Skip to content

v0.3: Operational polish — rotation semantics, getConfig, injectable logger, expired key sweep #35

Open
Open
v0.3: Operational polish — rotation semantics, getConfig, injectable logger, expired key sweep#35
Assignees
bntvllnt
Labels
enhancementNew feature or requestv0.3Deferred to v0.3.0
@bntvllnt

Description

@bntvllnt
bntvllnt
opened on Mar 25, 2026

Context

Deferred from v0.2.0 Production Hardening spec. These items improve operational quality but are not blocking for production use.

Source: docs/ROADMAP.md Phase 3 + docs/DEEP-ANALYSIS.md findings H6, H7.

Scope

  • Finite-use rotation semantics (H7, 3.5) — HIGH severity. rotate() copies remaining to new key while old key still validates during grace period, duplicating quota. Design decision needed: share quota across rotated keys OR block rotation for finite-use keys.
  • getConfig() query (3.8) — MEDIUM, trivial effort. Config is currently write-only. Add a query that returns current config values.
  • Injectable logger (3.7) — MEDIUM. Make logger injectable via ApiKeysConfig so consumers can provide their own transport instead of console.log.
  • Expired key sweep cron (3.2) — MEDIUM. Keys currently expire lazily during validate(). A proactive cron that marks expiresAt-expired keys as expired prevents stale "active" keys from appearing in list() results.

Priority

Item Severity Effort
Finite-use rotation HIGH Medium (design decision)
getConfig() MEDIUM Trivial
Injectable logger MEDIUM Small
Expired key sweep MEDIUM Medium

Dependencies

  • Requires v0.2.0 shipped first (auth boundaries, event removal, pagination)
  • Expired key sweep may require re-adding @convex-dev/crons component

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestv0.3Deferred to v0.3.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions