Skip to main content

cpex_session_valkey/
lib.rs

1// Location: ./builtins/session/valkey/src/lib.rs
2// Copyright 2026
3// SPDX-License-Identifier: Apache-2.0
4// Authors: Fred Araujo
5//
6// cpex-session-valkey — a Valkey-backed `apl_cpex::SessionStore` for
7// distributed, cross-restart persistence of session security labels.
8//
9// # Where this sits
10//
11//   apl-cpex (SessionStore trait, SessionStoreFactory)
12//        ▲
13//        │ implements
14//   cpex-session-valkey  ──uses──▶  redis-rs + deadpool-redis (rustls)
15//
16// The host registers `ValkeySessionStoreFactory` via
17// `AplOptions.session_store_factories`; a `global.apl.session_store:
18// { kind: valkey, ... }` block then selects it during config load. When
19// no such block is present, apl-cpex keeps its default in-process
20// `MemorySessionStore`, so this crate is entirely opt-in.
21//
22// # Design invariants (carried from the requirements/plan)
23//
24//   - Fail-closed: any backend error (unreachable, timeout, undecodable)
25//     becomes `SessionStoreError`; only a confirmed key-miss is empty.
26//   - Atomic union: `append_labels` is a single server-side `SADD`.
27//   - Primary-only: a single endpoint, no replica read-splitting.
28//   - TLS required off-localhost; `noeviction` is an operator runbook
29//     concern the client can only warn about.
30//
31// The connection layer is kept internal (no public reusable API): the
32// planned OAuth token cache is the trigger to extract a shared layer
33// later, shaped by two real consumers.
34
35mod config;
36mod connection;
37mod error;
38mod factory;
39mod store;
40
41pub use config::ValkeyConfig;
42pub use error::BuildError;
43pub use factory::{ValkeySessionStoreFactory, KIND};
44pub use store::ValkeySessionStore;