HydraCache
HydraCache is an embedded Rust cache toolkit for local caching, function memoization, and database result caching, with explicit invalidation and optional cluster synchronization.
Status
HydraCache is in early development. The current implementation provides the
local async cache runtime, observability snapshots, optional Axum actuator
routes, an in-process distributed invalidation bus, the first client/member
cluster API shape, plus the database result-cache adapters hydracache-db and
hydracache-sqlx.
Why HydraCache?
HydraCache is not trying to replace low-level cache engines, databases, or query processors. It is an application-facing cache layer for Rust services: start with a simple local cache or cached function, then grow toward database result caching and cluster-aware invalidation without adding a mandatory cache server.
Compared with using Moka directly, HydraCache adds a smaller product-shaped API: loader helpers, TTLs, tag invalidation, local single-flight, codec-backed storage, and lightweight stats in one place.
Compared with ORM-level caches, HydraCache keeps freshness explicit. Keys, tags, and invalidation are application-controlled instead of hidden behind a large persistence framework.
Compared with Redis-style caches, HydraCache is embedded and local-first. The first version needs no server, proxy, daemon, or network hop.
Compared with ReadySet or Noria-style query engines, HydraCache deliberately does not try to incrementally maintain SQL result graphs. It is a lightweight cache library first, with database-result caching implemented as opt-in adapter crates.
The long-term direction is:
simple local cache -> database result-cache adapter -> optional distributed synchronization
v0 Scope
The current v0 line includes:
- local async cache runtime
HydraCache::local()buildergetputget_or_loadget_or_insert_withtry_get_or_insert_withTypedCache<T>namespaced typed viewCacheKeyBuilderfor escaped segmented keysTagSetfor reusable invalidation tag groups- local single-flight miss deduplication
contains_key- per-entry TTL and default TTL
- tag-aware invalidation
- key invalidation
removeas a local-cache alias for key invalidationflushpostcardcodec overBytes- lightweight stats
- diagnostics snapshot for smoke-checking cache activity
- cache event subscriptions for mutations and opt-in access/load events
- in-process invalidation bus for synchronizing
invalidate_key,invalidate_tag,remove, andflushacross cache instances HydraCache::client()for application-side near-cache instances connected to a cluster runtimeHydraCache::member()for in-process cluster members that route invalidation intent and expose cluster diagnosticsInMemoryClusterfor tests, demos, and the first cluster API surface before real discovery/Raft transports are introducedInMemoryClusterDiscoveryfor recording discovered candidates and liveness events before authoritative membership admission- optional
hydracache-cluster-chitchatcrate for real chitchat-backed candidate discovery - optional
hydracache-cluster-raftcrate for a real raft-rs-backed metadata runtime - optional
hydracache-cluster-transport-axumcrate for real HTTP peer-fetch over encoded cache bytes - cluster diagnostics for role, node id, generation, epoch, bootstrap nodes, member/client counts, invalidation subscribers, ownership resolutions, and no-owner outcomes
- deterministic in-memory ownership resolver for admitted members
- transport-neutral peer-fetch API seam over encoded bytes
- framework-neutral observability registry
- optional read-only Axum actuator routes
- single-flight join stats
- tag-generation invalidation safety
- Moka-backed local storage
- database-neutral query result-cache descriptors
- SQLx helper methods:
fetch_one,fetch_optional, andfetch_all - database query ergonomics:
entity,collection,for_entity, andcollection_tag CacheEntitymetadata for domain-shaped database cache descriptorsHydraCacheEntityderive macro for generatingCacheEntityimplscacheable!macro for ordinary async function/result caching without DB adapter conceptscacheable_infallible!macro for ordinary async loaders that cannot failtags = [...]macro shorthand for attaching several invalidation tags at once
Out of scope for v0:
- SQL parsing or query-generation macros
- external invalidation transports such as Postgres LISTEN/NOTIFY, Redis, or NATS
- production multi-node Raft transport, durable metadata storage, ownership, routing, and failover decisions
- production value replication or remote owner-side query execution
- additional discovery adapters such as libp2p
- write-enabled actuator/admin endpoints
- persistence
Local Cache Quick Start
use Duration;
use ;
use ;
async
# async
This is the full-control API: you choose the key, tags, TTL, and loader. Cache hits return the decoded value immediately. Cache misses run the loader once per key under local single-flight, store the result, and share that result with concurrent callers.
Cacheable Function Macros
Use cacheable! when you want the same explicit cache boundary with less
boilerplate at ordinary async function call sites.
use ;
use ;
# async
Use cacheable_infallible! when the loader cannot fail and writing
Ok::<_, Error>(value) would be only ceremony:
use ;
# async
The macros are intentionally explicit. They do not discover a global cache,
generate keys from function arguments, or hide the loader. They only build
CacheOptions and call the existing runtime methods.
API Notes
get returns Ok(None) when the key is missing or expired.
get_or_load runs the loader on a miss and stores the loaded value with the provided CacheOptions.
get_or_insert_with is the short local-cache spelling for infallible async loaders.
try_get_or_insert_with is the fallible-loader spelling. It behaves the same as get_or_load.
For ordinary expensive async work, cacheable! is the compact macro form of
get_or_load. It stays local-cache focused: you still pass the cache, key, TTL,
tags, and loader explicitly, and it does not introduce database query metadata.
use ;
# async
When the loader captures request state, pool handles, or other non-Copy
values, prefer move || async move { ... }. cacheable! expands to
HydraCache::get_or_load, so the loader follows the same Send + 'static
bounds as the explicit API. cacheable_infallible! follows
get_or_insert_with and avoids the Ok::<_, Error>(...) wrapper for loaders
that cannot fail.
cacheable! supports both repeated tag = ... entries and a single
tags = ... expression. Prefer tags = [...] for simple lists and
tags = TagSet::new()... when the tags are built from the same domain metadata
as the key.
typed::<T>("namespace") creates a typed, namespaced view over the same cache. It
keeps the shared storage, stats, single-flight, tags, and invalidation safety,
but removes repeated type annotations at call sites and prefixes keys as
namespace:key.
