From 92e355e63b4aee34f5becf1326e44c742f01303e Mon Sep 17 00:00:00 2001 From: Till Wegmueller Date: Fri, 3 Apr 2026 18:20:44 +0200 Subject: [PATCH] Address minor spec review suggestions - Document orphaned resource cleanup by reaper - Acknowledge intentional domain_id denormalization on links - Enable SQLite WAL mode by default for concurrent reads - Fix session_secret config to be commented-out placeholder --- .../superpowers/specs/2026-04-03-webfingerd-design.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/superpowers/specs/2026-04-03-webfingerd-design.md b/docs/superpowers/specs/2026-04-03-webfingerd-design.md index 5a6b713..41e4637 100644 --- a/docs/superpowers/specs/2026-04-03-webfingerd-design.md +++ b/docs/superpowers/specs/2026-04-03-webfingerd-design.md @@ -122,6 +122,11 @@ with a matching tuple perform an upsert (update existing link). entries for all affected resource URIs are evicted. - **Revoking a service token** deletes all links associated with that token from both SQLite and the cache. +- **Orphaned resources** (resources with zero links remaining after deletion/expiry) + are cleaned up by the TTL reaper and evicted from the cache. +- The `domain_id` FK on `links` is intentional denormalization for query performance + (avoids joins on domain-scoped operations). Writes must enforce consistency with + the resource's `domain_id`. ### Key Decisions @@ -371,6 +376,8 @@ base_url = "https://webfinger.example.com" [database] path = "/var/lib/webfingerd/webfingerd.db" +# WAL mode is enabled by default for concurrent read performance +wal_mode = true [cache] reaper_interval_secs = 30 @@ -388,9 +395,9 @@ challenge_ttl_secs = 3600 [ui] enabled = true -# session_secret is REQUIRED. No default. Server refuses to start without it. +# session_secret is REQUIRED with no default. Server refuses to start without it. # Set via env: WEBFINGERD_UI__SESSION_SECRET -session_secret = "" +# session_secret = "your-secret-here" ``` ## Deployment