Problem
Nonce replay protection is correct only within the storage scope that remembers the nonce. The in-memory store is fine for development and single-instance pilots, but it is not a system-wide replay guarantee in a horizontally scaled deployment.
What to do
Make replay scope explicit in code, docs, and deployment examples:
- document memory store as single-process only
- document Redis as the required multi-replica production path
- add an operator warning when production-like config uses memory replay storage
- ensure examples that claim pilot/production posture use Redis
Acceptance criteria
- docs clearly define replay scope for memory vs Redis
- Docker Compose/operator examples show Redis for scaled deployments
- tests prove Redis rejects the same JTI across separate store clients
- verifier startup logs make the selected replay backend visible
Out of scope
- global consensus or blockchain replay tracking
- billing/spend counters
Problem
Nonce replay protection is correct only within the storage scope that remembers the nonce. The in-memory store is fine for development and single-instance pilots, but it is not a system-wide replay guarantee in a horizontally scaled deployment.
What to do
Make replay scope explicit in code, docs, and deployment examples:
Acceptance criteria
Out of scope