Skip to content

Add access decision caching with safe invalidation #56

Description

@Lakes41

Difficulty: Advanced

Type: Feature

Summary

Add optional caching for access decisions to reduce repeated policy evaluation and database reads while keeping invalidation safe when memberships, roles, policies, or resources change.

Current Behaviour

Each access check evaluates current database state and policy logic directly. This is correct but can become expensive under high traffic.

Expected Behaviour

The API should support an optional cache for access decisions with clear keys, TTLs, and invalidation on access-affecting changes.

Suggested Implementation

Introduce a cache service interface backed by Redis when configured and disabled by default otherwise. Key decisions by community, wallet, resource, and relevant policy version. Invalidate on membership, role, resource, and policy mutations.

Files or Areas Likely Affected

  • apps/access-api/src/services/memberService.ts
  • apps/access-api/src/services/cacheService.ts
  • apps/access-api/src/config.ts
  • apps/access-api/prisma/schema.prisma
  • .env.example

Acceptance Criteria

  • Access decision cache can be enabled or disabled through config
  • Cache keys include wallet, community, and resource identifiers
  • Cache entries have bounded TTLs
  • Membership and role changes invalidate affected entries
  • Policy and resource changes invalidate affected entries
  • Tests cover cache hit, miss, TTL expiry, and invalidation behaviour

Additional Notes

Do not cache sensitive secrets. Cache only safe decision metadata and reason codes.

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official Campaign

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions