Near-term wins: cache TTL config, Dependabot, AGENTS.md, AuthorizationFilter tests#321
Merged
Conversation
The WebID model cache and JWKS cache had a hardcoded 1-day expiration (the
TO-DO on the webIDmodelCache field). Read the TTL (seconds) from the
com.atomgraph.linkeddatahub.{webIDCacheExpiration,jwksCacheExpiration} system
properties, wired from WEBID_CACHE_EXPIRATION / JWKS_CACHE_EXPIRATION env vars
via CATALINA_OPTS in the entrypoint, mirroring the CLIENT_* timeout mechanism.
Default stays 86400 (1 day), so behaviour is unchanged; lowering the WebID TTL
bounds how long a revoked WebID stays authenticated.
Weekly update PRs for Maven dependencies (grouping routine minor/patch bumps), the Docker base image, and GitHub Actions. The client 4.3.0 -> 5.x drift went unnoticed for a full major version; automating this prevents a recurrence.
A machine-readable capability manifest for LLM/HTTP agents driving a running LinkedDataHub instance: the document-as-named-graph model, WebID-TLS auth, the write discipline (POST/PUT to create, PATCH with application/sparql-update to update, DELETE to remove — never the read-only SPARQL endpoint), the content and dataspace model, and the bin/ + Web-Algebra tooling. Mirrors the per-service AGENTS.md convention REST-VKG already serves.
Cover the pure decision logic that had no unit coverage: the HTTP-method to ACL access-mode contract (GET/HEAD->Read, POST->Append, PUT/DELETE/PATCH->Write), getAuthorizationByMode lookup, and createOwnerAuthorization granting the owner Read/Write/Append. No SPARQL or JAX-RS mocking needed.
# Conflicts: # CHANGELOG.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Roadmap P1 near-term wins (see
AUDIT-ROADMAP.md), each a self-contained commit. Merges currentdevelop, so it builds on the security work (#320).Changes
WEBID_CACHE_EXPIRATION/JWKS_CACHE_EXPIRATION(default86400s), wired throughCATALINA_OPTSexactly like theCLIENT_*timeouts. Resolves the hardcoded-1-dayTO-DO; lowering the WebID TTL bounds how long a revoked WebID stays cached. Behaviour unchanged at the default.POST/PUT/PATCHon document URLs vs the read-only SPARQL endpoint), content/dataspace model, andbin/+ Web-Algebra tooling.GET/HEAD→Read,POST→Append,PUT/DELETE/PATCH→Write),getAuthorizationByModelookup, and the owner Read/Write/Append grant. No SPARQL or JAX-RS mocking.Verify
mvn test— the newAuthorizationFiltertests and the cache-TTL change.http-testssuite viarun.sh.Open question
AGENTS.mdis placed at repo root (matching REST-VKG's convention). If it should instead be a served webapp resource or live underdocs/, happy to move it.🤖 Generated with Claude Code