fix: no rate limiting if llm api calls

[slyang08]

Description

No rate limiting if LLM API calls when executed this CLI tool.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code refactoring
• Performance improvement
• Other (please describe):

Related Issue

Fixes #85

Changes Made

Add a rate limitation library in file createMsg.go and make an unit test file named createMsg_test.go under the folder cmd/cli/ to do the unit test with function generateMessage

Testing

• Tested with Gemini API
• Tested with Grok API
• Tested on Windows
• Tested on Linux
• Tested on macOS
• Added/updated tests (if applicable)

Checklist

• My code follows the project's code style
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have tested this in a real Git repository
• I have read the CONTRIBUTING.md guidelines

Screenshots (if applicable)

Additional Notes

---

For Hacktoberfest Participants

• This PR is submitted as part of Hacktoberfest 2025

Thank you for your contribution! 🎉

Summary by CodeRabbit

• New Features

  • API calls are now rate-limited to 5 requests per second with a burst capacity of 5, affecting message generation speed.

• Tests

  • Added concurrency tests to validate rate limiter performance under concurrent load.

[coderabbitai]

Walkthrough

The pull request introduces a global API rate limiter using golang.org/x/time/rate to throttle LLM API calls to 5 events per second with burst capacity of 5. The generateMessage function now waits on this limiter before invoking provider.Generate. A new test file validates concurrent call handling through 100 concurrent goroutines.

Changes

Cohort / File(s)	Summary
Rate Limiting Implementation cmd/cli/createMsg.go	Adds global apiRateLimiter variable (5 events/sec, burst 5), imports time and golang.org/x/time/rate, applies limiter in generateMessage to throttle API calls before provider invocation
Rate Limiter Testing cmd/cli/createMsg_test.go	Introduces new test file with FakeProvider type implementing llm.Provider interface; adds TestGenerateMessageRateLimiter concurrency test launching 100 goroutines to validate successful call handling under rate limiting

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant RateLimiter
    participant Provider
    participant API

    rect rgb(220, 240, 255)
    note over Caller,API: Concurrent generateMessage calls (e.g., 100 goroutines)
    end

    par Goroutine 1
        Caller->>RateLimiter: Wait (Reserve token)
    and Goroutine 2
        Caller->>RateLimiter: Wait (Queue/Block if needed)
    and Goroutine N
        Caller->>RateLimiter: Wait (Queue/Block if needed)
    end

    rect rgb(240, 255, 240)
    note over RateLimiter: Tokens released at 5 events/sec
    end

    loop As tokens become available
        RateLimiter->>Provider: Generate (allows through)
        Provider->>API: Make API call
        API-->>Provider: Response
        Provider-->>Caller: Return message
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

The changes introduce new concurrency-related logic with a rate limiter pattern, requiring careful verification of initialization, timing correctness, and thread-safety. The test suite adds comprehensive concurrent validation, but reviewers must assess whether the 5 events/sec configuration aligns with provider requirements and whether error handling for rate-limit exhaustion is properly managed.

Poem

🐰 Five calls a second, now that's quite fair,
No more rate limits causing despair!
One hundred bunnies hop through at once,
The limiter queues them (no more runts),
Smooth flowing API, hooray hooray! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check	❓ Inconclusive	The title "fix: no rate limiting if llm api calls" is grammatically incomplete and vague about what the fix actually accomplishes. The phrasing does not clearly convey whether the fix adds, removes, or modifies rate limiting behavior. While the title is tangentially related to the actual changes (which add rate limiting), the awkward construction and lack of clarity make it difficult for a teammate scanning the commit history to understand the primary change without additional context.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues Check	✅ Passed	The pull request directly addresses the requirement from issue #85 by implementing rate limiting for LLM API calls. The changes introduce a global rate limiter using golang.org/x/time/rate configured to 5 events per second with burst capacity of 5, apply it in the generateMessage function to throttle API calls, and include a concurrency-based test (TestGenerateMessageRateLimiter) that validates the rate limiting behavior under concurrent usage scenarios. These changes fulfill the objective to prevent rate limit errors and mitigate potential race conditions during concurrent API calls.
Out of Scope Changes Check	✅ Passed	All code changes in this pull request are directly related to the requirement in issue #85 to introduce rate limiting for LLM API calls. The addition of the apiRateLimiter global variable, the modification to the generateMessage function to apply rate limiting, and the new test file with rate limiter validation are all necessary and aligned with the stated objective. No unrelated changes such as documentation updates, style improvements, or unrelated feature additions are present.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

cmd/cli/createMsg_test.go (1)

20-48: Enhance test to verify actual rate limiting behavior.

