@openparachute/vault 0.4.7-rc.2 → 0.4.8-rc.10

package/src/module-config.ts

@@ -15,15 +15,27 @@
  * PUT /.parachute/config is Phase 3 — not implemented here.
  *
  * Fields currently described:
- *   - audio_retention: per-vault enum, backed by VaultConfig.audio_retention.
- *   - scribe_url:      env var SCRIBE_URL (read-only for now — there is no
- *                      yaml slot yet, so PUT won't come online until Phase 3).
- *   - scribe_token:    env var SCRIBE_TOKEN, writeOnly (never returned).
- *   - port:            GlobalConfig.port, exposed read-only so the hub can
- *                      display it without round-tripping through /health.
+ *   - audio_retention:      per-vault enum, backed by VaultConfig.audio_retention.
+ *   - port:                 GlobalConfig.port, exposed read-only.
+ *   - autoTranscribe.*:     vault↔scribe handoff (vault#353, design 2026-05-21
+ *                           Part 2). Three nested fields per design Q4:
+ *       - enabled:          boolean toggle, default false (persisted in
+ *                           GlobalConfig.auto_transcribe.enabled).
+ *       - scribeUrl:        readOnly — resolved per-process from
+ *                           `~/.parachute/services.json` via
+ *                           `scribe-discovery.ts`. Operators can't point at an
+ *                           arbitrary scribe; the discovery layer is the gate.
+ *       - scribeBearer:     writeOnly — sourced from SCRIBE_AUTH_TOKEN env var.
+ *                           Hub install generates one at first boot
+ *                           (see scribe-env.ts:ensureScribeBearer); manual
+ *                           rotation is via `parachute-vault config set`.
+ *   - scribe_url / scribe_token (deprecated): kept under their legacy names
+ *                           through one release for the hub admin SPA's prior
+ *                           render path; new code should read autoTranscribe.*.
  */
 
 import type { VaultConfig, GlobalConfig } from "./config.ts";
+import { resolveScribeUrl } from "./scribe-discovery.ts";
 
 export interface ModuleConfigSchema {
   $schema: string;
@@ -49,20 +61,54 @@ export function buildConfigSchema(): ModuleConfigSchema {
         description:
           "What to do with audio attachments after transcription. `keep` leaves the file on disk; `until_transcribed` unlinks on successful transcribe (keeps on failure for retry); `never` unlinks on any terminal state (including failure — no retries).",
       },
+      autoTranscribe: {
+        type: "object",
+        title: "Auto-transcribe voice uploads",
+        description:
+          "When enabled, audio attachments (mime-type prefix `audio/`) are automatically sent to scribe and the resulting transcript lands as a sibling `<attachment-path>.transcript.md` note. Scribe must be reachable for transcription to succeed; failures are recorded as a transcript note with `transcript_status: failed`.",
+        properties: {
+          enabled: {
+            type: "boolean",
+            default: false,
+            title: "Enable auto-transcription",
+            description:
+              "Master toggle. When false, audio uploads land normally without any scribe interaction. Global — persisted in `GlobalConfig.auto_transcribe.enabled` and applies to every vault on this server. Per-vault control is a future enhancement when multi-vault deployments need it.",
+          },
+          scribeUrl: {
+            type: "string",
+            format: "uri",
+            readOnly: true,
+            title: "Scribe URL",
+            description:
+              "URL of the scribe service. Auto-populated from `~/.parachute/services.json` at vault startup (or from the SCRIBE_URL env var when set). Read-only — operators can't point at an arbitrary scribe.",
+          },
+          scribeBearer: {
+            type: "string",
+            writeOnly: true,
+            title: "Scribe auth bearer",
+            description:
+              "Shared bearer for the vault→scribe loopback contract. Hub install generates one at first boot. Write-only — never returned by GET.",
+          },
+        },
+      },
+      // Legacy aliases kept for back-compat with callers that read the
+      // pre-vault#353 shape. New consumers should read `autoTranscribe.*`.
       scribe_url: {
         type: "string",
         format: "uri",
-        title: "Scribe URL",
+        title: "Scribe URL (deprecated alias)",
         description:
-          "URL of the Scribe service for transcription. Empty disables the background worker. Currently sourced from the SCRIBE_URL env var; a PUT slot lands in Phase 3.",
+          "Legacy alias for `autoTranscribe.scribeUrl`. Will be removed in a future release.",
         readOnly: true,
+        deprecated: true,
       },
       scribe_token: {
         type: "string",
-        title: "Scribe auth token",
+        title: "Scribe auth token (deprecated alias)",
         description:
-          "Optional bearer token for Scribe. Stored in the SCRIBE_TOKEN env var today. Write-only — never returned by GET.",
+          "Legacy alias for `autoTranscribe.scribeBearer`. Will be removed in a future release.",
         writeOnly: true,
+        deprecated: true,
       },
       port: {
         type: "integer",
@@ -77,18 +123,28 @@ export function buildConfigSchema(): ModuleConfigSchema {
 }
 
