docs+engine: refresh server.md rate-limiting note; cache version() TOCTOU

Two cleanups bundled because they're both single-line, post-MR-686 hygiene flagged by cubic during PR review: - docs/server.md:102 said "Rate limiting — none" while the new admission-control section earlier in the file documents 429s on the five mutating handlers. Replace with a pointer to the admission section and clarify that no graph-wide rate limiter is wired. - schema_apply.rs:445-451 called `db.version().await` twice — once for the conditional check, once in the error format string — creating a cosmetic TOCTOU under interior mutability. Cache the result in `current_manifest_version` so the error message reflects the version that triggered the rejection. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-09 01:35:18 +02:00 · 2026-05-08 16:59:45 +02:00 · 2026-05-08 16:59:45 +02:00 · 6ef07386d3
commit 6ef07386d3
parent c745dd69ae
2 changed files with 7 additions and 4 deletions
--- a/docs/server.md
+++ b/docs/server.md
@ -99,6 +99,9 @@ See [deployment.md](deployment.md) for token-source operational details.
 ## Not implemented (by design or "TBD")

 - CORS — not configured; add `tower_http::cors` if needed.
- Rate limiting — none.
+- Rate limiting — per-actor admission control gates `/change`, `/ingest`,
+  `/branches/{create,delete,merge}`, `/schema/apply` (see "Per-actor
+  admission control" above). No global rate limiter is configured;
+  add `tower_http::limit` if a graph-wide cap is needed.
 - Pagination — none (commits/branches return everything; export streams).
 - Multi-tenant routing — one repo per process.