Summary
Rate limiting (src/app.ts:99-107) only applies to /memory/* routes. /health, /api/docs, /api/spec.json, and admin endpoints are unrestricted. Enables enumeration and DoS on unprotected routes.
Fix
Add global rate limit (higher threshold) for all routes. Keep tighter limit on /memory.
Summary
Rate limiting (src/app.ts:99-107) only applies to /memory/* routes. /health, /api/docs, /api/spec.json, and admin endpoints are unrestricted. Enables enumeration and DoS on unprotected routes.
Fix
Add global rate limit (higher threshold) for all routes. Keep tighter limit on /memory.