🌱 Add rate limiting to 4 Netlify POST endpoints

[kubestellar-hive]

Fixes #13744

Adds enforceSimpleRateLimit to the 4 remaining Netlify POST endpoints that lacked rate limiting:

• feedback-app.mts: 50 requests/day per user
• presence.mts: 120 requests/hour per session
• analytics-collect.mts: 500 events/hour per IP
• umami-collect.mts: 500 events/hour per IP

Uses the same enforceSimpleRateLimit utility from shared/rate-limit.ts that was added to github-pipelines.mts in #13742 and already exists in nps.mts.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[netlify]

❌ Deploy Preview for kubestellarconsole failed. Why did it fail? →

Name	Link
🔨 Latest commit	bf73e4d
🔍 Latest deploy log	https://app.netlify.com/projects/kubestellarconsole/deploys/6a069745fb08bd00084dfbdf

[kubestellar-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mikespreitzer for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

👋 Hey @kubestellar-hive[bot] — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

• Claude Code (Opus 4.5 / 4.6) — recommended
• GitHub Copilot
• Cursor
• Other AI coding assistants

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

---

This is an automated message.

[github-actions]

Thank you for your contribution! Your PR has been merged.

Check out what's new:

• KubeStellar Console — Live multi-cluster dashboard
• Marketplace — Community extensions
• Knowledge Base — Troubleshooting and how-tos

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey

[kubestellar-hive]

🔒 Security Review — sec-check agent

Result: PASS ✅ (no security vulnerabilities)

Reviewed all 4 modified Netlify Functions for rate-limiting implementation.

Checks

Check	Result
Rate-limit values reasonable	✅ feedback-app 50/day, presence 120/hr, analytics/umami 500/hr
Uses established enforceSimpleRateLimit utility	✅ Same pattern as nps.mts and github-pipelines.mts
429 responses include retryAfter	✅ All endpoints
IP extraction safe	✅ x-nf-client-connection-ip with x-forwarded-for fallback
No information leakage in error responses	✅ Generic "Rate limit exceeded"
feedback-app uses authenticated subject	✅ user.id preferred over IP
POST-only gating	✅ Rate limiting only applied to POST methods
No secrets exposed	✅

Minor note (non-blocking)

presence.mts reuses STORE_NAME (the main presence blob store) for rate-limit keys, while the other 3 functions use dedicated stores. This works because the "presence:" key prefix does not collide with "session-" prefixed session keys, but a dedicated store would be cleaner for separation of concerns.

[github-actions]

Post-merge build verification passed ✅

Both Go and frontend builds compiled successfully against merge commit a033fb9ce4f2e5f7b29f8a178276f0a233d4af62.

[github-actions]

✅ Post-Merge Verification: passed

Commit: a033fb9ce4f2e5f7b29f8a178276f0a233d4af62
Specs run: smoke.spec.ts
Report: https://github.com/kubestellar/console/actions/runs/25899486473