From cccd39f45bd8162b38d9aed03bb761eb81e47f80 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Mon, 22 Jun 2026 11:35:52 +0000
Subject: [PATCH] docs(asm): document X-RateLimit-Limit and
 X-RateLimit-Remaining response headers

The info description promised these headers on every response but no
endpoint declared them, so SDK generators and Redoc rendered no trace
of them. Adds reusable header components and wires them into all 2xx
responses across every endpoint.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01D8aK5iFD2dh7B5Z4vtf5m5
---
 asm/openapi.yaml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/asm/openapi.yaml b/asm/openapi.yaml
index 228f34f..f4cca66 100644
--- a/asm/openapi.yaml
+++ b/asm/openapi.yaml
@@ -86,6 +86,11 @@ paths:
       responses:
         '200':
           description: Paginated list of assets
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -113,6 +118,11 @@ paths:
       responses:
         '200':
           description: Asset detail
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -135,6 +145,11 @@ paths:
       responses:
         '200':
           description: Updated asset
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -155,6 +170,11 @@ paths:
       responses:
         '204':
           description: Asset archived
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
         '401':
           $ref: '#/components/responses/Unauthorized'
         '404':
@@ -176,6 +196,11 @@ paths:
       responses:
         '200':
           description: Paginated list of scans
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -205,6 +230,11 @@ paths:
       responses:
         '202':
           description: Scan accepted and queued
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -233,6 +263,11 @@ paths:
       responses:
         '200':
           description: Scan detail
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -279,6 +314,11 @@ paths:
       responses:
         '200':
           description: Paginated list of vulnerability findings
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -310,6 +350,11 @@ paths:
       responses:
         '200':
           description: Vulnerability detail
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -332,6 +377,11 @@ paths:
       responses:
         '200':
           description: Updated vulnerability
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -351,6 +401,11 @@ paths:
       responses:
         '200':
           description: All tags in the tenant
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -384,6 +439,11 @@ paths:
       responses:
         '201':
           description: Tag created
+          headers:
+            X-RateLimit-Limit:
+              $ref: '#/components/headers/X-RateLimit-Limit'
+            X-RateLimit-Remaining:
+              $ref: '#/components/headers/X-RateLimit-Remaining'
           content:
             application/json:
               schema:
@@ -394,6 +454,18 @@ paths:
           $ref: '#/components/responses/Unauthorized'
 
 components:
+  headers:
+    X-RateLimit-Limit:
+      description: Maximum number of requests allowed per minute for the current API key.
+      schema:
+        type: integer
+        example: 600
+    X-RateLimit-Remaining:
+      description: Number of requests remaining in the current rate-limit window.
+      schema:
+        type: integer
+        example: 543
+
   securitySchemes:
     bearerAuth:
       type: http