fix(rate-limiter): production hardening — TLS support for managed Redis

[gandhipratik203]

Summary

Enables TLS for the rate limiter's Redis backend so deployments against managed Redis services with in-transit encryption (AWS ElastiCache, Redis Cloud, etc.) work end-to-end. Bumps cpex_rate_limiter 0.0.4 → 0.0.6.

---

Gaps closed

Gap A (HIGH, wo-tracker #68217) — The Redis backend cannot connect to managed Redis services that require TLS. Operators using AWS ElastiCache with in-transit encryption (or any other rediss:// URL) can configure the binding successfully — the binding API returns HTTP 200 — but the plugin's backend init raises InvalidClientConfig: can't connect with TLS, the feature is not enabled. The plugin manager logs Failed to load plugin RateLimiterPlugin and silently skips it under the default fail_on_plugin_error: false setting, leaving rate limits unenforced while the operator believes them to be in place. Fixed by compiling the redis crate with rustls-based TLS features.

Gap B (MEDIUM) — The redis crate version previously pinned (0.27) carried rustls-pemfile 2.2.0 transitively, which cargo-deny flagged as unmaintained (RUSTSEC-2025-0134) and blocked CI's security-policy stage. Fixed by bumping the redis crate to 0.32, where the rustls-native-certs upgrade dropped the rustls-pemfile dep entirely.

Gap C (MEDIUM) — rustls 0.23 dropped its implicit default crypto provider; the redis crate's tls-rustls feature does not pick one. Without an explicit install, the first TLS handshake panicked with Call CryptoProvider::install_default() before this point.... The Python shim's broad except caught the panic and fail_mode=open allowed the request through, so deployments would still appear to load the plugin while quietly enforcing nothing — same observable end state as Gap A, different log message. Fixed by installing the ring crypto provider once at plugin init via a OnceLock-guarded call in RateLimiterPluginCore::new().

---

Test results

Full local gate

cargo fmt -- --check                  clean
cargo clippy -- -D warnings           clean
cargo test --lib                      57 passed
uv run pytest tests/rate_limiter/     107 passed

New tests added in this PR

TestRedisTlsSupport — regression coverage for wo-tracker #68217

Test	Target
test_rediss_url_does_not_fail_with_tls_not_enabled	Constructs the plugin with a rediss:// URL; asserts no InvalidClientConfig is raised at backend init. Pins Gap A.
test_rediss_url_lazy_handshake_reaches_connectivity_layer	Drives a tool_pre_invoke against a closed rediss:// port so the lazy TLS handshake actually engages; asserts the captured warning does not contain the wo-tracker #68217 signature (feature is not enabled / InvalidClientConfig). Pins Gap A and Gap C jointly.

---

Migration notes

• No new required config. Existing deployments using redis:// URLs continue to work unchanged. rediss:// URLs now work where they previously failed.
• CA bundle expectation. The plugin reads CA roots from the host OS trust store at runtime via rustls-native-certs. Container images that omit ca-certificates (some distroless / scratch / unconfigured Alpine variants) would need to install the bundle before TLS endpoints can be verified. UBI Minimal — what mcp-context-forge ships on — already includes the CA bundle by default; AWS ElastiCache uses public-CA chains that are present there.

---

Follow-ups

• Tighten the TLS lazy-handshake test's positive assertion (currently scoped to the wo-tracker #68217 negative signature only). Would require the Rust core's log_exception() to surface the underlying RedisError text instead of the generic "error; allowing request" message — the error details are dropped at the Python boundary today.
• Real-TLS-Redis fixture for end-to-end handshake verification (self-signed cert + CA-pinning fixture). Heavier than the connectivity-shape variant; deferred until needed.
• Companion main-repo PR to bump the cpex-rate-limiter pin to 0.0.5 once published to PyPI.
• Wipe-on-disable feature (counter cleanup when an operator transitions the plugin to mode=disabled) and the round-1/round-2 review feedback addressing it have been moved to a separate branch (feat/rate-limiter-wipe-on-disable-only); a follow-up PR will be linked here once opened.

[lucarlig]

Detailed review pass found no Critical issues. I left five P2 findings covering Redis wipe safety/performance, lifecycle coupling, and test coverage gaps.

