improve: code clean up

Author: evansims

CONTRIBUTING.md

@@ -1,51 +1,42 @@
 # Contributing to InferaDB
 
-Thank you for your interest in contributing to [InferaDB](https://inferadb.com)! We welcome contributions from the community and are grateful for any help you can provide.
+We welcome contributions! By participating, you agree to uphold the [Code of Conduct](CODE_OF_CONDUCT.md).
 
-## Code of Conduct
+## Reporting Issues
 
-This project and everyone participating in it is governed by the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. Please report unacceptable behavior to [open@inferadb.com](mailto:open@inferadb.com).
+- **Bugs**: Search existing issues first. Include version, steps to reproduce, expected vs actual behavior.
+- **Features**: Describe the use case and proposed solution.
+- **Security**: Email [security@inferadb.com](mailto:security@inferadb.com) — do not open public issues.
 
-## How to Contribute
+## Pull Requests
 
-### Reporting Issues
+1. Fork and branch from `main`
+2. Run `just ci` to verify tests, linting, and formatting pass
+3. Follow [Conventional Commits](https://www.conventionalcommits.org/) for commit messages
+4. Update documentation if changing public APIs
+5. Submit PR with clear description
 
-- **Bug Reports**: Search existing issues first to avoid duplicates. Include version information, steps to reproduce, expected vs actual behavior, and relevant logs.
-- **Feature Requests**: Describe the use case, proposed solution, and alternatives considered.
-- **Security Issues**: Do **not** open public issues for security vulnerabilities. Instead, email [security@inferadb.com](mailto:security@inferadb.com).
+## Development
 
-### Pull Requests
+```bash
+mise trust && mise install  # Setup tooling
+just ci                     # Run all checks before submitting
+```
 
-1. **Fork the repository** and create your branch from `main`
-2. **Follow the development workflow** documented in the repository's [README.md](README.md)
-3. **Write clear commit messages** following [Conventional Commits](https://www.conventionalcommits.org/)
-4. **Ensure all tests pass** before submitting
-5. **Update documentation** if your changes affect public APIs or user-facing behavior
-6. **Submit a pull request** with a clear description of your changes
-
-### Development Setup
-
-Each repository has its own development setup and workflow. See the repository's [README.md](README.md) for prerequisites, build commands, and development workflow.
+See [README.md](README.md) for full development setup.
 
 ## Review Process
 
-1. **Automated Checks**: CI will run tests, linters, and formatters
-2. **Peer Review**: At least one maintainer will review your contribution
-3. **Feedback**: Address any review comments
-4. **Approval**: Once approved, a maintainer will merge your contribution
+1. CI runs automated checks
+2. Maintainer reviews code
+3. Address feedback
+4. Maintainer merges on approval
 
 ## License
 
-By contributing to [InferaDB](https://github.com/inferadb), you agree that your contributions will be dual-licensed under:
-
-- [Apache License, Version 2.0](LICENSE-APACHE)
-- [MIT License](LICENSE-MIT)
+Contributions are dual-licensed under [MIT](LICENSE-MIT) and [Apache 2.0](LICENSE-APACHE).
 
 ## Questions?
 
-If you have questions or need help:
-
-- Join our [Discord server](https://discord.gg/inferadb) to chat with the community
-- Email us at [open@inferadb.com](mailto:open@inferadb.com)
-
-Thank you for helping make InferaDB better!
+- [Discord](https://discord.gg/inferadb)
+- [open@inferadb.com](mailto:open@inferadb.com)

README.md

@@ -21,25 +21,10 @@ mise trust && mise install
 cargo run --bin inferadb-control
 ```
 
-Register and login:
-
-```bash
-# Register
-curl -X POST http://localhost:9090/v1/auth/register \
-  -H "Content-Type: application/json" \
-  -d '{"email": "alice@example.com", "password": "securepass123", "name": "Alice"}'
-
-# Login
-curl -X POST http://localhost:9090/v1/auth/login/password \
-  -H "Content-Type: application/json" \
-  -d '{"email": "alice@example.com", "password": "securepass123"}'
-```
-
 | Endpoint | URL                             |
 | -------- | ------------------------------- |
 | REST API | `http://localhost:9090`         |
 | gRPC API | `http://localhost:9091`         |
-| Mesh API | `http://localhost:9092`         |
 | Health   | `http://localhost:9090/healthz` |
 | Metrics  | `http://localhost:9090/metrics` |
 
@@ -53,18 +38,6 @@ curl -X POST http://localhost:9090/v1/auth/login/password \
 | **Client Auth**      | Ed25519 certificates, JWT assertions         |
 | **Token Issuance**   | Vault-scoped JWTs for Engine API             |
 
-## Key Concepts
-
-| Entity       | Description                                   |
-| ------------ | --------------------------------------------- |
-| User         | Account with auth methods (password, passkey) |
-| Organization | Workspace with members and roles              |
-| Vault        | Authorization policy container                |
-| Client       | Service identity with Ed25519 certs           |
-| Team         | Group-based vault access                      |
-
-**Auth Flow:** User → Session → Vault access → JWT → Engine API
-
 ## Architecture
 
