docs: rate limits table with search

[unatasha8]

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Further comments

Summary by CodeRabbit

• New Features

  • Interactive rate limits table with tier/env filters, endpoint search, and highlighted thresholds.
  • Automatic generation and inclusion of rate-limits data (rate-limits.json) for docs.

• Documentation

  • Reorganized rate limits docs into legacy and new sections with project/endpoint breakdowns.

• Chores

  • Updated dependencies and added Docusaurus plugin for SVG handling.
  • Excluded rate-limits.json from automatic formatting.

[jhickmanit]

Should we split the technical below into another document? It feels odd to get into the "how" when we are explaining the why above.

[unatasha8]

I think if we split it, they won't see/read it... the above is 'what' project rate limits are and below is 'how' they need to implement them

[tricky42]

Hey Una,

Here's the banner text, along with a proposal for a small restructuring that I think makes the overall navigation cleaner.

Proposed structure

Three pages:

• /rate-limits — new parent/overview page (already drafted, can share the file)
• /rate-limits-legacy — the current /rate-limits content, unchanged
• /rate-limits-new — stays as-is

The key benefit: since /rate-limits becomes the overview page, every customer who has that URL bookmarked will automatically land there and see the migration notice — before navigating to whichever detail page applies to them. No extra promotion needed; the restructuring does the communication work for us.

New visitors coming via search will also land on the overview first, which means everyone gets context on old vs. new before diving into the details.

The banners on the detail pages are then a secondary safety net for anyone who arrives there directly.

Banner text for /rate-limits-legacy:

This page describes the legacy rate limiting system, which applies to existing Ory Network customers who haven't been migrated yet. If you're a new customer or have already been migrated, see the new rate limits. Learn about both systems and the migration plan → /docs/guides/rate-limits

Banner text for /rate-limits-new:

This page describes the new rate limiting system, which applies to all new Ory Network customers and existing customers after migration. If you're an existing customer and haven't received a migration notice yet, see the legacy rate limits. Learn about both systems and the migration plan → /docs/guides/rate-limits

Both banners: info severity.

One open item on the parent page: I included a note that customers can check which system applies to them in the Ory Console under Settings → Rate Limits. That's just an idea for now — would actually be quite simple to implement and a nice touch, but it's not there yet. I've marked it as a placeholder so we can either build it or drop the reference before publishing.

Let me know if the restructuring works for you!

rate-limits.md

outdated

[Copilot]

Pull request overview

This PR updates the Ory Network rate limits documentation to support a new “bucket-based” rate limiting policy rollout, and introduces an interactive rate limits table (with filtering/search) powered by CSV → JSON generation during the Docusaurus build.

Changes:

• Add a build-time plugin + CSV-backed data pipeline that generates src/static/rate-limits.json for client-side consumption.
• Introduce a RateLimitsTable React component with tier/env selection and API path search/highlighting.
• Restructure rate limit docs into “new/legacy/project/endpoint” pages and update sidebars accordingly.

Reviewed changes

Copilot reviewed 22 out of 23 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/static/rate-limits.json	Generated/static rate limits dataset consumed by the table UI.
src/sidebar-old.ts	Adds nested “Rate limits” sidebar structure in the legacy sidebar config.
src/plugins/docusaurus-rate-limits-data/index.ts	New Docusaurus plugin to generate rate-limits.json from CSV inputs.
src/plugins/docusaurus-polyfill/index.js	Updates webpack polyfills/fallbacks (currently has a config bug).
src/lib/rate-limits/types.ts	Adds typed domain model + CSV normalization maps.
src/lib/rate-limits/provider.ts	Adds provider indirection (default CSV provider).
src/lib/rate-limits/index.ts	Barrel exports for rate limits lib.
src/lib/rate-limits/data/bucket-to-threshold.csv	Adds/updates rate limit thresholds per bucket/tier/env.
src/lib/rate-limits/data/bucket-to-endpoints.csv	Adds/updates endpoint → bucket mappings.
src/lib/rate-limits/csv-provider.ts	Implements the CSV provider for endpoints/thresholds.
src/components/RateLimitsTable/types.ts	UI-side types for the table data.
src/components/RateLimitsTable/index.tsx	New interactive table component with tier/env selection + search.
sidebars.ts	Adds nested “Rate limits” sidebar structure in the main sidebar config.
package.json	Adds @docusaurus/plugin-svgr and updates axios version.
package-lock.json	Lockfile updates from dependency changes.
docusaurus.config.ts	Registers the new data plugin and enables svgr plugin usage.
docs/guides/rate-limits.mdx	Rewrites the top-level rate limits page for the migration and new structure.
docs/guides/rate-limits-project.mdx	Adds “Project rate limits” page embedding the interactive table.
docs/guides/rate-limits-new.mdx	Adds “new policy” page and guidance (headers, 429 handling, load testing).
docs/guides/rate-limits-legacy.mdx	Restores legacy policy details as a separate page.
docs/guides/rate-limit-endpoint.mdx	Adds endpoint-based rate limits page (inflight/volumetric overview).
docs/guides/load-performance-testing.mdx	Adds load/performance testing policy page and sidebar entry.
.prettierignore	Ignores rate-limits.json for formatting.