 /**
- * Effective config values, with `writeOnly` fields stripped. `scribe_token` is
- * declared `writeOnly` and is never returned here, even when SCRIBE_TOKEN is
- * set in the environment.
+ * Effective config values, with `writeOnly` fields stripped. `scribeBearer`
+ * (and its legacy alias `scribe_token`) are declared `writeOnly` and never
+ * returned, even when set in the environment.
  */
 export function buildConfigValues(
   vaultConfig: VaultConfig,
   globalConfig: GlobalConfig,
   env: { SCRIBE_URL?: string | undefined } = process.env as { SCRIBE_URL?: string },
 ): Record<string, unknown> {
+  // Resolve scribe URL through the discovery layer so the GET shape reflects
+  // what the worker will actually use (services.json > SCRIBE_URL > unset).
+  // Pass env through so the test harness's override is honored.
+  const scribeUrl = resolveScribeUrl(env as NodeJS.ProcessEnv) ?? "";
   return {
     audio_retention: vaultConfig.audio_retention ?? "keep",
-    scribe_url: env.SCRIBE_URL ?? "",
+    autoTranscribe: {
+      enabled: globalConfig.auto_transcribe?.enabled ?? false,
+      scribeUrl,
+    },
+    // Legacy alias mirrors `autoTranscribe.scribeUrl` so hubs reading the
+    // pre-vault#353 shape don't regress.
+    scribe_url: scribeUrl,
     port: globalConfig.port,
   };
 }

