{"id":49869644,"url":"https://github.com/mojoatomic/rdcp","last_synced_at":"2026-05-15T05:11:43.415Z","repository":{"id":316257820,"uuid":"1058934093","full_name":"mojoatomic/rdcp","owner":"mojoatomic","description":"RDCP - Rate-limit Discovery and Control Protocol. Dynamic rate limit management for distributed systems via JSON over HTTP/WebSocket.","archived":false,"fork":false,"pushed_at":"2025-10-20T00:40:29.000Z","size":1380,"stargazers_count":0,"open_issues_count":22,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-20T15:30:03.306Z","etag":null,"topics":["api-management","api-protocol","backend","developer-tools","distributed-systems","http-api","json-protocol","metrics","microservices","monitoring","multi-tenant","observability","protocol","quota-management","rate-limiting","rate-limits","real-time-metrics","throttling","websocket"],"latest_commit_sha":null,"homepage":"https://rdcp.dev/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mojoatomic.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-17T18:46:06.000Z","updated_at":"2025-10-20T00:40:31.000Z","dependencies_parsed_at":"2025-10-19T18:15:48.518Z","dependency_job_id":"1c441e54-ca00-4f0b-8566-64162d329ddc","html_url":"https://github.com/mojoatomic/rdcp","commit_stats":null,"previous_names":["mojoatomic/rdcp"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/mojoatomic/rdcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojoatomic%2Frdcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojoatomic%2Frdcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojoatomic%2Frdcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojoatomic%2Frdcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mojoatomic","download_url":"https://codeload.github.com/mojoatomic/rdcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojoatomic%2Frdcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33054542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-15T02:00:06.351Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-management","api-protocol","backend","developer-tools","distributed-systems","http-api","json-protocol","metrics","microservices","monitoring","multi-tenant","observability","protocol","quota-management","rate-limiting","rate-limits","real-time-metrics","throttling","websocket"],"created_at":"2026-05-15T05:11:42.710Z","updated_at":"2026-05-15T05:11:43.406Z","avatar_url":"https://github.com/mojoatomic.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RDCP SDK - Operational Infrastructure Control (OIC)\n\nFirst-of-its-kind JavaScript/TypeScript SDK implementing the Runtime Debug Control Protocol (RDCP) for operational infrastructure control.\n\n[![npm: @rdcp.dev/core](https://img.shields.io/npm/v/%40rdcp.dev/core?label=%40rdcp.dev%2Fcore)](https://www.npmjs.com/package/@rdcp.dev/core)\n[![npm: @rdcp.dev/client](https://img.shields.io/npm/v/%40rdcp.dev/client?label=%40rdcp.dev%2Fclient)](https://www.npmjs.com/package/@rdcp.dev/client)\n[![npm: @rdcp.dev/server](https://img.shields.io/npm/v/%40rdcp.dev/server?label=%40rdcp.dev%2Fserver)](https://www.npmjs.com/package/@rdcp.dev/server)\n[![npm: @rdcp.dev/conformance](https://img.shields.io/npm/v/%40rdcp.dev/conformance?label=%40rdcp.dev%2Fconformance)](https://www.npmjs.com/package/@rdcp.dev/conformance)\n[![CI](https://github.com/mojoatomic/rdcp/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/mojoatomic/rdcp/actions/workflows/ci.yml)\n[![Conformance](https://mojoatomic.github.io/rdcp/badges/rdcp-summary.svg)](https://mojoatomic.github.io/rdcp/badges/rdcp-summary.svg)\n[![Protocol Compliance](https://img.shields.io/badge/RDCP-v1.0%20Compliant-green)](https://github.com/mojoatomic/rdcp/blob/main/PROTOCOL-COMPLIANCE-REPORT.md)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)\n\n---\n\n## Install\n\n### Conformance