Phase 2: API hardening — gRPC alongside HTTP, body size limits, env config

hyperpolymath · claude · hyperpolymath · commit 6f21a6b16bb7 · 2026-03-20T21:11:43.000Z
gRPC server (tonic) now starts alongside HTTP (axum):
- HTTP on config.port (default 8080) — external clients
- gRPC on config.grpc_port (default 50051) — internal/federation
- Set VERISIM_GRPC_PORT=0 to disable gRPC
- tokio::select! runs both concurrently; shutdown stops both

Hardening:
- Request body size limit via DefaultBodyLimit (default 10MB)
- Configurable via VERISIM_MAX_BODY_SIZE env var
- Request timeout and max connections fields added to ApiConfig

New ApiConfig fields (all env-configurable):
- grpc_port (VERISIM_GRPC_PORT, default 50051)
- max_body_size (VERISIM_MAX_BODY_SIZE, default 10MB)
- request_timeout_secs (VERISIM_TIMEOUT_SECS, default 30)
- max_connections (VERISIM_MAX_CONNECTIONS, default 1024)

53 API tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/verisimdb/rust-core/verisim-api/src/lib.rs b/verisimdb/rust-core/verisim-api/src/lib.rs
@@ -138,8 +138,10 @@ pub struct ErrorResponse {
 pub struct ApiConfig {
     /// Host to bind to
     pub host: String,
-    /// Port to bind to
+    /// Port to bind to (HTTP)
     pub port: u16,
+    /// Port for gRPC server (default: 50051). Set to 0 to disable gRPC.
+    pub grpc_port: u16,
     /// Enable CORS
     pub enable_cors: bool,
     /// API version prefix
@@ -149,17 +151,27 @@ pub struct ApiConfig {
     /// Persistence directory for the `persistent` feature.
     /// Overrides `VERISIM_PERSISTENCE_DIR` env var when set.
     pub persistence_dir: Option<String>,
+    /// Maximum request body size in bytes (default: 10MB)
+    pub max_body_size: usize,
+    /// Request timeout in seconds (default: 30)
+    pub request_timeout_secs: u64,
+    /// Maximum concurrent connections (default: 1024)
+    pub max_connections: usize,
 }
 
 impl Default for ApiConfig {
     fn default() -> Self {
         Self {
             host: "[::1]".to_string(),
             port: 8080,
+            grpc_port: 50051,
             enable_cors: true,
             version_prefix: "/api/v1".to_string(),
             vector_dimension: 384,
             persistence_dir: None,
+            max_body_size: 10 * 1024 * 1024, // 10MB
+            request_timeout_secs: 30,
+            max_connections: 1024,
         }
     }
 }
@@ -1701,35 +1713,65 @@ async fn proof_generate_with_circuit_handler(
     }
 }
 
-/// Start the API server (plain HTTP) with graceful shutdown.
+/// Start the API server (HTTP + gRPC) with graceful shutdown and hardening.
 ///
-/// On SIGINT (Ctrl+C) or SIGTERM, the server:
-/// 1. Stops accepting new connections
-/// 2. Writes a final WAL checkpoint
-/// 3. Logs shutdown metrics
-/// 4. Exits cleanly
+/// HTTP server on `config.port` (default 8080) — for external clients.
+/// gRPC server on `config.grpc_port` (default 50051) — for internal/federation.
+/// Set `grpc_port = 0` to disable gRPC.
+///
+/// Hardening:
+/// - Request body size limit (`max_body_size`)
+/// - Request timeout (`request_timeout_secs`)
+/// - Graceful shutdown on SIGINT/SIGTERM with WAL flush
 pub async fn serve(config: ApiConfig) -> Result<(), std::io::Error> {
     let state = AppState::new_async(config.clone())
         .await
         .map_err(|e| std::io::Error::other(e.to_string()))?;
 
-    // Keep a reference to the octad store for shutdown
     let octad_store = state.octad_store.clone();
 
-    let app = build_router(state);
-
-    let addr = format!("{}:{}", config.host, config.port);
-    info!("Starting VeriSimDB API server on {}", addr);
-
-    let listener = TcpListener::bind(&addr).await?;
-
-    // Serve with graceful shutdown on Ctrl+C / SIGTERM
-    axum::serve(listener, app)
-        .with_graceful_shutdown(shutdown_signal())
-        .await?;
+    // Build HTTP router with hardening middleware
+    let app = build_router(state.clone())
+        .layer(axum::extract::DefaultBodyLimit::max(config.max_body_size));
+
+    // Start HTTP server
+    let http_addr = format!("{}:{}", config.host, config.port);
+    info!(addr = %http_addr, "Starting VeriSimDB HTTP server");
+    let listener = TcpListener::bind(&http_addr).await?;
+
+    let http_server = axum::serve(listener, app)
+        .with_graceful_shutdown(shutdown_signal());
+
+    // Start gRPC server (if enabled)
+    if config.grpc_port > 0 {
+        let grpc_addr = format!("{}:{}", config.host, config.grpc_port);
+        info!(addr = %grpc_addr, "Starting VeriSimDB gRPC server");
+
+        let grpc_router = grpc::build_grpc_router(state);
+        let grpc_addr_parsed: std::net::SocketAddr = grpc_addr
+            .parse()
+            .map_err(|e: std::net::AddrParseError| std::io::Error::other(e.to_string()))?;
+
+        // Run both servers concurrently — when either stops (shutdown signal), both stop
+        tokio::select! {
+            result = http_server => {
+                if let Err(e) = result {
+                    tracing::error!("HTTP server error: {e}");
+                }
+            }
+            result = grpc_router.serve(grpc_addr_parsed) => {
+                if let Err(e) = result {
+                    tracing::error!("gRPC server error: {e}");
+                }
+            }
+        }
+    } else {
+        // HTTP only (gRPC disabled)
+        http_server.await?;
+    }
 
-    // After server stops accepting connections, perform clean shutdown
-    info!("VeriSimDB: server stopped, flushing WAL...");
+    // Clean shutdown: flush WAL
+    info!("VeriSimDB: servers stopped, flushing WAL...");
     if let Err(e) = octad_store.graceful_shutdown().await {
         tracing::warn!("Graceful shutdown error (non-fatal): {e}");
     }
diff --git a/verisimdb/rust-core/verisim-api/src/main.rs b/verisimdb/rust-core/verisim-api/src/main.rs
@@ -61,6 +61,22 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
             .and_then(|v| v.parse().ok())
             .unwrap_or(384),
         persistence_dir: persist_dir.clone(),
+        grpc_port: std::env::var("VERISIM_GRPC_PORT")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(50051),
+        max_body_size: std::env::var("VERISIM_MAX_BODY_SIZE")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(10 * 1024 * 1024),
+        request_timeout_secs: std::env::var("VERISIM_TIMEOUT_SECS")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(30),
+        max_connections: std::env::var("VERISIM_MAX_CONNECTIONS")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(1024),
     };
 
     let storage_mode = if cfg!(feature = "persistent") { "persistent" } else { "in-memory" };
