Rbanh/schemeta
1
0
Fork 0
Code Issues 11 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

AAA-08: SaaS hardening for API/MCP production readiness #22

New Issue
Closed
opened 2026-02-18 21:51:18 -05:00 by Rbanh · 1 comment
Rbanh commented 2026-02-18 21:51:18 -05:00
Owner
Copy Link

Objective

Prepare Schemeta for dependable multi-user SaaS operation and AI tool integration.

Scope

  • Add robust API auth/session handling and usage controls.
  • Add rate limiting, audit logging, and structured error telemetry.
  • Define MCP-facing tool contracts and schema/versioning guarantees.
  • Add workspace persistence primitives (autosave, version history checkpoints).

Acceptance Criteria

  • API/MCP contracts are versioned and backward compatibility policy is documented.
  • Operational guardrails are in place for abusive/malformed traffic.
  • Error observability supports fast triage in production.
  • End-to-end tests cover save/load/restore and API compile/analyze flows.
## Objective Prepare Schemeta for dependable multi-user SaaS operation and AI tool integration. ## Scope - Add robust API auth/session handling and usage controls. - Add rate limiting, audit logging, and structured error telemetry. - Define MCP-facing tool contracts and schema/versioning guarantees. - Add workspace persistence primitives (autosave, version history checkpoints). ## Acceptance Criteria - API/MCP contracts are versioned and backward compatibility policy is documented. - Operational guardrails are in place for abusive/malformed traffic. - Error observability supports fast triage in production. - End-to-end tests cover save/load/restore and API compile/analyze flows.
Rbanh added this to the Phase 4 - AAA SaaS Productization and UX Polish milestone 2026-02-18 21:51:37 -05:00
Rbanh commented 2026-02-18 22:19:49 -05:00
Author
Owner
Copy Link

Completed in commit 31a4734.

Delivered:

  • Added request correlation IDs for HTTP API (x-request-id header + request_id in envelopes).
  • Added structured per-request audit telemetry (JSON logs with method/path/status/duration/client/request_id).
  • Extended error envelope support for correlation metadata.
  • Added API/MCP contract policy doc (docs/api-mcp-contracts.md) with compatibility/versioning guarantees.
  • Updated operations runbook for request correlation + audit log operations.
  • Extended API contract tests for request-id envelope behavior.

Validation:

  • node --check src/server.js
  • node --check src/mcp-server.js
  • npm test
  • npm run test:ui
Completed in commit `31a4734`. Delivered: - Added request correlation IDs for HTTP API (`x-request-id` header + `request_id` in envelopes). - Added structured per-request audit telemetry (JSON logs with method/path/status/duration/client/request_id). - Extended error envelope support for correlation metadata. - Added API/MCP contract policy doc (`docs/api-mcp-contracts.md`) with compatibility/versioning guarantees. - Updated operations runbook for request correlation + audit log operations. - Extended API contract tests for request-id envelope behavior. Validation: - `node --check src/server.js` - `node --check src/mcp-server.js` - `npm test` - `npm run test:ui`
Rbanh closed this issue 2026-02-18 22:19:51 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Phase 4 - AAA SaaS Productization and UX Polish
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Rbanh/schemeta#22
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?