docs(claude): align CLAUDE.md with prod deploy posture#10
Conversation
CLAUDE.md described chittyauth-app as a "standalone, no-deps, any custom domain" service. The actual wrangler.toml deploys name="chittyauth" to auth.chitty.cc on the ChittyCorp account, owns the production auth route, tail-consumes chittytrack, and supports a Neon OAuth facade — none of which is "isolated from ChittyOS". Fixes: - Project Overview: this IS the auth.chitty.cc owner; drop the "standalone / any custom domain / no ChittyOS deps" framing. - D1 table list: replace fictional api_tokens/users/audit_logs/oauth_clients with the real schema.sql tables (tokens, service_credentials, auth_events, token_stats, service_health, registrations). - Replace the inverted "Comparison to chittyauth" table with a Provider Modes table (local vs neon). - Secrets: switch normative section to canonical CHITTYAUTH_ISSUED_* names; legacy TOKEN_SIGNING_KEY / CHITTYCONNECT_API_KEY noted as migration aliases. Update Security Best Practices + Deployment Checklist to match. - Replace "Differences from chittyauth" (which contradicted the prod topology) with Implementation Notes covering D1-as-primary, KV-as-cache, fail-closed signing (#9), hash-lookup validate path (SECURITY.md #3), and schema.sql as source of truth. No code or wrangler.toml changes — this is the docs-only resolution of the standalone-vs-prod drift flagged in 7c91f46. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
Your plan currently allows 1 review/hour. Refill in 39 minutes and 39 seconds. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more review capacity refills, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c6bbb28d32
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - `auth_events` - Audit trail (issuance, validation, revocation) | ||
| - `token_stats` - Per-token usage counters | ||
| - `service_health` - Health snapshots | ||
| - `registrations` - Public-registration intake |
There was a problem hiding this comment.
registrations from schema.sql table list
This line states that registrations is part of schema.sql, but in this repo it is created in schema-update.sql (not the base schema). Following this guidance when bootstrapping a fresh D1 database with only schema.sql will leave the registrations table missing and can break /v1/register flows at runtime, so the doc should either point to schema-update.sql or clearly call out the migration step.
Useful? React with 👍 / 👎.
| 1. **D1 is the primary store**; Neon is only reachable via the OAuth facade when `CHITTYAUTH_PROVIDER=neon`. | ||
| 2. **KV is hot-path cache** for token validation (30s TTL) and revocation checks — never the source of truth. | ||
| 3. **Canonical secrets** (`CHITTYAUTH_ISSUED_*`) are authoritative; legacy `TOKEN_SIGNING_KEY` / `CHITTYCONNECT_API_KEY` remain as migration aliases only. | ||
| 4. **Signing-key fallback fails closed** in production (per #9). Dev still tolerates the dev fallback. |
There was a problem hiding this comment.
This now says development still has a hardcoded signing-key fallback, but TokenManager throws when neither CHITTYAUTH_ISSUED_MINT_API_KEY nor TOKEN_SIGNING_KEY is set (no fallback path remains). Keeping this statement will send operators to debug the wrong failure mode when local/dev startup fails due to missing secrets.
Useful? React with 👍 / 👎.
| 2. **KV is hot-path cache** for token validation (30s TTL) and revocation checks — never the source of truth. | ||
| 3. **Canonical secrets** (`CHITTYAUTH_ISSUED_*`) are authoritative; legacy `TOKEN_SIGNING_KEY` / `CHITTYCONNECT_API_KEY` remain as migration aliases only. | ||
| 4. **Signing-key fallback fails closed** in production (per #9). Dev still tolerates the dev fallback. | ||
| 5. **Token validation is hash-lookup, not signature-verify** today — see SECURITY.md Known Limitation #3. |
There was a problem hiding this comment.
This statement says validation is hash-lookup only, but validate() now performs verifySignature(...) for non-legacy tokens before accepting them. Documenting the old behavior is a security-maintenance risk because reviewers may treat signature checks as absent and make incorrect threat-model or incident-response decisions.
Useful? React with 👍 / 👎.
1 participant
Summary
7c91f46:CLAUDE.mdclaimed chittyauth-app was a standalone, ChittyOS-isolated, any-custom-domain service, butwrangler.tomldeploysname="chittyauth"toauth.chitty.ccon the ChittyCorp account withchittytracktail-consumer and a Neon OAuth facade. Per maintainer decision, this app is the production owner ofauth.chitty.cc— so the docs are wrong, not the wrangler config.api_tokens/users/audit_logs/oauth_clients) with the realschema.sqltables.localvsneon).CHITTYAUTH_ISSUED_*names; legacy names retained only as migration aliases.schema.sqlas source of truth.No code or wrangler.toml changes.
Test plan
CLAUDE.mdend-to-end againstwrangler.toml,schema.sql,src/auth-provider.js, andsrc/token-manager.js— every concrete claim should match.🤖 Generated with Claude Code