release(v4.8.1): SHADE_DISABLE_RATE_LIMIT env var for single-tenant deploys
Plumbing fix only — both createPrekeyRoutes and createInboxRoutes already accepted disableRateLimit; standalone.ts just didn't read the env. Now SHADE_DISABLE_RATE_LIMIT=1 turns off IP rate-limits on every prekey + inbox route, with a WARN log on startup so operators see it. Single-tenant deployments only — multi-tenant relays must leave it unset. Documented in docs/DEPLOYMENT.md. Reported by Prism: ~6 pair attempts/hour from a single dev IP + the sidecar's register call tripped the 5/hour REGISTER_LIMIT every dev iteration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
44
CHANGELOG.md
44
CHANGELOG.md
@@ -5,6 +5,50 @@ All notable changes to Shade are documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [4.8.1] — 2026-05-08 — `SHADE_DISABLE_RATE_LIMIT` env var for single-tenant deploys
|
||||
|
||||
The standalone server's `routes.ts` and `inbox-server`'s
|
||||
`createInboxRoutes` already accepted a `disableRateLimit?: boolean`
|
||||
option, but the standalone entry just didn't read it from environment.
|
||||
Self-hosted single-tenant deploys (Prism's relay is a typical case —
|
||||
only Prism PC clients + their paired browsers) tripped the
|
||||
`REGISTER_LIMIT` (5/hour per IP) every dev iteration: ~6 pair attempts
|
||||
in an hour from the same IP plus the sidecar's register call killed
|
||||
the dev loop until the bucket refilled (~1 token per 12 minutes).
|
||||
|
||||
Reported by Prism. Two-line plumbing fix: `standalone.ts` now reads
|
||||
`SHADE_DISABLE_RATE_LIMIT=1` and forwards `disableRateLimit` to both
|
||||
`createPrekeyRoutes` and `createInboxRoutes`.
|
||||
|
||||
### Added
|
||||
|
||||
#### `@shade/server`
|
||||
- `SHADE_DISABLE_RATE_LIMIT=1` env var disables IP rate-limits on every
|
||||
prekey + inbox route in `standalone.ts`. Logged as a `WARN` on startup
|
||||
(`SHADE_DISABLE_RATE_LIMIT=1 — IP rate limits OFF on prekey + inbox
|
||||
routes`) so operators see it in stderr/log aggregation.
|
||||
- **Single-tenant deployments only** — multi-tenant relays must leave
|
||||
this unset. The rate-limit defends multi-tenant relays against abuse;
|
||||
flipping it off is appropriate for self-hosted single-team setups
|
||||
where every caller is a known client. Documented in
|
||||
[`docs/DEPLOYMENT.md`](./docs/DEPLOYMENT.md) under "Environment variable
|
||||
reference".
|
||||
|
||||
### Tests
|
||||
- `packages/shade-server/tests/rate-limit.test.ts` — the existing
|
||||
"register endpoint rate-limits per IP" test verifies the default-on
|
||||
path; a new sister test exercises
|
||||
`createPrekeyServer({ disableRateLimit: true })` and confirms 12
|
||||
consecutive register calls from the same IP all return 200 (no 429).
|
||||
The env-var → option conversion in `standalone.ts` is a one-liner
|
||||
verified by inspection.
|
||||
|
||||
### Migration
|
||||
|
||||
None. Default is unchanged (rate limits stay ON). Self-hosted
|
||||
single-tenant operators add `SHADE_DISABLE_RATE_LIMIT=1` to their
|
||||
deployment env to flip it off.
|
||||
|
||||
## [4.8.0] — 2026-05-08 — Sender-fingerprint attribution + `Inbox.start()` race fix
|
||||
|
||||
Two unblocking changes for first-contact flows. First, the relay now
|
||||
|
||||
Reference in New Issue
Block a user