[msureshkumar88]

Code Review — PR #74: production hardening (TLS + wipe-on-disable)

Overview

Closes two real gaps in the Redis path:

• Gap A (HIGH): rediss:// URLs blow up at plugin init because the redis crate was compiled without TLS features. Fixed by enabling tls-rustls* + tokio-rustls-comp.
• Gap B (MEDIUM): Counter state survives a disable→re-enable cycle, causing unexpected immediate throttling. Fixed by reading plugin:<name>:mode from Redis at shutdown and wiping <prefix>:* when the value is "disabled".

Architecture is sound and the wipe contract (conditional, fail-safe, idempotent, non-blocking on core shutdown) is correctly implemented.

---

Blocking Issues

1. security-policy CI failure — unmaintained rustls-pemfile (RUSTSEC-2025-0134)

cargo-deny rejects the build because tls-rustls pulls in rustls-native-certs → rustls-pemfile, which was archived in August 2025 with no safe upgrade path.

The tls-rustls feature is redundant here. The PR's stated goal ("managed services with public-CA certificates work without further configuration") is fully satisfied by tls-rustls-webpki-roots alone — it bundles Mozilla CA roots and doesn't touch rustls-native-certs.

Fix: drop tls-rustls from Cargo.toml:

# before
redis = { version = "0.27", features = ["aio", "tokio-comp", "tls-rustls", "tls-rustls-webpki-roots", "tokio-rustls-comp"] }

# after — removes rustls-native-certs → rustls-pemfile from the dep tree
redis = { version = "0.27", features = ["aio", "tokio-comp", "tls-rustls-webpki-roots", "tokio-rustls-comp"] }

2. mutation-testing (rate_limiter) CI failure — stale diff baseline

cargo-mutants errors with:

diff has:   "        Python::attach( |py| -> PyResult<()> {"
source has: "        // Ensure the embedded interpreter is initialized for this test process."
The diff might be out of date with this source tree.

The action computes the diff between BASE_SHA and HEAD_SHA. If the branch was rebased after the run started, or if BASE_SHA points to a commit whose tree no longer matches the working tree, cargo-mutants rejects the diff. A fresh push after the rustls-pemfile fix above should regenerate a consistent baseline. If it persists, verify BASE_SHA in the CI workflow resolves to the correct merge-base.

(mutation-testing (secrets_detection) failure appears unrelated to this PR — no secrets_detection files changed.)

---

Non-Blocking Observations

Python connection overhead on shutdown

_mode_in_redis_says_disabled() opens a brand-new redis.asyncio client, issues one GET, then closes it. The Rust core holds an already-open connection, but it's not reachable from Python at shutdown time. This is fine in practice (shutdown is rare), but worth a brief inline comment explaining why a new client is opened instead of reusing the Rust one.

Type annotation

batch: list = []

Should be list[str | bytes] (or whatever aioredis.scan_iter yields) to keep the type checker happy and signal intent.

Deferred import

try:
    import redis.asyncio as aioredis  # noqa: PLC0415
except Exception:
    return False

redis is now a declared dep in pyproject.toml, so the ImportError guard is dead code. A top-level import is cleaner. The PLC0415 suppression hint can also be dropped.

Batch size magic number

The 500-key batch in _wipe_my_counters() is reasonable but uncommented. Worth a one-liner: # 500 keys per DEL keeps round-trip count low without risking a single oversized command.

---

Test Coverage

Good. The six TestWipeOnDisable cases cover the full conditional matrix cleanly, and the concurrent-shutdown test is exactly the right thing to have. One gap worth considering in a follow-up: a test that asserts SCAN is used instead of KEYS (mock the redis client and verify scan_iter was called, not keys). Not a blocker for this PR since the implementation visibly uses scan_iter, but it would prevent regression if someone refactors the wipe path.

---

Summary

Two blockers before merge:

1. Remove tls-rustls feature to eliminate the rustls-pemfile advisory and unblock security-policy.
2. Confirm mutation-testing passes after a fresh push (likely resolves itself once (1) is fixed and a new run is triggered with a fresh diff baseline).

Code quality is good. The wipe logic is correct, the fail-safe properties are well-reasoned, and the README/migration notes are clear. Approve pending the two CI fixes.

[lucarlig]

Follow-up detailed review pass on the latest head found three remaining P2 findings.