docs(roadmap): record backend rate limits

2026-05-05 10:05:58 -07:00 · 2026-05-05 10:05:58 -07:00 · 3c5b9986c9
commit 3c5b9986c9
parent ee4a8ab2ea
1 changed files with 1 additions and 1 deletions
--- a/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
+++ b/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
@ -141,7 +141,7 @@ Goal: production starts fail closed and do not silently run with development-onl
 - [x] **P3.1** Change backend config validation so production cannot use default `JWT_SECRET`, memory DB, disabled encryption by accident, or missing Cosmos credentials. Keep test/dev ergonomics intact. Commit: `e7d381f`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `node --import tsx --input-type=module -e "import { parseConfig } from './src/lib/config.ts'; ..."` accepted a safe production env and rejected unsafe defaults; `git diff --check`. Added exported `parseConfig()`, safe string boolean parsing, development JWT defaulting only for non-production ergonomics, production rejection for default/short JWT secrets, memory DB, missing Cosmos endpoint/key/database, disabled field encryption, and production memory key provider.
 - [x] **P3.2** Add tests for production config validation: missing secret, default secret, memory DB in production, missing Cosmos env, encryption provider requirements. Commit: `8007fac`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/lib/config.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Added 11 focused config tests covering dev ergonomics, safe production config, missing/default/short production JWTs, memory DB rejection, missing Cosmos env, disabled encryption, production memory provider rejection, env key requirements, and AKV URL requirements.
 - [x] **P3.3** Review all unauthenticated backend endpoints. Keep `/health`, `/api/bootstrap`, and public share reads intentional; protect diagnostics or make them explicitly dev/admin-gated. Commit: `56a051a`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/diagnostics.test.ts src/server.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Kept `/health`, `/api/bootstrap`, and `/api/public/note-shares/:token` intentionally public; moved diagnostics into `diagnosticsRoutes()` with dev/test open access and production `admin`/`owner` auth via shared auth middleware.
- [ ] **P3.4** Add or verify rate limiting and abuse controls for public share, auth-facing, prompt, intake, and LLM-backed endpoints using shared platform patterns where available. Commit:
+- [x] **P3.4** Add or verify rate limiting and abuse controls for public share, auth-facing, prompt, intake, and LLM-backed endpoints using shared platform patterns where available. Commit: `ee4a8ab`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/lib/rate-limit.test.ts src/modules/notes/copilot.test.ts src/modules/note-prompts/note-prompts.test.ts src/modules/intake/routes.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Added a shared in-memory sliding-window limiter backed by `TooManyRequestsError` from `@bytelyst/errors`, replaced the local intake limiter, and guarded public share reads plus prompt, Smart Action, embedding, URL extraction, merge/compare, copilot, title suggestion, and workspace chat endpoints before expensive work begins. Auth-facing endpoints remain owned by common-platform `platform-service`.
 - [ ] **P3.5** Verify agent write paths enforce role, product scope, workspace membership, idempotency, dry-run, and audit trail behavior. Add missing tests. Commit:
 - [ ] **P3.6** Verify field encryption coverage for note body, sensitive artifact metadata, prompt content if needed, and agent action details. Add migration notes if fields are newly encrypted. Commit: