feat(core): add RPC rate limiting and retry handling

[akuligowski9]

Summary

Addresses #44 — users on free-tier RPC endpoints hit HTTP 429 (Too Many Requests) errors during buy transactions.

• Token bucket rate limiter (src/core/rpc_rate_limiter.py) — gates all RPC calls to respect node.max_rps from bot YAML config (default 25 RPS)
• Retry + 429 handling in post_rpc() — 3 retries with exponential backoff, jitter, and Retry-After header support
• Shared aiohttp session — replaces per-call session creation in post_rpc(), reducing TCP connection overhead
• Rate limiter on all solana-py methods — get_account_info(), get_token_account_balance(), get_latest_blockhash(), build_and_send_transaction(), confirm_transaction()
• Config wiring — node.max_rps from YAML configs now flows through bot_runner → UniversalTrader → SolanaClient
• Cleanup abstraction fix — cleanup manager and learning example no longer bypass SolanaClient via direct get_client() calls

Test plan

• Verify bot starts without errors with existing YAML configs
• Test with a low node.max_rps value (e.g., 5) to confirm rate limiting throttles requests
• Confirm 429 responses trigger retry with backoff instead of crashing
• Verify cleanup operations still work correctly through the SolanaClient abstraction
• Run ruff check and ruff format — no new lint violations introduced

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Built-in configurable RPC rate limiting (token-bucket) with a default cap and per-request enforcement.
  • Automatic retry with exponential backoff for rate-limit responses (429).

• Improvements

  • Shared HTTP session for more efficient RPC use and more resilient request handling.
  • Streamlined account cleanup flow in examples: combined burn+close and simpler existence checks.
  • Node provider rate control surfaced to tooling.

• Documentation

  • README section on RPC rate limiting and small comment text updates.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a token-bucket RPC rate limiter, shared aiohttp session, and retry/backoff (429) to the Solana client; exposes configurable max_rps through UniversalTrader and bot_runner; simplifies ATA cleanup logic and updates example and bot YAML comment lines and README docs. (≤50 words)

Changes

Cohort / File(s)	Summary
Bot configuration comments bots/bot-sniper-1-geyser.yaml, bots/bot-sniper-2-logs.yaml, bots/bot-sniper-3-blocks.yaml, bots/bot-sniper-4-pp.yaml	Single-line comment edits: removed " (not implemented)" from Node provider configuration headers; no functional changes.
Rate limiter implementation src/core/rpc_rate_limiter.py	New TokenBucketRateLimiter class (async token-bucket) with acquire()/_refill logic; validates max_rps and manages burst behavior.
Solana client: session, rate limiting, retries src/core/client.py	SolanaClient now accepts max_rps, maintains a shared aiohttp session with lock, uses TokenBucketRateLimiter on key RPC calls, and adds post_rpc retry/backoff with 429 and Retry-After handling.
Plumb max_rps through trader and runner src/trading/universal_trader.py, src/bot_runner.py	Added max_rps parameter to UniversalTrader.__init__ (default 25.0) and pass max_rps to SolanaClient from both UniversalTrader and bot_runner.
Cleanup flow and example update src/cleanup/manager.py, learning-examples/cleanup_accounts.py	Cleanup now validates ATA existence via direct RPC get_account_info with exception-based handling; example consolidates burn+close into a single transaction and simplifies logging/control flow.
Documentation README.md	Added "Built-in RPC Rate Limiting" section, documented token-bucket behavior, retry/backoff, shared session, and updated changelog/status items.

