{
  "context": "Evaluates how the solution uses express-rate-limit to build middleware with configurable validation presets for proxy/IP safety and exposes the applied validation map. Checks focus on correct use of the library's validate option and its per-check flags rather than general Express code.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Middleware factory",
      "description": "Limiter middleware is created via express-rate-limit's `rateLimit` (or its exported factory) instead of custom throttling logic.",
      "max_score": 20
    },
    {
      "name": "Strict preset validations",
      "description": "Default/strict mode passes `validate` with all relevant checks enabled: IP format (`ip`), proxy trust (`trustProxy`), forwarded header usage (`xForwardedFor` or `forwardedHeader`), and creation location (`creationStack`).",
      "max_score": 25
    },
    {
      "name": "Validation opt-out",
      "description": "A `mode` of \"none\" results in `validate` being set to `false` (or an object with all checks false) so the library suppresses its safety validations.",
      "max_score": 15
    },
    {
      "name": "Proxy-only preset",
      "description": "Proxy-only mode builds a `validate` object that enables only proxy-related checks (`trustProxy` plus `xForwardedFor`/`forwardedHeader`) while leaving IP format and creation-stack checks off.",
      "max_score": 20
    },
    {
      "name": "Override merging",
      "description": "Override toggles merge into the `validate` options passed to `rateLimit`, flipping individual checks without discarding the rest of the preset's values.",
      "max_score": 10
    },
    {
      "name": "Config surfaced",
      "description": "Returns or exposes the same `validate` configuration used for `rateLimit`, allowing inspection of which express-rate-limit checks are active.",
      "max_score": 10
    }
  ]
}