The short version
ThrottleProxy performs inexpensive trust checks before spending outbound network resources, then keeps request size, response size, concurrency, queueing, and time bounded.
01
Authenticate and establish workspace scope
The presented ThrottleProxy key is SHA-256 hashed and used for one exact Redis configuration lookup. Invalid random keys do not trigger Redis scans or database fallback.
The resolved key configuration establishes the authorized workspace boundary before destination or traffic policy is evaluated.
02
Validate the destination
The target must match the workspace’s exact-host or explicit one-level wildcard allowlist. Protocol, port, hostname, DNS answers, and self-domain protections are evaluated before connection.
The validated DNS result is pinned for the outbound connection while TLS verification and SNI continue to use the intended hostname.
03
Apply rate, queue, concurrency, and body limits
Rate policy and atomic Redis-backed admission caps protect per-key, workspace, target, and global resources. Queue admission fails fast when its configured caps are full.
Request bytes are counted while streaming, so a chunked upload cannot bypass the body limit by omitting Content-Length.
04
Forward safely and bound the response
Proxy credentials, cookies, ThrottleProxy headers, headers nominated by Connection, and hop-by-hop headers are removed before forwarding. The outbound Host represents the intended upstream.
Response bytes are counted while streaming. Idle and absolute deadlines remain separate, and oversized or overdue traffic is aborted.
05
Preserve privacy-safe operational context
Lifecycle records preserve safe stages, status, timing, workspace context, and correlation identifiers while redacting secrets, query values, email addresses, unsafe errors, and raw bodies.
The customer request-timeline card is still a synthetic preview of how this context may be presented; it is not a claim of live per-request dashboard data.
Before you move on
- Key authenticates to the intended workspace
- Target matches the narrow allowlist
- Request fits rate, queue, concurrency, and body limits
- Proxy credentials are not reused as provider credentials
- Response remains within size and time limits
- Debug evidence contains no secrets or raw bodies