Rate Limiting & Conflict Checks
Global Rate Limit: Max 30 requests/min per user
Device-Specific Limit: Max 10 /device/vibe actions per 10 seconds per device UUID
Pattern structure is validated against vendor-specific constraints (e.g., max intensity range, time caps)
Edge Detection
Attempts to send malformed patterns, overly frequent pulses, or looped JSON structures are flagged and throttled
A user exceeding rate limits will receive a 429 Too Many Requests error with a Retry-After header