Sequence Diagram(s)

sequenceDiagram
    participant App as Application
    participant Client as SolanaClient
    participant Limiter as TokenBucketRateLimiter
    participant RPC as Solana RPC

    App->>Client: get_account_info(pubkey)
    Client->>Limiter: acquire()
    alt token available
        Limiter-->>Client: token granted
    else wait for tokens
        Limiter->>Limiter: compute wait & sleep
        Limiter-->>Client: token granted
    end
    Client->>RPC: POST / (RPC body)
    alt 200 OK
        RPC-->>Client: 200 + result
        Client-->>App: return result
    else 429 Too Many Requests
        RPC-->>Client: 429 (+Retry-After?)
        Client->>Client: backoff + jitter, decrement retries
        Client->>RPC: POST / (retry)
        RPC-->>Client: result or 429
        Client-->>App: return result or None
    else network/error
        Client->>Client: retry loop until max_retries
        Client->>RPC: POST / (retry)
        RPC-->>Client: result or error
        Client-->>App: return result or None
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Refactor platform support, add letsbonk #127 — Related constructor/plumbing changes to UniversalTrader and bot initialization surfaces where parameters are added or refactored.
• Add mayhem mode support and Token2022 integration #149 — Related changes around token structures and trading plumbing; overlaps in trading/client areas affected by this PR.

Poem

🐰 Tokens tap-tap in a tiny drum,

RPCs pause, then scurry along;
Backoff hums soft, jitter keeps time,
The rabbit waits patient—requests in rhyme,
Hop, refill, and carry on.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(core): add RPC rate limiting and retry handling' clearly and concisely summarizes the main changes across the PR, which introduces a token bucket rate limiter and retry logic for RPC requests.
Docstring Coverage	✅ Passed	Docstring coverage is 90.91% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

learning-examples/cleanup_accounts.py (1)

40-71: ⚠️ Potential issue | 🟠 Major

Burn transaction is not confirmed before attempting close.

On Line 52 the burn transaction is sent without confirm_transaction, but Line 65 sends a separate close transaction immediately after. If the burn hasn't landed on-chain yet, the close will fail because the account still has a non-zero balance.

In contrast, src/cleanup/manager.py correctly batches burn and close into a single transaction. Consider either confirming the burn before closing, or combining both instructions into one transaction as the manager does.

Proposed fix: combine into a single transaction

+        instructions = []
         balance = await client.get_token_account_balance(account)
         if balance > 0:
             logger.info(f"Burning {balance} tokens from account {account}...")
             burn_ix = burn(
                 BurnParams(
                     account=account,
                     mint=mint,
                     owner=wallet.pubkey,
                     amount=balance,
                     program_id=TOKEN_PROGRAM,
                 )
             )
-            await client.build_and_send_transaction([burn_ix], wallet.keypair)
-            logger.info(f"Burned tokens from {account}")
+            instructions.append(burn_ix)

         # Account exists, attempt to close it
         logger.info(f"Closing account: {account}")
         close_params = CloseAccountParams(
             account=account,
             dest=wallet.pubkey,
             owner=wallet.pubkey,
             program_id=TOKEN_PROGRAM,
         )
         ix = close_account(close_params)
+        instructions.append(ix)

-        tx_sig = await client.build_and_send_transaction(
-            [ix],
+        tx_sig = await client.build_and_send_transaction(
+            instructions,
             wallet.keypair,
             skip_preflight=True,
         )
         await client.confirm_transaction(tx_sig)
-        logger.info(f"Closed successfully: {account}")
+        logger.info(f"Burned and closed successfully: {account}")

🤖 Fix all issues with AI agents

In `@src/bot_runner.py`:
- Around line 140-141: TokenBucketRateLimiter currently allows non-positive
max_rps which causes ZeroDivisionError in acquire() and broken replenishment;
add validation in TokenBucketRateLimiter.__init__ to check the max_rps parameter
and raise a ValueError if max_rps <= 0 (e.g., "max_rps must be positive, got
{max_rps}") so callers supplying zero or negative values fail fast and avoid
runtime errors in acquire() and token refill logic.

In `@src/core/client.py`:
- Around line 506-508: The JSONDecodeError except block is effectively dead
because response.json() raises aiohttp.ContentTypeError (a ClientError
subclass); update the error handling in the try/except around response.json() so
that malformed JSON fails immediately instead of being retried: either catch
aiohttp.ContentTypeError specifically (in addition to or instead of
json.JSONDecodeError) or move the json decode exception handler before the
broader aiohttp.ClientError catch, and ensure the logger.exception call for
logger.exception(f"Failed to decode RPC response for {method}") is executed in
that specific ContentTypeError handler so malformed payloads are not swallowed
by the ClientError retry logic.
- Around line 471-485: The Retry-After header parsing can raise ValueError when
it's an HTTP-date string; wrap the parsing logic in a try/except in the 429
handling block (the code using response.headers.get("Retry-After"), retry_after,
wait_time, method, attempt, max_retries) so you first try to parse numeric
seconds (float) and on ValueError attempt to parse an HTTP-date into a datetime
and compute seconds until that date, and if that also fails or yields a negative
value fall back to the existing exponential-backoff default (min(2 ** (attempt +
1), 30)); ensure any exceptions are caught so they don't escape the retry loop
and keep the existing logging and sleep behavior.
- Around line 109-119: The _get_session method can create multiple
aiohttp.ClientSession instances under concurrent calls; add an asyncio.Lock
field initialized in __init__ (e.g., self._session_lock = asyncio.Lock()) and
use it to serialize session creation in _get_session (acquire via async with
self._session_lock) so only one caller creates and assigns self._session when
self._session is None or closed, then return the shared session; reference the
_get_session method, __init__, self._session, and aiohttp.ClientSession when
updating the code.

In `@src/core/rpc_rate_limiter.py`:
- Around line 23-28: Validate and normalize the incoming max_rps in
RpcRateLimiter.__init__: raise a clear ValueError if max_rps is not > 0, and
compute burst_size using a non-zero ceiling (e.g., burst_size = max(1,
math.ceil(max_rps))) instead of int(max_rps) so fractional rates like 0.5 don't
produce a zero burst; keep _tokens as float(self._burst_size) and retain
existing refill/acquire logic so tokens and refill math work with fractional
rates without causing ZeroDivisionError or infinite loops.

[akuligowski9]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@README.md`:
- Around line 201-202: The Markdown table rows containing "Error handling |
Improving error handling | ✅ |" and "Configurable RPS | Ability to set RPS in
the config to match your provider's and plan RPS (preferably
[Chainstack](https://console.chainstack.com/) 🤩) | ✅ |" have trailing pipes
that trigger markdownlint MD055; remove the final trailing pipe from each of
these rows so they end with "✅" instead of "✅ |". Ensure you update the lines
that include "Error handling" and "Configurable RPS" in the README table to
match the pipe style used by other rows.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix MD055 table pipe style (remove trailing pipe).
markdownlint flags trailing pipes on these rows.

🛠️ Proposed fix

-| | Error handling | Improving error handling | ✅ |
-| | Configurable RPS | Ability to set RPS in the config to match your provider's and plan RPS (preferably [Chainstack](https://console.chainstack.com/) 🤩) | ✅ |
+| | Error handling | Improving error handling | ✅
+| | Configurable RPS | Ability to set RPS in the config to match your provider's and plan RPS (preferably [Chainstack](https://console.chainstack.com/) 🤩) | ✅

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| | Error handling | Improving error handling | ✅ |
	| | Configurable RPS | Ability to set RPS in the config to match your provider's and plan RPS (preferably [Chainstack](https://console.chainstack.com/) 🤩) | ✅ |
	| | Error handling | Improving error handling | ✅
	| | Configurable RPS | Ability to set RPS in the config to match your provider's and plan RPS (preferably [Chainstack](https://console.chainstack.com/) 🤩) | ✅

🧰 Tools

🪛 markdownlint-cli2 (0.20.0)

[warning] 201-201: Table pipe style
Expected: leading_only; Actual: leading_and_trailing; Unexpected trailing pipe

(MD055, table-pipe-style)

---

[warning] 202-202: Table pipe style
Expected: leading_only; Actual: leading_and_trailing; Unexpected trailing pipe

(MD055, table-pipe-style)

🤖 Prompt for AI Agents

In `@README.md` around lines 201 - 202, The Markdown table rows containing "Error
handling | Improving error handling | ✅ |" and "Configurable RPS | Ability to
set RPS in the config to match your provider's and plan RPS (preferably
[Chainstack](https://console.chainstack.com/) 🤩) | ✅ |" have trailing pipes
that trigger markdownlint MD055; remove the final trailing pipe from each of
these rows so they end with "✅" instead of "✅ |". Ensure you update the lines
that include "Error handling" and "Configurable RPS" in the README table to
match the pipe style used by other rows.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/core/rpc_rate_limiter.py`:
- Around line 24-31: The constructor __init__ currently has an overlong line and
doesn't validate an explicit burst_size; update it to enforce burst_size > 0
(raise ValueError with a short non-f-string message if burst_size <= 0), keep
the default behavior burst_size = max(1, math.ceil(max_rps)) when None,
initialize _tokens from the validated _burst_size, and ensure any long
expressions are split or assigned to temporaries so no line exceeds the
88-character limit; refer to symbols __init__, _burst_size, _tokens, and
_last_refill when making the changes.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Line 28 exceeds the 88-character limit; also validate explicit burst_size.

Two items in __init__:

1. Line length: Line 28 is ~96 characters, exceeding the 88-char Ruff/project limit.
2. Missing burst_size guard: If a caller explicitly passes burst_size=0 (or negative), _tokens starts at 0, _refill caps at 0, and acquire() loops forever — same class of bug that was just fixed for max_rps. Since burst_size can be supplied externally, a quick guard keeps the contract tight.
3. TRY003 (Ruff hint, line 26): The f-string message in ValueError is flagged by Ruff's TRY003 rule. A minor nit — defining a custom message constant or inlining a short message would silence it.

Proposed fix

     def __init__(self, max_rps: float, burst_size: int | None = None) -> None:
         if max_rps <= 0:
-            raise ValueError(f"max_rps must be positive, got {max_rps}")
+            msg = f"max_rps must be positive, got {max_rps}"
+            raise ValueError(msg)
         self._max_rps = max_rps
-        self._burst_size = burst_size if burst_size is not None else max(1, math.ceil(max_rps))
+        self._burst_size = (
+            burst_size if burst_size is not None
+            else max(1, math.ceil(max_rps))
+        )
+        if self._burst_size <= 0:
+            msg = f"burst_size must be positive, got {burst_size}"
+            raise ValueError(msg)
         self._tokens = float(self._burst_size)
         self._last_refill = time.monotonic()
         self._lock = asyncio.Lock()

As per coding guidelines: "Limit lines to 88 characters", "Perform comprehensive input validation for externally sourced data", and "Comply with Ruff exception handling rules (BLE, TRY)".

🧰 Tools

🪛 Ruff (0.14.14)

[warning] 26-26: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

In `@src/core/rpc_rate_limiter.py` around lines 24 - 31, The constructor __init__
currently has an overlong line and doesn't validate an explicit burst_size;
update it to enforce burst_size > 0 (raise ValueError with a short non-f-string
message if burst_size <= 0), keep the default behavior burst_size = max(1,
math.ceil(max_rps)) when None, initialize _tokens from the validated
_burst_size, and ensure any long expressions are split or assigned to
temporaries so no line exceeds the 88-character limit; refer to symbols
__init__, _burst_size, _tokens, and _last_refill when making the changes.

[akuligowski9]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[smypmsa]

I pushed one fix on top. The 429 handling was counting rate-limit retries against the same max_retries budget as actual errors, which means free-tier users (the exact target audience here) could exhaust retries after just 3 consecutive 429s. Now 429s have their own separate budget (max_429_retries=10). Also moved the session refresh inside the retry loop so it doesn't go stale on network hiccups.