From 6ef07386d372ad25577933ad96caa7b0998f4d99 Mon Sep 17 00:00:00 2001 From: Ragnor Comerford Date: Fri, 8 May 2026 16:59:45 +0200 Subject: [PATCH] docs+engine: refresh server.md rate-limiting note; cache version() TOCTOU MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two cleanups bundled because they're both single-line, post-MR-686 hygiene flagged by cubic during PR review: - docs/server.md:102 said "Rate limiting — none" while the new admission-control section earlier in the file documents 429s on the five mutating handlers. Replace with a pointer to the admission section and clarify that no graph-wide rate limiter is wired. - schema_apply.rs:445-451 called `db.version().await` twice — once for the conditional check, once in the error format string — creating a cosmetic TOCTOU under interior mutability. Cache the result in `current_manifest_version` so the error message reflects the version that triggered the rejection. Co-Authored-By: Claude Opus 4.7 (1M context) --- crates/omnigraph/src/db/omnigraph/schema_apply.rs | 6 +++--- docs/server.md | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/crates/omnigraph/src/db/omnigraph/schema_apply.rs b/crates/omnigraph/src/db/omnigraph/schema_apply.rs index cdb0677..39b1bfd 100644 --- a/crates/omnigraph/src/db/omnigraph/schema_apply.rs +++ b/crates/omnigraph/src/db/omnigraph/schema_apply.rs @@ -443,11 +443,11 @@ pub(super) async fn apply_schema_with_lock( } db.refresh_coordinator_only().await?; - if db.version().await != base_manifest_version { + let current_manifest_version = db.version().await; + if current_manifest_version != base_manifest_version { return Err(OmniError::manifest_conflict(format!( "schema apply lost its write lease: main advanced from v{} to v{} while schema apply was in progress", - base_manifest_version, - db.version().await + base_manifest_version, current_manifest_version, ))); } diff --git a/docs/server.md b/docs/server.md index a20c5a7..ba2130e 100644 --- a/docs/server.md +++ b/docs/server.md @@ -99,6 +99,9 @@ See [deployment.md](deployment.md) for token-source operational details. ## Not implemented (by design or "TBD") - CORS — not configured; add `tower_http::cors` if needed. -- Rate limiting — none. +- Rate limiting — per-actor admission control gates `/change`, `/ingest`, + `/branches/{create,delete,merge}`, `/schema/apply` (see "Per-actor + admission control" above). No global rate limiter is configured; + add `tower_http::limit` if a graph-wide cap is needed. - Pagination — none (commits/branches return everything; export streams). - Multi-tenant routing — one repo per process.