- Add ReDoS protection using safe-regex validation for contentPattern
- Add token bucket rate limiting (10/min per handler) to prevent cost explosions
- Require at least one match condition in Zod schema (reject empty match)
- Change error logging from logVerbose to logWarn for visibility
Includes tests for rate limiter and ReDoS protection.