fix: implement fixed window rate limiting and resolve analysis history persistence

- Replace token bucket with fixed window rate limiter
- Quota now fully resets at midnight UTC (not 72-hour refill)
- Authenticated users: 3 requests per day
- Demo users: 1 request per day
- Redis-backed with in-memory fallback

- Fix analysis history not showing up
- Ensure demo user ID is used for demo mode sessions
- Portfolio creation now validates user_id exists
- History loading uses correct user_id for both authenticated and demo
- Enhanced logging for debugging

- Add comprehensive testing and documentation
- Test scripts for verification
- Migration guide for rate limiting
- Detailed logging for troubleshooting

Fixes: Analysis history persistence issue
Fixes: Rate limit refresh behaviour (72h → 24h)

app.py

@@ -52,10 +52,10 @@ from backend.agents.personas import get_available_personas
 from backend.tax.interface import create_tax_analysis, format_tax_analysis_output
 from backend.config import settings
 from backend.rate_limiting import (
-    TieredRateLimiter,
     GradioRateLimitMiddleware,
     UserTier,
 )
+from backend.rate_limiting.fixed_window import TieredFixedWindowLimiter
 from backend.auth import auth, UserSession
 
 def check_authentication(session_state: Dict) -> bool:
@@ -92,31 +92,75 @@ logging.getLogger('matplotlib.font_manager').setLevel(logging.WARNING)
 # Initialize workflow
 workflow = PortfolioAnalysisWorkflow(mcp_router)
 
+# Custom get_user_tier function for session-aware rate limiting
+def get_user_tier_from_session(request: Optional[gr.Request], session_state: Optional[dict] = None):
+    """Determine user tier from session state.
+
+    Args:
+        request: Gradio request object
+        session_state: Session state dict containing user authentication info
+
+    Returns:
+        Tuple of (identifier, tier)
+        - For authenticated users: (user_id, AUTHENTICATED)
+        - For demo mode: (ip_hash, ANONYMOUS)
+    """
+    import hashlib
+
+    # Check if user is authenticated via session state
+    if session_state and isinstance(session_state, dict):
+        user_id = session_state.get("user_id")
+        is_demo = session_state.get("is_demo", False)
+
+        # Authenticated user: use user_id for rate limiting
+        if user_id and not is_demo:
+            return str(user_id), UserTier.AUTHENTICATED
+
+    # Demo mode or unauthenticated: use IP-based rate limiting
+    # Extract client IP from request
+    client_ip = "unknown"
+
+    if request:
+        try:
+            if hasattr(request, "client") and request.client:
+                if hasattr(request.client, "host"):
+                    client_ip = request.client.host
+                elif isinstance(request.client, str):
+                    client_ip = request.client
+
+            # Check headers for forwarded IPs (behind proxy)
+            if hasattr(request, "headers"):
+                forwarded = request.headers.get("X-Forwarded-For")
+                if forwarded:
+                    client_ip = forwarded.split(",")[0].strip()
+        except Exception as e:
+            logger.warning(f"Error extracting client IP: {e}")
+
+    # Hash IP for privacy
+    identifier = hashlib.sha256(client_ip.encode()).hexdigest()[:16]
+
+    return identifier, UserTier.ANONYMOUS
+
+
 # Initialize rate limiter
 rate_limiter = None
 rate_limit_middleware = None
 
 if settings.rate_limit_enabled:
     try:
-        rate_limiter = TieredRateLimiter(
+        rate_limiter = TieredFixedWindowLimiter(
             tier_limits={
-                UserTier.ANONYMOUS: (
-                    settings.rate_limit_anonymous_capacity,
-                    settings.rate_limit_anonymous_refill_rate
-                ),
-                UserTier.AUTHENTICATED: (
-                    settings.rate_limit_authenticated_capacity,
-                    settings.rate_limit_authenticated_refill_rate
-                ),
-                UserTier.PREMIUM: (
-                    settings.rate_limit_premium_capacity,
-                    settings.rate_limit_premium_refill_rate
-                ),
+                UserTier.ANONYMOUS: settings.rate_limit_anonymous_capacity,
+                UserTier.AUTHENTICATED: settings.rate_limit_authenticated_capacity,
+                UserTier.PREMIUM: settings.rate_limit_premium_capacity,
             },
             redis_url=settings.redis_url
         )
-        rate_limit_middleware = GradioRateLimitMiddleware(rate_limiter)
-        logger.info("Rate limiting enabled with tiered limits")
+        rate_limit_middleware = GradioRateLimitMiddleware(
+            rate_limiter,
+            get_user_tier=get_user_tier_from_session
+        )
+        logger.info("Rate limiting enabled with fixed window (daily reset at midnight UTC)")
     except Exception as e:
         logger.error(f"Failed to initialise rate limiter: {e}")
         logger.warning("Continuing without rate limiting")
@@ -744,18 +788,27 @@ async def run_analysis_with_ui_update(
 
