gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 18:21:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(features): document CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL (G-3 fix)

Browse Source 
CI on the S-2 merge (d93ed56) failed at the G-3 env-var-docs-drift
guardrail step:

  G-3 regression: env var(s) defined in Go source but never documented:
    CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL

The C-1 master commit (b565700) added the env var to
internal/config/config.go::SchedulerConfig + the Load() reader, and
wired the previously-dead Scheduler setter from cmd/server/main.go,
but I missed adding the env var to the canonical scheduler-loops
table at docs/features.md:1124.

Fix: the "Short-lived expiry check" row in the scheduler-loops table
now names CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL with the C-1
backstory ("pre-C-1 the setter was unwired and this env var had no
effect; post-C-1 it's read by cmd/server/main.go::sched.SetShortLived
ExpiryCheckInterval").

The G-3 guardrail is doing exactly what it was designed to do:
catching env-var docs drift the moment it appears. Working as
intended; this fix closes the gap the guardrail flagged.

Verification:
- comm -23 docs vs defined → empty post-fix (allowlist applied)
- comm -23 defined vs docs → empty post-fix
- The fix is doc-only; no Go / TS / config changes.

This is a follow-up to the C-1 + F-1 + P-1 + S-2 mega-prompt closure;
push together to unblock CI.
This commit is contained in:
certctl-bot
2026-04-25 18:01:24 +00:00
parent d93ed562a2
commit 7dd68ca409
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/features.md
+1 -1
View File
@@ -1121,7 +1121,7 @@ Single SQL `UNION` query replaces the previous "fetch all, filter in Go" approac
| Agent health check | 2 minutes | Yes | `CERTCTL_SCHEDULER_AGENT_HEALTH_CHECK_INTERVAL` | Check agent heartbeat staleness |
| Notification processor | 1 minute | Yes | `CERTCTL_SCHEDULER_NOTIFICATION_PROCESS_INTERVAL` | Send queued notifications |
| Notification retry | 2 minutes | Yes | `CERTCTL_NOTIFICATION_RETRY_INTERVAL` | Exponential backoff retry for failed notifications; promote to dead-letter after 5 attempts (I-005) |
| Short-lived expiry check | 30 seconds | Yes | — | Mark short-lived certs expired |
| Short-lived expiry check | 30 seconds | Yes | `CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL` | Mark short-lived certs expired (C-1: pre-C-1 the setter was unwired and this env var had no effect; post-C-1 it's read by `cmd/server/main.go::sched.SetShortLivedExpiryCheckInterval`) |
| Network scan | 6 hours | Opt-in | `CERTCTL_NETWORK_SCAN_ENABLED` | Run network discovery scans |
| Digest | 24 hours | Opt-in | `CERTCTL_DIGEST_INTERVAL` | Send certificate digest email (does not run on startup) |
| Endpoint health | 60 seconds | Opt-in | `CERTCTL_HEALTH_CHECK_INTERVAL` | Continuous TLS health probes (M48) |