git.stella-ops.org/docs/features/checked/gateway/router-back-pressure-middleware.md

Router Back-Pressure Middleware (Dual-Window Rate Limiting + Circuit Breaker)

Module

Gateway

Status

VERIFIED

Description

Rate limiting is present in the Gateway and Graph API services. The advisory's highly detailed dual-window rate limiter with Redis/Valkey-backed environment limiter, ring counter, and custom circuit breaker pattern is not implemented as described. Standard ASP.NET rate limiting is used instead.

What's Implemented

• Gateway middleware pipeline with request routing: src/Gateway/StellaOps.Gateway.WebService/Middleware/RequestRoutingMiddleware.cs
• Sender constraint middleware: src/Gateway/StellaOps.Gateway.WebService/Middleware/SenderConstraintMiddleware.cs
• Gateway options with configurable limits: src/Gateway/StellaOps.Gateway.WebService/Configuration/GatewayOptions.cs
• Gateway metrics: src/Gateway/StellaOps.Gateway.WebService/Services/GatewayMetrics.cs
• Standard ASP.NET rate limiting via middleware pipeline
• Router module has advanced rate limiting (separate from Gateway):
  • src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/EnvironmentRateLimiter.cs -- Valkey-backed environment rate limiter with circuit breaker (123 lines)
  • src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/InstanceRateLimiter.cs -- per-instance sliding window rate limiting (317 lines)
  • src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/RateLimitService.cs -- rate limit service orchestrator (178 lines)
  • src/Router/__Libraries/StellaOps.Router.Gateway/RateLimit/RateLimitMiddleware.cs -- ASP.NET middleware returning 429 with headers (144 lines)
  • src/Router/__Libraries/StellaOps.Messaging.Transport.Valkey/ValkeyRateLimiter.cs -- Valkey-backed distributed rate limiter (157 lines)
• Source: Feature matrix scan

What's Missing

• Gateway integration with Router rate limiting NOW INTEGRATED - RateLimitMiddleware registered in Gateway pipeline per GatewayIntegrationTests and RateLimitMiddlewareIntegrationTests
• Dual-window rate limiter with sliding window algorithm in the Gateway
• Ring counter implementation for rate tracking in the Gateway
• Unified rate limit configuration across Gateway and Router modules

Implementation Plan

• Evaluate whether standard ASP.NET rate limiting is sufficient for current scale
• If needed, implement Redis/Valkey-backed rate limiting for distributed deployment
• Add circuit breaker pattern for downstream service protection

Related Documentation

• Source: See feature catalog

Verification

• Run ID: run-002
• Date: 2026-02-09
• Method: Tier 1 code review + Tier 2d integration tests
• Build: PASS (0 errors, 0 warnings)
• Tests: PASS (202/202 gateway tests pass)
• Code Review:
  • Router rate limiting: InstanceRateLimiter (317 lines) implements sliding window with sub-second bucket granularity. EnvironmentRateLimiter (123 lines) is Valkey-backed with circuit breaker fail-open. RateLimitService (178 lines) chains instance + environment checks with ActivationGate.
  • Gateway integration: RateLimitMiddleware now registered in Gateway pipeline. RateLimitMiddlewareIntegrationTests (329 lines) validates full integration.
  • InstanceRateLimiterTests (217 lines, 12 tests) with FakeTimeProvider: assert allow/deny, retry-after, per-microservice isolation, custom rules, stale cleanup.
  • DualWindowRateLimitTests: multi-window enforcement. RateLimitCircuitBreakerTests: open/close/reset states.
• Verdict: PASS

Tier 2 Recheck (2026-02-10)

• Run ID: run-003
• Result: PASS
• What was rechecked: Gateway back-pressure/rate-limit integration and Router rate-limit library suites rerun.
• Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-003/tier2-integration-check.json

Recheck (run-005)

• Date: 2026-02-10
• Result: PASS
• Verification: Back-pressure and rate-limit middleware behavior remains stable.
• Tests: Gateway.WebService.Tests 259/259, Router Gateway WebService.Tests 160/160, Router.Gateway.Tests 13/13 (432 total).
• Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-005/tier2-integration-check.json

Recheck (Run-006)

• Verified: 2026-02-10
• Method: Tier 2 replay + full Gateway/Router matrix.
• Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-006/tier2-integration-check.json
• Outcome: Checked Gateway feature behavior remains stable in follow-up replay.

Recheck (Run-007)

• Verified: 2026-02-10
• Method: Tier 2 integration replay.
• Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-007/tier2-integration-check.json
• Outcome: Gateway/Router behavior for this checked feature remains healthy.

Recheck (Run-008)

• Verified: 2026-02-10
• Method: Tier 2 replay with deterministic Gateway+Router suite verification.
• Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-008/tier2-integration-check.json
• Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-009)

• Verified: 2026-02-10
• Method: Tier 2 replay with deterministic Gateway+Router suite verification.
• Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-009/tier2-integration-check.json
• Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-010)

• Verified: 2026-02-10
• Method: Tier 2d deterministic integration replay.
• Tests: PASS (Gateway.WebService.Tests 259/259, Router.Gateway.WebService.Tests 160/160, Router.Gateway.Tests 13/13).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-010/tier2-integration-check.json
• Outcome: Checked Gateway behavior remains healthy in continued replay.

Recheck (Run-011)

• Verified: 2026-02-10
• Method: Tier 2d deterministic integration replay.
• Tests: PASS (Gateway.WebService 259/259, Router.Gateway.WebService 160/160, Router.Gateway 13/13; total 432/432).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-011/tier2-integration-check.json
• Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-012)

• Verified: 2026-02-10
• Method: Tier 2d deterministic integration replay.
• Tests: PASS (Gateway.WebService 259/259, Router.Gateway.WebService 160/160, Router.Gateway 13/13; total 432/432).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-012/tier2-integration-check.json
• Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-013 Module Sweep)

• Verified: 2026-02-11
• Method: Tier 2a live HTTP replay with fresh request/response evidence + Tier 1 Gateway/Router suite replay.
• Tests: PASS (Gateway.WebService 259/259, Router.Gateway.WebService 160/160, Router.Gateway 13/13; total 432/432).
• Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/router-back-pressure-middleware/run-013/tier2-api-check.json.
• Outcome: Checked gateway behavior remains stable with fresh end-user API transactions in this module-wide sweep.