A governed pipeline for every AI-assisted code change.

Input

The Jira ticket

ACME-142  ·  Priority: High  ·  Reporter: Product

Add rate limiting to POST /api/transactions

Limit each authenticated client to 100 requests per minute.
Return HTTP 429 with a Retry-After header when exceeded.
All rate-limit events must be written to the audit log.

Checkpoint 1 — Plan review

AI generates a structured plan. You approve it before any code is written.

Indexing codebase... 847 methods across 94 files.
Generating execution plan for ACME-142...

Plan  ·  Confidence: 0.96  ·  3 operations

Op 1  Add RateLimitingFilter with token-bucket per client IP
      → src/main/java/com/acme/filter/RateLimitingFilter.java (new)

Op 2  Register filter in SecurityConfig before /api/transactions
      → src/main/java/com/acme/config/SecurityConfig.java

Op 3  Write rate-limit events to AuditService
      → src/main/java/com/acme/service/AuditService.java

Approve this plan? [yes/no]: yes

Checkpoint 2 — Code review

AI reads the actual files and writes complete implementations. You approve the diff.

+ src/main/java/com/acme/filter/RateLimitingFilter.java

+ @Component @Order(1)
+ public class RateLimitingFilter implements Filter {
+     private static final int LIMIT = 100;
+     private final Map<String, RateLimiter> limiters =
+         new ConcurrentHashMap<>();
+
+     @Override
+     public void doFilter(ServletRequest req, ...) {
+         String clientId = getClientId(req);
+         RateLimiter limiter = limiters.computeIfAbsent(
+             clientId, k -> RateLimiter.create(LIMIT / 60.0));
+         if (!limiter.tryAcquire()) {
+             HttpServletResponse r = (HttpServletResponse) res;
+             r.setStatus(429);
+             r.setHeader("Retry-After", "60");
+             auditService.logRateLimit(clientId);
+             return;
+         }
+         chain.doFilter(req, res);
+     }
+ }

Approve this diff? [yes/no]: yes

Result

Build verified, committed, PR opened, audit record written.

✓ Applied 3 file changes
✓ mvn test — BUILD SUCCESS  (coverage: 84%  ·  312 tests passed)
✓ Branch: ACME-142
✓ Commit: a7f3c91  [ACME-142] Add rate limiting to POST /api/transactions
✓ PR:     github.com/acme/core-api/pull/847

Audit record written
  Plan approved by:  Alice Chen  14:22:07
  Code approved by:  Alice Chen  14:24:31
  Duration:          3m 12s  ·  Est. cost: $0.031 USD
  Report:            ACME-142-report.pdf  (SOC2 evidence ready)