 ```mermaid
@@ -78,84 +51,48 @@ graph TD
     SharedStorage --> Memory[(Memory)]
     SharedStorage --> StorageLedger[inferadb-storage-ledger]
     StorageLedger --> Ledger[(InferaDB Ledger)]
-    Core --> Engine[inferadb-control-engine-client]
 ```
 
-| Crate                          | Purpose                        |
-| ------------------------------ | ------------------------------ |
-| inferadb-control               | Binary entrypoint              |
-| inferadb-control-api           | REST/gRPC handlers             |
-| inferadb-control-config        | Configuration loading          |
-| inferadb-control-const         | Shared constants               |
-| inferadb-control-core          | Business logic, entities       |
-| inferadb-control-storage       | Repositories + storage factory |
-| inferadb-control-types         | Shared type definitions        |
-| inferadb-control-engine-client | Engine API client              |
-
-### Shared Storage Crates
-
-| Crate                   | Purpose                                      |
-| ----------------------- | -------------------------------------------- |
-| inferadb-storage        | Generic StorageBackend trait + MemoryBackend |
-| inferadb-storage-ledger | Ledger-backed StorageBackend implementation  |
+| Crate                    | Purpose                        |
+| ------------------------ | ------------------------------ |
+| inferadb-control         | Binary entrypoint              |
+| inferadb-control-api     | REST/gRPC handlers             |
+| inferadb-control-config  | Configuration loading          |
+| inferadb-control-const   | Shared constants               |
+| inferadb-control-core    | Business logic, entities       |
+| inferadb-control-storage | Repositories + storage factory |
+| inferadb-control-types   | Shared type definitions        |
 
 ## Configuration
 
-```yaml
-control:
-  listen:
-    http: "0.0.0.0:9090"
-    grpc: "0.0.0.0:9091"
-    mesh: "0.0.0.0:9092"
-
-  # Storage: "memory" (dev) or "ledger" (production)
-  storage: "ledger"
-
-  # Ledger configuration (requires --features ledger)
-  ledger:
-    endpoint: "http://ledger.inferadb:50051"
-    client_id: "control-prod-001"
-    namespace_id: 1
-    vault_id: 1 # optional
-
-  webauthn:
-    party: "localhost"
-    origin: "http://localhost:9090"
-```
-
-### Environment Variables
-
 Environment variables use `INFERADB_CTRL__` prefix with double underscores for nesting:
 
-| Variable                              | Description                | Example               |
-| ------------------------------------- | -------------------------- | --------------------- |
-| `INFERADB_CTRL__LISTEN__HTTP`         | HTTP listen address        | `0.0.0.0:9090`        |
-| `INFERADB_CTRL__STORAGE`              | Storage backend            | `ledger`              |
-| `INFERADB_CTRL__LEDGER__ENDPOINT`     | Ledger server URL          | `http://ledger:50051` |
-| `INFERADB_CTRL__LEDGER__CLIENT_ID`    | Client ID for idempotency  | `control-001`         |
-| `INFERADB_CTRL__LEDGER__NAMESPACE_ID` | Namespace for data scoping | `1`                   |
-| `INFERADB_CTRL__LEDGER__VAULT_ID`     | Vault for finer scoping    | `1`                   |
+| Variable                              | Description                                   |
+| ------------------------------------- | --------------------------------------------- |
+| `INFERADB_CTRL__LISTEN__HTTP`         | HTTP listen address (default: `0.0.0.0:9090`) |
+| `INFERADB_CTRL__STORAGE`              | Storage backend: `memory` or `ledger`         |
+| `INFERADB_CTRL__LEDGER__ENDPOINT`     | Ledger server URL                             |
+| `INFERADB_CTRL__LEDGER__CLIENT_ID`    | Client ID for idempotency                     |
+| `INFERADB_CTRL__LEDGER__NAMESPACE_ID` | Namespace for data scoping                    |
 
 See [config.yaml](config.yaml) for all options.
 
 ## Development
 
 ```bash
-# Setup (one-time)
+# Setup
 mise trust && mise install
 
-# Run the control plane
-cargo run --bin inferadb-control
-
-# Run tests
-cargo test --all-targets
+# Common tasks (requires just)
+just test      # Run tests
+just lint      # Run clippy
+just fmt       # Format code
+just ci        # Run all checks
 
-# Format and lint
+# Manual commands
+cargo nextest run
+cargo +1.92 clippy --workspace --all-targets -- -D warnings
 cargo +nightly fmt --all
-cargo clippy --workspace --all-targets --all-features -- -D warnings
-
-# Build release
-cargo build --release
 ```
 
 ## Deployment
@@ -166,19 +103,17 @@ cargo build --release
 docker run -p 9090:9090 inferadb/control:latest
 ```
 
-### Kubernetes (Helm)
+### Kubernetes
 
 ```bash
 helm install inferadb-control ./helm \
   --namespace inferadb \
   --create-namespace \
   --set config.storage=ledger \
-  --set config.ledger.endpoint=http://ledger.inferadb:50051 \
-  --set config.webauthn.party=example.com \
-  --set config.webauthn.origin=https://app.example.com
+  --set config.ledger.endpoint=http://ledger.inferadb:50051
 ```
 
-See [helm/README.md](helm/README.md) for full configuration options.
+See [helm/README.md](helm/README.md) for configuration options.
 
 ## Documentation
 
@@ -191,7 +126,7 @@ See [helm/README.md](helm/README.md) for full configuration options.
 
 ## Community
 
-Join us on [Discord](https://discord.gg/inferadb) for questions, discussions, and contributions.
+Join us on [Discord](https://discord.gg/inferadb) for questions and discussions.
 
 ## License
 

crates/inferadb-control-config/src/lib.rs

@@ -204,7 +204,7 @@ pub struct WebAuthnConfig {
     pub party: String,
 
     /// Origin URL for WebAuthn
-    /// e.g., "https://app.inferadb.com" or "http://localhost:3000"
+    /// e.g., `https://app.inferadb.com` or `http://localhost:3000`
     #[serde(default = "default_webauthn_origin")]
     #[builder(default = "http://localhost:3000".to_string())]
     pub origin: String,
@@ -315,7 +315,7 @@ impl Default for LimitsConfig {
 #[builder(on(String, into))]
 pub struct FrontendConfig {
     /// Base URL for email links (verification, password reset)
-    /// Example: "https://app.inferadb.com" or "http://localhost:3000"
+    /// Example: `https://app.inferadb.com` or `http://localhost:3000`
     #[serde(default = "default_frontend_url")]
     #[builder(default = "http://localhost:3000".to_string())]
     pub url: String,
@@ -352,7 +352,7 @@ impl Default for WebhookConfig {
 #[builder(on(String, into))]
 pub struct LedgerConfig {
     /// Ledger server endpoint URL
-    /// e.g., "http://localhost:50051" or "https://ledger.inferadb.com:50051"
+    /// e.g., `http://localhost:50051` or `https://ledger.inferadb.com:50051`
     pub endpoint: Option<String>,
 
     /// Client ID for idempotency tracking

crates/inferadb-control-core/src/jobs.rs

@@ -243,9 +243,11 @@ impl<S: StorageBackend + Clone + Send + Sync + 'static> BackgroundJobs<S> {
     }
 
     /// Cleanup expired email verification and password reset tokens
+    ///
+    /// Token cleanup is handled by TTL on the storage layer, so this method
+    /// is intentionally a no-op. The storage backend automatically expires
+    /// tokens based on their TTL settings.
     async fn cleanup_expired_tokens(_storage: S) -> Result<()> {
-        // Token cleanup is handled by TTL on the storage layer
-        // This is a placeholder for future detailed cleanup if needed
         tracing::debug!("Token cleanup skipped (TTL-based expiry in storage layer)");
         Ok(())
     }

crates/inferadb-control-core/src/jwt.rs

@@ -20,7 +20,7 @@ use crate::crypto::PrivateKeyEncryptor;
 /// Format matches the Engine specification.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct VaultTokenClaims {
-    /// Issuer: Management API URL (https://api.inferadb.com)
+    /// Issuer: Management API URL (<https://api.inferadb.com>)
     pub iss: String,
     /// Subject: Format "client:<client_id>" for service accounts
     pub sub: String,

crates/inferadb-control-core/src/repository/audit_log.rs

@@ -5,7 +5,7 @@ use inferadb_control_types::{
     error::{Error, Result},
 };
 
-const PREFIX_AUDIT_LOG: &[u8] = b"audit_log:";
+const PREFIX_AUDIT_LOG: &str = "audit_log:";
 
 /// Query filters for audit logs
 #[derive(Debug, Clone, Default)]
@@ -72,8 +72,7 @@ impl<S: StorageBackend> AuditLogRepository<S> {
         // This is a simplified implementation that scans all logs
         // In a real implementation, we would use a secondary index on organization_id + created_at
 
-        let prefix = format!("{}{}", String::from_utf8_lossy(PREFIX_AUDIT_LOG), "");
-        let start_key = prefix.as_bytes().to_vec();
+        let start_key = PREFIX_AUDIT_LOG.as_bytes().to_vec();
         let end_key = {
             let mut key = start_key.clone();
             key.push(0xFF);
@@ -129,8 +128,7 @@ impl<S: StorageBackend> AuditLogRepository<S> {
     ///
     /// Returns the number of logs deleted
     pub async fn delete_older_than(&self, cutoff_date: DateTime<Utc>) -> Result<usize> {
-        let prefix = format!("{}{}", String::from_utf8_lossy(PREFIX_AUDIT_LOG), "");
-        let start_key = prefix.as_bytes().to_vec();
+        let start_key = PREFIX_AUDIT_LOG.as_bytes().to_vec();
         let end_key = {
             let mut key = start_key.clone();
             key.push(0xFF);
@@ -161,7 +159,7 @@ impl<S: StorageBackend> AuditLogRepository<S> {
     }
 
     fn key(id: i64) -> Vec<u8> {
-        format!("{}{}", String::from_utf8_lossy(PREFIX_AUDIT_LOG), id).into_bytes()
+        format!("{PREFIX_AUDIT_LOG}{id}").into_bytes()
     }
 }