package/src/module-manifest.test.ts

@@ -0,0 +1,114 @@
+import { describe, expect, test } from "bun:test";
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { readSelfManifest, resolvePackageRoot } from "./module-manifest.ts";
+
+function withTempPackageRoot(
+  manifest: unknown | undefined,
+  fn: (root: string) => void,
+): void {
+  const root = mkdtempSync(join(tmpdir(), "pvault-manifest-"));
+  try {
+    if (manifest !== undefined) {
+      mkdirSync(join(root, ".parachute"), { recursive: true });
+      writeFileSync(
+        join(root, ".parachute", "module.json"),
+        typeof manifest === "string" ? manifest : JSON.stringify(manifest),
+      );
+    }
+    fn(root);
+  } finally {
+    rmSync(root, { recursive: true, force: true });
+  }
+}
+
+describe("module-manifest", () => {
+  test("resolvePackageRoot returns the directory containing package.json", () => {
+    // In the test env, this module lives at <repo>/src/module-manifest.test.ts —
+    // so the resolved root is the repo root. We don't pin the exact path
+    // (tests run from various cwds); we just sanity-check it's an absolute
+    // directory ending in the vault repo's name.
+    const root = resolvePackageRoot();
+    expect(root.startsWith("/")).toBe(true);
+    expect(root.endsWith("/src")).toBe(false);
+  });
+
+  test("readSelfManifest returns null when .parachute/module.json is missing", () => {
+    withTempPackageRoot(undefined, (root) => {
+      expect(readSelfManifest(root)).toBeNull();
+    });
+  });
+
+  test("readSelfManifest parses a valid manifest (no kind — hub#301 Phase B)", () => {
+    withTempPackageRoot(
+      {
+        name: "vault",
+        manifestName: "parachute-vault",
+        displayName: "Vault",
+        tagline: "Test tagline",
+        port: 1940,
+        paths: ["/vault/default"],
+        health: "/vault/default/health",
+      },
+      (root) => {
+        const m = readSelfManifest(root);
+        expect(m).not.toBeNull();
+        expect(m?.name).toBe("vault");
+        expect(m?.manifestName).toBe("parachute-vault");
+        expect(m?.displayName).toBe("Vault");
+        expect(m?.kind).toBeUndefined();
+        expect(m?.port).toBe(1940);
+        expect(m?.paths).toEqual(["/vault/default"]);
+      },
+    );
+  });
+
+  test("readSelfManifest tolerates a legacy manifest that still includes kind", () => {
+    // hub#301 Phase B retired the `kind` field, but legacy manifests on
+    // pinned installs may still include it. The reader accepts it without
+    // erroring; the field is never branched on.
+    withTempPackageRoot(
+      {
+        name: "vault",
+        manifestName: "parachute-vault",
+        kind: "api",
+        port: 1940,
+        paths: ["/vault/default"],
+        health: "/vault/default/health",
+      },
+      (root) => {
+        const m = readSelfManifest(root);
+        expect(m).not.toBeNull();
+        expect(m?.kind).toBe("api");
+      },
+    );
+  });
+
+  test("readSelfManifest throws on malformed JSON", () => {
+    withTempPackageRoot("{ not valid json", (root) => {
+      expect(() => readSelfManifest(root)).toThrow();
+    });
+  });
+
+  test("readSelfManifest throws when required field missing", () => {
+    withTempPackageRoot(
+      { name: "vault" /* missing manifestName / port / paths / health */ },
+      (root) => {
+        expect(() => readSelfManifest(root)).toThrow(/missing required/);
+      },
+    );
+  });
+
+  test("readSelfManifest reads the actual shipped manifest in the repo", () => {
+    // Smoke test the real shipped file — guards against ever shipping a
+    // malformed manifest. Uses the real resolvePackageRoot (which finds
+    // the repo root in tests). Post hub#301 Phase B, the shipped manifest
+    // no longer includes `kind`.
+    const m = readSelfManifest();
+    expect(m).not.toBeNull();
+    expect(m?.manifestName).toBe("parachute-vault");
+    expect(m?.kind).toBeUndefined();
+    expect(m?.port).toBe(1940);
+  });
+});