         portfolio_id = f"demo_{datetime.now().strftime('%Y%m%d_%H%M%S')}"
 
-        await db.ensure_demo_user_exists()
+        # Ensure demo user exists and get the user_id
+        demo_user_id = await db.ensure_demo_user_exists()
 
         try:
             session = UserSession.from_dict(session_state)
+            # Use demo user ID if user is in demo mode, otherwise use authenticated user ID
+            user_id = session.user_id if (session and session.user_id and not session_state.get("is_demo")) else demo_user_id
+
+            if not user_id:
+                logger.error("No valid user_id available for portfolio creation")
+                raise ValueError("User ID not available")
+
             await db.save_portfolio(
                 portfolio_id=portfolio_id,
-                user_id=session.user_id,
+                user_id=user_id,
                 name=f"Analysis {datetime.now().strftime('%Y-%m-%d %H:%M')}",
                 risk_tolerance='moderate'
             )
+            logger.info(f"Portfolio {portfolio_id} created for user {user_id}")
         except Exception as e:
-            logger.warning(f"Portfolio may already exist: {e}")
+            logger.warning(f"Failed to save portfolio: {e}")
 
         initial_state: AgentState = {
             'portfolio_id': portfolio_id,
@@ -799,10 +852,18 @@ async def run_analysis_with_ui_update(
         # Save analysis to database (Enhancement #4 - Historical Analysis Storage)
         try:
             session = UserSession.from_dict(session_state)
-            await db.save_analysis(portfolio_id, final_state)
-            logger.info(f"Saved analysis for portfolio {portfolio_id}")
+            is_demo = session_state.get("is_demo", False) if session_state else False
+            user_identifier = session.user_id if session and session.user_id else "demo"
+
+            logger.info(f"Saving analysis for portfolio {portfolio_id}, user: {user_identifier}, is_demo: {is_demo}")
+
+            save_result = await db.save_analysis(portfolio_id, final_state)
+            if save_result:
+                logger.info(f"✓ Successfully saved analysis for portfolio {portfolio_id}")
+            else:
+                logger.warning(f"✗ Failed to save analysis for portfolio {portfolio_id} (returned False)")
         except Exception as e:
-            logger.warning(f"Failed to save analysis: {e}")
+            logger.error(f"✗ Exception saving analysis for portfolio {portfolio_id}: {e}", exc_info=True)
 
         progress(0.7, desc=random.choice(LOADING_MESSAGES))
         await asyncio.sleep(0.3)
@@ -1866,11 +1927,28 @@ def create_interface() -> gr.Blocks:
             """Load analysis history from database."""
             try:
                 session = UserSession.from_dict(session_state)
-                history = await db.get_analysis_history(session.user_id, limit=20)
+                is_demo = session_state.get("is_demo", False) if session_state else False
+
+                # Get user_id - use demo user for demo sessions
+                if is_demo or not session or not session.user_id:
+                    demo_user_id = await db.ensure_demo_user_exists()
+                    user_id = demo_user_id
+                else:
+                    user_id = session.user_id
+
+                if not user_id:
+                    logger.error("No valid user_id for loading history")
+                    return [], "Unable to load history - user not found"
+
+                logger.info(f"Loading history for user: {user_id}, is_demo: {is_demo}")
+                history = await db.get_analysis_history(user_id, limit=20)
 
                 if not history:
+                    logger.info(f"No history found for user {user_id}")
                     return [], "No previous analyses found"
 
