{
  "context": "Evaluates how well the solution uses express-rate-limit to enforce the quota on GET /widgets and surface the library-provided metadata to clients. Checks focus on configuring the limiter, exposing the metadata on the request, and propagating the library-managed headers and retry details into responses.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Limiter setup",
      "description": "Configures the router with express-rate-limit's rateLimit middleware using the provided windowMs and maxHits values mapped to windowMs and limit options.",
      "max_score": 25
    },
    {
      "name": "Metadata property",
      "description": "Uses the package's requestPropertyName option to place metadata on the configured request property and reads limit, used, remaining, and resetTime from that property rather than custom counters.",
      "max_score": 20
    },
    {
      "name": "Standard headers",
      "description": "Enables standard RateLimit/RateLimit-Policy headers via express-rate-limit (using draft or standardHeaders options) with values matching the current metadata for limit, remaining, and reset.",
      "max_score": 15
    },
    {
      "name": "Exceed handler",
      "description": "Relies on express-rate-limit's handler hook to emit the 429 response, populating retryAfterSeconds from the provided metadata resetTime and setting the Retry-After header accordingly.",
      "max_score": 20
    },
    {
      "name": "Metadata echo",
      "description": "Response bodies for both allowed and blocked requests echo the package-provided metadata fields (limit, used, remaining, resetTime) directly from req[requestPropertyName] without reimplementing tracking logic.",
      "max_score": 20
    }
  ]
}