From 6f1566c2c39812ec292b048d723368f3fe82e73c Mon Sep 17 00:00:00 2001
From: nns <nns@edocs.kz>
Date: Wed, 27 May 2026 02:20:12 +0500
Subject: [PATCH] docs(sprint1): P0-3 done

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 docs/sprint1-progress.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/sprint1-progress.md b/docs/sprint1-progress.md
index 159507e..908a89a 100644
--- a/docs/sprint1-progress.md
+++ b/docs/sprint1-progress.md
@@ -9,8 +9,10 @@
 
 ## Чек-лист
 
-1. [ ] **P0-3 Rate-limit** — `Microsoft.AspNetCore.RateLimiting` (sliding window) на
+1. [x] **P0-3 Rate-limit** — `Microsoft.AspNetCore.RateLimiting` (sliding window) на
    `/connect/token` и `/api/auth/signup`. 5/мин/IP, 20/час/IP. Тест: 6-я попытка за минуту → 429.
+   ✅ `AuthRateLimiterExtensions` (global limiter + chained окна, gate по пути), отдельные
+   бакеты на эндпоинт. Проверено curl на :5091 — token 6→429, signup 6→429, бакеты независимы.
 2. [ ] **P0-4 Health checks** — `/health/live` (alive) + `/health/ready` (DB ping + миграции
    применены). docker-compose healthcheck → `/health/ready`.
 3. [ ] **P0-5 Permission-based authz** — `PermissionHandler` + `[RequiresPermission("...")]`