Security Operations & Deployment When to Apply Each Middleware - Decision Guide withRateLimit() - Apply to: ✅ Always apply to: - Any route that could be abused (spam, brute force) - Login-like operations (even if Clerk handles auth) - Data creation/modification endpoints - Contact/support form endpoints - Webhooks (to prevent DoS) - File upload endpoints - Search endpoints - Data export endpoints - Any expensive AI/API operations - Report generation - Bulk operations ❌ Usually not needed for: - Static asset requests (handled by CDN) - Simple GET endpoints that only read public data - Health c…