padreug

padreug opened issue aiolabs/nsecbunkerd#37

2026-06-21 10:35:20 +00:00

SigningLog retention/prune reaper (unbounded growth from #28 usage caps)

padreug pushed to dev at aiolabs/nsecbunkerd

2026-06-21 10:34:24 +00:00

281ca1c39f Merge pull request 'feat(acl): per-rule windowed usage caps enforced live at sign time (#28)' (#34) from issue-28-usage-caps into dev

c76bbf2791 test(acl)(#28): integration cases for windowed + stacked usage caps

6929f42115 feat(acl)(#28): per-rule windowed usage caps enforced live at sign time

Compare 3 commits »

padreug deleted branch issue-28-usage-caps from aiolabs/nsecbunkerd

2026-06-21 10:34:24 +00:00

padreug merged pull request aiolabs/nsecbunkerd#34

2026-06-21 10:34:23 +00:00

feat(acl): per-rule windowed usage caps enforced live at sign time (#28)

padreug closed issue aiolabs/nsecbunkerd#28

2026-06-21 10:34:23 +00:00

Enforce PolicyRule.maxUsageCount live at sign time (needs a durable signing log)

padreug created pull request aiolabs/spirekeeper#29

2026-06-21 10:32:32 +00:00

feat(pairing,ui): optional machine_npub + bunker_relay override + fee decimal-input UX

padreug pushed to feat/optional-machine-npub-pairing-ux at aiolabs/spirekeeper

2026-06-21 10:31:59 +00:00

73bd274979 feat(pairing,ui): optional machine_npub + bunker_relay override + fee decimal-input UX

padreug pushed to issue-28-usage-caps at aiolabs/nsecbunkerd

2026-06-21 10:31:56 +00:00

c76bbf2791 test(acl)(#28): integration cases for windowed + stacked usage caps

6929f42115 feat(acl)(#28): per-rule windowed usage caps enforced live at sign time

0b9ffe8ca6 test(acl)(#29): DB-backed integration tests for checkIfPubkeyAllowed

14e20d50d4 docs: add migration & DB-maintenance runbook (never full-wipe nsecbunker.db)

Compare 4 commits »

padreug pushed to feat/optional-machine-npub-pairing-ux at aiolabs/spirekeeper

2026-06-21 10:29:55 +00:00

padreug created branch feat/optional-machine-npub-pairing-ux in aiolabs/spirekeeper

2026-06-21 10:29:54 +00:00

padreug opened issue aiolabs/nsecbunkerd#36

2026-06-21 09:56:00 +00:00

ACL: an expired/exhausted bound token should hard-reject (false), not fall through to prompt-admin (undefined) — clients time out instead of re-pairing

padreug opened issue aiolabs/nsecbunkerd#35

2026-06-20 19:52:43 +00:00

SigningLog retention/pruning — the usage-cap log grows unbounded

padreug created pull request aiolabs/nsecbunkerd#34

2026-06-20 19:52:20 +00:00

feat(acl): per-rule windowed usage caps enforced live at sign time (#28)

padreug pushed to issue-28-usage-caps at aiolabs/nsecbunkerd

2026-06-20 19:51:20 +00:00

59295318f8 test(acl)(#28): integration cases for windowed + stacked usage caps

f332559b59 feat(acl)(#28): per-rule windowed usage caps enforced live at sign time

bbcc9cd998 test(acl)(#29): DB-backed integration tests for checkIfPubkeyAllowed

Compare 3 commits »

padreug created branch issue-28-usage-caps in aiolabs/nsecbunkerd

2026-06-20 19:51:19 +00:00

padreug commented on issue aiolabs/nsecbunkerd#31

2026-06-20 18:50:52 +00:00

Remove the redundant, always-failing npm run prisma:migrate step in start.js

⚠️ Caveat before anyone implements this as a straight removal: start.js's migrate step is load-bearing on docker, only dead on nix.

padreug commented on pull request aiolabs/nsecbunkerd#33

2026-06-20 18:50:43 +00:00

test(acl): DB-backed integration tests for checkIfPubkeyAllowed (#29)

Correction to the "Notes" section above: the devShell-pending-#30 caveat is wrong — I'd misdiagnosed #30 (now closed as invalid).

padreug created branch docs-migration-runbook in aiolabs/nsecbunkerd

2026-06-20 18:50:25 +00:00

padreug pushed to docs-migration-runbook at aiolabs/nsecbunkerd

2026-06-20 18:50:25 +00:00

87e99e487e docs: correct prisma-engines + migrate-on-boot accuracy in runbook

padreug commented on issue aiolabs/nsecbunkerd#30

2026-06-20 18:47:25 +00:00

flake devShell exports prisma-engines 7.x — breaks prisma migrate/validate in the dev shell

Closing as invalid — my misdiagnosis. Verified against the flake's actual pinned nixpkgs, not the system channel.