package/src/module-manifest.ts

@@ -0,0 +1,104 @@
+/**
+ * Reader for the package's own `.parachute/module.json`.
+ *
+ * Vault ships `module.json` alongside `package.json` at the package root.
+ * This module locates the file via `import.meta.url` (which works for both
+ * `bun src/cli.ts …` dev runs and the published-package `parachute-vault`
+ * binary — the file ships in `package.json` `files` next to `src/`).
+ *
+ * Used by `self-register.ts` on server boot: vault reads its own manifest
+ * + computes the package's `installDir` so the services.json row carries
+ * the same metadata that hub's `FIRST_PARTY_FALLBACKS[vault]` provides
+ * today. The endgame is that hub's vendored fallback retires once every
+ * first-party module self-registers reliably — this is the POC for the
+ * pattern.
+ *
+ * Shape mirrors `parachute-hub/src/module-manifest.ts`. Kept narrow: we
+ * only consume the fields vault stamps onto services.json
+ * (displayName, tagline, stripPrefix). The full manifest validator lives
+ * on the hub side; vault treats its own manifest as authored-by-us +
+ * trusts the shape.
+ */
+
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+export type ModuleKind = "api" | "frontend" | "tool";
+
+/**
+ * Subset of the full manifest schema (see `parachute-hub/src/module-manifest.ts`)
+ * — only the fields vault's self-registration consumes today. Adding more is
+ * a one-line edit when the surface widens.
+ */
+export interface VaultModuleManifest {
+  readonly name: string;
+  readonly manifestName: string;
+  readonly displayName?: string;
+  readonly tagline?: string;
+  /**
+   * Deprecated as of hub#301 Phase B (kind retirement, 2026-05-23). Hub's
+   * validator dropped `kind` from required-fields in hub#327; vault no
+   * longer ships the field in `.parachute/module.json`. Kept here as
+   * optional only so an older shipped manifest (pinned legacy install)
+   * still parses without throwing — the field is never branched on.
+   */
+  readonly kind?: ModuleKind;
+  readonly port: number;
+  readonly paths: readonly string[];
+  readonly health: string;
+  readonly stripPrefix?: boolean;
+}
+
+/**
+ * Resolve the path to the package root — the directory containing both
+ * `package.json` and `.parachute/module.json`. Walks up from
+ * `import.meta.url` so the answer is correct under both:
+ *
+ *   - dev:  `bun src/cli.ts serve` → `src/module-manifest.ts` → parent = repo root
+ *   - prod: published package → `src/module-manifest.ts` → parent = installed
+ *           package dir (e.g. `~/.bun/install/global/node_modules/@openparachute/vault`)
+ *
+ * Exported for tests + the self-register flow that needs to stamp this as
+ * `installDir` on the services.json row.
+ */
+export function resolvePackageRoot(): string {
+  const here = dirname(fileURLToPath(import.meta.url));
+  // `src/module-manifest.ts` lives one level under the package root.
+  return resolve(here, "..");
+}
+
+/**
+ * Read `<packageRoot>/.parachute/module.json` if present. Returns null when
+ * the file is missing (e.g. during local dev before the file was committed)
+ * — callers treat that as "self-registration unavailable, log + continue."
+ *
+ * Throws on malformed JSON: a corrupt manifest is a deploy bug we want to
+ * surface, not silently swallow. The self-register caller catches + logs
+ * so a bad manifest doesn't crash server boot.
+ */
+export function readSelfManifest(
+  packageRoot: string = resolvePackageRoot(),
+): VaultModuleManifest | null {
+  const path = join(packageRoot, ".parachute", "module.json");
+  if (!existsSync(path)) return null;
+  const raw = readFileSync(path, "utf8");
+  const parsed = JSON.parse(raw) as Record<string, unknown>;
+  // Minimal shape validation. Only the fields we actually consume — anything
+  // else passes through untouched. Strict full-shape validation is the hub's
+  // job (it'll fail an install on a malformed manifest); vault treats its
+  // own shipped file as authored-by-us.
+  if (typeof parsed.name !== "string" || typeof parsed.manifestName !== "string") {
+    throw new Error(`${path}: manifest missing required "name" / "manifestName"`);
+  }
+  if (typeof parsed.port !== "number" || !Array.isArray(parsed.paths)) {
+    throw new Error(`${path}: manifest missing required "port" / "paths"`);
+  }
+  if (typeof parsed.health !== "string") {
+    throw new Error(`${path}: manifest missing required "health"`);
+  }
+  // `kind` is retired as of hub#301 Phase B — hub#327 made it optional in
+  // the hub-side validator, and vault no longer ships it. If a legacy
+  // manifest still includes the field, accept it; just don't require it.
+  return parsed as unknown as VaultModuleManifest;
+}