+                logger.info(f"Loaded {len(history)} analyses for user {user_id}")
+
                 # Format history for dataframe
                 rows = []
                 for record in history:
@@ -1955,7 +2033,7 @@ Please try again with different parameters.
             # Enforce rate limiting
             if rate_limit_middleware:
                 try:
-                    rate_limit_middleware.enforce(request)
+                    rate_limit_middleware.enforce(request, session_state=session_state)
                 except Exception as e:
                     logger.warning(f"Rate limit exceeded: {e}")
                     yield {

backend/config.py

@@ -93,24 +93,26 @@ class Settings(BaseSettings):
         validation_alias="RATE_LIMIT_ENABLED"
     )
 
-    # Rate limit tiers (capacity, refill_rate)
-    # Anonymous (Demo Mode): 1 request capacity, refills at 1 request per 24 hours
+    # Rate limit tiers (fixed window - resets daily at midnight UTC)
+    # Anonymous (Demo Mode): 1 request per day
     rate_limit_anonymous_capacity: int = Field(
         default=1,
-        validation_alias="RATE_LIMIT_ANONYMOUS_CAPACITY"
+        validation_alias="RATE_LIMIT_ANONYMOUS_CAPACITY",
+        description="Number of requests allowed per day for anonymous users"
     )
     rate_limit_anonymous_refill_rate: float = Field(
-        default=1.0 / 86400.0,  # 1 token per 24 hours (86400 seconds)
+        default=1.0 / 86400.0,  # DEPRECATED: Not used with fixed window
         validation_alias="RATE_LIMIT_ANONYMOUS_REFILL_RATE"
     )
 
-    # Authenticated: 50 requests capacity, refills at 0.5 requests/second (1 every 2 seconds)
+    # Authenticated: 3 requests per day
     rate_limit_authenticated_capacity: int = Field(
-        default=50,
-        validation_alias="RATE_LIMIT_AUTHENTICATED_CAPACITY"
+        default=3,
+        validation_alias="RATE_LIMIT_AUTHENTICATED_CAPACITY",
+        description="Number of requests allowed per day for authenticated users"
     )
     rate_limit_authenticated_refill_rate: float = Field(
-        default=0.5,
+        default=1.0 / 86400.0,  # DEPRECATED: Not used with fixed window
         validation_alias="RATE_LIMIT_AUTHENTICATED_REFILL_RATE"
     )
 

backend/rate_limiting/__init__.py

@@ -42,6 +42,10 @@ from backend.rate_limiting.limiter import (
     UserTier,
     RateLimitInfo,
 )
+from backend.rate_limiting.fixed_window import (
+    FixedWindowRateLimiter,
+    TieredFixedWindowLimiter,
+)
 
 __all__ = [
     "ThreadSafeTokenBucket",
@@ -51,4 +55,6 @@ __all__ = [
     "GradioRateLimitMiddleware",
     "UserTier",
     "RateLimitInfo",
+    "FixedWindowRateLimiter",
+    "TieredFixedWindowLimiter",
 ]