Comments suppressed due to low confidence (1)

src/plugins/docusaurus-polyfill/index.js:32

• configureWebpack returns an object with two resolve keys; in JavaScript the latter overwrites the former, so the buffer fallback (and any other settings added earlier) are dropped. Merge these into a single resolve object (e.g., one resolve.fallback containing both buffer and path) to ensure both polyfills are applied.

        resolve: {
          fallback: {
            path: require.resolve("path-browserify"),
          },
        },

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: d2587aa6-b86c-4827-97fb-3b88f2ae366e

📥 Commits

Reviewing files that changed from the base of the PR and between 9b5c4bd and b5d56db.

⛔ Files ignored due to path filters (1)

• docs/guides/rate-limits-project.mdx is excluded by !**/*.mdx

📒 Files selected for processing (2)

• sidebars.ts
• src/sidebar-old.ts

💤 Files with no reviewable changes (2)

• sidebars.ts
• src/sidebar-old.ts

---

📝 Walkthrough

Walkthrough

This PR adds a rate-limits display system: domain types and provider, a CSV-backed provider, a Docusaurus plugin that emits src/static/rate-limits.json at build time, a React RateLimitsTable component that reads that JSON, and site/config changes to integrate the feature.

Changes

Rate Limits Feature

Layer / File(s)	Summary
Type contracts and provider pattern src/lib/rate-limits/types.ts, src/lib/rate-limits/provider.ts, src/lib/rate-limits/index.ts	Core types define Tier, Env, EndpointRow, and ThresholdRow. RateLimitsProvider interface and getProvider()/setProvider() singleton accessor added.
CSV provider and data loading src/lib/rate-limits/csv-provider.ts	CSV-backed provider reads bucket-to-endpoints.csv and bucket-to-threshold.csv, validates headers, parses and normalizes rows, deduplicates thresholds by (bucket,tier,env), and supports filtering by tier/env/bucket.
Rate-limits table React component src/components/RateLimitsTable/types.ts, src/components/RateLimitsTable/index.tsx	New component and types that fetch rate-limits.json via useBaseUrl, manage tier/env/search (debounced), compute filtered thresholds and endpoint matches, and render an interactive table with highlights.
Rate-limits JSON generation plugin src/plugins/docusaurus-rate-limits-data/index.ts	Docusaurus plugin that instantiates the CSV provider, fetches endpoints and thresholds, ensures src/static exists, and writes rate-limits.json.
Build configuration and dependencies docusaurus.config.ts, package.json, src/plugins/docusaurus-polyfill/index.js, .prettierignore	Registers the rate-limits plugin, adds @docusaurus/plugin-svgr, upgrades axios, enhances webpack polyfills/resolution, and excludes rate-limits.json from Prettier.
Static data and documentation routing src/static/rate-limits.json, sidebars.ts, src/sidebar-old.ts	Adds static rate-limits JSON data and restructures API sidebars to include legacy and new rate-limits documentation sections.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I nibble CSV crumbs in moonlit code,

Build-time plugin hums down the road,

JSON hops into static ground,

Table shows limits nicely found,

Docs now bloom where buckets are sowed. 🐰

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: rate limits table with search' accurately summarizes the main change: adding an interactive, searchable rate limits table component to the documentation.
Description check	✅ Passed	The PR description references a Notion design document and acknowledges the contributing guidelines and security policy, meeting core template requirements. However, it lacks specific references to the related issue/design document in the required format, and test/documentation completion is marked incomplete.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/rate-limits-table-with-search

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/plugins/docusaurus-polyfill/index.js (1)

8-33: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Merge duplicate resolve blocks.

The webpack configuration contains two resolve blocks (lines 13-17 and lines 28-32) at the same level of the returned object. JavaScript objects cannot have duplicate keys; the second declaration overwrites the first, causing the buffer fallback to be lost.

