You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Documents the v1 API status codes (200, 401, 403, 404, 500) for skill delete/undelete endpoints
Updates IP parsing documentation to reflect the security hardening change that defaults to Cloudflare-only client IP detection
The httpRateLimit.ts change improves security by defaulting to CF-only IP parsing (requiring explicit opt-in via TRUST_FORWARDED_IPS=true for other forwarded headers), preventing IP spoofing attacks. Tests were properly updated to reflect the new behavior with correct environment variable cleanup.
Confidence Score: 5/5
This PR is safe to merge with minimal risk
All changes are documentation updates and a security hardening improvement (CF-only IP default). The code change is well-tested with proper environment cleanup in tests. The documented status codes accurately match the softDeleteErrorToResponse implementation in convex/httpApiV1.ts.
Medium Risk
Changes how client IPs are derived for rate limiting; misconfiguration could cause many requests to share an unknown IP bucket or change rate-limit behavior in non-Cloudflare deployments.
Overview Hardens rate limiting IP detection by making getClientIp ignore spoofable forwarded headers unless TRUST_FORWARDED_IPS=true, updating unit tests to cover the new default behavior.
Updates docs/http-api.md to reflect the opt-in forwarded-header behavior and documents status codes for v1 skill delete/undelete endpoints; also adds changelog credit for the delete/undelete status-code fix (#35).
Written by Cursor Bugbot for commit a85faf7. This will update automatically on new commits. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Greptile Overview
Greptile Summary
This PR makes three documentation improvements:
@sergical) which fixed delete/undelete error handlingThe
httpRateLimit.tschange improves security by defaulting to CF-only IP parsing (requiring explicit opt-in viaTRUST_FORWARDED_IPS=truefor other forwarded headers), preventing IP spoofing attacks. Tests were properly updated to reflect the new behavior with correct environment variable cleanup.Confidence Score: 5/5
softDeleteErrorToResponseimplementation inconvex/httpApiV1.ts.Last reviewed commit: a85faf7