Problem
(1) Several B2C-facing schemas accept unbounded strings (feedback/announcement/support/report) — 10MB-payload DoS surface. (2) No limiter on /api/events/* POST and /validate routes, report/feedback/support mutations; trial limiter has a privilege asymmetry.
Fix shape
.max() on all user-text fields; body-size cap; extend the existing Upstash limiter coverage (ADR 07) to every unauthenticated/cheap-auth mutation. Chaos runbook scenario 8 verifies.
Problem
(1) Several B2C-facing schemas accept unbounded strings (feedback/announcement/support/report) — 10MB-payload DoS surface. (2) No limiter on
/api/events/*POST and/validateroutes, report/feedback/support mutations; trial limiter has a privilege asymmetry.Fix shape
.max()on all user-text fields; body-size cap; extend the existing Upstash limiter coverage (ADR 07) to every unauthenticated/cheap-auth mutation. Chaos runbook scenario 8 verifies.