Skip to content

Per-tenant resource governance on the authenticator role (ADR 0007 Phase 0)#13

Merged
valvesss merged 1 commit into
mainfrom
feat/tenant-resource-governance
Jul 2, 2026
Merged

Per-tenant resource governance on the authenticator role (ADR 0007 Phase 0)#13
valvesss merged 1 commit into
mainfrom
feat/tenant-resource-governance

Conversation

@valvesss

@valvesss valvesss commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What

Every provisioned *_authenticator role now gets, idempotently, on each provision:

  • connection limit 20 — peak real usage is ~7, well under max_connections 100
  • statement_timeout 60s
  • idle_in_transaction_session_timeout 60s

Why

ADR 0007 (Phase 0) — bound one tenant's blast radius on the shared cluster so a single tenant leaking connections or running a runaway/idle-in-transaction query can't lock out the whole fleet.

Safety

  • GoTrue connects as postgres (not the authenticator) → auth untouched.
  • Migrations run as superuser → statement_timeout never blocks a schema apply.
  • The existing 27 tenant roles were already backfilled out of band with these exact settings; this PR makes new projects born-governed.

🤖 Generated with Claude Code

…tor role

ADR 0007 (Phase 0) — bound one tenant's blast radius on the shared cluster.
Every provisioned authenticator role now gets, idempotently:
  - connection limit 20 (peak real usage ~7, well under max_connections 100)
  - statement_timeout 60s
  - idle_in_transaction_session_timeout 60s

GoTrue connects as `postgres` (not the authenticator) and migrations run as
superuser, so this bounds the data plane without touching auth or schema apply.
Existing 27 tenant roles were backfilled out of band; this makes new projects
born-governed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@valvesss valvesss merged commit ddb9b1c into main Jul 2, 2026
3 checks passed
@valvesss valvesss deleted the feat/tenant-resource-governance branch July 2, 2026 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant