NOISSUE - Production harden Atom runtime, keys, health, and operations UI

[arvindh123]

Summary

• Production-hardens Atom runtime configuration with DB pool controls, health/readiness endpoints, gRPC health, request body limits, login throttling, and HTTP rate limiting.
• Adds signing-key private key protection using AES-256-GCM envelope encryption, plaintext legacy migration support, and production guardrails for plaintext fallback.
• Adds audit retention cleanup with batch deletion, retention indexes, and cleanup status visibility.
• Adds Atom UI Operations pages for system health and signing-key metadata/rotation, plus dashboard and audit production posture indicators.
• Hardens Docker/Compose with non-root runtime, explicit HTTP/gRPC ports, readiness healthcheck, and documented production env vars.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	atom-docs	5f0a7af	Commit Preview URL Branch Preview URL	Jun 15 2026, 04:17 PM

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0d90cc366a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use trusted client addresses for rate limits

When Atom is reachable directly (for example, the provided compose profile exposes port 8080) or a proxy does not overwrite forwarded headers, a caller can send a different X-Forwarded-For value on every login or GraphQL request. Because this header is used before the Authorization/anonymous fallback, each spoofed value gets a fresh bucket and ATOM_RATE_LIMIT_ENABLED no longer throttles abusive traffic; use the socket peer address or only honor forwarded headers from configured trusted proxies.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Honor raised custom endpoint body limits

When ATOM_CUSTOM_ENDPOINT_BODY_LIMIT_BYTES is set above 1 MiB, this route layer allows the larger request to reach custom_endpoint, but execute_endpoint still rejects anything over the old MAX_CUSTOM_ENDPOINT_BODY_BYTES constant. Operators therefore cannot actually raise the advertised limit for custom endpoints; pass the configured limit into the handler or replace the hard-coded check.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Base gRPC readiness on the server task

If the gRPC listener fails to bind or exits after startup, main only logs the spawned grpc::serve error and leaves HTTP running, but readiness always reports grpc_ready as OK and the aggregate readiness calculation does not include it. In that failure mode /health/ready returns 200 while the gRPC API is down, so orchestration will not restart or drain the instance.

Useful? React with 👍 / 👎.