Hugh Brown 94988deef2 security: add rate limiting to agent auth and webhook ingest ...

Agent token auth performed O(n) PBKDF2 operations per request with no
rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no
rate limits either. Add an in-memory token-bucket rate limiter:
- Agent auth: 20 requests/minute per IP
- Webhook ingest: 60 requests/minute per IP

Includes unit tests for the rate limiter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

..

__init__.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

agent_auth.py

security: add rate limiting to agent auth and webhook ingest

2026-03-07 23:35:10 +05:30

agent_tokens.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

auth_mode.py

feat: update local authentication mode to require a non-placeholder token of at least 50 characters

2026-02-11 19:40:33 +05:30

auth.py

fix(agent): improve error handling for get_agent_soul method

2026-03-03 03:09:29 +05:30

config.py

security: set sensible defaults for security response headers

2026-03-07 23:35:10 +05:30

durations.py

refactor: simplify code formatting and improve readability across multiple files

2026-02-09 20:44:05 +05:30

error_handling.py

feat(error_handling): improve error payload serialization for JSON compatibility

2026-02-12 20:10:30 +05:30

logging.py

feat: enhance logging configuration and add request logging context

2026-02-11 16:49:43 +05:30

rate_limit.py

security: add rate limiting to agent auth and webhook ingest

2026-03-07 23:35:10 +05:30

security_headers.py

fix(security): update security header names to lowercase and add tests

2026-02-25 03:39:49 +05:30

time.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

version.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30