IoT Device Listener
Global Rate Limit: Max 30 requests/min per user
Device-Specific Limit: Max 10 /device/vibe actions per 10 seconds per device UUID
Pattern structure is validated against vendor-specific constraints (e.g., max intensity range, time caps)
Security Outcome Summary
No direct user or device identifiers are stored in logs
Each request must be tied to a time-limited token and verified session
Replay of the same payload triggers nonce mismatch and is blocked
Redaction, encryption, and abuse limits are enforced at every stage