backend/rate_limiting/fixed_window.py

@@ -0,0 +1,396 @@
+"""
+Fixed Window Rate Limiter Implementation.
+
+Provides daily rate limits that reset at a specific time (midnight UTC).
+Users get their full quota back every 24 hours.
+"""
+
+import hashlib
+import time
+from datetime import datetime, timezone, timedelta
+from typing import Optional, Tuple, Dict
+from threading import Lock
+import logging
+
+try:
+    import redis
+    REDIS_AVAILABLE = True
+except ImportError:
+    REDIS_AVAILABLE = False
+
+from backend.rate_limiting.limiter import UserTier, RateLimitInfo
+
+logger = logging.getLogger(__name__)
+
+
+class FixedWindowRateLimiter:
+    """Fixed window rate limiter with daily reset.
+
+    Implements a simple counter-based rate limiter where the quota
+    resets at a specific time each day (midnight UTC by default).
+
+    This is ideal for "X requests per day" use cases where users
+    expect their quota to fully refresh every 24 hours.
+
+    Features:
+        - Redis-backed with in-memory fallback
+        - Configurable daily limits per tier
+        - Resets at midnight UTC (configurable)
+        - Thread-safe for concurrent requests
+
+    Attributes:
+        tier_limits: Dictionary mapping UserTier to daily request limit
+        redis_client: Optional Redis client for distributed rate limiting
+        use_redis: Boolean indicating if Redis is available
+        memory_counters: In-memory fallback storage
+    """
+
+    def __init__(
+        self,
+        tier_limits: Dict[UserTier, int],
+        redis_url: Optional[str] = None,
+        key_prefix: str = "ratelimit_daily"
+    ):
+        """Initialise fixed window rate limiter.
+
+        Args:
+            tier_limits: Dictionary mapping UserTier to daily request limit
+                         Example: {UserTier.AUTHENTICATED: 3, UserTier.ANONYMOUS: 1}
+            redis_url: Optional Redis connection URL
+            key_prefix: Prefix for Redis keys (default: "ratelimit_daily")
+        """
+        self.tier_limits = tier_limits
+        self.key_prefix = key_prefix
+        self.memory_counters: Dict[str, Tuple[int, str]] = {}  # (count, date_key)
+        self._memory_lock = Lock()
+
+        # Initialize Redis if available
+        self.redis_client = None
+        self.use_redis = False
+
+        if redis_url and REDIS_AVAILABLE:
+            try:
+                self.redis_client = redis.from_url(
+                    redis_url,
+                    decode_responses=True,
+                    socket_connect_timeout=2,
+                    socket_timeout=2
+                )
+                self.redis_client.ping()
+                self.use_redis = True
+                logger.info("Fixed window rate limiter: Redis initialised")
+            except Exception as e:
+                logger.warning(f"Redis unavailable, using in-memory: {e}")
+        else:
+            logger.info("Fixed window rate limiter: Using in-memory storage")
+
+    def _get_date_key(self) -> str:
+        """Get current date key for rate limiting window.
+
+        Returns:
+            Date string in YYYY-MM-DD format (UTC)
+        """
+        return datetime.now(timezone.utc).strftime("%Y-%m-%d")
+
+    def _get_redis_key(self, identifier: str, tier: UserTier, date_key: str) -> str:
+        """Construct Redis key for rate limit counter.
+
+        Args:
+            identifier: User identifier (user_id or IP hash)
+            tier: User tier
+            date_key: Date key (YYYY-MM-DD)
+
+        Returns:
+            Redis key string
+        """
+        return f"{self.key_prefix}:{tier.value}:{identifier}:{date_key}"
+
+    def _seconds_until_reset(self) -> int:
+        """Calculate seconds until next reset (midnight UTC).
+
+        Returns:
+            Seconds remaining until midnight UTC
+        """
+        now = datetime.now(timezone.utc)
+        tomorrow = (now + timedelta(days=1)).replace(
+            hour=0, minute=0, second=0, microsecond=0
+        )
+        return int((tomorrow - now).total_seconds())
+
+    def consume(
+        self,
+        identifier: str,
+        tier: UserTier,
+        tokens: int = 1
+    ) -> RateLimitInfo:
+        """Attempt to consume tokens from daily quota.
+
+        Args:
+            identifier: User identifier (user_id or IP hash)
+            tier: User tier for quota lookup
+            tokens: Number of tokens to consume (default: 1)
+
+        Returns:
+            RateLimitInfo with consumption result
+        """
+        date_key = self._get_date_key()
+        daily_limit = self.tier_limits.get(tier, 1)
+
+        # Try Redis first
+        if self.use_redis and self.redis_client:
+            try:
+                return self._consume_redis(identifier, tier, date_key, daily_limit, tokens)
+            except Exception as e:
+                logger.error(f"Redis consume error, falling back to memory: {e}")
+
+        # Fallback to in-memory
+        return self._consume_memory(identifier, tier, date_key, daily_limit, tokens)
+
+    def _consume_redis(
+        self,
+        identifier: str,
+        tier: UserTier,
+        date_key: str,
+        daily_limit: int,
+        tokens: int
+    ) -> RateLimitInfo:
+        """Consume tokens using Redis backend.
+
+        Args:
+            identifier: User identifier
+            tier: User tier
+            date_key: Current date key
+            daily_limit: Daily request limit for this tier
+            tokens: Tokens to consume
+
+        Returns:
+            RateLimitInfo with result
+        """
+        key = self._get_redis_key(identifier, tier, date_key)
+
+        # Increment counter atomically
+        pipe = self.redis_client.pipeline()
+        pipe.incr(key)
+        pipe.ttl(key)
+        results = pipe.execute()
+
+        current_count = results[0]
+        current_ttl = results[1]
+
+        # Set TTL if this is a new key
+        if current_ttl == -1:
+            seconds_until_reset = self._seconds_until_reset()
+            self.redis_client.expire(key, seconds_until_reset)
+
+        # Calculate reset time
+        now = time.time()
+        reset_time = now + self._seconds_until_reset()
+
+        if current_count <= daily_limit:
+            # Request allowed
+            remaining = max(0, daily_limit - current_count)
+            return RateLimitInfo(
+                allowed=True,
+                remaining=remaining,
+                reset_time=reset_time,
