feat: add monitored cache wrapper and use#915
Conversation
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
0fa0a5e to
b7021c7
Compare
There was a problem hiding this comment.
Pull request overview
Adds a shared LRU-cache wrapper with built-in telemetry (hits/misses/stale, evictions, occupancy) and applies it to previously unbounded tenant/JWKS caches, while also migrating existing JWT and S3-credentials caches to the same abstraction. This fits into the codebase by bounding memory growth of multi-tenant in-memory caches and making cache behavior observable via OTel + Grafana.
Changes:
- Introduce
@internal/cache(LRU wrapper + cache name constants) and new OTel cache metrics (cache_requests_total,cache_evictions_total,cache_entries,cache_size_bytes). - Replace tenant config/JWKS/JWT/S3-credentials cache implementations with bounded LRU caches + periodic stale purging.
- Add tests for eviction behavior and cache telemetry; extend Grafana dashboard with cache panels.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/internal/cache/adapter.ts | Defines cache adapter interfaces and lookup options (incl. recordMetrics). |
| src/internal/cache/lru.ts | Implements LRU wrapper that records request/eviction metrics and emits occupancy gauges. |
| src/internal/cache/names.ts | Adds typed cache-name constants used as metric labels. |
| src/internal/cache/index.ts | Exposes cache modules via a barrel export for @internal/cache. |
| src/internal/monitoring/metrics.ts | Registers new cache counters and observable gauges. |
| src/internal/database/tenant.ts | Replaces unbounded tenant config Map with bounded LRU + metric-aware lookups. |
| src/internal/auth/jwt.ts | Migrates JWT verification cache to the shared LRU wrapper. |
| src/internal/auth/jwks/manager.ts | Replaces unbounded tenant JWKS config Map with bounded LRU + metric-aware lookups. |
| src/storage/protocols/s3/credentials/manager.ts | Migrates S3 credentials cache to shared LRU wrapper; avoids truthy checks. |
| src/test/cache-metrics.test.ts | Adds unit tests for request/eviction/occupancy telemetry and stale purging behavior. |
| src/test/tenant.test.ts | Adds eviction + “logical lookup” cache-request metric tests for tenant config cache. |
| src/test/tenant-jwks.test.ts | Adds eviction test for tenant JWKS cache. |
| src/test/tenant-s3-credentials.test.ts | Adds eviction test for oversized cached credentials. |
| monitoring/grafana/dashboards/storage-otel.json | Adds a Cache row with panels for lookup rate, hit rate, evictions, entries, and size. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
b7021c7 to
3cae924
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 19 out of 20 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
3cae924 to
0f61926
Compare
ferhatelmas
changed the title
ferhatelmas
force-pushed
the
ferhat/cache
branch
2 times, most recently
from
b6e8d5b to
7693693
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 20 out of 21 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
7693693 to
fda035a
Compare
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
fda035a to
817ad49
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 22 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
817ad49 to
dec133b
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 22 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
dec133b to
2316d24
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 23 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
2316d24 to
5e61cc0
Compare
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
5e61cc0 to
dff2051
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 22 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
dff2051 to
97c0918
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 23 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
97c0918 to
be975c9
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
be975c9 to
2b2fd96
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
2b2fd96 to
36b8ac1
Compare
Pull Request Test Coverage Report for Build 23654229206Details
💛 - Coveralls |
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
36b8ac1 to
fee41c3
Compare
This comment has been minimized.
This comment has been minimized.
create an internal cache package with using adapter pattern to wrap LRU or TTL caches. use it for refactoring existing TTL pool cache and JWT/S3 creds LRU caches. use it also for tenant JWKs and configs as LRUs. add metrics and a few panels to show fix double destroy call in pool TTL cache fix caching jwt only by token for rotation Signed-off-by: ferhat elmas <elmas.ferhat@gmail.com>
ferhatelmas
force-pushed
the
ferhat/cache
branch
from
fee41c3 to
08f7448
Compare
What kind of change does this PR introduce?
Feature
What is the current behavior?
Tenant JWK and tenant config caches are bare maps so they can grow unbounded. There is no metrics to observe how much memory used or how many tenants are in memory, etc.
What is the new behavior?
Add a cache wrapper that uses adapter pattern to wrap LRU or TTL caches and emits metrics.
Refactor existing pool TTL cache and JWT/S3 creds LRU caches to this wrapper. Convert barebone maps of JWK and tenant configs to wrapper as well to prevent unbounded growth.
Additional context
To keep purge overhead predictable, each cache registers a periodic stale cleanup and also forces cleanup before metric reporting for accuracy.
This also fixes JWT cache for secret rotation and tenant poisoning because cache is checked first and cache key is token only (excluding tenant secret/jwks).
Tenant pool cache doesn't enable monitoring since it caches live objects with their own monitoring.
One test file is renamed for repo conventions.