feat(rate-limit): add behavioral anomaly scoring and adaptive throttling

[Babigdk]

Pull Request Checklist

closes #615

Quality Gates (All must pass before merge)

• Lint: Code passes ESLint and Prettier checks
  Status: not yet verified after the anomaly detection changes.

• Type Check: TypeScript compilation succeeds
  Status: not yet verified after adding the new anomaly detection types, backend service, rate limiting integration, and dashboard screen.

• Tests: All tests pass
  Status: not yet verified. No new automated tests have been added yet for the anomaly detection flow.

• Build: Project builds successfully
  Status: not yet verified after the backend / mobile / ML changes.

• Rust Format: Smart contract formatting is correct
  Status: not touched by this PR / not yet verified.

• Rust Clippy: Smart contract linting passes
  Status: not touched by this PR / not yet verified.

• Rust Tests: All smart contract tests pass
  Status: not touched by this PR / not yet verified.

• Rust Build: Smart contracts compile successfully
  Status: not touched by this PR / not yet verified.

---

Additional Requirements

• New code has appropriate TypeScript types
  Added typed anomaly models in src/types/rateLimitAnomaly.ts.

• No hardcoded secrets or credentials
  No secrets or credentials were introduced in the anomaly detection changes.

• New features have corresponding tests
  Feature implementation is in place, but backend / ML / UI tests still need to be added.

• Documentation updated if needed
  PR description is prepared, but repo docs / admin docs / ops docs have not been updated yet.

---

Feature Implementation Status

Implemented in this PR

• Added behavioral anomaly type definitions

  • src/types/rateLimitAnomaly.ts

• Added backend anomaly scoring / adaptive throttling service

  • backend/services/shared/rateLimitAnomalyService.ts

• Integrated anomaly evaluation into the rate limiting flow

  • backend/services/shared/rateLimitingService.ts

• Added recent anomaly retrieval for dashboard/API use

  • getRecentAnomalies(limit = 50)

• Added ML scoring endpoint scaffold

  • ml-service/routers/rate_limit_anomaly.py

• Added ML retraining job scaffold

  • ml-service/jobs/retrain_rate_limit_anomaly.py

• Added admin dashboard screen scaffold

  • mobile/app/screens/RateLimitDashboardScreen.tsx

---

Acceptance Criteria Status

Behavioral anomaly detection

• Feature extraction includes:

  • request rate
  • endpoint distribution
  • time-of-day bucket
  • payload size average
  • user-agent entropy
  • geographic spread

• Adaptive limiting supports:

  • threshold-based anomaly evaluation
  • 50% temporary reduction
  • 90% temporary reduction

• False-positive handling includes:

  • allowlist support
  • manual throttle override per key

• Dashboard scaffold includes:

  • recent anomalies
  • score
  • severity
  • throttle level
  • suggested action

Still incomplete / follow-up required

• Real Isolation Forest model persistence + training pipeline
  Current ML route is a scoring scaffold / integration point, not a fully persisted sklearn training pipeline yet.

• Slack / PagerDuty alerting for score > 0.95
  Not wired yet.

• Seasonal / Black Friday model handling
  Structural hooks are present, but full seasonal training / event-day whitelist logic is not yet implemented.

• Weekly retrain with drift alerting based on real evaluation metrics
  Retraining scaffold exists, but full drift evaluation / reporting is not complete.

• Prometheus anomaly score metric per key
  Not wired yet.

---

Reviewers

• At least 1 approval required for merge
• All CI checks must be green

---

Before marking this PR mergeable, run

App / backend

npm run lint
npm run typecheck
npm run test
npm run build