🔧 Proposed fix to merge resolve.fallback entries

       return {
         mergeStrategy: { "module.rules": "prepend" },
         plugins: [
           new NodePolyfillPlugin(),
         ],
         resolve: {
           fallback: {
             buffer: require.resolve("buffer/"),
+            path: require.resolve("path-browserify"),
           },
         },
         module: {
           rules: [
             {
               test: /\.m?js$/,
               resolve: {
                 fullySpecified: false,
               },
             },
           ],
         },
-        resolve: {
-          fallback: {
-            path: require.resolve("path-browserify"),
-          },
-        },
       }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/plugins/docusaurus-polyfill/index.js` around lines 8 - 33, The returned
webpack config currently declares two duplicate resolve blocks causing the first
fallback (buffer) to be overwritten by the second (path); merge them into a
single resolve object so resolve.fallback contains both entries. Edit the object
returned in the function that builds the config (the block with mergeStrategy,
plugins: [new NodePolyfillPlugin()], module.rules) and replace the duplicate
resolve declarations with one resolve: { fallback: { buffer:
require.resolve("buffer/"), path: require.resolve("path-browserify") } } so both
fallbacks are preserved.

🧹 Nitpick comments (2)

src/components/RateLimitsTable/types.ts (1)

10-25: ⚡ Quick win

Use shared Tier/Env contracts instead of broad string fields.

At Line 12–13, tier and env are typed as string, which drops compile-time guarantees from the source contract and makes drift easier.

Proposed refactor

+import type { Env, Tier } from "../../lib/rate-limits/types"
+
 export interface EndpointRow {
   method: string
   path: string
   bucket: string
 }
 
 export interface ThresholdRow {
   bucket: string
-  tier: string
-  env: string
+  tier: Tier
+  env: Env
   rpm: number
   rps: number
 }
@@
-export type Tier = "Developer" | "Production" | "Growth" | "Enterprise"
-export type Env = "Development" | "Staging" | "Production"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/RateLimitsTable/types.ts` around lines 10 - 25, ThresholdRow
currently uses broad string types for tier and env which breaks compile-time
guarantees; update ThresholdRow to use the shared Tier and Env contract types
instead of string by importing the canonical Tier and Env types (or re-exported
aliases) and changing the properties to use those types (ThresholdRow.tier and
ThresholdRow.env). Make the same substitution anywhere ThresholdRow is consumed
(e.g., RateLimitsData) so the module consistently uses the shared Tier/Env
contracts.

src/static/rate-limits.json (1)

1-1: ⚡ Quick win

Consider excluding generated rate-limits.json from version control.

According to the PR context, this file is generated by the docusaurus-rate-limits-data plugin at build time. Checking in generated artifacts can lead to:

• Sync issues if CSV sources change but this JSON isn't regenerated
• Merge conflicts when multiple developers work on rate-limits
• Confusion about the source of truth

If this file is indeed generated at build time, consider adding it to .gitignore:

# .gitignore
+src/static/rate-limits.json

If the file needs to be checked in as a fallback for development, document this decision clearly in the README or plugin documentation.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/static/rate-limits.json` at line 1, The checked-in generated artifact
src/static/rate-limits.json should be excluded from version control; remove it
from the repo index (git rm --cached src/static/rate-limits.json), add
src/static/rate-limits.json to .gitignore, and if you must keep a fallback copy,
document that exception in the README or the docusaurus-rate-limits-data plugin
docs so contributors know when to regenerate it.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/components/RateLimitsTable/index.tsx`:
- Around line 23-35: The effect in the RateLimitsTable component uses fetch
without aborting, so create an AbortController inside the useEffect, pass
controller.signal to fetch (the call in the effect that uses baseUrl), and in
the cleanup function call controller.abort() to cancel in-flight requests on
unmount or re-run; update the .catch handler to ignore AbortError (or check
error.name === 'AbortError') before calling setError, and ensure
setLoading(false) still runs appropriately (e.g., in finally but guarded against
aborted requests) so state setters are not invoked for aborted/stale responses.

In `@src/lib/rate-limits/csv-provider.ts`:
- Around line 97-107: The CSV parsing currently silently coerces unknown
tiers/envs and malformed rpm/rps to defaults; update the mapping logic (where
TIER_FROM_CSV and ENV_FROM_CSV are used and parseInt is applied to rpm/rps) to
validate inputs and fail fast: if TIER_FROM_CSV[r[1]] or ENV_FROM_CSV[r[2]] are
undefined (and the raw value is not a valid Tier/Env), throw a descriptive error
identifying the bucket and invalid value, and for rpm/rps use Number parsing and
reject NaN/negative values (throw an error) instead of falling back to 0 so bad
CSV rows surface immediately. Ensure the thrown errors include the bucket and
the offending CSV cell to aid debugging.

