keep-nip46: GC expired timed grants on the request path#829
Conversation
|
Warning Review limit reached
Next review available in: 50 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
has_unexpired_timed_grant/needs_approvalskip expired per-kind timed grants but never remove them, andprune_expired_kind_grantspreviously ran only insidegrant_kind_for. Stale(kind, expiry)entries therefore lingered on an app until its next timed grant. Low severity (bounded by the small set of distinct kinds), but unbounded in time.Change
record_usage, which runs on every request for that app (handler.rs:643). Removing an already-expired entry never changes an authorization decision (needs_approvalalready treats it as expired), so this is pure memory hygiene on the read path.Verification
record_usage_gcs_expired_timed_grants: an injected expired grant is still treated as expired byneeds_approval, then garbage-collected on the nextrecord_usage.cargo test -p keep-nip46: 168 passed.cargo clippy -p keep-nip46 --all-targets: clean.