fix(ci): allow rate limit bypass in production test mode

The E2E tests run the standalone server (NODE_ENV=production) but need
rate limiting disabled. Allow MC_DISABLE_RATE_LIMIT bypass when
MISSION_CONTROL_TEST_MODE=1 is also set, even in production.

Fixes 100 E2E failures (429 rate limited) in CI.

src/lib/rate-limit.ts

@@ -71,8 +71,9 @@ export function createRateLimiter(options: RateLimiterOptions) {
   if (cleanupInterval.unref) cleanupInterval.unref()
 
   return function checkRateLimit(request: Request): NextResponse | null {
-    // Allow disabling non-critical rate limiting for E2E tests (never in production)
-    if (process.env.MC_DISABLE_RATE_LIMIT === '1' && !options.critical && process.env.NODE_ENV !== 'production') return null
+    // Allow disabling non-critical rate limiting for E2E tests
+    // In CI, standalone server runs with NODE_ENV=production but needs rate limit bypass
+    if (process.env.MC_DISABLE_RATE_LIMIT === '1' && !options.critical && (process.env.NODE_ENV !== 'production' || process.env.MISSION_CONTROL_TEST_MODE === '1')) return null
     const ip = extractClientIp(request)
     const now = Date.now()
     const entry = store.get(ip)
@@ -143,7 +144,7 @@ export function createAgentRateLimiter(options: RateLimiterOptions) {
   if (cleanupInterval.unref) cleanupInterval.unref()
 
   return function checkAgentRateLimit(request: Request): NextResponse | null {
-    if (process.env.MC_DISABLE_RATE_LIMIT === '1' && !options.critical && process.env.NODE_ENV !== 'production') return null
+    if (process.env.MC_DISABLE_RATE_LIMIT === '1' && !options.critical && (process.env.NODE_ENV !== 'production' || process.env.MISSION_CONTROL_TEST_MODE === '1')) return null
 
     const agentName = (request.headers.get('x-agent-name') || '').trim()
     const key = agentName || `ip:${extractClientIp(request)}`