CLI (npx)\n\n```bash\n# Discover /.well-known/rdcp and write gating config\nnpx rdcp-conformance --base-url=http://localhost:3000 \\\n  --include-tags=standard --out=reports/rdcp.discovery.json\n\n# Generate reports after tests\nnpx rdcp-conformance-junit    # writes reports/rdcp.junit.xml\nnpx rdcp-conformance-badges   # writes reports/badges/*\n```\n\n### Composite Action outputs\n\n```yaml\n- uses: ./.github/actions/rdcp-conformance\n  with:\n    base-url: http://service:3000\n  id: rdcp\n# Use outputs in subsequent steps/jobs\n- run: echo \"Pass rate: ${{ steps.rdcp.outputs.pass-rate }}%\" \u0026\u0026 \\\n       echo \"Tests: ${{ steps.rdcp.outputs.tests-passed }}/${{ steps.rdcp.outputs.tests-total }}\"\n\n# Gate deployment on pass-rate\n- if: ${{ steps.rdcp.outputs.pass-rate == '100' }}\n  run: echo \"Conformance OK — proceed to deploy\"\n```\n\nQuick start (Client SDK)\n\n```ts path=null start=null\nimport { createRDCPClient } from '@rdcp.dev/client'\nimport { RDCP_HEADERS } from '@rdcp.dev/core'\n\nconst rdcp = createRDCPClient({\n  baseUrl: process.env.RDCP_BASE_URL || 'http://localhost:3000',\n  headers: {\n    [RDCP_HEADERS.AUTH_METHOD]: 'api-key',\n    [RDCP_HEADERS.CLIENT_ID]: 'demo-client',\n    'x-api-key': process.env.RDCP_API_KEY!,\n  },\n})\n\n// Discovery\nconst discovery = await rdcp.getDiscovery()\n\n// Status\nconst status = await rdcp.getStatus()\n\n// Control\nconst res = await rdcp.postControl({ action: 'enable', categories: ['API_ROUTES'] })\n\n// Health\nconst health = await rdcp.getHealth()\n```\n\nRun the demo locally with the client SDK:\n\n```bash\n# Fresh clone setup (installs all workspace deps, including demo app)\nnpm ci\nnpm run build\n\n# Start demo app and run client flows\nnpm run dev --prefix packages/rdcp-demo-app # start demo app\nnpm run demo:client                         # run client demo flows\nnpm run demo:client:auth                    # try Basic/Bearer auth examples\nnpm run demo:benchmark                      # compare client vs direct fetch\n```\n\nIf you are using an older npm that doesn’t enable workspaces automatically, run:\n\n```bash\nnpm install --prefix packages/rdcp-demo-app\nnpm run build --prefix packages/otel-plugin # required once so demo app can import it\n```\n\nInstall packages\n\n```bash\n# Core (protocol constants, error codes, schemas)\nnpm i @rdcp.dev/core\n\n# Client SDK (fetch-based, Node 18+)\nnpm i @rdcp.dev/client\n\n# Server SDK (adapters, endpoints, auth)\nnpm i @rdcp.dev/server\n```\n\n## The Infrastructure Gap\n\nProduction incidents demand immediate operational changes—enabling debug logging, adjusting trace levels, or modifying runtime behavior. Traditional infrastructure forces a binary choice:\n\n- Deploy new code/configuration → risk introducing bugs during incidents\n- Use vendor-specific interfaces → limited to monitoring platform capabilities\n\nRDCP represents a third approach: standardized HTTP endpoints for runtime operational control.\n\n### The Technical Gap\n\nExisting infrastructure falls into categories that don't address immediate operational control:\n\n- Configuration management (Ansible, Chef) requires deployments\n- Observability platforms (DataDog, New Relic) provide monitoring but limited operational control\n- Service meshes manage traffic routing but not application behavior\n\nNone provide standardized protocols for immediate runtime operational changes.\n\n### What Makes This Different\n\nRDCP operates at the application control plane level—between the application and its operational environment. It's not configuration (static) or monitoring (passive) but active operational control that happens immediately without deployment cycles.\n\n### The Protocol Approach\n\nRather than requiring integration with specific platforms, RDCP defines standard HTTP endpoints that any system can implement. This creates interoperability where operational control tools can work across different applications without vendor lock-in.\n\n---\n\n## Admin UI (Actions + Polling)\n\nThe demo Admin UI at `/admin` demonstrates real-time operational control with:\n\n- Action selector: enable/disable/toggle/reset\n- Jittered polling (~1s + 0–300ms), exponential backoff (cap ~10s)\n- Pause during control operations; immediate resume\n- Inline toasts for success/error, non-blocking feedback\n\nTry it locally:\n- Start the demo app (see packages/rdcp-demo-app/README.md)\n- Visit `/admin` and toggle categories, set optional TTL (e.g., `2m`), and click Apply\n- Watch the Status panel timestamp update and toasts confirm actions\n\nA short GIF can be placed in `docs/assets/admin-ui-demo.gif` and embedded here when available.\n\n## Operational Infrastructure Control (OIC)\n\nRDCP is the first implementation of a new infrastructure category: Operational Infrastructure Control (OIC).\n\n- Not configuration management (requires deployments)\n- Not monitoring platforms (limited operational control)\n- Not service mesh (handles traffic, not application behavior)\n\nInstead: a distinct infrastructure layer providing immediate operational control over application behavior through standardized protocols.\n\n### Enterprise Requirements Drive Complexity\n\nAuthentication tiers, tenant isolation, and audit features exist because operational control in production involves compliance requirements, multi-customer isolation, and security concerns that simple debugging tools don't address.\n\n### The Technical Innovation\n\nPrefer the Client SDK for production usage. For raw HTTP users, see Appendix below.\n\nAppendix: raw HTTP example\n\n```bash\n# Instead of deploying code changes\n# (risky during incidents)\n\n# Send HTTP requests to running systems\ncurl -X POST /rdcp/v1/control \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"action\":\"enable\",\"categories\":[\"DATABASE\"],\"options\":{\"temporary\":true,\"duration\":\"5m\"}}'\n```\n\nDebug output activates immediately, provides operational visibility, then automatically disables after 5 minutes.\n\n---\n\n## Enterprise Infrastructure Features\n\n### Multi-Tier Authentication\n\n- Basic: API key authentication for internal systems\n- Standard: JWT with scope-based authorization for SaaS platforms\n- Enterprise: mTLS certificate validation with optional JWT context\n\nSee Authentication Setup: https://github.com/mojoatomic/rdcp/wiki/Authentication-Setup\n\n### Multi-Tenant Operational Isolation\n\nComplete separation of operational state per customer. Customer A's changes cannot affect Customer B's behavior.\n\n```bash\ncurl -X POST /rdcp/v1/control \\\n  -H \"X-RDCP-Tenant-ID: customer-123\" \\\n  -H \"Authorization: Bearer $JWT_WITH_TENANT_SCOPE\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"action\":\"enable\",\"categories\":[\"API_ROUTES\"],\"temporary\":\"30m\"}'\n```\n\n### Production-Grade Reliability\n\n- Token bucket rate limiting prevents operational abuse (standard RateLimit headers)\n- TTL automatic cleanup prevents debug categories staying enabled\n- Comprehensive audit trails meet regulatory compliance requirements\n- JWKS infrastructure with strong ETag and 304 revalidation\n\n---\n\n## Quick imports from @rdcp.dev/core\n\nUse these imports to access protocol constants and shared definitions from the core package:\n\n```ts path=null start=null\nimport { PROTOCOL_VERSION, RDCP_PATHS } from '@rdcp.dev/core'\nimport { RDCP_ERROR_CODES } from '@rdcp.dev/core'\n// If exported in your version of core:\n// import { controlRequestSchema } from '@rdcp.dev/core'\n```\n\n## Framework Integration\n\n### Express.js\n\n```javascript\nconst express = require('express')\nconst { adapters, auth } = require('@rdcp.dev/server')\n\nconst app = express()\napp.use(express.json())\n\n// Enterprise-grade operational control in 3 lines\nconst rdcpMiddleware = adapters.express.createRDCPMiddleware({\n  authenticator: auth.validateRDCPAuth\n})\napp.use(rdcpMiddleware)\n\napp.listen(3000)\n```\n\nOperational endpoints are immediately available:\n- GET `/.well-known/rdcp` — Protocol discovery\n- POST `/rdcp/v1/control` — Runtime operational control\n- GET `/rdcp/v1/status` — Current operational state\n- GET `/rdcp/v1/health` — Health checks\n\n### Multi-Framework Support\n\nConsistent behavior across Express, Fastify, and Koa\n\n```javascript\n// Fastify\nfastify.register(adapters.fastify.createRDCPPlugin({\n  authenticator: auth.validateRDCPAuth\n}))\n\n// Koa\napp.use(adapters.koa.createRDCPMiddleware({\n  authenticator: auth.validateRDCPAuth\n}))\n```\n\n---\n\n## Enterprise Authentication\n\n### JWT with Tenant-Scoped Authorization (example)\n\n```javascript\nconst jwt = require('jsonwebtoken')\n\nconst jwtAuthenticator = async (req) =\u003e {\n  const token = req.headers['authorization']?.replace('Bearer ', '')\n  try {\n    const decoded = jwt.verify(token, process.env.JWT_SECRET)\n\n    // Global operational control\n    if (decoded.scopes?.includes('control')) return true\n\n    // Tenant-specific operational control\n    const tenantId = req.headers['x-rdcp-tenant-id']\n    return decoded.scopes?.includes(`control:${tenantId}`)\n  } catch {\n    return false\n  }\n}\n```\n\n### mTLS Certificate Validation (example)\n\n```javascript\nconst enterpriseAuth = async (req) =\u003e {\n  const cert = req.connection.getPeerCertificate()\n  const allowed = process.env.RDCP_ALLOWED_CERT_SUBJECTS?.split(',') || []\n  return allowed.some(subject =\u003e cert.subject?.CN?.includes(subject))\n}\n```\n\n### JWKS Infrastructure\n\nSee also: [JWKS Cache Stores (Production Patterns)](docs/jwks-cache-stores.md)\n\nRDCP ships a lightweight JWKS client with caching and ETag revalidation.\n\n- TTL cache: set `ttlMs` to serve from memory without network while fresh\n- ETag revalidation: when `ttlMs` is not set, client uses `If-None-Match` and returns cached body on `304`\n- Inflight dedupe: concurrent requests for the same `(url + etag)` share one network call\n- Persisted cache (optional): set `cachePath` to enable file-backed cache across process restarts\n- Background refresh: when nearing expiry, a non-blocking refresh is triggered (configurable via `refreshThresholdMs`)\n\n```javascript\nimport { createJwksFetcher } from '@rdcp.dev/server'\n\n// In-memory TTL + persisted cache + background refresh\nconst jwks = createJwksFetcher({\n  ttlMs: 60_000,             // serve from cache for up to 60s\n  cachePath: '.rdcp-cache',  // enable file-backed cache\n  refreshThresholdMs: 10_000 // preemptive refresh when \u003c10s remain\n})\n\nconst res = await jwks.fetch('https://issuer.example.com')\n// res: { jwks, etag?, fromCache }\n```\n\n```javascript\nconst { createJwksFetcher } = require('@rdcp.dev/server')\n\n// Enterprise JWKS client with caching and rotation support\nconst jwksFetcher = createJwksFetcher({ ttlMs: 30000 })\nconst result = await jwksFetcher.fetch('https://idp.example.com/.well-known/jwks.json')\n\n// Automatic ETag-based revalidation and key rotation handling\nconsole.log(`Keys: ${result.jwks.keys.length}, From Cache: ${result.fromCache}`)\n```\n\n#### Platform snippets\n\n- File