mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 20:34:13 +00:00
fda47533c3
Per-namespace rate-limit config (feature #69) - Migration 027: new `namespace_rate_limit_config` table (namespace PK, requests_per_minute, burst, audit metadata). - pkg/ratelimit: Manager + RQLite ConfigStore + types. Same pattern as the push config in bug #220's follow-up — LRU cache, invalidate on PUT/DELETE, falls back to YAML defaults when no row exists. - pkg/gateway/handlers/ratelimit: GET/PUT/DELETE /v1/namespace/rate-limit. PUT requests are rejected if they exceed the operator's configured ceiling (MaxRequestsPerMinute / MaxBurst) — tenants self-serve but cannot raise their quota past the cap. - pkg/gateway/rate_limiter.go: per-namespace lookup, default fallback. - pkg/gateway/middleware.go: WS JWT middleware (middleware_ws_jwt_test.go). - pkg/gateway/auth/service.go: refresh-token rotation hardening with regression test in refresh_rotation_test.go. AI agent instructions - Add AGENTS.md, CLAUDE.md, .github/copilot-instructions.md (DeBros v0.2.0 baseline). DeBros rules bumped to v0.2.0 (sha bb6e6ef). VERSION bumped to 0.122.12.
46 lines
2.0 KiB
JSON
46 lines
2.0 KiB
JSON
{
|
|
"$schema": "https://raw.githubusercontent.com/DeBrosDAO/rules/main/templates/debros.schema.json",
|
|
"schema_version": 1,
|
|
|
|
"rules": {
|
|
"version": "v0.2.0",
|
|
"sha": "bb6e6ef604b420879a44f055af48d4acf57b86d5",
|
|
"synced_at": "2026-05-12T11:26:00Z"
|
|
},
|
|
|
|
"project": {
|
|
"name": "orama",
|
|
"type": "infrastructure",
|
|
"languages": ["go", "typescript", "zig"],
|
|
"critical_paths": [
|
|
"core/pkg/gateway/auth/**",
|
|
"core/pkg/secrets/**",
|
|
"core/pkg/serverless/hostfunctions/**",
|
|
"core/migrations/**",
|
|
"core/cmd/**",
|
|
"sdk/src/auth/**",
|
|
"sdk/src/vault/**",
|
|
"vault/src/**"
|
|
],
|
|
"deploy_targets": ["devnet", "testnet"],
|
|
"owner": ""
|
|
},
|
|
|
|
"compliance": {
|
|
"last_audit": "2026-05-12",
|
|
"exceptions": [],
|
|
"dismissed": [],
|
|
"tier3_overrides": []
|
|
},
|
|
|
|
"ai_agent_notes": [
|
|
"Orama is a decentralized API gateway + reverse proxy with serverless WASM execution, distributed caching (Olric), distributed SQL (RQLite), IPFS storage, and pubsub. See .claude/rules/network.md for the high-level architecture.",
|
|
"Deploys require explicit human approval. Never run `make rollout-devnet`, `orama node install`, `systemctl restart`, or any other deploy/restart command without an explicit go-ahead in the chat.",
|
|
"Rolling restarts only — never stop multiple nodes simultaneously. RQLite Raft consensus needs quorum.",
|
|
"Use the `orama node` CLI for service management on VPS nodes (`orama node restart`, `orama node stop`, etc.), never raw `systemctl`. The CLI handles dependency ordering, quorum checks, and health verification.",
|
|
"Use `orama ssh <ip>` to reach devnet/testnet hosts — the wrapper resolves SSH keys from rootwallet via vault:ssh capability.",
|
|
"Per-tenant operational context (anchat-test, etc.) lives in chat history and bugboard tickets, not in this repo.",
|
|
"Never leak credentials from scripts/remote-nodes.conf or any keys_backup/ files in commits, docs, or chat output."
|
|
]
|
|
}
|