Skip to content

feat: per-identity rate limiting on ingest endpoint #199

Description

@jpower432

Summary

Add per-identity rate limiting keyed on JWT sub claim, in addition to the existing per-IP rate limiting.

Context

Per-IP rate limiting is insufficient for cloud CI/CD pipelines that use dynamic IPs. A compromised publisher identity could submit evidence from distributed IPs, bypassing per-IP limits. Since Tessera is append-only, log pollution from a compromised identity is irrevocable.

Acceptance Criteria

  • Per-identity rate limiter keyed on claims.Sub after JWT verification
  • Configurable limit (e.g., INGEST_RATE_LIMIT_PER_IDENTITY requests/hour)
  • Stricter than per-IP limits (identity is the scarcer resource)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Backlog / nice to havearea/authJWT, OIDC, publisher trustarea/ingestIngest pipeline, flattening, NATSenhancementNew feature or requestllm-assistedCreated with LLM assistance

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions