Audit endpoint now rate-limited

The free audit endpoint on archon.beepons.com is what most people try first. They type a URL or a company name, Archon runs the full read — site, public LinkedIn, public Stripe metrics where available — and returns the three bottlenecks. No login. No card.

Free endpoints get abused. Today we’re shipping two layers of rate-limiting: per-IP, and global.

The limits

• Per-IP — 5 audits per rolling 24 hours. Enough for a curious visitor to audit their own business + 2-3 competitors. Plenty for a real founder. Not enough to scrape.
• Global — 100 audits per rolling 24 hours. Stops a coordinated abuse event (multiple IPs hitting at once) from draining the daily budget before legitimate users get there.

Why these numbers

The audit is expensive. Each run hits Claude Opus for the reasoning step ($0.15-$0.30 in API cost) plus 3-5 web fetches. At 100 audits / day cap, the daily spend ceiling is roughly $30 / day. Predictable. Survivable as a free offering.

When you hit the limit

The endpoint returns HTTP 429 with a Retry-After header telling you how many seconds until the rolling window opens. The UI shows a soft message: “You’ve used 5 free audits today. Sign up for unlimited.” One click takes you to the paid signup. Most people who hit the limit are already convinced — they just needed to feel the tool first.

What’s logged

Per audit attempt: IP (hashed), timestamp, success/failure, latency, cost. No PII. The hashed IP rotates monthly so the rate-limit window resets at the calendar boundary regardless of new requests — small concession to user comfort.