Harald Buerbaumer 30b6eccae5 feat(gateway): add auth rate-limiting & brute-force protection (#15035) ...

* feat(gateway): add auth rate-limiting & brute-force protection

Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).

When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.

The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.

* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses

---------

Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>

2026-02-13 15:32:38 +01:00

..

security

fix(docs): remove hardcoded Mermaid init blocks that break dark mode (#15157)

2026-02-12 22:48:26 -05:00

authentication.md

revert(docs): undo markdownlint autofix churn

2026-02-06 10:00:08 -05:00

background-process.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

bonjour.md

Docs: enable markdownlint autofixables except list numbering (#10476)

2026-02-06 10:08:59 -05:00

bridge-protocol.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

cli-backends.md

chore: apply local workspace updates (#9911)

2026-02-05 16:54:44 -05:00

configuration-examples.md

docs: modernize gateway configuration page (Phase 1) (#14111)

2026-02-11 10:44:34 -05:00

configuration-reference.md

feat(gateway): add auth rate-limiting & brute-force protection (#15035)

2026-02-13 15:32:38 +01:00

configuration.md

fix: harden hook session key routing defaults

2026-02-13 02:09:14 +01:00

discovery.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

doctor.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

gateway-lock.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

health.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

heartbeat.md

docs: canonicalize docs paths and align zh navigation (#11428)

2026-02-07 15:40:35 -05:00

index.md

docs: modernize gateway configuration page (Phase 1) (#14111)

2026-02-11 10:44:34 -05:00

local-models.md

Docs: enable markdownlint autofixables except list numbering (#10476)

2026-02-06 10:08:59 -05:00

logging.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

multiple-gateways.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

network-model.md

Docs: landing page revamp (#8885)

2026-02-04 10:37:14 -05:00

openai-http-api.md

feat(gateway): add auth rate-limiting & brute-force protection (#15035)

2026-02-13 15:32:38 +01:00

openresponses-http-api.md

feat(gateway): add auth rate-limiting & brute-force protection (#15035)

2026-02-13 15:32:38 +01:00

pairing.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

protocol.md

Docs: add nav titles across docs (#5689)

2026-01-31 15:04:03 -06:00

remote-gateway-readme.md

fix(docs): remove hardcoded Mermaid init blocks that break dark mode (#15157)

2026-02-12 22:48:26 -05:00

remote.md

docs: restructure Get Started tab and improve onboarding flow (#9950)

2026-02-05 17:45:01 -05:00

sandbox-vs-tool-policy-vs-elevated.md

chore: Run pnpm format:fix.

2026-01-31 21:13:13 +09:00

sandboxing.md

docs: canonicalize docs paths and align zh navigation (#11428)

2026-02-07 15:40:35 -05:00

tailscale.md

Docs: enable markdownlint autofixables except list numbering (#10476)

2026-02-06 10:08:59 -05:00

tools-invoke-http-api.md

feat(gateway): add auth rate-limiting & brute-force protection (#15035)

2026-02-13 15:32:38 +01:00

troubleshooting.md

docs: canonicalize docs paths and align zh navigation (#11428)

2026-02-07 15:40:35 -05:00