The test correctly validates that all concurrent calls eventually succeed (rate limiter queues rather than rejects), but it has several limitations:

1. No timing verification: The test doesn't verify that rate limiting actually occurred. Consider measuring elapsed time and asserting it's approximately numCalls / 5 seconds (≈20 seconds for 100 calls).

2. Slow test: With 5 req/s and 100 calls, this test will take about 20 seconds to complete, which may be too slow for a unit test. Consider reducing to 10-20 calls for faster feedback.

3. Error handling: Line 34 uses t.Logf for rate limiter errors, which doesn't immediately fail the test. Errors only reduce successCount, which is checked at the end. This is acceptable but consider whether rate limiter errors should fail immediately.

Example improvement to verify timing:

 func TestGenerateMessageRateLimiter(t *testing.T) {
 	ctx := context.Background()
+	start := time.Now()
 	var waitGroup sync.WaitGroup
 	successCount := 0
 	var mu sync.Mutex
 
-	// Test sending a number of messages in a short period to check the rate limiter
-	numCalls := 100
+	numCalls := 20  // Reduced for faster test execution
 	waitGroup.Add(numCalls)
 	for i := 0; i < numCalls; i++ {
 		go func() {
 			defer waitGroup.Done()
 			_, err := generateMessage(ctx, FakeProvider{}, "", nil)
 			if err != nil {
-				t.Logf("rate limiter error: %v", err)
+				t.Errorf("rate limiter error: %v", err)
 				return
 			}
 			mu.Lock()
 			successCount++
 			mu.Unlock()
 		}()
 	}
 	waitGroup.Wait()
+	elapsed := time.Since(start)
 
 	t.Logf("Successful calls: %d out of %d", successCount, numCalls)
+	t.Logf("Elapsed time: %v", elapsed)
+	
+	// With 5 req/s, expect at least (numCalls-5)/5 seconds (accounting for burst)
+	expectedMinDuration := time.Duration(numCalls-5) * time.Second / 5
+	if elapsed < expectedMinDuration {
+		t.Errorf("rate limiting may not be working: completed too quickly (elapsed: %v, expected: >%v)", elapsed, expectedMinDuration)
+	}
+	
 	if successCount != numCalls {
 		t.Errorf("expected %d successful calls but got %d", numCalls, successCount)
 	}
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9138c7b and 363c20f.

📒 Files selected for processing (2)

• cmd/cli/createMsg.go (3 hunks)
• cmd/cli/createMsg_test.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

cmd/cli/createMsg_test.go (1)

pkg/types/options.go (1)

• GenerationOptions (4-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Build Go Binary (ubuntu-latest)
• GitHub Check: Build Go Binary (macos-latest)
• GitHub Check: Build Go Binary (windows-latest)
• GitHub Check: Test (1.22)
• GitHub Check: Test (1.23)
• GitHub Check: Test (1.21)

🔇 Additional comments (4)

cmd/cli/createMsg.go (3)

11-11: LGTM!

The imports are appropriate for implementing rate limiting functionality.

Also applies to: 22-22

---

302-307: LGTM! Correct rate limiter application.

The implementation properly waits for rate limiter permission before making the API call and handles context cancellation correctly.

---

25-27: Clarify the comment and reconsider the rate limit strategy.

The review comment identifies valid concerns:

1. Misleading comment: The phrasing "Burst once every 5 times per second" does not clearly describe that the limiter allows 5 requests per second with burst capacity of 5.

2. Global limit for all providers: The codebase supports 6 providers (OpenAI, Claude, Gemini, Grok, Groq, Ollama), each with different API rate limits. The global 5 req/s limit applies uniformly without provider awareness.

3. Unjustified rate choice: No documentation or constant exists explaining why 5 req/s was selected. This appears arbitrary.

4. Limited effectiveness for stated use case: Within a single CreateCommitMsg invocation, generateMessage is called sequentially (lines 128 and 191), meaning the per-process rate limiter provides minimal value unless multiple CLI processes run in parallel.

The comment should be clarified and the rate limiting strategy reconsidered to either be provider-specific or made configurable.

cmd/cli/createMsg_test.go (1)

11-18: FakeProvider is correctly implemented; both review concerns are unfounded.

The verification reveals:

1. Type compatibility is not an issue. types.LLMProvider is defined as type LLMProvider string, making the string literal "fake" fully compatible and type-safe.

2. Missing delay is not needed. Rate limiting is implemented in the generateMessage() function via apiRateLimiter.Wait(ctx) (called before provider.Generate()), not within the provider mock itself. The test verifies that all 100 concurrent calls succeed by checking the apiRateLimiter mechanism—adding delay to the mock would serve no purpose and wouldn't improve test coverage.

FakeProvider correctly implements the two required methods of the Provider interface and is appropriate for the test.

Likely an incorrect or invalid review comment.

[DFanso]

approved 🎊