Skip to content

feat(rpc): key Tooling Access JWT cache by account (DX-6130)#54

Merged
johnpmitsch merged 1 commit into
mainfrom
dx-6130-qn-rpc-key-the-tooling-access-jwt-cache-by-account-not-api
Jul 10, 2026
Merged

feat(rpc): key Tooling Access JWT cache by account (DX-6130)#54
johnpmitsch merged 1 commit into
mainfrom
dx-6130-qn-rpc-key-the-tooling-access-jwt-cache-by-account-not-api

Conversation

@johnpmitsch

Copy link
Copy Markdown
Collaborator

Summary

  • Keys the qn rpc Tooling Access token cache by account id instead of by API-key hash. Tooling Access endpoints are per-account, so all API keys for one account now share a single cached JWT rather than re-minting per key.
  • Two-level offline lookup in tokens.toml: sha256(api_key) -> account_id -> token. A cache hit resolves the account offline (no control-plane call); a miss learns the account id from account_info once, alongside the mint that already happens.
  • Per-account entries with read-modify-write save/delete, so one account's stale token never disturbs another's. An older on-disk schema is treated as a cache miss and rewritten in place. The custom-endpoint lane is unchanged.

Closes DX-6130

Test plan

  • Two API keys for one account share a cached JWT (no second mint)
  • Cache hit performs zero account_info and zero mint calls
  • Cache miss on a new key calls account_info exactly once, then caches the mapping
  • Per-account stale-token clear leaves other accounts' tokens and key mappings intact
  • Old-schema tokens.toml is a miss, not an error, and is rewritten
  • Custom-endpoint calls never touch the cache
  • tokens.toml is 0600 and never contains the API key
  • cargo test, cargo clippy --all-targets -- -D warnings, cargo fmt --check, cargo build --release all pass

Tooling Access endpoints are provisioned per account, not per API key, so
the token cache now keys by account id via a two-level offline lookup:
sha256(api_key) -> account_id -> { endpoint_url, token, exp_unix }.

All API keys for one account share a single cached JWT. A cache hit
resolves the account offline (no control-plane call); a miss learns the
account id from account_info once, alongside the mint already occurring.

tokens.toml gains a [keys] table (fingerprint -> account id) and per-account
[tokens.<id>] entries. save/delete are read-modify-write so one account's
token going stale never disturbs another's. An older on-disk schema is a
cache miss and is rewritten in place. The custom-endpoint lane is unchanged.

Adds config unit tests and updates the rpc integration tests: 137 lib tests
plus the rpc suite cover shared-token reuse, zero calls on hit, one
account_info on miss, per-account stale-token clear, old-schema miss, and
0600 with no key on disk.
@johnpmitsch johnpmitsch merged commit 0dc0356 into main Jul 10, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants