initial commit

2026-03-11 16:06:00 +01:00
parent b3c69053f6
commit 5fd80e6dd6
127 changed files with 39684 additions and 0 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -0,0 +1,22 @@
+# TODO
+
+## Distributed global cap for phantom users (multi-process safe)
+
+1. Add DB-backed quota as source of truth (`system_quotas` table, row `phantom_users` with `used` and `limit`).
+2. Move cap enforcement into one DB transaction:
+   - lock quota row with `SELECT ... FOR UPDATE`
+   - check `used < limit`
+   - create phantom user
+   - increment `used`
+   - commit (or rollback on failure).
+3. Handle same-email races using `UNIQUE(email)`:
+   - on duplicate key, do not increment quota
+   - return existing user (or unified error response).
+4. Add periodic reconciliation job:
+   - recalculate phantom count from `users`
+   - repair `system_quotas.used` if drift is detected.
+5. Move phantom creation rate-limits to shared backend (Redis or DB atomic counters), so all server processes enforce the same limits.
+6. Add concurrency tests:
+   - multi-process create storm near cap boundary (499/500)
+   - duplicate-email storm
+   - assert `used <= limit` always holds.