CacheKeyBuilder builds escaped :-separated keys from segments. TagSet
collects reusable invalidation tags and can be attached with
CacheOptions::tag_set.
Concurrent get_or_load calls for the same missing key share one loader execution. Cache hits bypass single-flight entirely.
If a tag is invalidated while a tagged loader is still running, HydraCache skips storing that stale loader result. Callers after the invalidation start or join a fresh in-flight load instead of joining the stale one.
contains_key checks whether a key currently maps to a usable value. Expired entries are removed and reported as absent.
remove and invalidate_key both remove one key. remove is the shorter local-cache spelling; invalidate_key is kept for consistency with tag invalidation.
invalidate_tag removes all entries currently associated with the tag.
Use CacheOptions::tag("users") for one tag and CacheOptions::tags(["users", "user:42"]) for multiple tags.
stats returns lightweight counters for hits, misses, loads, single-flight joins, stale load discards, invalidations, evictions, published events, subscriber lag, distributed invalidation bus activity, and distributed bus health issues. Transport diagnostics include lag, decode errors, publish failures, and closed receivers. It also exposes helpers such as total_requests, hit_ratio, has_single_flight_activity, has_stale_load_discards, has_event_subscriber_lag, has_distributed_invalidation_activity, and has_distributed_invalidation_bus_issues. v0 does not wire backend eviction listeners yet, so evictions remains zero.
diagnostics().await returns a small smoke-test snapshot: the same stats plus the local backend's approximate entry count. It is useful for answering "did the second call hit the cache?" without wiring a metrics system.
How Do I Know It Works?
The fastest local check is to call the same cached operation twice, then inspect
cache.diagnostics(). The first call should miss and run the loader. The second
call should hit the cache and avoid the loader.
use ;
# async
Cache Events
Use HydraCache::subscribe when you want to observe cache behavior without
wrapping every call manually. Mutation and invalidation events are published
when subscribers exist. Hit/miss/load events are opt-in through
enable_access_events(true) because they can be high volume.
use ;
# async
For callback-style listeners, keep the returned handle alive while the listener should be active:
use ;
# async
For a temporary access trace:
use ;
# async
Typed cache views also provide scoped helpers:
use ;
# async
Subscribers use a bounded ring buffer. Slow subscribers may receive
CacheEventRecvError::Lagged, but cache operations never wait for listeners.
Event publication has a cheap preflight path. HydraCache builds owned event
payloads only when the event kind is enabled and at least one active subscriber
can receive it. This keeps ordinary cache calls from paying listener allocation
cost when no listener is installed. Mutation events only need a mutation/key/tag
subscriber; access events still require both a subscriber and
enable_access_events(true).
use ;
# async
Distributed Invalidation Bus
Use InMemoryInvalidationBus when several cache instances in one process should
share invalidation intent. This is the first step toward distributed
synchronization: it propagates invalidations, not values.
use Arc;
use Duration;
use ;
# async
The same bus also propagates invalidate_key, remove, and flush. Each cache
has an invalidation node id; self-originated messages are ignored so local
operations do not echo back forever. External transports are intentionally left
to future crates or adapters.
Important semantics:
- The bus propagates invalidation intent only; cached values are never replicated.
- Delivery is best-effort for the in-memory bus. It is not durable and does not replay messages after restart.
- Remote invalidations emit normal events with
CacheEventOrigin::DistributedBus. - Diagnostics expose
distributed_invalidations_published,distributed_invalidations_received,distributed_invalidations_applied, plus bus health counters for lag, decode errors, publish failures, and closed receivers.
For transport experiments, InMemoryFramedInvalidationBus serializes every
message into a CacheInvalidationFrame before delivery. It is still
in-process, but it exercises the same binary boundary future TCP, Redis, NATS,
or Postgres adapters will use:
use Arc;
use ;
let bus = new;
let first = local
.shared_invalidation_bus
.invalidation_node_id
.build;
let second = local
.shared_invalidation_bus
.invalidation_node_id
.build;
# let _ = ;
Custom transports implement the same small API:
use async_trait;
use ;
;
;
Client And Member Cluster Mode
HydraCache::client() and HydraCache::member() are the first public cluster
shape. They are intentionally small: a client is an application-side near-cache,
and a member is a cluster participant. In 0.20.0 both can join an
InMemoryCluster, share its invalidation bus, and expose role/generation/epoch
diagnostics. Cluster generations are part of the safety contract: stale
processes with an older generation cannot leave a newer runtime or publish
cluster invalidations after a node id is reused by a restart. Real discovery
and raft-rs metadata support live in optional cluster crates, so local-only
applications do not pull those dependencies.
0.20.0 also adds the ClusterControlPlane seam. The default path still uses
InMemoryCluster, but advanced users and future HydraCache crates can pass a
custom adapter through .control_plane(...):
# use Arc;
# use ;
# async
ClusterDiscovery is the matching seam for discovery and liveness. Use
.shared_discovery(...) for the embedded in-memory journal or .discovery(...)
for a future chitchat/DNS/mDNS/P2P adapter:
# use Arc;
# use ;
# async
use Arc;
use Duration;
use ;
# async
This mode does not replicate cached values. It gives applications a stable
cluster vocabulary now: role, node id, generation, bootstrap metadata, and
invalidation propagation. leave_cluster() removes client/member membership
metadata without clearing local cache contents, but only when the caller's
generation still matches the admitted generation. Cluster-originated
invalidation messages also carry that generation, so receivers can reject stale
messages from old processes. InMemoryClusterDiscovery models a plain
discovery journal, while ChitchatStyleDiscovery adds a dependency-free
seed-node/gossip-shaped adapter for candidate and liveness events.
