Skip to content

[STORY 3.2] Multi-Turn Session Management & Abuse Prevention #25

Open
Open
[STORY 3.2] Multi-Turn Session Management & Abuse Prevention#25
Labels
P1: HighShould be resolved in current sprint. Causes material UX or security degradation.area: backendServer, API, or serverless functions.type: securityRelates to authentication, secrets, or attack surface.
@RamonRiosJr

Description

@RamonRiosJr
RamonRiosJr
opened on Mar 2, 2026

📝 Description

Provide memory capabilities to the AI bot while establishing hard rate limits. This prevents API abuse and guarantees budget predictability.

🎯 Acceptance Criteria

  • Setup Upstash Redis for stateless short-term memory (TTL 30 minutes)
  • Implement IP and Session based Token Bucket rate-limiting (e.g. 20 messages / hr / IP)
  • Scrub aggressive or unsanitized input via regex checks before proxying to LLM provider
  • Graceful UI degradation returning 429 Too Many Requests to client with helpful message

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1: HighShould be resolved in current sprint. Causes material UX or security degradation.area: backendServer, API, or serverless functions.type: securityRelates to authentication, secrets, or attack surface.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions