Refactor architecture to isolate metrics and enforce global API prefix#1
Merged
amiabl-programr merged 1 commit intomainfrom Apr 8, 2026
Merged
Conversation
…global api prefix - Bootstrapped dual NestJS applications in main.ts to structurally separate the public routing table (port 4180) from internal compliance monitoring (port 3001). - Enforced a global /api prefix across all public HTTP endpoints. - Extracted MetricsModule from the public AppModule boundary, guaranteeing zero metric exposure to the public internet. - Refactored MetricsService to function as a stateless bridge to the prom-client global registry. This safely supports metric sharing across isolated Dependency Injection containers without collision. - Updated e2e testing infrastructure to run concurrent server instances and verified rate-limiting compliance.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fundamentally hardens the Teapot Microservice architecture by completely isolating internal Prometheus metrics from the public API boundary. In compliance with enterprise security requirements (and strict RFC 2324 guidelines), internal runtime data, such as CPU usage and refusal counters, is no longer accessible from the public internet.
Simultaneously, we have formalized our public endpoint footprint via a global
/apiprefix.Architectural Changes
main.tsnow spins up two entirely isolated NestJS Dependency Injection containers.4180with a global/apiprefix.3001(bound strictly to127.0.0.1) executing theMetricsModule.MetricsServiceto act as a stateless accessor toprom-client's global Node.js registry. This elegantly bypasses NestJS's container isolation, ensuringBrewModulein the public app perfectly increments the counters exposed by the internal app, without fatalMetric already definedcollisions./src/public) continues to accurately reflect our rigorous refusal standards.app.e2e-spec.ts. Verified that rate-limiting natively propagates exception messages and that the/metricsendpoint yields a rigid 404 Not Found on the public interface.Verification
http://localhost:4180/metricscorrectly 404s.http://localhost:3001/metricsreliably returns prometheus data.Strict Coffee Rejection Check) and tests complete favorably.Known Issues / Warnings
/api(e.g.,/api/v1/brewinstead of/v1/brew). Swagger docs have updated automatically.