bug: circuit breaker has no manual reset mechanism when auto_reset_after_minutes=0 #17
Description
Problem
circuit_breaker.lua supports auto_reset_after_minutes=0 to require manual reset, but there is no defined mechanism to perform that reset. The circuit breaker state lives in ngx.shared dict, and there is no API endpoint, SaaS signal handler, or CLI command to clear it.
An operator whose circuit breaker has tripped with manual-reset mode has no way to recover without restarting the nginx workers (which clears shared dict state) or deploying a new policy bundle.
Proposed fix
Define at least one manual reset path. Options:
- Add a reset endpoint (e.g.,
POST /v1/admin/circuit-breaker/reset) protected by the debug session secret. - Allow a SaaS control plane signal to trigger reset via
saas_client. - Document that bundle reload (bump
bundle_version) clears circuit breaker state as the intended reset mechanism — if that is actually the case.
Impact
Manual-reset circuit breakers are unusable in practice without an undocumented workaround.