Skip to content
FoundationMachines

Rate limits

Per-plan PR audit caps for Sebastion AI.

Sebastion AI applies a small set of caps to keep the free tier sustainable, to protect against runaway CI loops on every plan, and to make our costs predictable. Real engineering teams on a paid plan will not hit them in normal use.

Per-plan limits

PlanMonthly per repoMonthly per accountDaily per installDaily per PR
Free505005020
Prounlimitedunlimited50020
Teamunlimitedunlimited500 (lift on request)20 (lift on request)

What each cap does

  • Monthly per repo (Free only). Up to 50 PR audits per repo per calendar month. Hit it on a busy repo and that repo's audits pause until the next month; other repos keep running.
  • Monthly per account (Free only). Up to 500 PR audits across all repos in your account per calendar month. Sebastion keys this to your stable GitHub account id, not to the install. Uninstalling and reinstalling the App does not reset the counter.
  • Daily per install (every plan). Up to 500 PR audits per install per UTC day (50 on Free). Bounds the worst-case daily spend if a runaway CI loop opens hundreds of PRs.
  • Daily per PR (every plan). Up to 20 audits on the same PR per UTC day. Stops a single PR with a push-rebase loop from consuming the whole install daily budget — other PRs on the install keep running unaffected.

Free-of-charge protections (no cost regardless of plan)

These are infrastructure-level — they never cost you a finding and never count against any cap:

  • Draft PRs are skipped. The first audit fires when you mark the PR ready for review.
  • Bot-authored PRs (Dependabot, Renovate, etc) are skipped by default.
  • Same-commit redelivery (GitHub webhook retries, no-op force pushes) is deduplicated. If we audited a commit once, we won't audit the same head_sha again for 7 days.

Reset cadence

  • Monthly counters reset at 00:00 UTC on the 1st of each calendar month.
  • Both daily counters (per-install and per-PR) reset at 00:00 UTC every day.

All boundaries are fixed regardless of your timezone.

When you hit a limit

  • The PR review comment is replaced with a single line explaining which cap was hit and (for Free) linking to the pricing page.
  • The audit attempt is logged so you can see it in the usage page.
  • No charge, no email, no error in the GitHub PR. Sebastion just stops commenting on that PR for the rest of the window.
  • Audits resume automatically when the relevant counter resets.

If you are hitting a cap and need more headroom before the reset, upgrade your plan from the billing page. The new caps take effect immediately.

Need a higher ceiling?

The daily caps (500 per install + 20 per PR) are safety guardrails, not product limits. Teams on a paid plan can request higher ceilings via contact; we will normally lift them the same day after a quick chat about your expected PR volume.

GitHub Security tab (SARIF)

Sebastion uploads SARIF to GitHub Code Scanning on every audit when the App has the right permission. Same findings as the PR review, in GitHub's native triage UI.

Playbooks

Opinionated, copy-paste recipes for getting Sebastion AI tuned for your stack — configs, suppression strategy, and worked case studies.

On this page

Per-plan limitsWhat each cap doesFree-of-charge protections (no cost regardless of plan)Reset cadenceWhen you hit a limitNeed a higher ceiling?