cache (persisted across restarts)\n\n```javascript\nimport { createJwksFetcher } from '@rdcp.dev/server'\nconst jwks = createJwksFetcher({ cachePath: '.rdcp-cache', ttlMs: 60000 })\n```\n\n- Custom Redis store (see docs/jwks-cache-stores.md for implementation)\n\n```javascript\nimport { createJwksFetcher } from '@rdcp.dev/server'\n// Pass your Redis-backed store instance\nconst jwks = createJwksFetcher({ cache: new RedisJwksCache(redis), ttlMs: 60000 })\n```\n\n- DynamoDB store (see docs/jwks-cache-stores.md)\n\n```javascript\nimport { createJwksFetcher } from '@rdcp.dev/server'\nconst jwks = createJwksFetcher({ cache: new DynamoJwksCache(dynamoClient, 'rdcp-jwks-cache') })\n```\n\n- Vercel KV (edge/runtime) (see docs/jwks-cache-stores.md)\n\n```javascript\nimport { createJwksFetcher } from '@rdcp.dev/server'\nconst jwks = createJwksFetcher({ cache: new VercelKVCache() })\n```\n\n\u003e OpenTelemetry plugin (optional)\n\u003e\n\u003e - npm: [@rdcp.dev/otel-plugin](https://www.npmjs.com/package/@rdcp.dev/otel-plugin)\n\u003e - Docs: [OpenTelemetry Integration](https://github.com/mojoatomic/rdcp/wiki/OpenTelemetry-Integration-Roadmap)\n\n### Getting started with the plugin\n\n- Install (peer dep required):\n\n```bash\nnpm install @rdcp.dev/otel-plugin @opentelemetry/api\n```\n\n- Enable correlation in your app:\n\n```javascript\nimport { setupRDCPWithOpenTelemetry } from '@rdcp.dev/otel-plugin'\n\n// One line to enable RDCP trace correlation using active OpenTelemetry spans\nsetupRDCPWithOpenTelemetry()\n```\n\n- Optional configuration:\n\n```javascript\nimport { setupRDCPWithOpenTelemetry } from '@rdcp.dev/otel-plugin'\n\nsetupRDCPWithOpenTelemetry({\n  enableBaggage: true // include OpenTelemetry baggage in RDCP logs\n})\n```\n\n#### Verify it’s working (dev)\n\n```javascript\nimport { NodeSDK } from '@opentelemetry/sdk-node'\nimport { trace } from '@opentelemetry/api'\nimport { setupRDCPWithOpenTelemetry } from '@rdcp.dev/otel-plugin'\nimport { enableDebugCategories, debug } from '@rdcp.dev/server'\n\n// Start a minimal OpenTelemetry SDK (dev verification)\nconst sdk = new NodeSDK()\nawait sdk.start()\n\n// Enable RDCP ↔ OTel correlation\nsetupRDCPWithOpenTelemetry()\n\n// Turn on a debug category so logs emit\nenableDebugCategories(['DATABASE'])\n\n// Create an active span and emit a RDCP debug log\ntrace.getTracer('verify').startActiveSpan('sample-span', span =\u003e {\n  debug.database('Query executed', { sql: 'SELECT 1' })\n  span.end()\n})\n\n// Expected console output includes a trace suffix like:\n// 🔌 [DB] [trace:90abcdef] Query executed [ { sql: 'SELECT 1' } ]\n```\n\nTroubleshooting\n- Ensure a tracer provider is initialized before calling setupRDCPWithOpenTelemetry (e.g., NodeSDK.start() or your own provider setup)\n- Make sure a debug category is enabled (e.g., enableDebugCategories(['DATABASE'])) so logs emit\n- Check console output for the [trace:xxxxxxxx] suffix; if missing, verify your OpenTelemetry span is active\n- In production, confirm your exporter setup (OTLP/HTTP, etc.) and that traces appear in your backend\n\nQuickstart and examples:\n- Overview: https://github.com/mojoatomic/rdcp/wiki/examples/opentelemetry/Overview.md\n- Framework Examples: https://github.com/mojoatomic/rdcp/wiki/examples/opentelemetry/Framework-Examples.md\n- Backend Configurations: https://github.com/mojoatomic/rdcp/wiki/examples/opentelemetry/Backend-Configurations.md\n\n---\n\n## Operational Control Examples\n\n### Incident Response Workflow\n\n```bash\n# 1. Incident detected - need database query visibility\ncurl -X POST /rdcp/v1/control \\\n  -H \"Authorization: Bearer $JWT_TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"action\":\"enable\",\"categories\":[\"DATABASE\",\"QUERIES\"],\"temporary\":\"15m\"}'\n\n# 