Resource Limiter

OxideShield's resource limiter provides cross-platform protection against resource exhaustion attacks, optimized for Molt.bot and chat bot deployments.

License Tier

Resource limiting is available in the Community tier (free).

Why Resource Limits?

Chat bots and LLM applications face resource exhaustion attacks:

Attack	Impact	How Limits Help
Memory bombs	OOM crashes, degraded performance	Memory monitoring with configurable thresholds
Token floods	Excessive API costs, slow responses	Input size limits (bytes, chars, tokens)
Rate abuse	Service unavailability	Token bucket rate limiting
Parallel attacks	Thread exhaustion	Concurrency limits
Slow queries	Thread starvation	Per-guard and pipeline timeouts

Quick Start

Python

from oxideshield import (
    molt_limiter, ResourceLimits, SharedLimiter,
    get_memory_usage, length_guard
)

# Create a Molt.bot optimized limiter
limiter = molt_limiter()

# Check input before processing
try:
    limiter.check("user input here")
    # Safe to proceed
except RuntimeError as e:
    print(f"Limit exceeded: {e}")

# Get statistics
stats = limiter.stats()
print(f"Memory: {stats.memory_usage_mb}MB")
print(f"Rate allowed: {stats.rate_allowed}")
print(f"Rate rejected: {stats.rate_rejected}")

Rust

use oxide_limiter::{molt_limiter, ResourceLimits, GuardLimiterExt};
use oxide_guard::{Guard, LengthGuard};

// Wrap a guard with Molt.bot limits
let guard = LengthGuard::new("length")
    .with_max_chars(10000)
    .with_molt_limits();

// Limits enforced automatically
let result = guard.check("Hello, world!");
println!("Passed: {}", result.passed);

// Get statistics
let stats = guard.stats_summary();
println!("Memory: {} MB", stats.memory_usage_mb);

Presets

Three presets are available for common use cases:

Molt.bot (Recommended)

Optimized for chat bot deployments:

Limit	Value
Memory	512 MB max
Guard timeout	100ms
Total timeout	500ms
Concurrent requests	100
Rate limit	1000/sec
Input size	100 KB

from oxideshield import molt_limiter
limiter = molt_limiter()

Strict

For high-security deployments:

Limit	Value
Memory	256 MB max
Guard timeout	50ms
Total timeout	200ms
Concurrent requests	50
Rate limit	500/sec
Input size	50 KB

from oxideshield import strict_limiter
limiter = strict_limiter()

Permissive

For development and testing:

Limit	Value
Memory	Disabled
Guard timeout	5 sec
Total timeout	30 sec
Concurrent requests	Disabled
Rate limit	Disabled
Input size	1 MB

from oxideshield import permissive_limiter
limiter = permissive_limiter()

Custom Limits

Create custom limits for your specific requirements:

from oxideshield import ResourceLimits, SharedLimiter

# Start from a preset and customize
limits = ResourceLimits.molt_bot() \
    .with_memory(256 * 1024 * 1024, 70) \  # 256 MB, 70% warning
    .with_timeout(50, 200) \                 # 50ms guard, 200ms total
    .with_concurrency(50, 25) \              # 50 total, 25 per guard
    .with_rate(500, 50) \                    # 500/sec, burst 50
    .with_input(50 * 1024, 25000, 4000)      # 50KB, 25k chars, 4k tokens

limiter = SharedLimiter(limits)

Resource Types

Memory Limits

Monitor and limit process memory usage:

from oxideshield import MemoryMonitor, get_memory_usage

# Quick memory check
usage = get_memory_usage()
print(f"RSS: {usage.rss_mb:.1f}MB")

# Create a monitor with limit
monitor = MemoryMonitor(max_bytes=512 * 1024 * 1024)

# Check if within limits (raises on exceed)
try:
    usage = monitor.check()
except RuntimeError as e:
    print(f"Memory limit exceeded: {e}")

# Get usage percentage
percent = monitor.usage_percent()
print(f"Memory usage: {percent:.1f}%")

Rate Limits

Token bucket rate limiting with burst support:

from oxideshield import RateLimiter

# 100 requests/sec, burst of 20
limiter = RateLimiter(100, 20)

# Check before each request
try:
    limiter.check()
    # Process request
except RuntimeError:
    # Rate limit exceeded
    return "Too many requests"

