stop caching guest jwks response

[ignaciojimenezr]

Why:

• Convex accepts our guest JWT when given the exact same JWKS inline as a data: URI, but rejects it when fetching the remote JWKS URL.
• The JWKS endpoint is currently publicly cacheable for 1 hour and goes through edge caches.
• This change makes both JWKS routes non-cacheable (Cache-Control: no-store) so remote verifiers always fetch fresh key material.

Files:

• server/routes/web/index.ts
• server/app.ts
• server/routes/web/tests/guest-jwks.test.ts

[chelojimenez]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b28c56ff-1003-4ec4-8479-40dfc225c5d4

📥 Commits

Reviewing files that changed from the base of the PR and between 38b3a26 and 688b4b5.

📒 Files selected for processing (3)

• mcpjam-inspector/server/app.ts
• mcpjam-inspector/server/routes/web/__tests__/guest-jwks.test.ts
• mcpjam-inspector/server/routes/web/index.ts

---

Walkthrough

The guest JWKS endpoint caching policy has been changed to disable all HTTP caching. The Cache-Control header was updated from "public, max-age=3600" to "no-store" in the route configuration. Corresponding test assertions and code comments were updated to reflect this revised behavior, ensuring the JWKS data is not cached by edge caches or clients.

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}