Problem statement
The metrics controller has a TODO for time-range parsing, and current timeseries logic is narrowly focused on login success/failure.
Proposed solution
Validate from/to, reject inverted or oversized windows, and expand metrics to cover OTP/WebAuthn/magic-link activity consistently.
Alternatives considered
No response
Impact area
None
Problem statement
The metrics controller has a TODO for time-range parsing, and current timeseries logic is narrowly focused on login success/failure.
Proposed solution
Validate from/to, reject inverted or oversized windows, and expand metrics to cover OTP/WebAuthn/magic-link activity consistently.
Alternatives considered
No response
Impact area
None