Proposal: Add Client-Side Rate Limiting to prevent API credit draining #1989
Description
Hi! Love the project.
One major issue with public AI apps is that bots can easily spam the chat endpoints, draining the owner's OpenAI/Anthropic API credits in minutes.
[1] Traditional rate limiting (IP-based) is often too complex to set up for a starter kit (requires Redis/KV).
I've built a tiny, open-source library called IronWall SDK.
It uses Client-Side Proof-of-Work to force the browser to solve a cryptographic puzzle before sending a message.
[1][4] * Stops Bots: Making 1,000 requests becomes computationally expensive for the attacker.
[1] * Saves Money: Protects the OPENAI_API_KEY quota without any backend DB setup.
[1] * Tiny: 3KB (vs Google reCAPTCHA).
Proposal:
I can submit a PR that adds an optional BotProtection wrapper around the chat input. It would be "Zero Config" for users (just an API key) and protect their wallets out of the box.
Docs: https://ironwall-protocol.xyz/docs
Let me know if you'd welcome a PR for this!