From 7c4c0d9963146e6384ad3df031c7d91b01a0d1b4 Mon Sep 17 00:00:00 2001 From: Will Anderson Date: Thu, 7 May 2026 02:35:29 -0500 Subject: [PATCH] feat(demo): server-side 8000-char (~2000 token) input limit on /api/demo --- src/main.el | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main.el b/src/main.el index f431ac7..09c249e 100644 --- a/src/main.el +++ b/src/main.el @@ -1084,6 +1084,10 @@ fn handle_request_inner(method: String, path: String, body: String) -> String { if str_eq(msg, "") { return "{\"error\":\"message required\"}" } + // Input length guard: ~2000 tokens ≈ 8000 characters + if str_len(msg) > 8000 { + return "{\"error\":\"Message too long. Please keep your message under 8000 characters.\"}" + } // Rate limit: 10 chats per uid per day (UTC day, keyed by uid). // State key: "__rl_" → "|" // day_number = unix_timestamp / 86400 (integer UTC day)