fix(bridge): system audit + 5-file bug fix — PATS Deny trigger removal, auto_resolved chat dedup, UUID filenames, IP rate limit leak, bot.py deque

gateway.py

@@ -20,6 +20,7 @@ import asyncio
 import json
 import time
 import logging
+import uuid
 from collections import defaultdict
 from pathlib import Path
 from aiohttp import web
@@ -94,6 +95,15 @@ class GatewayAPI:
             window.append(now)
             self._rate_limits[ip] = window
 
+            # Memory leak prevention: Cleanup stale IPs when mapping grows too large
+            if len(self._rate_limits) > 1000:
+                for k in list(self._rate_limits.keys()):
+                    active = [t for t in self._rate_limits[k] if now - t < RATE_LIMIT_WINDOW]
+                    if active:
+                        self._rate_limits[k] = active
+                    else:
+                        del self._rate_limits[k]
+
         return await handler(request)
 
     # ─── Health ───
@@ -111,7 +121,7 @@ class GatewayAPI:
         """Collector pushes a pending approval request."""
         try:
             data = await request.json()
-            rid = data.get("request_id", str(int(time.time() * 1000)))
+            rid = data.get("request_id", f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}")
             data["request_id"] = rid
             data.setdefault("timestamp", time.time())
             data.setdefault("status", "pending")
@@ -166,7 +176,7 @@ class GatewayAPI:
             snap_dir = self.bot.bridge.transport.bridge_dir / "chat_snapshots" if hasattr(self.bot.bridge.transport, 'bridge_dir') else None
             if snap_dir:
                 snap_dir.mkdir(parents=True, exist_ok=True)
-                snap_id = f"{int(time.time() * 1000)}"
+                snap_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
                 snap_data = {
                     "id": snap_id,
                     "project_name": project,