{
  "context": "Evaluates whether the solution configures express-rate-limit to emit correct rate limit response headers in both standardized and legacy modes for separate routes. Scoring focuses on using the library's options to set limits/windows, choose header drafts, and expose the expected header values including Retry-After when limits are exceeded.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Standard setup",
      "description": "Creates the /standard limiter with express-rate-limit's rateLimit factory using windowMs of 60000, limit of 3, standardHeaders set to a supported draft (e.g., \"draft-7\" or \"draft-8\"), and legacyHeaders disabled.",
      "max_score": 20
    },
    {
      "name": "Standard values",
      "description": "Ensures the standard limiter's responses include RateLimit and RateLimit-Policy headers showing limit=3, remaining counts that decrement on each request, a policy string like 3;w=60, and a package-generated Retry-After on the 429 response after the fourth request.",
      "max_score": 25
    },
    {
      "name": "Legacy setup",
      "description": "Configures a separate rateLimit instance for /legacy with windowMs of 30000, limit of 2, legacyHeaders enabled, and standardHeaders turned off so the package emits only X-RateLimit-* headers there.",
      "max_score": 20
    },
    {
      "name": "Legacy values",
      "description": "Verifies the /legacy responses carry X-RateLimit-Limit=2, X-RateLimit-Remaining that counts down per request, an X-RateLimit-Reset Unix-seconds timestamp for the current window, and a Retry-After value on the 429 response triggered by the third rapid request.",
      "max_score": 25
    },
    {
      "name": "Header isolation",
      "description": "Uses express-rate-limit options so /standard responses omit X-RateLimit-* headers and /legacy responses omit RateLimit/RateLimit-Policy, proving correct per-route header mode selection.",
      "max_score": 10
    }
  ]
}