Rate limits & errors
What the API will refuse to do for you, and how to read the responses when it does.
Rate limits
Rate limits are enforced by slowapiwith Redis as the backend. They protect both the infrastructure and the user's LLM budget. When a limit is hit the API responds with 429 Too Many Requests and a small JSON body describing the offending limit.
| Endpoint | Limit | Keyed by |
|---|---|---|
POST /api/auth/login | 5 / minute | IP |
POST /api/auth/register | 5 / minute | IP |
POST /api/issues | 10 / hour | User |
POST /api/repos | 5 / hour | User |
GET /api/github/repos | 30 / minute | User |
Concurrency limits
- One active pipeline per repository. Creating a second issue while a previous one is in progress on the same repo responds with
409 Conflict. - Five active pipelines per VPS. Once the global semaphore is saturated, new issues stay queued in
pendinguntil a slot frees. Issues are still visible immediately; only their execution waits.
HTTP status codes
- 200 OK — the request succeeded and the response body carries the result.
- 201 Created — a new resource was created (e.g. an issue or a repo).
- 204 No Content — the request succeeded but there is nothing to return (e.g. cancel or delete operations).
- 400 Bad Request — validation failed on the request body or query parameters. The JSON body contains a
detailfield with a human-readable message. - 401 Unauthorized — the session cookie is missing or expired. The frontend treats this as a redirect to
/loginon every endpoint except/api/auth/loginand/api/auth/register, where it means “bad credentials”. - 403 Forbidden — the session is valid but the resource belongs to another user.
- 404 Not Found — the resource does not exist or is not visible to the current user.
- 409 Conflict — a state precondition was violated. Examples: cancelling a terminal issue, deleting an active issue, starting a second pipeline on the same repo, approving an issue that is not
awaiting_approval. - 429 Too Many Requests — a rate limit was hit. Wait and retry.
- 500 Internal Server Error — an unhandled failure on the backend. The body has a short
detailbut full diagnostics live in the server logs. - 503 Service Unavailable — the readiness probe failed: one of Postgres, Redis or Qdrant is unreachable.
Error body shape
Errors always come as JSON with at least a detail field:
{
"detail": "Another issue is already in progress for this repo"
}