InMemoryCluster models authoritative admission and epoch movement.
RaftStyleMetadataControlPlane adds a dependency-free metadata-log adapter with
committed membership commands and snapshots.
ClusterDiagnostics also exposes cheap helper methods such as
participant_count(), bootstrap_count(), has_members(), has_clients(),
has_bootstrap(), has_multiple_participants(), and is_operational(). These
helpers are intentionally derived from the existing snapshot so applications can
render dashboards or health reports without doing their own repetitive count
logic.
Cluster Ownership Resolver
InMemoryCluster::owner_for_key(...) provides the first deterministic
ownership primitive for future Groupcache-style routing. It chooses an admitted
member for a key, but it does not fetch values or execute loaders remotely.
use ;
let cluster = new;
cluster.join_member?;
cluster.join_member?;
let owner = cluster.owner_for_key;
assert!;
assert_eq!;
assert_eq!;
# Ok::
The default resolver uses stable rendezvous-style hashing over the key and member node id. Clients are ignored; only admitted members can own keys.
ClusterPeerFetch is the matching transport-neutral seam for the next phase.
It works with encoded bytes, so it does not force a specific database adapter,
codec, or serialization format:
use Bytes;
use ;
# async
The in-memory implementation is for tests, demos, and sandbox reports. For real
member-to-member HTTP peer fetch, opt in to hydracache-cluster-transport-axum:
use Arc;
use ;
use ;
# async
The HTTP transport validates owner id and generation before returning bytes, so stale clients do not silently read from a restarted owner. Owner-side automatic query execution, TLS, and authentication remain future work.
When members advertise their peer-fetch base URL, PeerFetchRouter can connect
the ownership decision to the HTTP transport automatically:
use ;
use ;
# async
Router diagnostics expose attempts, hits, misses, no-owner decisions, missing
advertised endpoints, generation mismatches, and transport errors. The sandbox
route POST /demo/cluster/routed-peer-fetch/run renders those counters as JSON
so the routing path can be inspected without writing an application first.
For client/member near-cache read-through, use PeerFetchReadThrough. It checks
the local cache according to a policy, routes misses to the advertised owner,
and hydrates the local cache when the owner returns encoded bytes:
use ;
use ;
# async
The default policy is LocalThenOwner: local hit, otherwise owner fetch. The
helper also supports OwnerThenLocal and OwnerOnly. Remote hits hydrate the
near cache by default through HydraCache::put_encoded; generation mismatches
and transport errors never hydrate stale bytes. The sandbox route
POST /demo/cluster/read-through/run demonstrates the complete flow:
local miss -> owner remote hit -> local hydration -> second read local hit.
For owner-side load-on-miss, keep using PeerFetchReadThrough, but pass an
OwnerLoadDescriptor instead of raw CacheOptions. The client still sends only
data: loader name, key, tags, TTL, arguments, and observed owner generation.
The owner executes a loader that was explicitly registered on that member:
use ;
use ;
# async
Use plain peer-fetch read-through when the owner should only return bytes that
are already cached. Use owner-load read-through when the owner is allowed to run
one of your named loaders on miss and then store the encoded result locally. The
sandbox route POST /demo/cluster/owner-load/run demonstrates:
client miss -> owner miss -> registered owner loader -> owner store -> client
hydrate -> second read local hit, plus concurrent same-key sharing and
structured rejections for missing loader, stale generation, and wrong owner.
Ownership counters live in a separate diagnostics snapshot so the original
ClusterDiagnostics struct can remain backwards-compatible for users that
construct it in tests:
# use ;
let cluster = new;
cluster.join_member?;
let _owner = cluster.owner_for_key;
let ownership = cluster.ownership_diagnostics;
assert_eq!;
assert_eq!;
assert_eq!;
# Ok::
Cluster Support Boundaries
The current 0.25.x cluster support is intentionally an embedded coordination
surface, not a production distributed data grid. It includes:
- local, client, and member cache roles;
- generation-safe admission, leave, and invalidation publishing;
- in-memory cluster control plane for tests, demos, and local embedding;
- chitchat-backed discovery candidate adapter;
- raft-rs-backed metadata/control-plane adapter;
- a composition crate for the standard chitchat + raft setup;
- deterministic rendezvous ownership resolution over admitted members;
- a transport-neutral peer-fetch seam that moves encoded bytes;
- an optional Axum/HTTP peer-fetch transport for owner member reads;
- advertised peer-fetch endpoint metadata and
PeerFetchRouter; PeerFetchReadThroughfor local/near-cache read-through and hydration from owner cached bytes;- explicit owner-side loader registry, owner-load HTTP route/client, and read-through load-on-miss helper for named loaders;
- diagnostics counters for membership, invalidation, ownership, peer-fetch, routed peer-fetch, read-through, and owner-load activity.
It intentionally does not yet include:
- production multi-node Raft networking or durable metadata storage;
- transparent remote closures, raw SQL execution, or arbitrary executable code;
- value replication, backup ownership, or failover repair;
- external invalidation transports such as Redis, NATS, or Postgres LISTEN/NOTIFY;
- cluster security, authentication, or write-enabled admin APIs.
