Skills
Rate-limit agents by tokens, not requests, and put hard low caps on destructive tools
A 60-requests-per-minute limit calibrated for humans is no defense against an agent chaining hundreds of tool calls in seconds, and request-counting ignores that LLM call cost varies wildly. The 2026 pattern is token-based (resource-consumption) limiting plus specific low caps on high-blast-radius actions like send_email, delete_file, and make_payment. Infra like Bifrost adds token-aware hierarchical quotas at ~11µs overhead at 5,000 RPS, so the limiter itself isn't the bottleneck.
Source
↳ Follow the thread