Skip to content

feat!: v0.2.0 production hardening#37

Merged
bntvllnt merged 4 commits intomainfrom
feat/v0.2.0-hardening
Mar 25, 2026
Merged

feat!: v0.2.0 production hardening#37
bntvllnt merged 4 commits intomainfrom
feat/v0.2.0-hardening

Conversation

@bntvllnt
Copy link
Copy Markdown
Contributor

@bntvllnt bntvllnt commented Mar 25, 2026

Summary

  • Auth boundary: ownerId required on all admin mutations (revoke/disable/enable/update/rotate/getUsage) — prevents cross-tenant access
  • Server-side secret gen: create() and rotate() generate secret material inside component mutations, no longer passed from client
  • Remove apiKeyEvents table: structured logging replaces event-based audit trail — eliminates unbounded table growth, O(N) scans, retention cron complexity
  • Remove @convex-dev/rate-limiter: rate limiting is integrator's responsibility at their HTTP layer where they have caller context (IP, auth, plan tier)
  • Remove @convex-dev/aggregate + @convex-dev/crons: unused deps removed (component deps: 4 -> 1)
  • Input validation: keyPrefix/env charset, gracePeriodMs min/max bounds, metadata/scopes/tags size caps, configure() bounds
  • Validate optimization: remaining decrement and lastUsedAt write decoupled into single merged patch; lastUsedAt throttled to 60s
  • Pagination: list()/listByTag() use .take(100) default limit instead of unbounded .collect()
  • revokeByTag: now catches rotating + disabled statuses (not just active)

Breaking Changes

Change Migration
create() args Remove hash, lookupPrefix, secretHex — server generates internally
rotate() args Remove lookupPrefix, secretHex — server generates internally
Admin mutations Add ownerId as required arg
getUsage() Remove period param, lastUsedAt from return
apiKeyEvents table Export existing data before upgrading — table is removed
@convex-dev/rate-limiter Add your own rate limiting at HTTP action layer

Stats

  • 10 files changed, 487 insertions, 412 deletions
  • 82 tests passing (was 69), +14 new tests covering auth boundary, input validation, bounds
  • Component deps: 4 -> 1 (shardedCounter only)
  • Tables: 3 -> 2 (apiKeyEvents removed)
  • Writes per validate: 4 -> 1-2

Test plan

  • All 82 tests pass (pnpm test)
  • Lint clean (pnpm lint)
  • TypeScript clean (pnpm build)
  • Cross-tenant auth boundary tested (6 mutations)
  • Input validation tested (env charset, metadata size, scopes/tags limits)
  • gracePeriodMs bounds tested (min 60s, max 30d)
  • configure() bounds tested (negative/zero rejection)
  • 7-perspective code review completed (0 BLOCKING findings remaining)
  • README migration guide (follow-up — docs only)
  • Run pnpm build:codegen with Convex auth to regenerate _generated/ types

bntvllnt added 2 commits March 25, 2026 23:20
@bntvllnt
feat!: v0.2.0 production hardening — auth boundary, server-side secre…
f9033a1 
…t gen, remove events+rate-limiter

BREAKING CHANGES:
- create()/rotate(): secret material generated server-side, remove hash/lookupPrefix/secretHex from client args
- Admin mutations (revoke/disable/enable/update/rotate/getUsage): ownerId now required
- apiKeyEvents table removed — structured logs replace event-based audit trail
- @convex-dev/rate-limiter removed — rate limiting is integrator's responsibility
- @convex-dev/aggregate and @convex-dev/crons removed (unused)
- getUsage(): period param removed (counter-only), lastUsedAt removed from return
- list()/listByTag(): paginated via .take(100) default limit

New features:
- ownerId cross-check on all admin mutations (auth boundary)
- Input validation: keyPrefix charset, env charset, gracePeriodMs bounds, metadata/scopes/tags size caps
- configure() bounds validation + structured audit logging
- lastUsedAt/remaining writes decoupled in validate (single merged patch)
- lastUsedAt throttled to 60s to reduce OCC contention
- revokeByTag expanded to include rotating+disabled statuses
- Structured logging replaces all event table writes

Tests: 82 passing (was 69), +14 new tests for auth boundary, input validation, bounds
@bntvllnt
docs: add v0.2.0 spec, deep analysis, and roadmap
a72d3d1
@bntvllnt bntvllnt added enhancement New feature or request security Security-related labels Mar 25, 2026
@bntvllnt bntvllnt self-assigned this Mar 25, 2026
@bntvllnt bntvllnt added enhancement New feature or request security Security-related labels Mar 25, 2026
bntvllnt added 2 commits March 25, 2026 23:30
@bntvllnt
docs: update all docs for v0.2.0 — README, API, CHANGELOG, AGENTS, CL…
2620c9b 
…AUDE

- README: new API signatures with ownerId, remove rate-limiter/events claims,
  update architecture to 1 child component, add security model section
- docs/API.md: all method signatures updated, input validation table added
- CHANGELOG.md: full v0.2.0 entry with breaking changes + migration guide
- AGENTS.md: fix schema reference, add docs-sync rule
- CLAUDE.md: update design decisions, architecture, schema references
- Spec archived to specs/shipped/ with retro
@bntvllnt
chore: remove shipped spec from specs/active
e877396
@bntvllnt bntvllnt merged commit f11443e into main Mar 25, 2026
4 checks passed
@bntvllnt bntvllnt deleted the feat/v0.2.0-hardening branch March 25, 2026 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bntvllnt bntvllnt

Labels

enhancement New feature or request security Security-related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bntvllnt