diff --git a/backend/src/main/java/com/xly/erp/common/response/ResultCode.java b/backend/src/main/java/com/xly/erp/common/response/ResultCode.java
index ae9d3ec..b1bb4f9 100644
--- a/backend/src/main/java/com/xly/erp/common/response/ResultCode.java
+++ b/backend/src/main/java/com/xly/erp/common/response/ResultCode.java
@@ -24,6 +24,8 @@ public enum ResultCode {
     USERNAME_EXISTS(40901, "用户名已存在"),
     /** 分页参数非法（预留 REQ-USR-003）。 */
     PAGE_PARAM_INVALID(42201, "分页参数非法"),
+    /** 登录过于频繁（连续失败超阈值，账号临时锁定；REQ-USR-004）。 */
+    LOGIN_RATE_LIMITED(42901, "请求过于频繁，请稍后重试"),
     /** 系统内部错误（兜底）。 */
     SYSTEM_ERROR(50000, "系统繁忙，请稍后重试");
 
diff --git a/backend/src/test/java/com/xly/erp/common/response/ResultCodeLoginTest.java b/backend/src/test/java/com/xly/erp/common/response/ResultCodeLoginTest.java
new file mode 100644
index 0000000..28e0e84
--- /dev/null
+++ b/backend/src/test/java/com/xly/erp/common/response/ResultCodeLoginTest.java
@@ -0,0 +1,28 @@
+package com.xly.erp.common.response;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+
+/**
+ * REQ-USR-004 T1：登录相关错误码断言。
+ *
+ * <p>新增登录限流码 {@code LOGIN_RATE_LIMITED=42901}；并确认登录流程复用的既有码
+ * {@code UNAUTHORIZED=40101} / {@code ACCOUNT_DISABLED=40302} / {@code PARAM_INVALID=40001}
+ * 取值不变（不重复定义、不漂移）。</p>
+ */
+class ResultCodeLoginTest {
+
+    @Test
+    void loginRateLimitedCodeIs42901() {
+        assertThat(ResultCode.LOGIN_RATE_LIMITED.getCode()).isEqualTo(42901);
+        assertThat(ResultCode.LOGIN_RATE_LIMITED.getMessage()).isNotBlank();
+    }
+
+    @Test
+    void existingLoginCodesPresent() {
+        assertThat(ResultCode.UNAUTHORIZED.getCode()).isEqualTo(40101);
+        assertThat(ResultCode.ACCOUNT_DISABLED.getCode()).isEqualTo(40302);
+        assertThat(ResultCode.PARAM_INVALID.getCode()).isEqualTo(40001);
+    }
+}