+                retry_after=None
+            )
+        else:
+            # Rate limit exceeded
+            retry_after = self._seconds_until_reset()
+            return RateLimitInfo(
+                allowed=False,
+                remaining=0,
+                reset_time=reset_time,
+                retry_after=float(retry_after)
+            )
+
+    def _consume_memory(
+        self,
+        identifier: str,
+        tier: UserTier,
+        date_key: str,
+        daily_limit: int,
+        tokens: int
+    ) -> RateLimitInfo:
+        """Consume tokens using in-memory backend.
+
+        Args:
+            identifier: User identifier
+            tier: User tier
+            date_key: Current date key
+            daily_limit: Daily request limit for this tier
+            tokens: Tokens to consume
+
+        Returns:
+            RateLimitInfo with result
+        """
+        memory_key = f"{tier.value}:{identifier}"
+
+        with self._memory_lock:
+            # Get or initialize counter
+            if memory_key in self.memory_counters:
+                count, stored_date = self.memory_counters[memory_key]
+
+                # Reset if new day
+                if stored_date != date_key:
+                    count = 0
+            else:
+                count = 0
+
+            # Increment counter
+            count += tokens
+            self.memory_counters[memory_key] = (count, date_key)
+
+            # Calculate reset time
+            reset_time = time.time() + self._seconds_until_reset()
+
+            if count <= daily_limit:
+                # Request allowed
+                remaining = max(0, daily_limit - count)
+                return RateLimitInfo(
+                    allowed=True,
+                    remaining=remaining,
+                    reset_time=reset_time,
+                    retry_after=None
+                )
+            else:
+                # Rate limit exceeded
+                retry_after = self._seconds_until_reset()
+                return RateLimitInfo(
+                    allowed=False,
+                    remaining=0,
+                    reset_time=reset_time,
+                    retry_after=float(retry_after)
+                )
+
+    def reset(self, identifier: str, tier: UserTier) -> None:
+        """Reset rate limit for identifier (admin/testing).
+
+        Args:
+            identifier: User identifier to reset
+            tier: User tier
+        """
+        date_key = self._get_date_key()
+
+        # Clear from Redis
+        if self.use_redis and self.redis_client:
+            try:
+                key = self._get_redis_key(identifier, tier, date_key)
+                self.redis_client.delete(key)
+            except Exception as e:
+                logger.error(f"Redis reset error: {e}")
+
+        # Clear from memory
+        memory_key = f"{tier.value}:{identifier}"
+        with self._memory_lock:
+            if memory_key in self.memory_counters:
+                del self.memory_counters[memory_key]
+
+    def get_current_count(self, identifier: str, tier: UserTier) -> int:
+        """Get current request count for identifier (debugging).
+
+        Args:
+            identifier: User identifier
+            tier: User tier
+
+        Returns:
+            Current request count for today
+        """
+        date_key = self._get_date_key()
+
+        # Try Redis first
+        if self.use_redis and self.redis_client:
+            try:
+                key = self._get_redis_key(identifier, tier, date_key)
+                count = self.redis_client.get(key)
+                return int(count) if count else 0
+            except Exception:
+                pass
+
+        # Fallback to memory
+        memory_key = f"{tier.value}:{identifier}"
+        with self._memory_lock:
+            if memory_key in self.memory_counters:
+                count, stored_date = self.memory_counters[memory_key]
+                if stored_date == date_key:
+                    return count
+
+        return 0
+
+
+class TieredFixedWindowLimiter:
+    """Multi-tier fixed window rate limiter.
+
+    Manages separate fixed window limiters for each user tier.
+    Provides a unified interface similar to TieredRateLimiter.
+    """
+
+    def __init__(
+        self,
+        tier_limits: Dict[UserTier, int],
+        redis_url: Optional[str] = None
+    ):
+        """Initialise tiered fixed window limiter.
+
+        Args:
+            tier_limits: Dictionary mapping UserTier to daily limit
+            redis_url: Optional Redis connection URL
+        """
+        self.limiters: Dict[UserTier, FixedWindowRateLimiter] = {}
+
+        # Create separate limiter for each tier
+        for tier, daily_limit in tier_limits.items():
+            self.limiters[tier] = FixedWindowRateLimiter(
+                tier_limits={tier: daily_limit},
+                redis_url=redis_url,
+                key_prefix=f"ratelimit_daily:{tier.value}"
+            )
+
+        logger.info(f"Tiered fixed window limiter initialised with {len(tier_limits)} tiers")
+
+    def consume(
+        self,
+        identifier: str,
+        tier: UserTier,
+        tokens: int = 1
+    ) -> RateLimitInfo:
+        """Consume tokens from the appropriate tier limiter.
+
+        Args:
+            identifier: User identifier
+            tier: User tier for quota lookup
+            tokens: Number of tokens to consume
+
+        Returns:
+            RateLimitInfo with consumption result
+        """
+        if tier not in self.limiters:
+            logger.warning(f"Unknown tier {tier}, using ANONYMOUS")
+            tier = UserTier.ANONYMOUS
+
+        return self.limiters[tier].consume(identifier, tier, tokens)
+
+    def reset(self, identifier: str, tier: UserTier) -> None:
+        """Reset rate limit for identifier.
+
+        Args:
+            identifier: User identifier to reset
+            tier: User tier
+        """
+        if tier in self.limiters:
+            self.limiters[tier].reset(identifier, tier)
+
+    def get_current_count(self, identifier: str, tier: UserTier) -> int:
+        """Get current request count for identifier.
+
+        Args:
+            identifier: User identifier
+            tier: User tier
+
+        Returns:
+            Current request count for today
+        """
+        if tier in self.limiters:
+            return self.limiters[tier].get_current_count(identifier, tier)
+        return 0