# Get statistics
print(f"Allowed: {limiter.allowed}")
print(f"Rejected: {limiter.rejected}")
print(f"Available tokens: {limiter.available_tokens()}")

Input Limits

Limit input size by bytes, characters, and tokens:

from oxideshield import ResourceLimits, SharedLimiter

limits = ResourceLimits.molt_bot().with_input(
    max_bytes=100 * 1024,    # 100 KB
    max_chars=50000,          # 50k characters
    max_tokens=8000           # 8k tokens (estimated)
)

limiter = SharedLimiter(limits)

# Large input will be rejected
try:
    limiter.check("x" * 200000)
except RuntimeError as e:
    print(f"Input too large: {e}")

Timeout Limits (Rust only)

Enforce timeouts on guard operations:

use oxide_limiter::{TimeoutEnforcer, TimeoutLimits};
use std::time::Duration;

let enforcer = TimeoutEnforcer::new(TimeoutLimits {
    enabled: true,
    guard_timeout_ms: 100,
    total_timeout_ms: 500,
    kill_on_timeout: true,
});

// Execute with timeout
let result = enforcer.execute_guard("pattern", async {
    // Guard operation
    guard.check(input)
}).await;

Concurrency Limits (Rust only)

Control parallel request execution:

use oxide_limiter::{ConcurrencyLimiter, ConcurrencyLimits};

let limiter = ConcurrencyLimiter::new(ConcurrencyLimits {
    enabled: true,
    max_concurrent_requests: 100,
    max_concurrent_per_guard: 50,
    queue_timeout_ms: 5000,
});

// Acquire permit
let _permit = limiter.acquire("pattern").await?;
// Guard operation executes with permit
// Permit released automatically when dropped

Shared Limiter

Use a shared limiter for multiple guards:

from oxideshield import SharedLimiter, length_guard

# Create shared limiter
limiter = SharedLimiter(ResourceLimits.molt_bot())

# All checks share the same limits
limiter.check("input 1")
limiter.check("input 2")

# Statistics reflect all checks
stats = limiter.stats()
print(f"Total requests: {stats.total_requests}")

In Rust:

use oxide_limiter::{SharedLimiter, ResourceLimits};
use oxide_guard::{Guard, LengthGuard, PatternGuard};

let limiter = SharedLimiter::molt_bot();

let length_guard = limiter.wrap(LengthGuard::new("length").with_max_chars(10000));
let pattern_guard = limiter.wrap(PatternGuard::new("pattern", matcher));

// Both guards share the same limits
let _ = length_guard.check("input");
let _ = pattern_guard.check("input");

// Combined statistics
let stats = limiter.stats_summary();

Statistics

Monitor limiter performance:

from oxideshield import molt_limiter

limiter = molt_limiter()

# Process some requests
for i in range(100):
    limiter.check(f"request {i}")

# Get statistics
stats = limiter.stats()

# Memory
print(f"Memory usage: {stats.memory_usage_mb}MB")
print(f"Memory peak: {stats.memory_peak_mb}MB")

# Timeouts
print(f"Timeout count: {stats.timeout_count}")
print(f"Timeout rate: {stats.timeout_rate:.1f}%")
print(f"Avg duration: {stats.avg_duration_ms:.1f}ms")

# Concurrency
print(f"Active requests: {stats.active_requests}")
print(f"Total requests: {stats.total_requests}")
print(f"Rejected: {stats.rejected_requests}")

# Rate limiting
print(f"Rate allowed: {stats.rate_allowed}")
print(f"Rate rejected: {stats.rate_rejected}")

Cross-Platform Support

The resource limiter works on all major platforms:

Feature	macOS	Linux	Windows
Memory monitoring	getrusage	/proc/self/statm	GetProcessMemoryInfo
Rate limiting	Tokio	Tokio	Tokio
Timeouts	Tokio	Tokio	Tokio
Concurrency	Tokio semaphores	Tokio semaphores	Tokio semaphores

CLI Commands

View resource limit presets and system status:

# Show current memory status
oxideshield limits status

# List available presets
oxideshield limits presets

# Detailed preset configurations
oxideshield limits presets --verbose

# Generate example YAML config
oxideshield limits example-config --preset molt_bot > limits.yaml

See the CLI Command Reference for full documentation.

See Also

• Multi-Layer Defense - Orchestrated guard pipelines
• Proxy Gateway - Centralized API protection
• Python SDK - Python integration guide
• Unified Security Engine - All-in-one engine with resource limits