Ratelord
GitHub
HomeDocumentation

API Reference

The Ratelord daemon exposes a JSON-over-HTTP API. Clients must authenticate with an Identity Token for all requests. The API runs locally (default http://localhost:8090) and is designed to fail safe: if you cannot reach the daemon, assume your intent will be denied.

Base URL

http://localhost:8090/v1

Core Concepts

  • Local-only: The API binds to the loopback interface by default for single-machine coordination.
  • Fail-safe: Clients should treat timeouts as a denial and back off safely.
  • Model: Intent negotiation is the central workflow—agents request resources, and the daemon evaluates policies before granting them.

Endpoints

POST/v1/intent

Submit an intent describing the resource you want to consume. The daemon replies with approval, denial, or a counter offer.

Request Body

json
{
  "agent_id": "crawler-01",
  "identity_id": "pat:user",
  "workload_id": "repo_scan",
  "scope_id": "repo:owner/project",
  "urgency": "normal"
}

Sample Response

json
{
  "decision": "approve",
  "intent_id": "evt_12345",
  "evaluation": {
    "risk_summary": "Low risk (P99 TTE > 1h)"
  }
}

GET/v1/health

Check whether the daemon is ready, degraded, or still initializing.

json
{
  "status": "ok",
  "version": "0.1.0",
  "uptime_seconds": 3600
}

GET/v1/graph

Returns the current constraint graph (pools, scopes, and identities plus their relationships).

Analytics & Reporting

Use the trends and reports endpoints for dashboards or auditors.

  • GET /v1/trends: Aggregated usage over a time window (from, to, bucket, provider_id).
  • GET /v1/reports: CSV exports for usage, access logs, or events (type, from, to).

Federation & Clustering

  • GET /v1/cluster/nodes: Returns topology of known leaders and followers.
  • POST /v1/federation/grant: Followers request grants from the leader (body: node_id, resource, amount).

Integrations

Register webhooks to receive streaming events.

json
{
  "url": "https://hooks.slack.com/...",
  "events": ["intent.denied", "system.alert"]
}

Administration

Prune old events and manage the event ledger.

json
{
  "before": "2023-01-01T00:00:00Z"
}

Event Streaming

Stream recent events as SSE or poll the latest batch.

  • GET /v1/events: Parameters: limit (default 50), stream=true for SSE.

Identity Management

Register, inspect, and delete identities.

json
{
  "identity_id": "pat:github:rmax",
  "kind": "user",
  "metadata": { "name": "RMax" }
}

DELETE /v1/identities/<id> removes an identity and scrubs its history for compliance.

Observability

Prometheus-style metrics expose pool usage and forecast data.

  • GET /metrics: Returns metrics such as `ratelord_usage`, `ratelord_limit`, `ratelord_intent_total`, `ratelord_forecast_seconds`.

Debugging

Inject synthetic provider data for testing flows.

json
{
  "provider_id": "github-mock",
  "pool_id": "core",
  "usage": 4500,
  "limit": 5000
}

Error Handling

The API uses standard HTTP status codes. A denial from the policy engine still returns 200.

  • 200 OK: Request processed (including `deny_with_reason`).
  • 400 Bad Request: Invalid payload or missing fields.
  • 503 Service Unavailable: Daemon starting, shutting down, or overloaded.