refactor(server): QuotaSlot brand + shared CompleteAuthRoute factory#66
Merged
Conversation
Promote two repeated conventions into function-signature obligations, matching the existing ProofOfSession/TxDb pattern: - QuotaSlot brand: reserveItemQuota mints a slot carrying vaultId; items.createWithVersion / batchCreateWithVersion require one. Item inserts can no longer skip the lock-count-limit assertion. - registerCompleteAuthRoute: factor the asTx → service → sendAuthFailure → session.attachCookie → 200 reply seam shared by completeLogin, completeRegistration, completeRecovery into one helper. Also adds ADR 0009 documenting why uniformly-shaped thin vault-resource services (e.g. FoldersService) are kept rather than dissolved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
reserveItemQuota(tx, vaultId, adding)mints an opaqueQuotaSlotcarryingvaultId;items.createWithVersionanditems.batchCreateWithVersionnow require one. Same brand-as-obligation pattern asProofOfSession/TxDb— item inserts can no longer skip the lock + count + limit assertion at the type level. Vault-count enforcement (assertVaultQuota) stays a throw-or-pass primitive since it has a single caller.registerCompleteAuthRoutefactory: the three auth ceremonies that end in aSessionIssuance(completeLogin,completeRegistration,completeRecovery) shared the sameasTx → service → sendAuthFailure → session.attachCookie → 200 replyshape. Hoist that intoroutes/auth/complete-route.ts; each route file shrinks to its variance (path, schema, rate limit, service-call shape).FoldersServiceetc.) are kept rather than dissolved into routes — the seam holds the access-check-inside-tx ceremony, and the uniformity is the AI-navigability payoff. Closes the recurring "why is this one so thin?" review thread.QuotaSlot,CompleteAuthRoute, andEncryptedVaultItemMapper.Test plan
make cigreen (lint + tsc + format + tests)make test:server:unit— quota and auth-route unit tests passmake test:server:integration— end-to-end login / register / recovery still issue session cookies; item create + batchCreate still enforce quota under concurrent writes🤖 Generated with Claude Code