Rate limiting for OpenVSX (MVP tracker) #5970
Description
Implement rate limiting in OpenVSX to support customer tiers, runtime enforcement, and admin and customer visibility. This issue tracks the overall feature set and milestones.
Goals
- Protect service stability and reduce abuse.
- Enable tiered limits for customers.
- Collect usage and state data to support enforcement, automation and tier upgrades.
Scope (MVP)
- Identity resolution and tier assignment.
- Free tier enforcement from day one.
- Registered customer usage tracking and p95 computation.
- Manual state management in Phase 1 with automation in Phase 3.
- Admin dashboard for configuration and visibility.
- Prometheus/Grafana observability.
- Consider OpenTelemetry for distributed tracing and metrics export so the filter remains traceable as we scale.
Milestones
- Phase 1 delivery by 15 February 2026
- Phase 2 delivery by 15 March 2026
- Phase 3 delivery by 10 April 2026
Sub-issues
Metadata
Metadata
Assignees
Labels
Public and internal APIs supporting extension registry featuresWork requiring coordination with the IT team at the Eclipse FoundationWork related to download abuse prevention or consumption controlVulnerabilities or improvements to harden security and protect user data(Component: server) Backend platform and service-side functionalityIssues that requires support from the Eclipse Foundation software-dev team