2. Debug output immediately available in logs\n# Application now logs all database queries for 15 minutes\n\n# 3. Root cause identified - disable to prevent log noise\ncurl -X POST /rdcp/v1/control \\\n  -H \"Authorization: Bearer $JWT_TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"action\":\"disable\",\"categories\":[\"DATABASE\",\"QUERIES\"]}'\n```\n\n### Customer-Specific Debugging\n\n```bash\ncurl -X POST /rdcp/v1/tenants/customer-123/control \\\n  -H \"Authorization: Bearer $TENANT_SCOPED_JWT\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"action\":\"enable\",\"categories\":[\"API_ROUTES\"],\"temporary\":\"30m\"}'\n```\n\n### Audit Trail Verification\n\n```bash\n# All operational changes automatically logged for compliance\ncurl -H \"Authorization: Bearer $JWT_TOKEN\" /rdcp/v1/audit\n```\n\n---\n\n## Installation and Setup\n\n### Install\n\n```bash\nnpm install @rdcp.dev/server\n```\n\n### Environment Configuration\n\n```bash\n# Required: 32+ character API key for production security\nexport RDCP_API_KEY=\"your-production-ready-32-plus-character-api-key\"\n\n# Optional: JWT configuration for Standard/Enterprise levels\nexport JWT_SECRET=\"your-jwt-signing-secret\"\nexport JWT_ISSUER=\"your-organization\"\nexport JWT_AUDIENCE=\"rdcp-services\"\n\n# Optional: mTLS configuration for Enterprise level\nexport RDCP_TRUSTED_CA_FINGERPRINTS=\"sha256:abcd1234...\"\nexport RDCP_ALLOWED_CERT_SUBJECTS=\"rdcp-client,ops-team\"\n```\n\n### Complete Configuration\n\n```javascript\nconst rdcpMiddleware = adapters.express.createRDCPMiddleware({\n  // Authentication (required)\n  authenticator: auth.validateRDCPAuth,\n\n  // Debug categories (optional)\n  debugConfig: {\n    DATABASE: false,\n    API_ROUTES: true,\n    QUERIES: false,\n    REPORTS: false,\n    CACHE: false\n  },\n\n  // Enterprise capabilities (optional)\n  capabilities: {\n    // Multi-tenant isolation\n    multiTenant: {\n      enabled: true,\n      isolation: 'organization'\n    },\n\n    // Rate limiting\n    rateLimit: {\n      enabled: true,\n      maxRequests: 100,\n      windowMs: 60000,\n      headers: true\n    },\n\n    // Audit logging\n    audit: {\n      enabled: true,\n      sink: 'file',\n      sampling: 1.0,\n      redaction: ['password', 'token']\n    },\n\n    // TTL automatic cleanup\n    ttl: {\n      enabled: true,\n      maxDuration: '1h',\n      defaultDuration: '15m'\n    }\n  }\n})\n```\n\n---\n\n## Protocol Endpoints\n\n### Discovery and Status\n\n```bash\n# Protocol discovery (no authentication required)\nGET /.well-known/rdcp\n\n# System status and active debug categories\nGET /rdcp/v1/status\n\n# Health check for load balancers\nGET /rdcp/v1/health\n```\n\n### Operational Control\n\n```bash\n# Enable debug categories\nPOST /rdcp/v1/control\n{\n  \"action\": \"enable\",\n  \"categories\": [\"DATABASE\", \"API_ROUTES\"],\n  \"options\": {\n    \"temporary\": true,\n    \"duration\": \"30m\"\n  }\n}\n\n# Disable debug categories\nPOST /rdcp/v1/control\n{\n  \"action\": \"disable\",\n  \"categories\": [\"QUERIES\"]\n}\n\n# Reset all categories to disabled\nPOST /rdcp/v1/control\n{\n  \"action\": \"reset\"\n}\n```\n\n### Multi-Tenant Operations\n\n```bash\n# Tenant-specific operational control\nGET /rdcp/v1/tenants/{tenantId}/status\nPOST /rdcp/v1/tenants/{tenantId}/control\n```\n\n---\n\n## Client SDK\n\nConsume RDCP endpoints from other services:\n\n```javascript\nconst { RDCPClient } = require('@rdcp.dev/server/client')\n\nconst client = new RDCPClient({\n  baseUrl: 'https://your-service.com',\n  auth: { type: 'jwt', token: 'your-jwt-token' }\n})\n\nawait client.enable(['DATABASE', 'API_ROUTES'])\nawait