fix(gateway): security hardening — auth guards, ownership checks, validation, rate limiting

apps/gateway/src/app.module.ts

@@ -1,4 +1,5 @@
 import { Module } from '@nestjs/common';
+import { APP_GUARD } from '@nestjs/core';
 import { HealthController } from './health/health.controller.js';
 import { DatabaseModule } from './database/database.module.js';
 import { AuthModule } from './auth/auth.module.js';
@@ -14,9 +15,11 @@ import { MemoryModule } from './memory/memory.module.js';
 import { LogModule } from './log/log.module.js';
 import { SkillsModule } from './skills/skills.module.js';
 import { PluginModule } from './plugin/plugin.module.js';
+import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
 
 @Module({
   imports: [
+    ThrottlerModule.forRoot([{ name: 'default', ttl: 60_000, limit: 60 }]),
     DatabaseModule,
     AuthModule,
     BrainModule,
@@ -33,5 +36,11 @@ import { PluginModule } from './plugin/plugin.module.js';
     PluginModule,
   ],
   controllers: [HealthController],
+  providers: [
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard,
+    },
+  ],
 })
 export class AppModule {}