MAESTRO: verify rate limit 429 behavior

2026-02-22 05:23:31 +01:00 · 2026-02-18 04:21:32 +01:00
parent d3c6eb893d
commit 1b37520e25
1 changed files with 1 additions and 1 deletions
--- a/Docs/SpecKit-web-header-analyzer-Phase-08-Security-Operations.md
+++ b/Docs/SpecKit-web-header-analyzer-Phase-08-Security-Operations.md
@@ -39,7 +39,7 @@ This phase protects the analysis service from abuse with per-IP rate limiting an

 - [x] `pytest backend/tests/api/test_rate_limiter.py backend/tests/api/test_captcha.py backend/tests/api/test_health.py` all pass
 - [x] All vitest tests pass: `npx vitest run src/__tests__/CaptchaChallenge.test.tsx`
- [ ] Exceeding rate limit returns HTTP 429 with Retry-After header and CAPTCHA challenge
+- [x] Exceeding rate limit returns HTTP 429 with Retry-After header and CAPTCHA challenge
 - [ ] Solving CAPTCHA returns HMAC-signed bypass token (5-minute expiry)
 - [ ] Bypass token exempts IP from rate limiting on subsequent requests
 - [ ] `GET /api/health` returns `{status, version, uptime, scannerCount}`