This boundary is deliberate: applications can adopt local caching, explicit invalidation, DB result caching, and cluster-aware diagnostics now, while the future remote-value layer can evolve behind the existing ownership and peer-fetch seams.
Upgrading From 0.20 To 0.21
The local cache, DB adapter, listener, and macro APIs remain source-compatible. The main additions are cluster-facing:
hydracache-cluster-chitchat,hydracache-cluster-raft, andhydracache-clusterare now included in the normal publish/post-publish verification flow.InMemoryCluster::owner_for_key(...)andClusterPeerFetchprovide the first ownership and encoded-byte peer-fetch seams.HydraCache::cluster_ownership_diagnostics()exposes ownership counters without adding fields to the existingClusterDiagnosticsstruct.- The sandbox includes ownership and ownership-transfer labs for manual checks.
If you publish or validate from source, run the staged package checks from
docs/PUBLISHING.md because downstream crates can only package after freshly
published HydraCache dependencies are visible in the crates.io index.
Client/member caches can also observe authoritative membership changes through
subscribe_cluster_membership(). The stream is bounded and non-blocking:
admission never waits for slow subscribers, and slow consumers receive a lag
error so they can rebuild from diagnostics or snapshots.
For real discovery, use hydracache-cluster-chitchat and pass
Arc<ChitchatDiscovery> through .discovery(...). It runs chitchat,
advertises HydraCache candidate metadata in chitchat node state, and can be
tested with chitchat's in-memory ChannelTransport.
Chitchat discovery can also publish graceful-leave markers. These markers are
generation-safe advisory metadata: remote discovery nodes can see
lifecycle = leaving, while authoritative removal still goes through the
configured control plane.
# async
For real metadata coordination, use hydracache-cluster-raft and pass
Arc<RaftMetadataRuntime> through .control_plane(...). The current runtime is
a single-node in-memory raft-rs state machine that campaigns, proposes metadata
commands, drains Ready, appends stable log entries, and applies committed
membership commands. Command ids make retries idempotent, and membership is
materialized only after a successful Raft commit. The runtime can also export
and import an in-memory metadata snapshot for recovery tests and demos.
If you want the standard chitchat + raft composition without wiring every
adapter manually, use hydracache-cluster:
# async
To connect those two optional crates, use ClusterAdmissionBridge: chitchat
finds candidates, the bridge polls and deduplicates generation/role snapshots,
and the raft runtime commits accepted metadata. The sandbox endpoint
POST /demo/cluster/real-adapters/run demonstrates that path end-to-end with
real adapter crates and deterministic in-memory chitchat transport.
Optional Axum Actuator
HydraCache keeps HTTP support out of the base runtime. If an application wants a
Spring Boot-style read-only actuator surface, it can opt in through
hydracache-observability and hydracache-actuator-axum.
use Router;
use HydraCache;
use HydraCacheActuator;
use HydraCacheRegistry;
let cache = local.build;
let registry = new.with_cache;
let app: Router = new.nest;
# let _ = app;
The actuator exposes read-only routes:
GET /actuator/hydracache/health
GET /actuator/hydracache/caches
GET /actuator/hydracache/caches/main/diagnostics
GET /actuator/hydracache/caches/main/stats
GET /actuator/hydracache/
Mutation endpoints such as flush, invalidate-key, or invalidate-tag are
not included yet. They need an explicit security and deployment model before
becoming public API.
Manual Sandbox
The workspace includes hydracache-sandbox, a non-published manual backend for
trying the cache, actuator routes, Swagger UI, and database-backed loaders
without writing a separate app.
cargo run -p hydracache-sandbox
The sandbox has a committed .env demo profile with safe, non-secret defaults.
Supported settings:
HYDRACACHE_SANDBOX_PROFILE=memory
HYDRACACHE_SANDBOX_BIND=127.0.0.1:3000
HYDRACACHE_SANDBOX_SQLITE_PATH=target/hydracache-sandbox.sqlite
HYDRACACHE_SANDBOX_DATABASE_URL=postgres://hydracache:hydracache@127.0.0.1:54329/hydracache
HYDRACACHE_SANDBOX_EVENT_LOG_PATH=target/hydracache-sandbox-events.jsonl
# HYDRACACHE_SANDBOX_TOKEN=local-dev-token
HYDRACACHE_SANDBOX_EVENT_LOG_PATH is optional. When set, the sandbox writes
recent demo events to an append-only JSONL file while still keeping the bounded
in-memory event log for the API and UI. HYDRACACHE_SANDBOX_TOKEN is also
optional; when set, sandbox routes require Authorization: Bearer <token>.
Supported profile values are memory, sqlite-memory, sqlite-file,
postgres-compose, and postgres-docker. CLI flags override the committed
.env values, which is handy for one-off manual checks. --profile is the
preferred demo preset; --backend remains available as a lower-level
compatibility override.
