Description
Impose a hard upper bound on the number of active lock entries any single caller identity (or wallet) may hold simultaneously. Requests that would exceed this quota must be rejected with an appropriate error rather than written to the store. Complement the quota with a rate limit (e.g., maximum lock-creation requests per second per identity) to prevent burst flooding. These controls should be enforced in the service layer, above the database, so they apply regardless of which storage backend is in use.
Short Summary
Currently we assume a rate limiter in the upper layers but we don't have a rate limiter for the view.
Description
Impose a hard upper bound on the number of active lock entries any single caller identity (or wallet) may hold simultaneously. Requests that would exceed this quota must be rejected with an appropriate error rather than written to the store. Complement the quota with a rate limit (e.g., maximum lock-creation requests per second per identity) to prevent burst flooding. These controls should be enforced in the service layer, above the database, so they apply regardless of which storage backend is in use.
Short Summary
Currently we assume a rate limiter in the upper layers but we don't have a rate limiter for the view.