feat(ratelimit): Cloudflare Worker Ratelimit Adapter

[unnoq]

Summary by CodeRabbit

• New Features

  • Added Cloudflare as a new ratelimit adapter option with example usage.

• Documentation

  • Updated adapter docs to include the Cloudflare ratelimit adapter alongside existing adapters.

• Tests

  • Added unit tests covering the Cloudflare ratelimit adapter's behavior and delegation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
orpc	Ready	Preview	Comment	Nov 13, 2025 7:51am

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

A new Cloudflare Ratelimit Adapter was added to the ratelimit package. Changes include the adapter implementation and unit test, an export added to package.json, and documentation updated to include the Cloudflare adapter and rename the Upstash heading.

Changes

Cohort / File(s)	Summary
Documentation apps/content/docs/helpers/ratelimit.md	Renamed "Upstash Adapter" to "Upstash Ratelimit Adapter" and added a new "Cloudflare Ratelimit Adapter" section with a usage example.
Package exports packages/ratelimit/package.json	Added new public export entry ./cloudflare-ratelimit in both exports and publishConfig.exports pointing to the Cloudflare adapter sources and dist artifacts.
Adapter implementation packages/ratelimit/src/adapters/cloudflare-ratelimit.ts	Added CloudflareRatelimiter class implementing the Ratelimiter interface that delegates limit(key) to an injected ratelimit.limit({ key }).
Tests packages/ratelimit/src/adapters/cloudflare-ratelimit.test.ts	Added unit test that mocks the underlying ratelimit, asserts it is called with { key: 'test-key' }, and verifies the adapter returns the mocked promise result.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant CloudflareRatelimiter
    participant UnderlyingRatelimit

    Client->>CloudflareRatelimiter: limit(key: string)
    CloudflareRatelimiter->>UnderlyingRatelimit: limit({ key })
    UnderlyingRatelimit-->>CloudflareRatelimiter: Promise<RatelimiterLimitResult>
    CloudflareRatelimiter-->>Client: Promise<RatelimiterLimitResult>
    Note over CloudflareRatelimiter,UnderlyingRatelimit: Delegation + promise propagation

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Areas to focus on:
  • Correct typing and exported module paths in package.json (exports and publishConfig entries).
  • Adapter contract adherence to the Ratelimiter interface and Promise handling in cloudflare-ratelimit.ts.
  • Test robustness: ensure mocks and assertions fully cover delegation and result propagation.
  • Documentation placement and example correctness in ratelimit.md.

Poem

🐰 I hopped into code with whiskers bright,
A Cloudflare friend to guard the night.
I pass the key, the limiter sings,
Promises kept on nimble wings.
A tiny hop, the package gleams — rate and rhythm in my dreams.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(ratelimit): Cloudflare Worker Ratelimit Adapter' directly and clearly describes the main change: adding a new Cloudflare ratelimit adapter, which is exactly what the PR implements across documentation, package exports, implementation, and tests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/ratelimit/cloudflare-worker-ratelimit-adapter

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4245808 and 24987e9.

📒 Files selected for processing (1)

• packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1)

packages/ratelimit/src/types.ts (2)

• Ratelimiter (20-22)
• RatelimiterLimitResult (1-18)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: publish-commit
• GitHub Check: test
• GitHub Check: lint

🔇 Additional comments (3)

packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (3)

1-1: LGTM! Correct import path.

The import correctly uses a relative path consistent with other adapters in the package.

---

3-8: Implementation is correct and follows the adapter pattern.

The class correctly implements the Ratelimiter interface using dependency injection. A past review comment already suggests extracting the inline type to a named interface for improved maintainability, which is a valid optional improvement.

---

10-12: LGTM! Clean delegation pattern.

The method correctly implements the Ratelimiter interface by delegating to the injected dependency. The transformation from a string key to an object format { key } is appropriate for the Cloudflare Worker Rate Limiting API.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @unnoq, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the rate limiting capabilities by introducing a new adapter specifically for Cloudflare Workers. This integration allows applications deployed on Cloudflare to leverage its native rate limiting features seamlessly, providing a robust and efficient solution for managing request traffic directly within the Cloudflare ecosystem. The changes include the adapter's implementation, corresponding documentation, and unit tests.

