-- Enable RLS on rate_limits table
ALTER TABLE public.rate_limits ENABLE ROW LEVEL SECURITY;

-- Users can only view their own rate limits
CREATE POLICY "Users can view their own rate limits"
  ON public.rate_limits FOR SELECT
  TO authenticated
  USING (user_id = auth.uid());

-- System can manage rate limits (handled by check_rate_limit function)
CREATE POLICY "System can insert rate limits"
  ON public.rate_limits FOR INSERT
  TO authenticated
  WITH CHECK (user_id = auth.uid());

CREATE POLICY "System can update rate limits"
  ON public.rate_limits FOR UPDATE
  TO authenticated
  USING (user_id = auth.uid());

-- Allow cleanup of old records
CREATE POLICY "System can delete old rate limits"
  ON public.rate_limits FOR DELETE
  TO authenticated
  USING (window_start < now() - interval '24 hours');