Test the rate-limit window math and RateLimitExceeded gate
Description
The fixed-window rate limiter in record_usage in contracts/escrow/src/lib.rs — MaxRequestsPerWindow, WindowSeconds, the RateWindow(Address) state, and the RateLimitExceeded (#15) error — has no coverage in contracts/escrow/src/test.rs. Nothing asserts that the limiter is disabled by default, that a within-window over-cap call panics #15, or that the window correctly rolls forward once now >= window_start + window_seconds. This issue closes that gap by driving the ledger clock across window boundaries.
Requirements and context
- Repository scope:
Agentpay-Org/Agentpay-contracts only.
- Cover: limiter disabled when either cap or window is
0 (default) allows unbounded calls; enabled + cumulative requests exceed cap within the window → panic #15; exactly-at-cap succeeds.
- Cover: after advancing the clock past the window via
env.ledger().with_mut, the count resets and recording succeeds again; the window anchors at the first in-window call.
- Cover: an agent cannot reset its own window early (recording mid-window keeps
window_start fixed).
- Use
#[should_panic(expected = "Error(Contract, #15)")] matching the existing test conventions; test-only change unless a genuine bug surfaces.
Suggested execution
- Fork the repo and create a branch
git checkout -b test/contracts-rate-limit-tests
- Implement changes
- Write code in:
contracts/escrow/src/lib.rs — no changes expected; only touch if a bug is found.
- Write comprehensive tests in:
contracts/escrow/src/test.rs — the rate-limit scenarios above.
- Add documentation: note the covered behaviour in the test module header comment.
- Include NatSpec-style doc comments (
///) on any test helpers.
- Validate security: the throttle cannot be bypassed and cannot be reset early by the agent.
- Test and commit
Test and commit
- Run
cargo fmt --all -- --check, cargo build, and cargo test.
- Cover edge cases: cap reached then window rollover, single huge request exceeding cap, window length of one second, limiter half-configured (cap set, window zero).
- Include the full
cargo test output and a short security notes section in the PR description.
Example commit message
test: cover fixed-window rate limiter and RateLimitExceeded gate
Guidelines
- Minimum 95 percent test coverage for impacted modules.
- Clear, reviewer-focused documentation.
- Timeframe: 96 hours.
Community & contribution rewards
- 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
- ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.
Test the rate-limit window math and RateLimitExceeded gate
Description
The fixed-window rate limiter in
record_usageincontracts/escrow/src/lib.rs—MaxRequestsPerWindow,WindowSeconds, theRateWindow(Address)state, and theRateLimitExceeded (#15)error — has no coverage incontracts/escrow/src/test.rs. Nothing asserts that the limiter is disabled by default, that a within-window over-cap call panics#15, or that the window correctly rolls forward oncenow >= window_start + window_seconds. This issue closes that gap by driving the ledger clock across window boundaries.Requirements and context
Agentpay-Org/Agentpay-contractsonly.0(default) allows unbounded calls; enabled + cumulative requests exceed cap within the window → panic#15; exactly-at-cap succeeds.env.ledger().with_mut, the count resets and recording succeeds again; the window anchors at the first in-window call.window_startfixed).#[should_panic(expected = "Error(Contract, #15)")]matching the existing test conventions; test-only change unless a genuine bug surfaces.Suggested execution
git checkout -b test/contracts-rate-limit-testscontracts/escrow/src/lib.rs— no changes expected; only touch if a bug is found.contracts/escrow/src/test.rs— the rate-limit scenarios above.///) on any test helpers.Test and commit
cargo fmt --all -- --check,cargo build, andcargo test.cargo testoutput and a short security notes section in the PR description.Example commit message
test: cover fixed-window rate limiter and RateLimitExceeded gateGuidelines
Community & contribution rewards