feat(ofrep-web): ADR-0009 domain-aware cache key + domainScoped#1569
feat(ofrep-web): ADR-0009 domain-aware cache key + domainScoped#1569jonathannorris wants to merge 7 commits into
Conversation
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
📝 WalkthroughWalkthroughThe OFREP web provider now derives persisted cache keys from base URL, auth credentials, domain, prefix, and targeting key, stores them in a v2 schema, and defers storage initialization until ChangesOFREP web persistent caching
Sequence Diagram(s)sequenceDiagram
participant OpenFeature
participant OFREPWebProvider
participant deriveAuthCredential
participant Storage
participant localStorage
OpenFeature->>OFREPWebProvider: initialize(context, domain)
OFREPWebProvider->>Storage: new Storage(cacheMode, baseUrl, getAuthCredential, domain, cacheKeyPrefix, logger)
Storage->>deriveAuthCredential: await getAuthCredential()
deriveAuthCredential-->>Storage: serialized auth credential
Storage->>localStorage: read/write persisted entries
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
👀 I will flag the same other concern I had in #1566 here, which is that while we're now passing all of this in as input to the cache key, it is still being truncated down to just the first 16 chars, and that concerns me that collisions will happen unexpectedly and result in unsafe behaviour still? |
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the ofrep-web provider’s persistent cache behavior to align with ADR-0009 by making persisted cache keys domain-aware and derived from a structured (JSON-encoded) identity that includes baseUrl, selected auth headers, bound OpenFeature domain, and targetingKey. It also shifts persistence initialization into initialize(...) so localStorage is not accessed before the provider’s bound domain is known.
Changes:
- Introduces ADR-0009 cache key encoding + auth-credential derivation (restricted to known auth headers).
- Updates persistent storage schema to v2 and makes the storage key depend on baseUrl/auth/domain/targetingKey (+ optional prefix).
- Declares
domainScoped = true, updates provider lifecycle to acceptinitialize(context, domain?), and documents the behavior in the README.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| libs/providers/ofrep-web/src/lib/store/storage.ts | Updates persistent storage schema to v2 and hashes ADR-0009 cache key inputs including baseUrl/auth/domain. |
| libs/providers/ofrep-web/src/lib/store/storage.spec.ts | Updates storage tests for v2 keys and verifies baseUrl/domain/auth affect key derivation. |
| libs/providers/ofrep-web/src/lib/store/cache-key.ts | Adds auth-credential derivation from known auth headers and JSON encoding for cache key inputs. |
| libs/providers/ofrep-web/src/lib/store/cache-key.spec.ts | Adds tests for cache key encoding and auth header serialization. |
| libs/providers/ofrep-web/src/lib/ofrep-web-provider.ts | Makes provider domain-scoped and instantiates persistence only during initialize with the bound domain. |
| libs/providers/ofrep-web/src/lib/ofrep-web-provider.spec.ts | Adds domain-scoping tests and updates persisted-cache tests for schema v2. |
| libs/providers/ofrep-web/src/lib/model/ofrep-web-provider-options.ts | Updates cacheKeyPrefix option docs to reflect ADR-0009 composition. |
| libs/providers/ofrep-web/README.md | Documents ADR-0009 cache key, domain scoping, and auth header participation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The 16-char truncation is inherited from the original ADR implementation (first 64 bits of SHA-256). Worth being explicit about what that means in practice. Collision risk depends on how many entries coexist in For n simultaneous entries, collision probability scales roughly with n² / (2 × 2⁶⁴):
At that scale a collision would mean serving the wrong cached flags, but the odds are not something I'd optimize for here. Open to bumping to 32 hex chars if you feel strongly. |
|
👍 Not strongly held at all, just want to make sure that has been thought through, which it seems it has! |
…h seeds Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
…R-0009 Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Summary
cacheKeyPrefixwith acacheKeyGeneratorper the protocol ADR-0009 amendment. The default generator returns JSON-encoded key material frombaseUrl, auth credential, bounddomain, andtargetingKey; the provider hashes that intocacheKeyHash.domainScoped: trueand createStorageonly ininitialize(context, domain?), so nothing toucheslocalStoragebefore the bound domain is known.Authorization,Api-Key,X-Api-Key,X-Auth-Token,X-Access-Token), matched case-insensitively and serialized with lowercased header names.ofrep-web-provider:v2:{hash}); v1 entries are discarded on read.Motivation
OFREP web persistence needs the bound OpenFeature
domainat init time to scope cache keys per ADR-0009. This supersedes #1566 (URL + full eval context keying).Blocked on open-feature/js-sdk#1433 for runtime
domainforwarding viaOpenFeature.setProvider('domain', provider).Notes
cacheKeyGeneratorto namespace instances, drop auth for rotating tokens, or include stable context fields.cacheKeyPrefixis removed.Related Issues