# Rate Limiting Feature Configuration
#
# This configuration controls request rate limiting per client IP.
# Prevents abuse and ensures fair resource usage across clients.
# This file is loaded ONLY if [server.features.rate_limit].enabled = true in the main config.
# (The enabled flag is set in the main lifecycle-api-config.toml file)

[rate_limit]

# Requests per second per client IP
# Example: 10 = max 10 requests per second per client
requests_per_second = 10

# Burst capacity (maximum requests allowed in a single burst)
# Must be >= requests_per_second
burst_size = 20

# Include /health and /metrics endpoints in rate limiting
# Set to false to exclude health checks and metrics from limits
rate_limit_health_metrics = false

# Response when rate limit exceeded
# Returns HTTP 429 Too Many Requests with X-RateLimit headers
rate_limit_message = "Too many requests, please try again later"