---

Outside diff comments:
In `@src/plugins/docusaurus-polyfill/index.js`:
- Around line 8-33: The returned webpack config currently declares two duplicate
resolve blocks causing the first fallback (buffer) to be overwritten by the
second (path); merge them into a single resolve object so resolve.fallback
contains both entries. Edit the object returned in the function that builds the
config (the block with mergeStrategy, plugins: [new NodePolyfillPlugin()],
module.rules) and replace the duplicate resolve declarations with one resolve: {
fallback: { buffer: require.resolve("buffer/"), path:
require.resolve("path-browserify") } } so both fallbacks are preserved.

---

Nitpick comments:
In `@src/components/RateLimitsTable/types.ts`:
- Around line 10-25: ThresholdRow currently uses broad string types for tier and
env which breaks compile-time guarantees; update ThresholdRow to use the shared
Tier and Env contract types instead of string by importing the canonical Tier
and Env types (or re-exported aliases) and changing the properties to use those
types (ThresholdRow.tier and ThresholdRow.env). Make the same substitution
anywhere ThresholdRow is consumed (e.g., RateLimitsData) so the module
consistently uses the shared Tier/Env contracts.

In `@src/static/rate-limits.json`:
- Line 1: The checked-in generated artifact src/static/rate-limits.json should
be excluded from version control; remove it from the repo index (git rm --cached
src/static/rate-limits.json), add src/static/rate-limits.json to .gitignore, and
if you must keep a fallback copy, document that exception in the README or the
docusaurus-rate-limits-data plugin docs so contributors know when to regenerate
it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 3e5fad81-bb9c-43ef-813d-a999bc806f6d

📥 Commits

Reviewing files that changed from the base of the PR and between 5405c36 and 9b5c4bd.

⛔ Files ignored due to path filters (9)

• docs/guides/load-performance-testing.mdx is excluded by !**/*.mdx
• docs/guides/rate-limit-endpoint.mdx is excluded by !**/*.mdx
• docs/guides/rate-limits-legacy.mdx is excluded by !**/*.mdx
• docs/guides/rate-limits-new.mdx is excluded by !**/*.mdx
• docs/guides/rate-limits-project.mdx is excluded by !**/*.mdx
• docs/guides/rate-limits.mdx is excluded by !**/*.mdx
• package-lock.json is excluded by !**/package-lock.json
• src/lib/rate-limits/data/bucket-to-endpoints.csv is excluded by !**/*.csv
• src/lib/rate-limits/data/bucket-to-threshold.csv is excluded by !**/*.csv

📒 Files selected for processing (14)

• .prettierignore
• docusaurus.config.ts
• package.json
• sidebars.ts
• src/components/RateLimitsTable/index.tsx
• src/components/RateLimitsTable/types.ts
• src/lib/rate-limits/csv-provider.ts
• src/lib/rate-limits/index.ts
• src/lib/rate-limits/provider.ts
• src/lib/rate-limits/types.ts
• src/plugins/docusaurus-polyfill/index.js
• src/plugins/docusaurus-rate-limits-data/index.ts
• src/sidebar-old.ts
• src/static/rate-limits.json

[tricky42]

Picked up the Copilot review. Two items applied in this PR (the keto-admin-high → keto-admin-low fix and the self-referencing callout removal in rate-limits-project.mdx).

The remaining three feel out of scope for this PR; want your call on how to handle them:

1. sidebars.ts:87 and src/sidebar-old.ts:104: Copilot flags the editorial arrow comments (// ← restored items array, // ← New rate limits as nested category) as looking like temporary author notes. They predate this PR. Drop them as part of a follow-up, or leave for now?

2. package.json:39: @docusaurus/plugin-svgr is pinned to ^3.9.2 while every other @docusaurus/* package is on 3.10.0. Also predates this PR. Bump to 3.10.0 here, do it in a separate dependency-housekeeping PR, or leave?

@wassimoo @unatasha8 what do you prefer?

[wassimoo]

Picked up the Copilot review. Two items applied in this PR (the keto-admin-high → keto-admin-low fix and the self-referencing callout removal in rate-limits-project.mdx).

The remaining three feel out of scope for this PR; want your call on how to handle them:

1. sidebars.ts:87 and src/sidebar-old.ts:104: Copilot flags the editorial arrow comments (// ← restored items array, // ← New rate limits as nested category) as looking like temporary author notes. They predate this PR. Drop them as part of a follow-up, or leave for now?
2. package.json:39: @docusaurus/plugin-svgr is pinned to ^3.9.2 while every other @docusaurus/* package is on 3.10.0. Also predates this PR. Bump to 3.10.0 here, do it in a separate dependency-housekeeping PR, or leave?

@wassimoo @unatasha8 what do you prefer?

@tricky42 Thanks, I have removed the trailing comments, although these copilot comments seemed like nitpicking to me.