YBacked by Y Combinator

Codebase Search for Coding Agents.

with perseus

Prompt

add rate limiting to the webhook endpoint, matching how we already do it

Trace

  1. need the existing rate limit pattern before touching the endpoint.
  2. perseus queryhow is rate limiting enforced for inbound webhooks
  3. 3 hits · api/webhooks/handler.ts:18 · core/limiter.ts:42 · core/limiter.ts:12
  4. confirmed: the handler consumes the shared limiter before dispatch.

Agent (enriched with perseus)

Already enforced in the shared limiter, called from the webhook handler before dispatch.

  • api/webhooks/handler.ts:L18-29
  • core/limiter.ts:L42-71
  • core/limiter.ts:L12-20

without perseus

Prompt

add rate limiting to the webhook endpoint, matching how we already do it

Trace

  1. let me find where rate limiting lives.
  2. grep -rn "rate limit" .
  3. 218 matches across 47 files
  4. too many. narrow it.
  5. grep -rn "ratelimit|throttle|limiter" src/
  6. auth.ts limits logins, not webhooks. wrong layer.
  7. grep -rn "webhook" src/ | grep -i limit
  8. no matches yet. still hunting for an existing limiter.

Agent

Could not find an existing limiter. Added a new in-memory counter in the handler.

use perseus in
  • Claude Code
  • Cursor
  • Codex
  • CLI
and everywhere else you work

Perseus in the coding session gives your agent cited context before it edits.

CLI transcriptBandinelli · CC BY

Some dashboard routes do not redirect unauthenticated users to sign in.

Start with the auth boundary, then follow the route into its proxy and tests.

Ran perseus query "auth enforcement on query route"

rank path signal

01 console/lib/server-auth.ts:31-77 session helper

02 perseus/core/routes/query.py:82-139 backend bearer boundary

03 console/app/api/query/route.ts:9-45 console proxy

The helper owns the decision. The backend enforces it; the console proxy only transports it.

Ran perseus research "where auth is checked" "tests for query auth"

packet: server helper, API proxy, backend route

bridge: console route forwards bearer token unchanged

tests: console smoke, query auth, token rejection

The session becomes a bearer token, the proxy forwards it, and the backend rejects invalid credentials.

Ran perseus impact requireUser

callers: api/query, repo graph, onboarding gate

tests: smoke.spec.ts, test_cli_login.py, test_product_orgs_billing.py

risk: do not change proxy response shape

The dependency surface is small enough to patch without changing the proxy contract.

Ran perseus eval --diff

watch: query smoke, auth proxy, token rejection

diff contract: user stays required, token error stays 401

status: narrow change, run the pinned tests

The edit stays inside the auth helper, with the relevant route and proxy tests ready to run.

The Perseus console lets you run a query, watch the planner search your codebase live, and open any citation it finds, all in one place.

Give every agent a repo-trained search model.

Claude Code, Cursor, Codex, and your own agents can call Perseus when they need to understand a codebase before they edit it.