package/src/oauth-discovery.ts

@@ -0,0 +1,95 @@
+/**
+ * OAuth discovery endpoints — the *resource server* side of the
+ * authorization story.
+ *
+ * Vault is a resource server, not an authorization server. The hub is the
+ * OAuth issuer (see [`design/2026-04-20-hub-as-portal-oauth-and-service-catalog.md`](
+ * ../../parachute.computer/design/2026-04-20-hub-as-portal-oauth-and-service-catalog.md)
+ * and `docs/auth-model.md`). The endpoints below advertise that contract to
+ * clients per RFC 8414 + RFC 9728:
+ *
+ *   - `handleProtectedResource` — RFC 9728: "this is the protected resource
+ *     at `<vault>/mcp`; the authorization server lives at <hub>"
+ *   - `handleAuthorizationServer` — RFC 8414: "go to <hub>/oauth/* for the
+ *     authorization endpoints" (forwarded shape — issuer + endpoints all
+ *     name the hub)
+ *
+ * The standalone OAuth issuer that previously lived in `src/oauth.ts` was
+ * retired in vault#366 (workstream E of the UX audit). Hub is now a hard
+ * requirement; vault never mints OAuth tokens itself, never renders a
+ * consent UI, never accepts `/oauth/authorize|token|register` requests.
+ * Operators who need OAuth install the hub and front vault with it.
+ *
+ * `PARACHUTE_HUB_ORIGIN` is required for these endpoints to advertise the
+ * right issuer URL. Without it we fall back to the canonical loopback
+ * (`http://127.0.0.1:1939`) since the hub binds that port by default — that
+ * keeps single-host installs working without explicit configuration.
+ */
+
+import { getHubOrigin } from "./hub-jwt.ts";
+
+/** OAuth scopes vault publishes through discovery; see scopes.ts for enforcement. */
+const SCOPES_SUPPORTED = ["vault:read", "vault:write", "vault:admin"];
+
+/**
+ * Public-facing base URL of the server. Honors `x-forwarded-*` headers so a
+ * Cloudflare Tunnel / Tailscale Funnel / reverse-proxied deployment advertises
+ * the right external origin in `resource` URLs.
+ *
+ * Exported so the router can build `WWW-Authenticate` challenge headers that
+ * point at the same origin as the `/.well-known/*` metadata documents.
+ */
+export function getBaseUrl(req: Request): string {
+  const forwardedHost = req.headers.get("x-forwarded-host");
+  const forwardedProto = req.headers.get("x-forwarded-proto");
+  if (forwardedHost) {
+    return `${forwardedProto || "https"}://${forwardedHost}`;
+  }
+  const url = new URL(req.url);
+  return url.origin;
+}
+
+/**
+ * OAuth 2.0 Protected Resource Metadata (RFC 9728).
+ *
+ * Advertises the MCP endpoint as the protected resource and names the hub as
+ * the authorization server. Clients following the spec fetch this, then fetch
+ * the AS metadata at `<hub>/.well-known/oauth-authorization-server` to drive
+ * the full flow.
+ */
+export function handleProtectedResource(req: Request, vaultName: string): Response {
+  const base = getBaseUrl(req);
+  const prefix = `/vault/${vaultName}`;
+  return Response.json({
+    resource: `${base}${prefix}/mcp`,
+    authorization_servers: [getHubOrigin()],
+    scopes_supported: SCOPES_SUPPORTED,
+    bearer_methods_supported: ["header"],
+  });
+}
+
+/**
+ * OAuth 2.0 Authorization Server Metadata (RFC 8414).
+ *
+ * Vault is a resource server, not an authorization server — but we serve this
+ * document at `/vault/<name>/.well-known/oauth-authorization-server` (and the
+ * RFC 8414 §3.1 path-insertion shape) as a *forwarding* metadata document:
+ * issuer + every endpoint name the hub. Clients that follow the PRM pointer
+ * land here and discover the hub's actual endpoints; conformant clients that
+ * probe AS metadata directly at the vault path get the same answer.
+ */
+export function handleAuthorizationServer(_req: Request, _vaultName: string): Response {
+  const hub = getHubOrigin();
+  return Response.json({
+    issuer: hub,
+    authorization_endpoint: `${hub}/oauth/authorize`,
+    token_endpoint: `${hub}/oauth/token`,
+    registration_endpoint: `${hub}/oauth/register`,
+    jwks_uri: `${hub}/.well-known/jwks.json`,
+    response_types_supported: ["code"],
+    code_challenge_methods_supported: ["S256"],
+    grant_types_supported: ["authorization_code", "refresh_token"],
+    token_endpoint_auth_methods_supported: ["none", "client_secret_post"],
+    scopes_supported: SCOPES_SUPPORTED,
+  });
+}

