- Enhance GET /admin/rate-limits with per-IP breakdown, 24h throttled
count, and hourly time-series of rejected requests
- Add _rejected_log deque for time-series tracking of throttled requests
- Add AdminRateLimits React page with auto-refresh (configurable 15s/30s/1m),
summary cards, throttled-over-time bar chart, endpoint table, per-IP table
- Add TypeScript types (RateLimitStatsResponse) and adminApi.getRateLimits()
- Wire up /admin/rate-limits route and nav link (admin-only)
- Expand unit tests to 10 cases: auth, empty state, per-IP breakdown,
throttled_24h count, time-series structure, response shape contract
Closesleeworks-agents/SPARC#1686
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add GET /admin/rate-limits endpoint (admin-only) that returns current
rate limit configuration and request statistics for all rate-limited
endpoints (/auth/register and /auth/login). Tracks total requests and
rejection counts via in-memory counters.
Includes tests for admin access, non-admin rejection, empty state,
request tracking, and configuration display.
Closesleeworks-agents/SPARC#1675
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
agent-company