Quota እና limit

የእያንዳንዱ tier entitlement

¹ The Unlimited plan's scan quota is subject to fair use — see Terms. ² The project cap defaults to 20 active-monitoring domains at ≥6h cadence. Contact support@fixvibe.app to raise it in exchange for a longer scheduled cadence.

API rate limit

እያንዳንዱ /api/v1/* እና /api/mcp request በbearer token hash keyed ሆኖ በሁለት window ውስጥ ይሄዳል:

• Burst: በሴኮንድ 10 request።
• Steady: በደቂቃ 60 request።
• Per signed-in user: 30 scan submissions per 10 minutes — a soft cap above the per-plan monthly quota that absorbs bursts without exhausting the daily budget.

በ429 ላይ response እነዚህን ያካትታል:

HTTP/1.1 429 Too Many Requests
content-type: application/json
retry-after: 47
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
x-ratelimit-reset: 1715116200

{
  "error": "rate_limited",
  "message": "Token rate limit exceeded — steady (60/min). Retry in 47s.",
  "retry_after_seconds": 47
}

የተtrip ያደረገው window በmessage ውስጥ named ይሆናል (burst (10/s) vs steady (60/min)) ስለዚህ client backoff adapt ማድረግ ይችላል።

የFree ዕቅድ ስካን ፍጥነት ገደብ (በIP/24)

On top of the per-org 3-scans-per-month cap, Free plan users face an additional per-IP/24 rate limit: 3 scans per rolling 24 hours per IP /24 block. The same limiter covers anonymous instant scans, which prevents farming Free quota through throwaway accounts on one IP. Requests exceeding the limit return HTTP 429 Too Many Requests with a Retry-After header.

የምዝገባ ማቀዝቀዣ (በIP/24)

በFree ዕቅድ ውስጥ የራስ-ሰር መለያ መፍጠርን ለመከላከል በIP/24 በ24 ሰዓታት ውስጥ 5 የተሳኩ ምዝገባዎች። ፍጥነት የተገደቡ callbacks ወደ /sign-in?error=rate_limited ይዛወራሉ።

Retention ጊዜ

Scan + finding ከላይ ባለው table መሰረት auto-purge ይደረጋሉ። Anonymous one-shot scan ከcreation በኋላ በ24h expire ይሆናል። Audit log ለ18 months retain ይደረጋል። Monitor snapshot ወደ last 7 days እና latest baseline per (domain, signal) prune ይደረጋል። Dismissed alert ከ90 ቀን በኋላ purge ይደረጋል። Retention ሁሉ በ/api/cron/retention-cleanup በየቀኑ enforce ይደረጋል።