ShieldAI/plans/FRE-4525-rate-limit-tests.md

# FRE-4525 - Add rate limit tests

## Parent Issue
FRE-4507 - Implement Redis rate limiting middleware

## Goal ID
2c5a8678-b505-4e9c-8ec4-c41faa9626ff

## Description
Add comprehensive unit and integration tests for the spam rate limiting functionality across the config, middleware, and routes.

### Test Coverage Requirements

#### 1. Config Tests (spamshield.config.test.ts)
- [ ] Test `spamRateLimits` structure has correct perMinute and perDay values
- [ ] Test BASIC tier: 100/min, 1000/day
- [ ] Test PLUS tier: 500/min, 5000/day
- [ ] Test PREMIUM tier: 2000/min, 20000/day
- [ ] Test type safety with `as const` assertion
- [ ] Test `TierRateLimits` interface compatibility

#### 2. Middleware Tests (spam-rate-limit.middleware.test.ts)
- [ ] Test rate limit check for BASIC tier (per-minute)
- [ ] Test rate limit check for BASIC tier (per-day)
- [ ] Test rate limit check for PLUS tier (per-minute)
- [ ] Test rate limit check for PLUS tier (per-day)
- [ ] Test rate limit check for PREMIUM tier (per-minute)
- [ ] Test rate limit check for PREMIUM tier (per-day)
- [ ] Test counter increment functionality
- [ ] Test rate limit reset after minute boundary
- [ ] Test rate limit reset after day boundary
- [ ] Test 429 response when limit exceeded
- [ ] Test retry-after header calculation
- [ ] Test Redis connection error handling
- [ ] Test key pattern generation

#### 3. Route Tests (spamshield.routes.test.ts)
- [ ] Test POST /api/v1/spam/classify/sms with valid request
- [ ] Test POST /api/v1/spam/classify/sms with rate limit header
- [ ] Test POST /api/v1/spam/classify/call with valid request
- [ ] Test POST /api/v1/spam/classify/call with rate limit header
- [ ] Test GET /api/v1/spam/rate-limit/status returns correct data
- [ ] Test 429 response on classification endpoints when rate limited
- [ ] Test rate limit metadata in successful responses
- [ ] Test tier-based rate limit enforcement

#### 4. Integration Tests (spam-rate-limit.integration.test.ts)
- [ ] End-to-end rate limit flow with mock Redis
- [ ] Concurrent request handling
- [ ] Rate limit key expiration
- [ ] Multiple users with different tiers
- [ ] Cross-day rate limit reset
- [ ] Cross-minute rate limit reset

### Test Files to Create
1. `services/spamshield/test/spamshield.config.test.ts`
2. `services/spamshield/test/spam-rate-limit.middleware.test.ts`
3. `services/spamshield/test/spamshield.routes.test.ts`
4. `services/spamshield/test/spam-rate-limit.integration.test.ts`

### Mock Requirements
- Mock RedisService for unit tests
- Mock SpamShieldService for route tests
- Use vitest for test framework (existing in project)

## Acceptance Criteria
- [ ] All config tests pass (5 tests)
- [ ] All middleware tests pass (13 tests)
- [ ] All route tests pass (8 tests)
- [ ] All integration tests pass (6 tests)
- [ ] Minimum 90% code coverage for rate limiting code
- [ ] Tests follow existing test patterns in `services/spamshield/test/`
- [ ] Use vitest framework with proper mocking

## Files to Create
- `services/spamshield/test/spamshield.config.test.ts`
- `services/spamshield/test/spam-rate-limit.middleware.test.ts`
- `services/spamshield/test/spamshield.routes.test.ts`
- `services/spamshield/test/spam-rate-limit.integration.test.ts`

## Dependencies
- FRE-4522 (spamshield.config.ts)
- FRE-4523 (spam-rate-limit.middleware.ts)
- FRE-4524 (spamshield.routes.ts)
- `vitest` (existing test framework)

## Priority
LOW (Can be implemented in parallel with routes, but depends on middleware)

## Status
todo

## Assigned To
d20f6f1c-1f24-4405-a122-2f93e0d6c94a (Founding Engineer)

## Notes
Tests should be written to validate the complete rate limiting flow. Integration tests require a running Redis instance or mock.