package/src/owner-auth.ts

@@ -1,14 +1,29 @@
 /**
- * Owner authentication for the OAuth consent page.
+ * Owner-password storage + verification.
  *
- * The "owner" is the person who set up this vault — identified by a password
- * stored globally in config.yaml (owner_password_hash). The password is used
- * to prove ownership when authorizing third-party OAuth clients.
+ * **Vestigial after vault#366 (workstream E of the UX audit, 2026-05-25).**
+ * The owner password used to authenticate the vault's standalone OAuth
+ * consent page (the one rendered by the now-deleted `src/oauth.ts`). With
+ * hub required and consent moved to the hub, the password no longer
+ * protects anything inside vault. The module is kept because:
  *
- * Password hashing uses Bun.password (bcrypt, cost 12 by default) — no deps.
+ *   1. Hub's `expose public` preflight reads `owner_password_hash` /
+ *      `totp_secret` from vault's `config.yaml` to score auth posture
+ *      (`parachute-hub/src/vault/auth-status.ts`). Removing the YAML
+ *      surface in lockstep would turn every install's preflight
+ *      score into "wide-open" until hub ships its own posture check.
+ *   2. The CLI `set-password` / `2fa enroll` commands keep working for
+ *      operators on the legacy posture mid-migration.
  *
- * Rate limiting is per-IP, in-memory. Acceptable for v1: resets on restart,
- * doesn't handle multi-process deployments. Tighten later if needed.
+ * Retirement is tracked as a follow-up; this file should go away once
+ * the hub-side preflight is updated to score hub credentials instead of
+ * vault credentials.
+ *
+ * The per-IP `RateLimiter` (formerly in this file) was deleted alongside
+ * the consent page — there's no traffic to limit on a route that no
+ * longer exists.
+ *
+ * Password hashing uses Bun.password (bcrypt, cost 12 by default).
  */
 
 import { readGlobalConfig, writeGlobalConfig } from "./config.ts";
@@ -71,145 +86,3 @@ export async function verifyOwnerPassword(password: string, hash: string): Promi
   }
 }
 
