Skip to content

Validate TTL and invalidation duration arithmetic consistently #33

Description

@lan17

Priority

P2 — Medium — important hardening or API work after the safety foundations.

Problem

Layer config accepts any positive safe-integer TTL in seconds. The local layer multiplies it by 1,000 without checking the result, while the Redis layer rejects an unsafe product. Invalidation also adds futureBufferMs to Redis time without an explicit safe-range contract.

Evidence:

Acceptance criteria

  • Define maximum accepted TTL and invalidation durations.
  • Validate all products and sums before fallback results reach storage.
  • Make local and Redis handling consistent for the same configuration.
  • Add boundary tests around maximum accepted values and Number.MAX_SAFE_INTEGER.
  • Preserve fail-open behavior for dynamic provider data while rejecting invalid static policy early.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions