feat: bundle push rate limiting and abuse defense (issue #49 phase 4)

- MusehubDailyPushBytes: per-user daily byte counter table, upserted at bundle-presign; resets each calendar day (PK: identity_id + date) - MusehubPushAnomaly: anomaly record table for >10x rolling-average spikes - record_bundle_bytes_uploaded: UPSERT helper with ON CONFLICT increment - check_push_anomaly: computes 30-day rolling average, inserts anomaly row and logs WARNING when today's upload is >10x average; never rejects - bundle-presign route: enforces daily limit (429 with 'daily' in detail); limit disabled when bundle_daily_upload_limit_bytes=0; per-user not global - GET /api/caps: public endpoint returning max_bundle_bytes, daily_upload_limit_bytes, max_commits_per_push, max_objects_per_push - 15 TDD tests in test_bundle_rate_limiting_phase4.py: all green

sha256:29f2935a56feb415c441b14c6a891ec69e63cf5677ea7cb089b7770b2d2c078e sha

sha256:7039004cb9fd3d423a5be2e56258d8814ee3f52aed30f15cd9ea7d9eb799d75f parent

sha256:4f7e9abded68453838891f0e0fb649e534649d3cd34d18dc59988838834b0160 snapshot

← Older Oldest on task/issue-49-phase4

All commits

Newer → Latest on task/issue-49-phase4

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:29f2935a56feb415c441b14c6a891ec69e63cf5677ea7cb089b7770b2d2c078e --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump BREAKING

Agent claude-code

Breaking

musehub/config.py::Settings

Signature Cryptographically verified

Snapshot

ID sha256:4f7e9abded68453838891f0e0fb649e534649d3cd34d18dc59988838834b0160

Files 0

Browse tree at this commit →

Commit

SHA sha256:29f2935a56feb415c441b14c6a891ec69e63cf5677ea7cb089b7770b2d2c078e

Parent

sha256:7039004cb9fd3d423a5be2e56258d8814ee3f52aed30f15cd9ea7d9eb799d75f

Branch task/issue-49-phase4