-// ---------------------------------------------------------------------------
-// Rate limiting
-// ---------------------------------------------------------------------------
-
-interface RateLimitEntry {
-  failures: number;
-  firstFailureAt: number;
-  lockedUntil: number | null;
-}
-
-/**
- * Per-IP rate limiter for consent-page attempts.
- *
- * Policy:
- *   - Up to MAX_FAILURES failed attempts within WINDOW_MS → lockout
- *   - Lockout lasts LOCKOUT_MS
- *   - A successful attempt clears the IP's counter
- *   - Hard cap on entry count — when full, the oldest insertion is evicted
- *     before a new one is recorded. Prevents memory exhaustion via IP /
- *     client_id enumeration (#93).
- */
-export class RateLimiter {
-  private entries = new Map<string, RateLimitEntry>();
-
-  constructor(
-    private readonly maxFailures = 10,
-    private readonly windowMs = 60_000,
-    private readonly lockoutMs = 15 * 60_000,
-    private readonly maxEntries = 10_000,
-  ) {}
-
-  /**
-   * Check whether an IP is currently allowed to attempt auth.
-   * Returns `{ allowed: false, retryAfterSec }` if locked out.
-   */
-  check(ip: string): { allowed: true } | { allowed: false; retryAfterSec: number } {
-    const entry = this.entries.get(ip);
-    if (!entry) return { allowed: true };
-
-    const now = Date.now();
-    if (entry.lockedUntil && entry.lockedUntil > now) {
-      return { allowed: false, retryAfterSec: Math.ceil((entry.lockedUntil - now) / 1000) };
-    }
-
-    // Expired lockout or old window — reset and allow
-    if (entry.lockedUntil && entry.lockedUntil <= now) {
-      this.entries.delete(ip);
-      return { allowed: true };
-    }
-    if (now - entry.firstFailureAt > this.windowMs) {
-      this.entries.delete(ip);
-      return { allowed: true };
-    }
-
-    return { allowed: true };
-  }
-
-  /** Record a failed attempt. Triggers lockout if threshold reached. */
-  recordFailure(ip: string): void {
-    const now = Date.now();
-    const entry = this.entries.get(ip);
-
-    if (!entry || now - entry.firstFailureAt > this.windowMs) {
-      this.evictIfFull();
-      this.entries.set(ip, {
-        failures: 1,
-        firstFailureAt: now,
-        lockedUntil: null,
-      });
-      return;
-    }
-
-    entry.failures += 1;
-    if (entry.failures >= this.maxFailures) {
-      entry.lockedUntil = now + this.lockoutMs;
-    }
-  }
-
-  /** Record a successful attempt. Clears the IP's counter. */
-  recordSuccess(ip: string): void {
-    this.entries.delete(ip);
-  }
-
-  /** For tests: drop all state. */
-  reset(): void {
-    this.entries.clear();
-  }
-
-  /** Current entry count — exposed for tests + observability. */
-  size(): number {
-    return this.entries.size;
-  }
-
-  /**
-   * Evict the oldest insertion(s) until size < maxEntries. Map preserves
-   * insertion order, so `keys().next().value` is the oldest. We re-insert
-   * on window-rollover (delete + new set), so insertion order tracks
-   * recency-of-failure closely enough for FIFO eviction.
-   */
-  private evictIfFull(): void {
-    while (this.entries.size >= this.maxEntries) {
-      const oldest = this.entries.keys().next().value;
-      if (oldest === undefined) break;
-      this.entries.delete(oldest);
-    }
-  }
-}
-
-/**
- * Singleton rate limiter — kept for back-compat with callers that don't pass
- * through per-vault routing. Fresh callers should prefer
- * `getAuthorizeRateLimiter(vaultName)` so traffic on one vault's consent flow
- * doesn't lock out IPs on another vault's consent flow (#93).
- *
- * @deprecated Use `getAuthorizeRateLimiter(vaultName)` instead. The singleton
- * cross-pollutes per-vault consent traffic — one vault under brute-force can
- * lock out IPs on every other vault's consent page.
- */
-export const authorizeRateLimit = new RateLimiter();
-
-/**
- * Per-vault rate limiter registry. The vault count is admin-bounded (vaults
- * are created via CLI, not by clients) so this Map can grow only with operator
- * action — no attacker-driven growth path. Each instance carries the
- * default 10,000-entry IP cap, scoped to its vault (#93).
- */
-const vaultAuthorizeRateLimiters = new Map<string, RateLimiter>();
-
-/** Lazily get-or-create the rate limiter for a given vault. */
-export function getAuthorizeRateLimiter(vaultName: string): RateLimiter {
-  let limiter = vaultAuthorizeRateLimiters.get(vaultName);
-  if (!limiter) {
-    limiter = new RateLimiter();
-    vaultAuthorizeRateLimiters.set(vaultName, limiter);
-  }
-  return limiter;
-}
-
-/** For tests: drop all per-vault limiters. */
-export function resetVaultAuthorizeRateLimiters(): void {
-  vaultAuthorizeRateLimiters.clear();
-}