Highlights

• Cloudflare Ratelimit Adapter: Introduced a new CloudflareRatelimiter adapter to integrate with Cloudflare Workers' native rate limiting capabilities.
• Documentation: Added comprehensive documentation for the new Cloudflare Ratelimit Adapter, including a usage example, in apps/content/docs/helpers/ratelimit.md.
• Package Exports: Updated packages/ratelimit/package.json to properly export the new Cloudflare adapter for use.
• Unit Tests: Included a dedicated test file (cloudflare-ratelimit.test.ts) to ensure the correct functionality of the CloudflareRatelimiter.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new Cloudflare Worker Ratelimit Adapter, including its implementation, tests, and documentation. The changes are well-structured. My review includes a few suggestions to improve the documentation example, refactor the adapter implementation for better readability, and enhance the test suite for clarity and completeness. Overall, this is a great addition.

[pkg-pr-new]

More templates

• @orpc/astro-playground
• @orpc/browser-extension-playground
• @orpc/bun-websocket-otel-playground
• @orpc/cloudflare-worker-playground
• @orpc/contract-first-playground
• @orpc/electron-playground
• @orpc/nest-playground
• @orpc/next-playground
• @orpc/nuxt-playground
• @orpc/solid-start-playground
• @orpc/svelte-kit-playground
• @orpc/tanstack-start-playground

@orpc/ai-sdk

npm i https://pkg.pr.new/@orpc/ai-sdk@1212

@orpc/arktype

npm i https://pkg.pr.new/@orpc/arktype@1212

@orpc/client

npm i https://pkg.pr.new/@orpc/client@1212

@orpc/contract

npm i https://pkg.pr.new/@orpc/contract@1212

@orpc/experimental-durable-iterator

npm i https://pkg.pr.new/@orpc/experimental-durable-iterator@1212

@orpc/hey-api

npm i https://pkg.pr.new/@orpc/hey-api@1212

@orpc/interop

npm i https://pkg.pr.new/@orpc/interop@1212

@orpc/json-schema

npm i https://pkg.pr.new/@orpc/json-schema@1212

@orpc/nest

npm i https://pkg.pr.new/@orpc/nest@1212

@orpc/openapi

npm i https://pkg.pr.new/@orpc/openapi@1212

@orpc/openapi-client

npm i https://pkg.pr.new/@orpc/openapi-client@1212

@orpc/otel

npm i https://pkg.pr.new/@orpc/otel@1212

@orpc/experimental-pino

npm i https://pkg.pr.new/@orpc/experimental-pino@1212

@orpc/experimental-publisher

npm i https://pkg.pr.new/@orpc/experimental-publisher@1212

@orpc/experimental-ratelimit

npm i https://pkg.pr.new/@orpc/experimental-ratelimit@1212

@orpc/react

npm i https://pkg.pr.new/@orpc/react@1212

@orpc/react-query

npm i https://pkg.pr.new/@orpc/react-query@1212

@orpc/experimental-react-swr

npm i https://pkg.pr.new/@orpc/experimental-react-swr@1212

@orpc/server

npm i https://pkg.pr.new/@orpc/server@1212

@orpc/shared

npm i https://pkg.pr.new/@orpc/shared@1212

@orpc/solid-query

npm i https://pkg.pr.new/@orpc/solid-query@1212

@orpc/standard-server

npm i https://pkg.pr.new/@orpc/standard-server@1212

@orpc/standard-server-aws-lambda

npm i https://pkg.pr.new/@orpc/standard-server-aws-lambda@1212

@orpc/standard-server-fastify

npm i https://pkg.pr.new/@orpc/standard-server-fastify@1212

@orpc/standard-server-fetch

npm i https://pkg.pr.new/@orpc/standard-server-fetch@1212

@orpc/standard-server-node

npm i https://pkg.pr.new/@orpc/standard-server-node@1212

@orpc/standard-server-peer

npm i https://pkg.pr.new/@orpc/standard-server-peer@1212

@orpc/svelte-query

npm i https://pkg.pr.new/@orpc/svelte-query@1212

@orpc/tanstack-query

npm i https://pkg.pr.new/@orpc/tanstack-query@1212

@orpc/trpc

npm i https://pkg.pr.new/@orpc/trpc@1212

@orpc/valibot

npm i https://pkg.pr.new/@orpc/valibot@1212

@orpc/vue-colada

npm i https://pkg.pr.new/@orpc/vue-colada@1212

@orpc/vue-query

npm i https://pkg.pr.new/@orpc/vue-query@1212

@orpc/zod

npm i https://pkg.pr.new/@orpc/zod@1212

commit: 24987e9

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Copilot]

Pull Request Overview

This PR adds a new Cloudflare Workers Rate Limit adapter to the @orpc/experimental-ratelimit package, enabling developers to use Cloudflare's native rate limiting bindings in their oRPC applications.

