Add rate limiting for user queries

[Copilot]

This PR implements daily rate limiting for user queries to help manage resource usage and ensure fair access across all users.

Changes Made

Core Implementation

• Added api/rate_limiter.py: New utility class that handles rate limiting logic using FalkorDB for persistent storage
• Modified api/routes/graphs.py: Integrated rate limiting into the main query endpoint (POST /graphs/{graph_id})
• Updated .env.example: Added DAILY_QUERY_LIMIT configuration option

Configuration

Users can now configure the daily query limit via environment variable:

# Rate limiting configuration  
DAILY_QUERY_LIMIT=100  # Maximum number of queries per user per day (default: 100)

How It Works

• Per-User Tracking: Each authenticated user has their own daily quota tracked in the Organizations graph
• UTC Reset: Limits reset at UTC midnight for consistent global behavior
• Graceful Degradation: If the database is unavailable, requests are allowed to proceed
• Clear Feedback: Users receive informative HTTP 429 responses when limits are exceeded

Database Schema

Query counts are stored as QueryCount nodes in FalkorDB:

User -[:HAS_QUERY_COUNT]-> QueryCount {date: "YYYY-MM-DD", count: N}

Error Response

When rate limit is exceeded, users receive:

{
  "detail": "Daily query limit exceeded. You can make 100 queries per day.",
  "error_code": "RATE_LIMIT_EXCEEDED",
  "daily_limit": 100,
  "reset_time": "UTC midnight"
}

Testing

• 14 comprehensive unit tests covering all rate limiting scenarios including error handling
• Integration tests validating API endpoint behavior
• All existing tests continue to pass ensuring no regressions

Documentation

Updated README.md with complete configuration guide and usage examples.

Fixes #12.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
queryweaver	Ready	Preview	Comment	Aug 22, 2025 9:41pm

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 8 packages with OpenSSF Scorecard issues.

View full job summary