Rate limiting
Optional per-plan rate limiting on AI routes, backed by Upstash Redis.
Enabling it
Set both Upstash REST credentials in .env.local:
UPSTASH_REDIS_REST_URL=...
UPSTASH_REDIS_REST_TOKEN=...Find them in the Upstash console (REST API section).
When the credentials are unset, rate limiting is a no-op. The app runs normally without Upstash — you can add it whenever you’re ready to enforce limits.
How limits are set
The per-minute request limit comes from each plan’s rateLimit.requestsPerMinute
in plans.ts:
| Plan | Requests / minute |
|---|---|
| Free | 20 |
| Pro | 60 |
| Team | 120 |
The implementation lives in lib/rate-limit.ts. Limits apply to the AI routes;
plan limits (tokens/messages) are enforced separately by the usage meter.