User Story

As a cluster admin,
I want to configure per-user and global rate limits on VirtualMCPServer,
so that aggregated backends are protected from abuse.

Context

See THV-0057: Rate Limiting for MCP Servers for full design details.

Acceptance Criteria

• VirtualMCPServerSpec includes rateLimiting at spec.rateLimiting (not spec.config)
• CRD admission validation: perUser requires auth enabled
• Unit: Per-user limits shared across all backends (single bucket per user for the vMCP, not per-backend)
• Unit: Per-tool limits use post-aggregation names (underscore separator by default)
• Unit: With optimizer enabled, per-tool limit extracts inner tool_name from call_tool arguments
• Unit: Per-user and global limits both enforced on tools/call
• E2E: Deploy VirtualMCPServer with per-user rate limit, send traffic, verify rejection after limit exceeded

Dependencies

• STORY-001 and STORY-002 (core rate limit middleware and CRD types)

Out of Scope

• Observability (STORY-004)
• prompts/get and resources/read (deferred, STORY-005)