Skip to content

Add API-wide rate limiting #37

Description

@0xNyk

Rate limiting exists only on the login endpoint (5 attempts/min). Every other route — including /api/spawn, /api/backup, /api/export, and agent messaging — has no rate limiting. A middleware-level rate limiter would prevent abuse. The current in-memory approach also resets on restart.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecuritySecurity-related issue

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions