From 338f864f6094d4770fb344bb3d2084c1f2c1486c Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Tue, 17 Mar 2026 14:29:35 +0000
Subject: [PATCH] fix(ci): set correct rate_limit_mode field in integration
 test security config

- The rate-limit integration test was sending rate_limit_enable:true in the
  security config POST, but the backend injects the Caddy rate_limit handler
  only when rate_limit_mode is the string "enabled"
- Because rate_limit_mode was absent from the payload, the database default
  of "disabled" persisted and the guard condition always evaluated false,
  leaving the handler uninjected across all 10 verify attempts
- Replaced the boolean rate_limit_enable with the string field
  rate_limit_mode:"enabled" to match the exact contract the backend enforces
---
 scripts/rate_limit_integration.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/rate_limit_integration.sh b/scripts/rate_limit_integration.sh
index fc3e5b95..eba9bf35 100755
--- a/scripts/rate_limit_integration.sh
+++ b/scripts/rate_limit_integration.sh
@@ -262,7 +262,7 @@ SEC_CFG_PAYLOAD=$(cat <<EOF
 {
     "name": "default",
     "enabled": true,
-    "rate_limit_enable": true,
+    "rate_limit_mode": "enabled",
     "rate_limit_requests": ${RATE_LIMIT_REQUESTS},
     "rate_limit_window_sec": ${RATE_LIMIT_WINDOW_SEC},
     "rate_limit_burst": ${RATE_LIMIT_BURST},