apunkt/omnigraph
1
0
Fork 0
mirror of https://github.com/ModernRelay/omnigraph.git synced 2026-06-09 01:35:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs+engine: refresh server.md rate-limiting note; cache version() TOCTOU

Browse source 
Two cleanups bundled because they're both single-line, post-MR-686
hygiene flagged by cubic during PR review:

- docs/server.md:102 said "Rate limiting — none" while the new
  admission-control section earlier in the file documents 429s on the
  five mutating handlers. Replace with a pointer to the admission
  section and clarify that no graph-wide rate limiter is wired.
- schema_apply.rs:445-451 called `db.version().await` twice — once
  for the conditional check, once in the error format string —
  creating a cosmetic TOCTOU under interior mutability. Cache the
  result in `current_manifest_version` so the error message reflects
  the version that triggered the rejection.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ragnor Comerford 2026-05-08 16:59:45 +02:00
parent c745dd69ae
commit 6ef07386d3
No known key found for this signature in database
2 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
crates/omnigraph/src/db/omnigraph/schema_apply.rs
View file

@ -443,11 +443,11 @@ pub(super) async fn apply_schema_with_lock(
}
db.refresh_coordinator_only().await?;
if db.version().await != base_manifest_version {
let current_manifest_version = db.version().await;
if current_manifest_version != base_manifest_version {
return Err(OmniError::manifest_conflict(format!(
"schema apply lost its write lease: main advanced from v{} to v{} while schema apply was in progress",
base_manifest_version,
db.version().await
base_manifest_version, current_manifest_version,
)));
}

5
docs/server.md
View file

@ -99,6 +99,9 @@ See [deployment.md](deployment.md) for token-source operational details.
## Not implemented (by design or "TBD")
- CORS — not configured; add `tower_http::cors` if needed.
- Rate limiting — none.
- Rate limiting — per-actor admission control gates `/change`, `/ingest`,
`/branches/{create,delete,merge}`, `/schema/apply` (see "Per-actor
admission control" above). No global rate limiter is configured;
add `tower_http::limit` if a graph-wide cap is needed.
- Pagination — none (commits/branches return everything; export streams).
- Multi-tenant routing — one repo per process.