P0: Add security & deployment hardening guide (#168)#186
Open
dkijania wants to merge 1 commit into
Open
Conversation
The repo had no single place describing how to expose the API safely. Document the intended posture: a public, read-only GraphQL service meant to run behind a TLS-terminating gateway against a read-only Postgres role, with no application-level auth (gating, if needed, is an operator concern at the gateway). Adds docs/security.md covering the security model, network architecture (TLS gateway, X-Forwarded-For, private Postgres), the built-in abuse protections, a least-privilege read-only DB role (with SQL), operational practices, and a deployment checklist. Linked from the README and the setup guide. Closes #168. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QSuak9smCHbp4N17xjjLF6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Part of the production-readiness epic (#163). Closes #168.
The repo had no single place describing how to expose the API safely. This adds
docs/security.mddocumenting the intended posture, chosen for this service: a public, read-only GraphQL API meant to run behind a TLS-terminating gateway against a read-only Postgres role, with no application-level auth (per-caller gating, if needed, is an operator concern at the gateway — the app stays simple).Contents
X-Forwarded-Forfor per-client rate limiting, Postgres kept private (with a diagram).archive_api_roread-only role (SQL included).Linked from the README (new "Security & production deployment" section) and the setup guide's "Where to go next".
Note on sequencing
The "Built-in protections" table describes controls delivered by the sibling P0 PRs (#164 query-cost, #165 PG timeouts, #166 rate limiting, #167 CORS). This doc is best merged after / alongside those so every protection it references is present on
main. Cross-doc links only targetgetting-started.md#configuration, which already exists onmain, so the doc has no hard dependency on merge order.Testing
Docs-only.
npx prettier --debug-check .exits 0;npm run lintclean. Internal links verified against existing anchors.🤖 Generated with Claude Code