cargo run -p hydracache-sandbox -- --profile memory
cargo run -p hydracache-sandbox -- --profile sqlite-memory
cargo run -p hydracache-sandbox -- --profile sqlite-file --sqlite-path target/hydracache-sandbox.sqlite
cargo run -p hydracache-sandbox -- --profile postgres-compose
cargo run -p hydracache-sandbox -- --profile postgres-docker
Compose files live next to the sandbox crate. To run only the local Postgres dependency and start the Rust sandbox from the host:
docker compose -f crates/hydracache-sandbox/compose/docker-compose.yml --profile postgres up -d
cargo run -p hydracache-sandbox -- --profile postgres-compose
Compatibility shortcut:
docker compose -f crates/hydracache-sandbox/compose/docker-compose.postgres.yml up -d
cargo run -p hydracache-sandbox -- --profile postgres-compose
To run both Postgres and the sandbox API in Docker with the prebuilt sandbox image:
docker compose -f crates/hydracache-sandbox/compose/docker-compose.yml --profile full up --build
After startup:
http://127.0.0.1:3000/demo/ui
http://127.0.0.1:3000/swagger-ui
http://127.0.0.1:3000/openapi.json
http://127.0.0.1:3000/ready
http://127.0.0.1:3000/demo/config
http://127.0.0.1:3000/demo/presets
http://127.0.0.1:3000/demo/report
http://127.0.0.1:3000/demo/events
http://127.0.0.1:3000/demo/events/summary
http://127.0.0.1:3000/demo/export
http://127.0.0.1:3000/demo/scenarios/files
http://127.0.0.1:3000/demo/scenarios/catalog
http://127.0.0.1:3000/demo/scenarios/file/run
http://127.0.0.1:3000/demo/scenarios/suite/file/run
http://127.0.0.1:3000/demo/scenarios/document/run
http://127.0.0.1:3000/demo/flows
http://127.0.0.1:3000/demo/benchmarks/compare
http://127.0.0.1:3000/demo/distributed/invalidation/run
http://127.0.0.1:3000/demo/cluster/lifecycle/run
http://127.0.0.1:3000/demo/cluster/ownership/run
http://127.0.0.1:3000/demo/cluster/ownership-transfer/run
http://127.0.0.1:3000/demo/cluster/routed-peer-fetch/run
http://127.0.0.1:3000/demo/cluster/read-through/run
http://127.0.0.1:3000/demo/cluster/owner-load/run
http://127.0.0.1:3000/demo/cluster/real-adapters/run
http://127.0.0.1:3000/demo/events/preflight/run
http://127.0.0.1:3000/demo/observability/prometheus
http://127.0.0.1:3000/demo/openapi/client-smoke
http://127.0.0.1:3000/demo/security
http://127.0.0.1:3000/actuator/hydracache/health
http://127.0.0.1:3000/actuator/hydracache/caches/main/diagnostics
The OpenAPI document is generated from Rust route/schema declarations through
utoipa. Swagger UI is served from local embedded assets through
utoipa-swagger-ui; it does not depend on a CDN. The Swagger surface is meant
to be an interactive HydraCache lab, not only reference documentation. It can
exercise raw local-cache operations, typed-cache namespacing, database-backed
query caching, cached non-database functions, TTL expiry, single-flight, and
invalidation/load race safety. It also includes a listener demo that captures
mutation, access, key, tag, and callback events produced by one cache flow, plus
a distributed invalidation demo that creates two temporary cache nodes on one
in-memory bus and verifies tag, key, and flush propagation. The cluster
lifecycle demo creates a temporary member/client pair, records discovery
candidates, verifies remote invalidation in both directions, calls
leave_cluster() for both runtimes, and confirms local cache contents are not
cleared by leaving membership. The cluster ownership lab resolves an owner for a
key, exercises the transport-neutral peer-fetch seam, and verifies that
owner-originated tag invalidation reaches a client near-cache. The ownership
transfer lab then removes the selected owner, verifies ownership moves to the
survivor, demonstrates peer-fetch miss/hit behavior around the transfer, and
shows the original owner rejoining with a newer generation. The routed
peer-fetch lab starts two temporary HTTP peer-fetch services, advertises their
base URLs through member metadata, resolves the key owner, and verifies that
PeerFetchRouter fetches the encoded value from the advertised owner endpoint.
The read-through lab builds on that route by hydrating a client near-cache from
the owner response and proving that the second read is a local hit. The
owner-load lab goes one step further: on owner miss it executes a registered
named loader on the selected owner, stores the encoded value there, hydrates the
client near-cache, verifies concurrent same-key sharing, and reports structured
missing-loader, stale-generation, and wrong-owner rejections.
The event preflight lab demonstrates listener cost boundaries: no-subscriber
operations publish nothing, mutation subscribers see only mutation events,
disabled access subscribers do not turn on hit/miss streams, and enabled access
subscribers receive access events.
The real-adapters demo connects
hydracache-cluster-chitchat to ClusterAdmissionBridge and
hydracache-cluster-raft using chitchat's in-memory ChannelTransport, so the
full discovery-to-metadata path can be inspected without Docker or UDP ports.
/demo/ui is a small local no-CDN developer console on top of the same API. It
can run the golden flow, negative scenarios, readiness checks, reset the demo
state, show structured events, run the built-in self-test, export a portable
report bundle, inspect grouped event summaries, compare local profiles, replay named scenarios, run fault
injection, launch a manual benchmark, run JSON/YAML scenario documents, compare
benchmark reports, catalog and run committed scenario files/suites, replay retained flow
contexts, inspect seeded product/order query-cache demos, run generated-client
smoke checks, inspect Prometheus-style metrics, and display small hit/miss/load
counters with a visual flow timeline. The dashboard also includes a textarea
scenario editor for quickly pasting JSON/YAML recipes and a one-click listener
demo for verifying subscriptions manually. It also includes one-click
distributed invalidation and cluster lifecycle flows that render remote bus
events and membership timelines in the output, cluster ownership flows that
render owner selection, transfer, advertised endpoint routing, peer-fetch
results, and read-through hydration, plus a real chitchat + raft adapter flow
that shows bridge diagnostics and committed metadata commands.