backend/rate_limiting/limiter.py

@@ -555,25 +555,33 @@ class GradioRateLimitMiddleware:
     def check_rate_limit(
         self,
         request: Optional["gr.Request"] = None,
-        tokens: int = 1
+        tokens: int = 1,
+        session_state: Optional[dict] = None
     ) -> RateLimitInfo:
         """Check rate limit for request.
 
         Args:
             request: Gradio request object
             tokens: Number of tokens to consume
+            session_state: Optional session state dict for authenticated users
 
         Returns:
             RateLimitInfo with result
         """
-        identifier, tier = self.get_user_tier(request)
+        # If custom get_user_tier accepts session_state, pass it
+        try:
+            identifier, tier = self.get_user_tier(request, session_state)
+        except TypeError:
+            # Fallback for get_user_tier functions that don't accept session_state
+            identifier, tier = self.get_user_tier(request)
         return self.limiter.consume(identifier, tier, tokens)
 
     def enforce(
         self,
         request: Optional["gr.Request"] = None,
         tokens: int = 1,
-        error_message: Optional[str] = None
+        error_message: Optional[str] = None,
+        session_state: Optional[dict] = None
     ) -> None:
         """Enforce rate limit, raise gr.Error if exceeded.
 
@@ -581,13 +589,14 @@ class GradioRateLimitMiddleware:
             request: Gradio request object
             tokens: Number of tokens to consume
             error_message: Custom error message (optional)
+            session_state: Optional session state dict for authenticated users
 
         Raises:
             gr.Error: If rate limit exceeded
         """
         import gradio as gr
 
-        info = self.check_rate_limit(request, tokens)
+        info = self.check_rate_limit(request, tokens, session_state)
 
         if not info.allowed:
             retry_seconds = int(info.retry_after) if info.retry_after else 60