Operational: Metrics middleware collects per-IP data with no retention policy #103

New issue

Open

opened 2026-05-11 13:49:53 +00:00 by thabeta · 0 comments

thabeta commented 2026-05-11 13:49:53 +00:00

Owner

Copy link

Severity: Medium

Location

crates/hero_aibroker_lib/src/middleware/metrics.rs

Finding

The metrics middleware tracks per-IP request counts and error rates:

pub struct Metrics {
    requests: DashMap<IpAddr, AtomicU64>,
    errors: DashMap<IpAddr, AtomicU64>,
}

Like the rate limiter, this grows without bound. There is no:

• Retention policy
• Aggregation into time windows
• Export mechanism (just in-memory counters)
• Cleanup of stale entries

Recommendation

• Implement time-windowed metrics (e.g., 1-minute buckets)
• Add Prometheus-compatible export
• Periodic cleanup of entries older than retention window
• Aggregate by provider, model, and status code, not just IP

## Severity: Medium ## Location `crates/hero_aibroker_lib/src/middleware/metrics.rs` ## Finding The metrics middleware tracks per-IP request counts and error rates: ```rust pub struct Metrics { requests: DashMap<IpAddr, AtomicU64>, errors: DashMap<IpAddr, AtomicU64>, } ``` Like the rate limiter, this grows without bound. There is no: - Retention policy - Aggregation into time windows - Export mechanism (just in-memory counters) - Cleanup of stale entries ## Recommendation - Implement time-windowed metrics (e.g., 1-minute buckets) - Add Prometheus-compatible export - Periodic cleanup of entries older than retention window - Aggregate by provider, model, and status code, not just IP

thabeta added the

type_issue

prio_low

labels 2026-05-11 13:49:53 +00:00

mik-tf referenced this issue from a commit 2026-05-16 02:59:57 +00:00

chore(hero_aibroker): D-10 sweep — canonical service.toml + cargo update + dep audit

mik-tf referenced this issue 2026-05-16 03:00:31 +00:00

chore(hero_aibroker): D-10 sweep — canonical service.toml + cargo update + dep audit #142

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

development_align_chat_drop_sdk_specs

development_drop_stale_openrpc_artifacts

main

lab-latest

v0.1.1

v0.1.0

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_aibroker#103

No description provided.