@gtcx/protocols-domain

v0.1.0

Published

8 days ago

Domain infrastructure utilities: rate limiting, offline event queuing, TLS/mTLS configuration, SPIFFE identities, and metrics collection.

0High
0Medium
0Low

gtcx-protocol

@gtcx/domain

Domain infrastructure utilities: rate limiting, offline event queuing, TLS/mTLS configuration, SPIFFE identities, and metrics collection.

Installation

pnpm add @gtcx/domain

API

InMemoryRateLimiter

Sliding-window rate limiter for synchronous use.

import { InMemoryRateLimiter } from '@gtcx/domain';

const limiter = new InMemoryRateLimiter({ maxRequests: 100, windowMs: 60_000 });
if (limiter.allow('user:123')) {
  // process request
}

createPluggableRateLimiter({ config, store })

Async rate limiter with injectable storage backend (Redis, database, etc.).

import { createPluggableRateLimiter, InMemoryRateLimitStore } from '@gtcx/domain';

const limiter = createPluggableRateLimiter({
  config: { maxRequests: 50, windowMs: 60_000 },
  store: new InMemoryRateLimitStore(),
});
const allowed = await limiter.allow('api-key:abc');

Production note:

RateLimitStore.increment(...) is required for atomic safety in production.
If increment is missing, the limiter refuses non-atomic fallback by default when NODE_ENV=production.
createRedisRateLimitStore(...) provides a production-safe Redis store using atomic Lua INCR + PEXPIRE.

createRedisReplayCache({ client, windowMs })

Distributed replay cache using atomic Redis SET key value PX ttl NX.

import { createRedisReplayCache } from '@gtcx/domain';

const replayCache = createRedisReplayCache({
  client: redisClient,
  windowMs: 5 * 60_000,
});
const isNew = await replayCache.check('msg:123');

Redis Client Adapters

@gtcx/domain includes compatibility adapters for common Redis clients:

adaptNodeRedisForReplay(client)
adaptNodeRedisForRateLimit(client)
adaptIoRedisForReplay(client)
adaptIoRedisForRateLimit(client)

These normalize command signatures so the same createRedisReplayCache(...) and createRedisRateLimitStore(...) factories work with either client family.

createOfflineQueue(config) / enqueueEvent / drainQueue

Bounded offline event queue with TTL expiration and deduplication.

import { createOfflineQueue, enqueueEvent, drainQueue } from '@gtcx/domain';

let queue = createOfflineQueue({ maxAgeMs: 3600_000 });
queue = enqueueEvent(queue, { type: 'sync', payload: data });
const { queue: drained, events } = drainQueue(queue);

validateTlsConfig(config) / validateMtlsConfig(config)

Validates TLS/mTLS configurations, rejecting weak ciphers and path traversal.

createServiceIdentity({ trustDomain, serviceName })

Creates SPIFFE-compliant service identities.

createConsoleMetricsExporter()

In-memory metrics collector supporting counters, histograms, and gauges.

API versioning helpers

Apply versioning/deprecation headers to protocol responses:

import { applyApiVersioning } from '@gtcx/domain';

const context = { headers: {} as Record<string, string> };
applyApiVersioning(context, { version: 'v1', status: 'stable' });

Testing

pnpm vitest run packages/domain/

License

BSL 1.1 -- converts to Apache 2.0 on January 1, 2030.