Hugh Brown ce18fe4f0c fix: apply rate limiting to optional agent auth path ...

get_agent_auth_context_optional was not rate-limited, allowing
brute-force token guessing via routes that use require_user_or_agent.
Now applies agent_auth_limiter when a token is actually presented.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

..

__init__.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

agent_auth.py

fix: apply rate limiting to optional agent auth path

2026-03-07 23:35:10 +05:30

agent_tokens.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

auth_mode.py

feat: update local authentication mode to require a non-placeholder token of at least 50 characters

2026-02-11 19:40:33 +05:30

auth.py

fix(agent): improve error handling for get_agent_soul method

2026-03-03 03:09:29 +05:30

config.py

feat: make webhook payload size limit configurable

2026-03-07 23:35:10 +05:30

durations.py

refactor: simplify code formatting and improve readability across multiple files

2026-02-09 20:44:05 +05:30

error_handling.py

feat(error_handling): improve error payload serialization for JSON compatibility

2026-02-12 20:10:30 +05:30

logging.py

feat: enhance logging configuration and add request logging context

2026-02-11 16:49:43 +05:30

rate_limit.py

docs: fix rate limiter docstrings to reflect sliding-window algorithm

2026-03-07 23:35:10 +05:30

security_headers.py

fix(security): update security header names to lowercase and add tests

2026-02-25 03:39:49 +05:30

time.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

version.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30