From c6a9a761478aa99e7e49121be8d0cac744fd50cc Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Sat, 25 Apr 2026 18:01:24 +0000 Subject: [PATCH] docs(features): document CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL (G-3 fix) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI on the S-2 merge (a54805c) failed at the G-3 env-var-docs-drift guardrail step: G-3 regression: env var(s) defined in Go source but never documented: CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL The C-1 master commit (c4d231e) added the env var to internal/config/config.go::SchedulerConfig + the Load() reader, and wired the previously-dead Scheduler setter from cmd/server/main.go, but I missed adding the env var to the canonical scheduler-loops table at docs/features.md:1124. Fix: the "Short-lived expiry check" row in the scheduler-loops table now names CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL with the C-1 backstory ("pre-C-1 the setter was unwired and this env var had no effect; post-C-1 it's read by cmd/server/main.go::sched.SetShortLived ExpiryCheckInterval"). The G-3 guardrail is doing exactly what it was designed to do: catching env-var docs drift the moment it appears. Working as intended; this fix closes the gap the guardrail flagged. Verification: - comm -23 docs vs defined → empty post-fix (allowlist applied) - comm -23 defined vs docs → empty post-fix - The fix is doc-only; no Go / TS / config changes. This is a follow-up to the C-1 + F-1 + P-1 + S-2 mega-prompt closure; push together to unblock CI. --- docs/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features.md b/docs/features.md index aa09858..3e69c19 100644 --- a/docs/features.md +++ b/docs/features.md @@ -1121,7 +1121,7 @@ Single SQL `UNION` query replaces the previous "fetch all, filter in Go" approac | Agent health check | 2 minutes | Yes | `CERTCTL_SCHEDULER_AGENT_HEALTH_CHECK_INTERVAL` | Check agent heartbeat staleness | | Notification processor | 1 minute | Yes | `CERTCTL_SCHEDULER_NOTIFICATION_PROCESS_INTERVAL` | Send queued notifications | | Notification retry | 2 minutes | Yes | `CERTCTL_NOTIFICATION_RETRY_INTERVAL` | Exponential backoff retry for failed notifications; promote to dead-letter after 5 attempts (I-005) | -| Short-lived expiry check | 30 seconds | Yes | — | Mark short-lived certs expired | +| Short-lived expiry check | 30 seconds | Yes | `CERTCTL_SHORT_LIVED_EXPIRY_CHECK_INTERVAL` | Mark short-lived certs expired (C-1: pre-C-1 the setter was unwired and this env var had no effect; post-C-1 it's read by `cmd/server/main.go::sched.SetShortLivedExpiryCheckInterval`) | | Network scan | 6 hours | Opt-in | `CERTCTL_NETWORK_SCAN_ENABLED` | Run network discovery scans | | Digest | 24 hours | Opt-in | `CERTCTL_DIGEST_INTERVAL` | Send certificate digest email (does not run on startup) | | Endpoint health | 60 seconds | Opt-in | `CERTCTL_HEALTH_CHECK_INTERVAL` | Continuous TLS health probes (M48) |