update dev notes for v0.17

dev_notes.md

@@ -2,35 +2,12 @@
 
 ## CURRENT WORK
 
+- JWK auto-rotate scheduler
+
 ## TODO v0.17
 
-The 0.17 release will be mostly about auditing and events, for instance things like "3 invalid login attempts from IP XY"
-
-### events
-
-task 'NATS events stream or maybe internal one' from the stage 2 todo
-
-- implement base foundation for sending events internally and just log them to console in first version
-- add the configurable option to persist events
-- create a new events section in the admin ui to watch for new ones and
-start with simple polling every few seconds first because of the HA_MODE problematic with SSE
-- implement an SSE endpoint for listening to events in real time
-    - for SI deployments with SQLite, this is a no-brainer -> just copy each event to the corresponding tx 
-    - for HA deployments:
-        - research sqlx + postgres + CDC to avoid additional deployment needs (or maybe just listen / notify? KISS?)
-        - if postgres does not work out nicely, think about using a NATS deployment for this task
-- switch the UI component to the SSE stream
-- add some way of configuring an email (or webhook, slack, ... ?) which gets messages depending on configured event level
-
-
-### other features (some may come with v0.18 depending on amount of work)
-
-- impl ApiKeyEntity in enc keys migrations
-- add a way of detecting brute force or DoS attempts from certain IPs
-- add an 'ip blacklist' feature
-- add 'alg' in well-known jwks
-- create an optional config to auto-blacklist IPs that have been detected doing brute force or DoS
-  think about the bigger picture here, maybe do this in 2 stages, like short block after 5 bad logins, 24h block after 10, ...
+- add a mechanism to detect DoS attempts
+- admin ui component for the new ApiKeys
 - admin ui component to show blacklisted IPs
 - maybe functionality to manually blacklist IPs?