Architecture review finding F-29.
Rate-limit counters live in a per-process hash (acknowledged in comments). On a multi-instance / multi-worker deploy the effective limit multiplies and resets on restart. (Webhook dedup is correctly in Postgres, so that path is unaffected.) Move counters to a shared store (Postgres or Redis) before scaling the web tier beyond one instance.
Related: PR #244 (F-16) makes the limiter key on the real client IP; this issue covers the cross-instance state. Evidence: lib/Registry/Middleware/RateLimit.pm:31-39.
Architecture review finding F-29.
Rate-limit counters live in a per-process hash (acknowledged in comments). On a multi-instance / multi-worker deploy the effective limit multiplies and resets on restart. (Webhook dedup is correctly in Postgres, so that path is unaffected.) Move counters to a shared store (Postgres or Redis) before scaling the web tier beyond one instance.
Related: PR #244 (F-16) makes the limiter key on the real client IP; this issue covers the cross-instance state. Evidence:
lib/Registry/Middleware/RateLimit.pm:31-39.