axess-cache 0.2.0

DST-friendly local hot-path cache primitives for the axess auth library. All time-dependent decisions go through an injected `Clock` from the `axess-clock` crate, so TTL eviction is reproducible under MockClock. The flagship type, `ClockTtlCache`, is a TTL+LRU cache that replaces moka in any code path where DST or compliance forbids wall-clock internal timers.
Documentation

axess-cache

Version Status License

crates.io · docs.rs · GitHub

DST-friendly local hot-path cache primitives for Axess.

All time-dependent decisions go through an injected Clock from axess-clock, so TTL eviction is reproducible under MockClock; the cache layer doesn't fight the rest of the workspace's deterministic-simulation posture.

The flagship type is ClockTtlCache<K, V>; a TTL + LRU cache that replaces moka in any code path where DST or compliance forbids wall-clock background tasks. Used internally as the Cedar authz entity cache, but generic enough to wrap any adopter computation.

Usage

use axess_cache::ClockTtlCache;
use axess_clock::SystemClock;
use std::{sync::Arc, time::Duration};

let cache: ClockTtlCache<String, Vec<u8>> = ClockTtlCache::builder()
    .capacity(10_000)
    .ttl(Duration::from_secs(60))
    .clock(Arc::new(SystemClock))
    .build();

cache.put("key".into(), vec![1, 2, 3]);
let v = cache.get(&"key".to_string());

Features

  • TTL + LRU with bounded capacity.
  • Single-flight via OnceCell so concurrent misses for the same key share a single computation.
  • invalidate_by(predicate) for scoped invalidation (per-principal, per-tenant) without scanning the whole cache.
  • Snapshotted CacheStats (hits, misses, evictions, invalidations) for periodic metric flush.

Licence

Dual-licensed under MIT and Apache-2.0.