Useful Swagger/API groups:
GET /ready
GET /demo/ui
GET /demo/config
GET /demo/presets
GET /demo/events
GET /demo/events/summary
GET /demo/events?kind=cache-hit
GET /demo/events?flow_id=manual-flow&limit=10
GET /demo/export
GET /demo/flows
GET /demo/flows/{flow_id}/timeline
POST /demo/flows/{flow_id}/replay
GET /demo/observability/prometheus
GET /demo/observability/traces/latest
GET /demo/db/seed-report
GET /demo/openapi/client-check
GET /demo/openapi/client-smoke
GET /demo/security
POST /demo/import
POST /demo/self-test
POST /demo/scenarios/run
GET /demo/scenarios/files
GET /demo/scenarios/catalog
POST /demo/scenarios/file/run
POST /demo/scenarios/suite/run
POST /demo/scenarios/suite/file/run
POST /demo/scenarios/document/parse
POST /demo/scenarios/document/run
POST /demo/profiles/compare
POST /demo/replay
POST /demo/faults/run
POST /demo/benchmarks/manual
POST /demo/benchmarks/compare
POST /demo/events/clear
POST /demo/reset
POST /demo/cache/put
POST /demo/cache/get
POST /demo/cache/get-or-load
POST /demo/cache/contains
POST /demo/cache/remove
POST /demo/cache/invalidate-tag
POST /demo/listeners/run
POST /demo/events/preflight/run
POST /demo/distributed/invalidation/run
POST /demo/cluster/lifecycle/run
POST /demo/cluster/ownership/run
POST /demo/cluster/ownership-transfer/run
POST /demo/cluster/routed-peer-fetch/run
POST /demo/cluster/read-through/run
POST /demo/cluster/real-adapters/run
POST /demo/query/users/{id}/load
POST /demo/query/products/{id}/load
POST /demo/query/orders/{id}/summary/load
POST /demo/typed/users/{id}/load
POST /demo/functions/double/{input}
POST /demo/scenarios/ttl
POST /demo/scenarios/single-flight
POST /demo/scenarios/invalidation-race
POST /demo/negative/missing-key
POST /demo/negative/missing-user
POST /demo/negative/loader-error
POST /demo/negative/expired-entry
POST /demo/negative/invalidation-miss
GET /demo/report
Cluster lifecycle demo payload:
Cluster ownership demo with curl:
The same ownership-transfer scenario from PowerShell:
$body = @{
cluster = 'manual-transfer'
key = 'manual:user:42'
tag = 'manual-users'
value = 'Ada'
flow_id = 'manual-transfer'
} | ConvertTo-Json
Invoke-RestMethod `
-Method Post `
-Uri 'http://127.0.0.1:3000/demo/cluster/ownership-transfer/run' `
-ContentType 'application/json' `
-Body $body
Routed peer-fetch demo payload:
The response includes owner, routed_peer_fetch, router_diagnostics, both
temporary member endpoints, a three-step timeline, and passed: true when the
owner endpoint was discovered from metadata and the HTTP fetch returned the
expected encoded value.
Read-through hydration demo payload:
The response includes first_read, second_read,
read_through_diagnostics, router_diagnostics, and hydrated decoded values.
passed: true means the first call was a remote owner hit, the value was
hydrated into the client near-cache, and the second call was served locally.
/demo/report returns a cumulative application report with active profile,
backend, loader counters, function counters, retained event count,
capabilities, and cache diagnostics. /demo/events returns the bounded
structured event log for recent cache hits, misses, loads, invalidations,
scenario runs, resets, and expected errors. It can be filtered by exact
kind, key, tag, flow_id, and capped with limit.
/demo/events/summary groups the retained log by event kind, load source, flow
id, key, and tag, which is useful when a manual run generated a lot of output.
/demo/export combines sandbox info, readiness, config, report, and events into one bundle;
POST /demo/self-test runs a built-in smoke scenario and returns step-level
results plus a filtered event log for that self-test flow.
The scenario lab endpoints turn the sandbox into a reproducible cache behavior workbench:
POST /demo/scenarios/run # golden-path, ttl, single-flight, invalidation-race, negative-suite, self-test
GET /demo/scenarios/files # committed JSON/YAML recipes
GET /demo/scenarios/catalog # parsed recipe/suite metadata and run endpoints
POST /demo/scenarios/file/run # run one committed recipe
POST /demo/scenarios/suite/run # run an inline scenario suite
POST /demo/scenarios/suite/file/run
GET /demo/flows # retained flow ids that can be replayed
GET /demo/flows/{flow_id}/timeline
POST /demo/flows/{flow_id}/replay
POST /demo/profiles/compare # memory/sqlite-memory/sqlite-file; Postgres is reported as skipped
POST /demo/replay # rerun a named scenario and link it to a previous flow id
POST /demo/faults/run # loader errors, loader delays, invalidation timing
POST /demo/benchmarks/manual # small request/concurrency/key-distribution workload
POST /demo/benchmarks/compare # baseline/candidate latency, throughput, loader-call/p95 diff, verdict
Scenario documents can be kept as JSON or a small YAML subset in
crates/hydracache-sandbox/scenarios/. They describe steps plus pass/fail
assertions and optional timeline assertions, so a manual demo can become a
reusable regression recipe:
Use POST /demo/scenarios/document/parse for YAML text normalization and
POST /demo/scenarios/document/run for execution. Use
POST /demo/scenarios/file/run for a committed recipe and
POST /demo/scenarios/suite/file/run for a committed suite such as
crates/hydracache-sandbox/scenarios/regression-suite.json. The bundled YAML
example is at crates/hydracache-sandbox/scenarios/golden-path.yaml.
Latency is recorded on demo events where the sandbox controls the operation.
/demo/report, /demo/events, /demo/export, scenario responses, timelines,
and benchmark responses include min/max/average/p50/p95/p99-style summaries.
Benchmark comparison responses also include loader-call ratio deltas, p95
latency deltas, and a compact verdict (candidate-better,
candidate-worse, or mixed).
For observability demos, /demo/observability/prometheus emits dependency-free
Prometheus text metrics and /demo/observability/traces/latest returns an
OpenTelemetry-style teaching view derived from the retained event log. The
sandbox also includes SQLite/Postgres schema and seed files under
crates/hydracache-sandbox/migrations/ and crates/hydracache-sandbox/seeds/;
GET /demo/db/seed-report summarizes those assets. The seeded query-cache demo
now covers users, products, and order summaries:
POST /demo/query/users/42/load
POST /demo/query/products/100/load
POST /demo/query/orders/5000/summary/load
GET /demo/openapi/client-check verifies that representative generated-client
paths exist in the current OpenAPI document. GET /demo/openapi/client-smoke checks that the committed minimal fetch client still
contains the expected methods for scenarios, suites, flows, products, orders,
benchmarks, export, and import.
crates/hydracache-sandbox/openapi/generated-client.js shows a minimal fetch
client shape.
The read-only actuator remains available for operational views:
/actuator/hydracache/health,
/actuator/hydracache/caches, /actuator/hydracache/caches/main/stats, and
/actuator/hydracache/caches/main/diagnostics.
Golden demo path:
GET /ready
POST /demo/reset
POST /demo/load/42
POST /demo/load/42
POST /demo/users/42 {"name":"Grace"}
POST /demo/load/42
POST /demo/invalidate/user/42
POST /demo/load/42
GET /demo/events
GET /demo/report
The first load should report source = "loader", the second should report
source = "cache", and the post-invalidation load should read the updated
backing store value.
Negative scenarios deliberately return 200 OK with expected_failure = true
when the edge case was reproduced. They are meant for demos and manual checks,
not for production actuator behavior.
For editor-based REST clients, use
crates/hydracache-sandbox/http/sandbox.http. For a scripted smoke flow:
crates\hydracache-sandbox\scripts\run-demo-flow.ps1
To start a specific profile without editing .env:
crates\hydracache-sandbox\scripts\start-profile.ps1 -Profile sqlite-memory
crates\hydracache-sandbox\scripts\start-profile.ps1 -Profile postgres-compose
The sandbox also includes an optional Postgres Docker smoke test. If Docker is available, it runs the cache/invalidate/reload flow against a real Postgres container. If Docker is unavailable, it prints a skip message and exits successfully.
SQLx Adapter
hydracache-db provides the database-neutral result-cache adapter API. It keeps
your database client responsible for pools, transactions, queries, and row
mapping, while HydraCache owns the explicit cache boundary: key, tags, TTL,
single-flight, and storage.
hydracache-sqlx re-exports the same API for SQLx users and keeps SQLx as an
adapter dependency instead of making the generic database cache API depend on
SQLx.
use HydraCache;
use ;
# async
SqlxQueryExt adds fetch_one, fetch_optional, and fetch_all for common
pool-backed reads. fetch_optional caches None, and fetch_all caches empty
vectors, so repeated misses do not keep hitting the database. Use fetch_with
when you need sqlx::query!, sqlx::query_as!, transactions, or repository
methods at the call site. Use named::<T>("load-user") when you want a
diagnostic label; otherwise cached::<T>() derives diagnostics from the
namespace/key context.
Use entity::<T>("user", 42) when one cached result belongs to one domain
entity. It generates logical key user:42 and tag user:42. Use
collection::<T>("users") when a cached result represents a whole list or
group. Use collection_tag("users") when an entity result should also be
invalidated together with a broader collection.
When the same entity metadata is used in several places, derive or implement
CacheEntity once and use for_entity::<T>(id). CacheEntity and
HydraCacheEntity live in hydracache-db; hydracache-sqlx only re-exports
them as an adapter convenience.
use ;
use DbCache;
# async
Manual CacheEntity implementations remain supported when you prefer no
proc-macro dependency or want to generate metadata from your own macro layer.
The older .cached::<T>().key(...).tag(...) style remains available and is the
full-control API. The ergonomic helpers only generate common keys and tags on
top of the same descriptor model.
For repository-style code or future ORM adapters, move the cache metadata into
a reusable QueryCachePolicy and keep the loader itself fully under your
control:
use Duration;
use QueryCachePolicy;
let policy = named
.
.ttl;
let user = queries
.
.load
.await?;
For hot repository methods, prepare stable metadata once and bind only the
dynamic id on each call. PreparedQueryPolicy precomputes diagnostic names,
TTLs, entity key prefixes, and collection tags, then produces ordinary
DbQuery values. This is the preferred shape for future Diesel and SeaORM
wrappers because the prepared contract is database-neutral.
use Duration;
use PreparedQueryPolicy;
let load_user = queries.;
let user = load_user
.load_id
.await?;
When the policy is mostly declarative, query_cache_policy! can generate it
from compact metadata:
use query_cache_policy;
let user_id = 42_i64;
let policy = query_cache_policy!;
let user = queries
.
.load
.await?;
hydracache-sqlx includes a Postgres integration test backed by
testcontainers and a real SQLite in-memory integration test for prepared query
policies. When Docker is available, the Postgres test verifies cache hits, tag
invalidation, and reloads against a real database. When Docker is unavailable,
the test logs a skip message and exits successfully instead of failing the
build.
Testing and coverage commands are documented in docs/TESTING.md.
Quality Gate
The main local verification commands are:
cargo fmt --all -- --check
cargo check --workspace --all-targets --locked
cargo test --workspace --all-targets --locked
cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
cargo test --doc --workspace --locked
cargo llvm-cov --workspace --all-targets --locked --summary-only
Cluster load stability checks live in a separate integration test target. The small smoke test runs in the normal suite, and the heavier manual workload is ignored by default:
cargo test -p hydracache --test cluster_load_stability --locked -- --nocapture
cargo test -p hydracache --test cluster_load_stability --locked -- --ignored --nocapture
Coverage is tracked with cargo-llvm-cov. The current target is 95%+ line
coverage for reusable library crates and a workspace trend toward 95%+,
including the intentionally broad manual sandbox. Visible uncovered source
lines should be investigated before release.
