From 1dbf7e33f956d45587cba81ac27489dc09cb564d Mon Sep 17 00:00:00 2001
From: Jonathan Agmon <jojo@agmon.co.il>
Date: Mon, 23 Mar 2026 17:46:46 +0200
Subject: [PATCH] security: add client-side rate limiting to update_all command

---
 src/search.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/search.rs b/src/search.rs
index 5f984b4..cf04f70 100644
--- a/src/search.rs
+++ b/src/search.rs
@@ -3,6 +3,8 @@ use crate::github::GitHubClient;
 use crate::models::{RateLimitInfo, Repo, SearchResponse, SearchResult};
 use anyhow::Result;
 use std::collections::HashMap;
+use std::time::Duration;
+use tokio::time::sleep;
 
 pub struct SearchEngine {
     db: Database,
@@ -105,6 +107,12 @@ impl SearchEngine {
             if last_rate_limit.remaining < 3 {
                 println!("\nWarning: Rate limit running low ({} remaining)", last_rate_limit.remaining);
             }
+
+            // Client-side rate limiting: wait 3 seconds between requests
+            // This respects both anonymous (10/min = 6s) and authenticated (30/min = 2s) limits
+            if idx < total - 1 {
+                sleep(Duration::from_secs(3)).await;
+            }
         }
 
         println!("\n✓ Updated {} repositories", total);