client.disable(['QUERIES'])\nawait client.status()\n```\n\n---\n\n## Enterprise Deployment\n\n### Kubernetes Integration (example)\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: rdcp-enabled-service\nspec:\n  template:\n    spec:\n      containers:\n      - name: app\n        env:\n        - name: RDCP_API_KEY\n          valueFrom:\n            secretKeyRef:\n              name: rdcp-secrets\n              key: api-key\n        - name: JWT_SECRET\n          valueFrom:\n            secretKeyRef:\n              name: rdcp-secrets\n              key: jwt-secret\n```\n\n### Load Balancer Health Checks\n\n```bash\nGET /rdcp/v1/health\n```\n\n---\n\n## Protocol Compliance\n\nRDCP v1.0 specification compliance validated through 220+ automated tests:\n\n- Authentication across all security levels\n- Multi-tenant isolation validation\n- Rate limiting and audit trail testing\n- Error handling and protocol response formats\n- Cross-framework compatibility\n\nSee Protocol Compliance Report: https://github.com/mojoatomic/rdcp/blob/main/PROTOCOL-COMPLIANCE-REPORT.md\n\n---\n\n## Why Operational Control Infrastructure Matters\n\n- For Infrastructure Teams: Immediate operational changes without deployment risk\n- For SaaS Platforms: Customer-specific debugging without affecting other tenants\n- For Compliance: Complete audit trails of operational changes\n- For Incidents: Debug visibility in seconds, not deployment cycles\n\nThis represents new infrastructure capability—not an incremental improvement to existing tools.\n\n---\n\n## Requirements\n\n- Node.js \u003e= 18\n- Express 4.18+, Fastify 4.x+, Koa 2.x\n\n---\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE) for details.\n\n---\n\n## Git submodules\n\nThis repository uses two Git submodules:\n- .wiki-edit — working copy of the RDCP GitHub Wiki (mojoatomic/rdcp.wiki)\n- protocol — RDCP protocol specification (mojoatomic/rdcp-protocol)\n\nAfter cloning or after pulling main, initialize and sync submodules:\n\n```bash\ngit submodule sync --recursive\ngit submodule update --init --recursive\n```\n\n---\n\n## Documentation\n\n- Installation: https://github.com/mojoatomic/rdcp/wiki/Installation\n- Basic Usage: https://github.com/mojoatomic/rdcp/wiki/Basic-Usage\n- Authentication Setup: https://github.com/mojoatomic/rdcp/wiki/Authentication-Setup\n- JWKS Integration (wiki): https://github.com/mojoatomic/rdcp/wiki/JWKS\n- JWKS Client Quickstart (repo): docs/jwks-client.md\n- JWKS Cache Stores (repo): docs/jwks-cache-stores.md\n- Protocol schemas: https://github.com/mojoatomic/rdcp-protocol/blob/main/protocol-schemas.md\n- Protocol error codes: https://github.com/mojoatomic/rdcp-protocol/blob/main/error-codes.md\n- Core package boundaries (repo): docs/core-package-boundaries.md\n- Rate Limiting: https://github.com/mojoatomic/rdcp/wiki/Rate-Limiting\n- API Reference: https://github.com/mojoatomic/rdcp/wiki/API-Reference\n- OpenTelemetry Plugin: https://github.com/mojoatomic/rdcp/wiki/OpenTelemetry-Integration-Roadmap\n\n---\n\n## Maintainers\n\n- Wiki source of truth: the separate GitHub Wiki repo. Use the local `.wiki-edit` working copy (tracks https://github.com/mojoatomic/rdcp.wiki.git) to edit wiki pages.\n- Workflow: make changes in `.wiki-edit/`, commit (use single-quoted messages), and `git push origin master` to publish the wiki.\n- Do not create a `wiki/` folder in this repo (removed to prevent drift). The main repo's `context7.json` indexes `docs/` only; the wiki has its own `context7.json`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmojoatomic%2Frdcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmojoatomic%2Frdcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmojoatomic%2Frdcp/lists"}