Which Crate Should I Use?
hydracache- use this for the local async cache,cacheable!,cacheable_infallible!, typed cache, TTLs, tags, single-flight, stats, and diagnostics.hydracache-observability- use this for a framework-neutral registry and serializable cache diagnostic snapshots.hydracache-actuator-axum- use this when exposing read-only HydraCache diagnostics through Axum routes.hydracache-cluster- use this when you want the standard chitchat + raft adapter composition without wiring every handle manually.hydracache-cluster-chitchat- use this when you want real chitchat-backed cluster candidate discovery.hydracache-cluster-raft- use this when you want the real raft-rs metadata runtime behindClusterControlPlane.hydracache-cluster-transport-axum- use this when cluster members should expose HTTP peer-fetch over encoded cache bytes or use read-through near-cache hydration.hydracache-db- use this when wrapping database or repository calls with explicit query-result caching.hydracache-sqlx- use this if you want the SQLx-facing crate, SQLx re-export, andfetch_one/fetch_optional/fetch_allhelpers.hydracache-macros- usually use this through local-cache macros fromhydracacheor macro re-exports fromhydracache-db/hydracache-sqlx.hydracache-core- use this only if you need core shared types without the runtime.hydracache-sandbox- non-published manual sandbox for local actuator, Swagger, memory, SQLite, Postgres Docker, and real cluster-adapter checks.
Release Plan
The v0 release plan is maintained here:
- docs/plans/V0_RELEASE_PLAN.md
- docs/plans/V0_3_LOCAL_ERGONOMICS_PLAN.md
- docs/plans/V0_7_SQLX_RUNTIME_ADAPTER_PLAN.md
- docs/plans/V0_8_SQLX_HELPERS_PLAN.md
- docs/plans/V0_9_QUERY_API_ERGONOMICS_PLAN.md
- docs/plans/V0_10_CACHE_ENTITY_PLAN.md
- docs/plans/V0_11_ENTITY_DERIVE_PLAN.md
- docs/plans/V0_14_CACHEABLE_FUNCTIONS_IDEA.md
- docs/plans/V0_15_CACHEABLE_ERGONOMICS_PLAN.md
- docs/plans/V0_16_OBSERVABILITY_PLAN.md
- docs/plans/V0_20_CLUSTER_FORMATION_LIBRARY_ANALYSIS.md
- docs/plans/V0_20_CHITCHAT_RAFT_CLUSTER_IDEA.md
- docs/plans/V0_20_CLUSTER_CLIENT_ROADMAP.md
- docs/plans/V0_20_CLUSTER_DISCOVERY_ADAPTER_PLAN.md
- docs/plans/V0_20_CLUSTER_CONTROL_PLANE_PLAN.md
- docs/plans/V0_20_CLUSTER_NEXT_STEPS_PLAN.md
- docs/plans/V0_22_REMOTE_PEER_FETCH_PLAN.md
- docs/plans/V0_23_PEER_FETCH_ROUTING_PLAN.md
- docs/plans/V0_24_CLUSTER_READ_THROUGH_PLAN.md
- docs/plans/V0_25_COMBINED_HARDENING_AND_OWNER_LOADING_PLAN.md
Workspace
crates/hydracache-core- core public types: keys, tags, options, stats, diagnostics, codec, errorscrates/hydracache- user-facing local cache runtime, typed cache, single-flight, tag index, stats, diagnostics, invalidation bus, and client/member cluster APIcrates/hydracache-cluster-chitchat- optional real chitchat-backed cluster discovery adaptercrates/hydracache-cluster-raft- optional real raft-rs metadata control-plane runtimecrates/hydracache-cluster- optional composition helpers for the standard chitchat + raft cluster setupcrates/hydracache-cluster-transport-axum- optional Axum/HTTP peer-fetch transport and read-through near-cache hydration for encoded member valuescrates/hydracache-observability- framework-neutral cache registry and serializable diagnostic snapshotscrates/hydracache-actuator-axum- optional read-only Axum actuator routescrates/hydracache-sandbox- non-published manual backend for exercising actuator and database modescrates/hydracache-db- database-neutral query result-cache adapter APIcrates/hydracache-macros- procedural macros such ascacheable!,cacheable_infallible!,HydraCacheEntity, andquery_cache_policy!crates/hydracache-sqlx- SQLx-facing integration crate and re-exports
Crate Layout
hydracache keeps public API re-exports in src/lib.rs and splits runtime code
into focused modules:
cache.rs-HydraCacheruntime APIbuilder.rs- local cache buildertyped.rs-TypedCache<T>namespaced viewcluster.rs- client/member cluster roles, in-memory discovery, in-memory cluster model, generation guard, and cluster diagnosticsentry.rs- encoded cache entries and TTL expirationinflight.rs- local single-flight in-flight load trackinginvalidation_bus.rs- pluggable invalidation propagation bus and in-memory implementationtag_index.rs- tag index and generation freshness checksstats.rs- internal stats counters
hydracache-core keeps public API re-exports in src/lib.rs and splits shared
types into:
key.rs-CacheKeyandCacheKeyBuildertags.rs-TagSetoptions.rs-CacheOptionsstats.rs-CacheStatsandCacheDiagnosticscodec.rs-CacheCodecandPostcardCodecerror.rs-CacheError