glm-5.1
2b63cda1c7
Copy architecture docs, ADRs, storage domain specs, research, reviews, and 56 storage architecture tasks from the alkhub_ts monorepo. Adapt for standalone @alkdev/hub repo structure (src/ not packages/hub/). Sanitize all sensitive information: - Replace private IPs (10.0.0.1) with localhost defaults - Remove internal server hostnames (dev1, ns528096) - Replace /workspace/ private paths with npm package references - Remove hardcoded credentials from examples - Rewrite infrastructure.md without private network details Add Deno project scaffolding: deno.json (pinned deps), .gitignore, AGENTS.md, entry point. Migrate existing code stubs (crypto, config types, logger) with updated import paths.
34 lines
1.0 KiB
Markdown
34 lines
1.0 KiB
Markdown
---
|
|
id: document-api-key-expiration-behavior
|
|
name: Document API Key Expiration Behavior
|
|
status: completed
|
|
depends_on: []
|
|
scope: single
|
|
risk: trivial
|
|
impact: isolated
|
|
level: implementation
|
|
---
|
|
|
|
## Description
|
|
|
|
**S05**: Does an expired API key return "key expired" or a generic "authentication failed"? Without documentation, implementers may leak key state to attackers by returning specific error messages. Recommend documenting that expired keys return a generic authentication failure to avoid information disclosure.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] `identity.md` or `services.md` documents API key expiration error behavior
|
|
- [ ] Recommendation stated: expired keys return generic auth failure, not "key expired"
|
|
- [ ] Consistent with ADR-008 (key rotation) and keypal integration notes
|
|
|
|
## References
|
|
|
|
- docs/reviews/storage-architecture-review-2026-04-21.md#S05
|
|
- docs/architecture/storage/identity.md (api_keys table)
|
|
- docs/decisions/ADR-008
|
|
|
|
## Notes
|
|
|
|
> To be filled by implementation agent
|
|
|
|
## Summary
|
|
|
|
> To be filled on completion |