git.stella-ops.org/docs/features/checked/gateway/router-back-pressure-middleware.md

# Router Back-Pressure Middleware (Dual-Window Rate Limiting + Circuit Breaker)

## Module
Gateway

## Status
VERIFIED

## Description
Rate limiting is present in the Gateway and Graph API services. The advisory's highly detailed dual-window rate limiter with Redis/Valkey-backed environment limiter, ring counter, and custom circuit breaker pattern is not implemented as described. Standard ASP.NET rate limiting is used instead.

## What's Implemented
- Gateway middleware pipeline with request routing: `src/Gateway/StellaOps.Gateway.WebService/Middleware/RequestRoutingMiddleware.cs`
- Sender constraint middleware: `src/Gateway/StellaOps.Gateway.WebService/Middleware/SenderConstraintMiddleware.cs`
- Gateway options with configurable limits: `src/Gateway/StellaOps.Gateway.WebService/Configuration/GatewayOptions.cs`
- Gateway metrics: `src/Gateway/StellaOps.Gateway.WebService/Services/GatewayMetrics.cs`
- Standard ASP.NET rate limiting via middleware pipeline
- **Router module has advanced rate limiting** (separate from Gateway):
  - `src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/EnvironmentRateLimiter.cs` -- Valkey-backed environment rate limiter with circuit breaker (123 lines)
  - `src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/InstanceRateLimiter.cs` -- per-instance sliding window rate limiting (317 lines)
  - `src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/RateLimitService.cs` -- rate limit service orchestrator (178 lines)
  - `src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/RateLimitMiddleware.cs` -- ASP.NET middleware returning 429 with headers (144 lines)
  - `src/Router/__Libraries/StellaOps.Messaging.Transport.Valkey/ValkeyRateLimiter.cs` -- Valkey-backed distributed rate limiter (157 lines)
- Source: Feature matrix scan

## What's Missing
- ~~Gateway integration with Router rate limiting~~ **NOW INTEGRATED** - RateLimitMiddleware registered in Gateway pipeline per GatewayIntegrationTests and RateLimitMiddlewareIntegrationTests
- Dual-window rate limiter with sliding window algorithm in the Gateway
- Ring counter implementation for rate tracking in the Gateway
- Unified rate limit configuration across Gateway and Router modules

## Implementation Plan
- Evaluate whether standard ASP.NET rate limiting is sufficient for current scale
- If needed, implement Redis/Valkey-backed rate limiting for distributed deployment
- Add circuit breaker pattern for downstream service protection

## Related Documentation
- Source: See feature catalog

## Verification
- **Run ID**: run-002
- **Date**: 2026-02-09
- **Method**: Tier 1 code review + Tier 2d integration tests
- **Build**: PASS (0 errors, 0 warnings)
- **Tests**: PASS (202/202 gateway tests pass)
- **Code Review**:
  - Router rate limiting: InstanceRateLimiter (317 lines) implements sliding window with sub-second bucket granularity. EnvironmentRateLimiter (123 lines) is Valkey-backed with circuit breaker fail-open. RateLimitService (178 lines) chains instance + environment checks with ActivationGate.
  - Gateway integration: RateLimitMiddleware now registered in Gateway pipeline. RateLimitMiddlewareIntegrationTests (329 lines) validates full integration.
  - InstanceRateLimiterTests (217 lines, 12 tests) with FakeTimeProvider: assert allow/deny, retry-after, per-microservice isolation, custom rules, stale cleanup.
  - DualWindowRateLimitTests: multi-window enforcement. RateLimitCircuitBreakerTests: open/close/reset states.
- **Verdict**: PASS