Key Changes:

• Introduces CloudflareRatelimiter class as a thin wrapper around Cloudflare Workers Rate Limit API
• Adds package exports for the new adapter in both development and production configurations
• Updates documentation with usage examples and integration guidance

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
packages/ratelimit/src/adapters/cloudflare-ratelimit.ts	Implements the CloudflareRatelimiter adapter class as a simple passthrough to Cloudflare's rate limit binding
packages/ratelimit/src/adapters/cloudflare-ratelimit.test.ts	Adds basic unit test to verify the adapter correctly forwards limit calls to the underlying Cloudflare rate limiter
packages/ratelimit/package.json	Configures package exports to expose the cloudflare-ratelimit adapter as a separate entry point
apps/content/docs/helpers/ratelimit.md	Adds documentation section for the Cloudflare adapter with usage example; also updates Upstash section title for consistency

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/content/docs/helpers/ratelimit.md (1)

106-121: Consider showing actual rate limiting usage in the example.

The example demonstrates instantiation but doesn't show how to use the limiter (e.g., calling limiter.limit('key')). While this follows the pattern of other adapter sections, adding a brief usage snippet would make the example more complete and immediately actionable for users.

Example enhancement:

 export default {
   async fetch(request, env) {
     const limiter = new CloudflareRatelimiter(env.MY_RATE_LIMITER)
+    
+    const result = await limiter.limit('user:123')
+    if (!result.success) {
+      return new Response('Too many requests', { status: 429 })
+    }

     return new Response(`Hello World!`)
   }
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea1d4fd and 4245808.

📒 Files selected for processing (4)

• apps/content/docs/helpers/ratelimit.md (2 hunks)
• packages/ratelimit/package.json (1 hunks)
• packages/ratelimit/src/adapters/cloudflare-ratelimit.test.ts (1 hunks)
• packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

packages/ratelimit/src/adapters/cloudflare-ratelimit.test.ts (1)

packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1)

• CloudflareRatelimiter (3-13)

packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1)

packages/ratelimit/src/types.ts (2)

• Ratelimiter (20-22)
• RatelimiterLimitResult (1-18)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Agent
• GitHub Check: publish-commit
• GitHub Check: lint
• GitHub Check: test

🔇 Additional comments (4)

apps/content/docs/helpers/ratelimit.md (1)

75-75: Good consistency improvement!

Renaming to "Upstash Ratelimit Adapter" aligns with the new "Cloudflare Ratelimit Adapter" heading and improves consistency across adapter sections.

packages/ratelimit/src/adapters/cloudflare-ratelimit.test.ts (1)

3-17: Well-structured test verifying delegation behavior.

The test correctly verifies:

• Proper delegation to the underlying ratelimit backend
• Key transformation from string to options object
• Promise pass-through without unnecessary wrapping
• Correct resolution value

packages/ratelimit/package.json (1)

37-42: Package exports correctly configured.

The new Cloudflare adapter export follows the exact pattern of existing adapters (memory, redis, upstash-ratelimit) with proper:

• publishConfig.exports for the distributed package
• exports for local development
• Consistent path structure and naming

Also applies to: 49-50

packages/ratelimit/src/adapters/cloudflare-ratelimit.ts (1)

3-13: Implementation verified as compatible with Cloudflare API.

The CloudflareRatelimiter correctly adapts the Cloudflare Workers Rate Limit binding. The Cloudflare API's limit method returns Promise<{ success: boolean }>, which is compatible with the RatelimiterLimitResult interface where success is required and limit, remaining, and reset are optional fields. The adapter properly delegates the key parameter and returns a conforming response.