Skip to content

feat: add idempotency key support#236

Open
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-34-idempotency-keys
Open

feat: add idempotency key support#236
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-34-idempotency-keys

Conversation

@pq198363-ops

Copy link
Copy Markdown

Closes #34.

Summary

  • add reusable Idempotency-Key middleware for POST /api/v1/usage, POST /api/v1/usage/bulk, and POST /api/v1/settle
  • replay the first status/body for matching caller, key, route, and request body with Idempotency-Replayed: true
  • return 409 idempotency_conflict with requestId when a caller reuses a key with a different body or route
  • namespace cache entries by recognized API key when present, otherwise by client IP
  • hash API keys and idempotency keys before using them in cache keys
  • add TTL and max-entry eviction controls plus docs in docs/idempotency.md

RED evidence

Before implementation, npm run build; $env:NODE_ENV='test'; node --test dist/middleware/idempotency.test.js failed 7 focused tests because repeated keyed requests executed again:

  • usage retries incremented totals again instead of replaying
  • same key with a different body returned 201 instead of 409
  • bulk usage retries applied the batch again
  • settle retries drained a second time and returned zeroed values
  • recognized API-key namespacing, TTL, and cap behavior were absent

Verification

  • npx prettier --check README.md docs/idempotency.md src/middleware/idempotency.ts src/middleware/idempotency.test.ts src/routes/usage.ts
  • npm run lint
  • npm run build
  • $env:NODE_ENV='test'; node --test dist/middleware/idempotency.test.js
  • clean dist/, then npm run build
  • $env:NODE_ENV='test'; node --test dist/*.test.js dist/**/*.test.js
  • git diff --check

Full clean test result: 96 tests, 11 suites, all passed.

Note: the package npm test script uses POSIX-style NODE_ENV=test; on Windows PowerShell I used the equivalent build plus node --test command above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add idempotency keys to POST /usage and POST /settle to prevent double billing

1 participant