These are custom policies for users-permissions plugin.
Take a look at their code to understand what they do:
isAuthenticated - Verifies if the user that requested the url is authenticated.
rateLimit - Is used to limit repeated requests from an IP to APIs and/or endpoints. For more details about rateLimit please refer to koa2-ratelimit official documentation.
Rate limit is currently used on the following auth endpoints:
/connect/*
/auth/local
/auth/local/register
/auth/forgot-password
/auth/reset-password
You can use it to protect some important endpoints from spamming.