after
Enforce behavior in your service

Option B: Centralized gRPC

Generate stubs from api/proto/rlaas.proto
Call CheckLimit before protected work
Use Acquire/Release for concurrency-limited sections

Option C: Sidecar Local Mode

Run app and sidecar together
Call sidecar POST /v1/check locally
Let sidecar handle sync and invalidation

Option D: Non-Go SDK Client

Install SDK for Python, TypeScript, Java, or .NET
Initialize with server base URL
Call check() and enforce in your code

API Examples (Copy/Paste)

Create a Policy

curl -X POST http://localhost:8080/v1/policies \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "payments-limit",
    "name": "Payments limit",
    "enabled": true,
    "priority": 100,
    "scope": {
      "org_id": "acme",
      "signal_type": "http",
      "operation": "charge"
    },
    "algorithm": {
      "type": "fixed_window",
      "limit": 100,
      "window": "1m"
    },
    "action": "deny",
    "failure_mode": "fail_open",
    "enforcement_mode": "enforce",
    "rollout_percent": 100
  }'

Validate Before Deploying

curl -X POST http://localhost:8080/v1/policies/validate \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Test",
    "enabled": true,
    "scope": {"signal_type": "http"},
    "algorithm": {"type": "fixed_window", "limit": 10, "window": "1m"},
    "action": "deny",
    "rollout_percent": 50
  }'

# → {"valid":true}

Gradual Rollout

# Start at 25%
curl -X POST http://localhost:8080/v1/policies/payments-limit/rollout \
  -H "Content-Type: application/json" \
  -d '{"rollout_percent": 25}'

# Bump to 100% when confident
curl -X POST http://localhost:8080/v1/policies/payments-limit/rollout \
  -H "Content-Type: application/json" \
  -d '{"rollout_percent": 100}'

Rollback to Previous Version

curl -X POST http://localhost:8080/v1/policies/payments-limit/rollback \
  -H "Content-Type: application/json" \
  -d '{"version": 1}'

View Audit Trail & Versions

curl http://localhost:8080/v1/policies/payments-limit/audit
curl http://localhost:8080/v1/policies/payments-limit/versions

Analytics Summary

curl http://localhost:8080/v1/analytics/summary
curl "http://localhost:8080/v1/analytics/summary?top=5"

Production Readiness Checklist

Item	Details
✅ TLS termination	Run behind an ingress/proxy with TLS
✅ Distributed counters	Use Redis for multi-node counter sharing
✅ Health probes	Configure K8s liveness/readiness on `/healthz`
✅ Invalidation targets	Set `RLAAS_INVALIDATION_TARGETS` for sidecars
✅ Monitoring	Monitor decision + analytics endpoints
✅ Benchmark baseline	Run benchmark suite before rollout
✅ Shadow mode first	Deploy new policies in shadow mode, validate, then enforce

What’s Next?

Explore All Features →

Algorithms, actions, matching dimensions, backends, performance details.

Full API Reference →

Every endpoint, request/response format, and object model.

Read the Design Doc →

Architecture, principles, implementation phases, and package structure.

SDK Documentation →

Code examples for Go, Python, TypeScript, Java, and .NET.

Getting Started

Prerequisites

Quick Start (Local)

Clone & install dependencies

Run the server

Make your first check

curl (Linux / macOS)

PowerShell (Windows)

Expected Response

(Optional) Run the sidecar

Run tests & benchmarks

Choose Your Integration Model

Option A: Centralized HTTP

Option B: Centralized gRPC

Option C: Sidecar Local Mode

Option D: Non-Go SDK Client

API Examples (Copy/Paste)

Create a Policy

Validate Before Deploying

Gradual Rollout

Rollback to Previous Version

View Audit Trail & Versions

Analytics Summary

Production Readiness Checklist

What’s Next?

Explore All Features →

Full API Reference →

Read the Design Doc →

SDK Documentation →

README

Rate Limiting As A Service (RLAAS)

Completed Capabilities

Core Rate Limiting

Control Plane APIs

Service & Runtime

Available Backends

Remaining Roadmap

Project Stage