Skip to content

keep-nip46: GC expired timed grants on the request path#829

Merged
kwsantiago merged 2 commits into
mainfrom
fix/nip46-gc-expired-timed-grants
Jul 16, 2026
Merged

keep-nip46: GC expired timed grants on the request path#829
kwsantiago merged 2 commits into
mainfrom
fix/nip46-gc-expired-timed-grants

Conversation

@kwsantiago

Copy link
Copy Markdown
Contributor

has_unexpired_timed_grant / needs_approval skip expired per-kind timed grants but never remove them, and prune_expired_kind_grants previously ran only inside grant_kind_for. Stale (kind, expiry) entries therefore lingered on an app until its next timed grant. Low severity (bounded by the small set of distinct kinds), but unbounded in time.

Change

  • Prune the app's expired timed grants in record_usage, which runs on every request for that app (handler.rs:643). Removing an already-expired entry never changes an authorization decision (needs_approval already treats it as expired), so this is pure memory hygiene on the read path.

Verification

  • New test record_usage_gcs_expired_timed_grants: an injected expired grant is still treated as expired by needs_approval, then garbage-collected on the next record_usage.
  • cargo test -p keep-nip46: 168 passed. cargo clippy -p keep-nip46 --all-targets: clean.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@kwsantiago, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 50 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ed75a5c2-da9b-490a-b83c-52848665902f

📥 Commits

Reviewing files that changed from the base of the PR and between 89ee825 and 6d2dbfb.

📒 Files selected for processing (1)
  • keep-nip46/src/permissions.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/nip46-gc-expired-timed-grants

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@kwsantiago kwsantiago merged commit 3075d3b into main Jul 16, 2026
9 checks passed
@kwsantiago kwsantiago deleted the fix/nip46-gc-expired-timed-grants branch July 16, 2026 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant