{
  "$type": "site.standard.document",
  "canonicalUrl": "https://devlog.croft.click/2025/11/15/pds-dos-incident",
  "description": "Accidentally rate-limited the entire PDS by blasting records at the API — the lesson that built Malachite's rate limiting.",
  "path": "/2025/11/15/pds-dos-incident",
  "publishedAt": "2025-11-15T12:00:00.000Z",
  "site": "at://did:plc:ofrbh253gwicbkc5nktqepol/site.standard.publication/3mlen2qhzrt2s",
  "tags": [
    "atproto",
    "infra"
  ],
  "textContent": "pds rate limit incident\n\nAccidentally DoS'd the own PDS during early Malachite development. The initial JavaScript version had no rate limiting or error handling — it just blasted records at the API as fast as possible. The Bluesky AppView rate-limited the PDS for 24 hours, making it effectively unusable for everyone on it. The incident drove the complete TypeScript rewrite with proper rate limiting, batch management via com.atproto.repo.applyWrites, and the 7,500 records-per-day safety limit. The AppView enforces a 10,000 records/day threshold; exceeding it affects the entire PDS instance, not just the offending user.",
  "title": "PDS DoS Incident"
}