Skip to content

P0: Add security & deployment hardening guide (#168)#186

Open
dkijania wants to merge 1 commit into
mainfrom
docs/security-deployment
Open

P0: Add security & deployment hardening guide (#168)#186
dkijania wants to merge 1 commit into
mainfrom
docs/security-deployment

Conversation

@dkijania

Copy link
Copy Markdown
Contributor

What & why

Part of the production-readiness epic (#163). Closes #168.

The repo had no single place describing how to expose the API safely. This adds docs/security.md documenting the intended posture, chosen for this service: a public, read-only GraphQL API meant to run behind a TLS-terminating gateway against a read-only Postgres role, with no application-level auth (per-caller gating, if needed, is an operator concern at the gateway — the app stays simple).

Contents

  • Security model — public read-only; data isn't secret, availability is the asset to protect.
  • Network architecture — TLS at the gateway, X-Forwarded-For for per-client rate limiting, Postgres kept private (with a diagram).
  • Built-in protections — summary table of rate limiting, query-cost limits, statement timeout/pool limits, CORS, introspection-off, field-suggestion blocking.
  • Least-privilege DB access — a ready-to-run archive_api_ro read-only role (SQL included).
  • Operational practices + a deployment checklist.

Linked from the README (new "Security & production deployment" section) and the setup guide's "Where to go next".

Note on sequencing

The "Built-in protections" table describes controls delivered by the sibling P0 PRs (#164 query-cost, #165 PG timeouts, #166 rate limiting, #167 CORS). This doc is best merged after / alongside those so every protection it references is present on main. Cross-doc links only target getting-started.md#configuration, which already exists on main, so the doc has no hard dependency on merge order.

Testing

Docs-only. npx prettier --debug-check . exits 0; npm run lint clean. Internal links verified against existing anchors.

🤖 Generated with Claude Code

The repo had no single place describing how to expose the API safely. Document
the intended posture: a public, read-only GraphQL service meant to run behind a
TLS-terminating gateway against a read-only Postgres role, with no
application-level auth (gating, if needed, is an operator concern at the
gateway).

Adds docs/security.md covering the security model, network architecture
(TLS gateway, X-Forwarded-For, private Postgres), the built-in abuse
protections, a least-privilege read-only DB role (with SQL), operational
practices, and a deployment checklist. Linked from the README and the setup
guide.

Closes #168.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01QSuak9smCHbp4N17xjjLF6
@dkijania dkijania added documentation Improvements or additions to documentation production-readiness Work toward making the API production-ready / publicly available P0 Blocker for public availability labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation P0 Blocker for public availability production-readiness Work toward making the API production-ready / publicly available

Projects

None yet

Development

Successfully merging this pull request may close these issues.

P0: Decide & document auth / TLS story

1 participant