Rate limits and spam protection
Every public surface is rate limited per IP using a fail-closed fixed-window counter: if the limiter errors, the request is blocked rather than allowed.
How the limiter works
- The client IP is read from Vercel's trusted
x-real-iphop, not the spoofable leftmostX-Forwarded-Forvalue. - Login codes are capped at 5 requests per 15 minutes per email, and each code burns after 5 wrong guesses.
Bot and spam protection
- The public board and widget forms add a hidden honeypot field plus per-IP limits to stop bots submitting or upvoting.
- The chat widget only accepts POSTs from the Allowed Origins you list in the dashboard.
Note: For paying AI agents, per-wallet USDC spend caps and a reputation system gate higher-risk actions.