feat: add cachet crates with multi-level caching abstractions

[schgoo]

Cachet (pronounced: ka-SHAY)
Meaning: Prestige, distinction, or high status that makes something admired or desirable.
Examples:
“The brand has a certain cachet in tech circles.”
“Winning that award gave the company international cachet.”
It’s about reputation and perceived quality.
Origin: French, meaning “seal” or “stamp of approval.”

[github-actions]

⚠️ Breaking Changes Detected

error: failed to retrieve local crate data from git revision

Caused by:
    0: failed to retrieve manifest file from git revision source
    1: possibly due to errors: [
         failed when reading /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/07a4b35e4f6fae57200270231398d859dbcb2441/scripts/crate-template/Cargo.toml: TOML parse error at line 9, column 26
         |
       9 | keywords = ["oxidizer", {{CRATE_KEYWORDS}}]
         |                          ^
       missing key for inline table element, expected key
       : TOML parse error at line 9, column 26
         |
       9 | keywords = ["oxidizer", {{CRATE_KEYWORDS}}]
         |                          ^
       missing key for inline table element, expected key
       ,
         failed to parse /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/07a4b35e4f6fae57200270231398d859dbcb2441/Cargo.toml: no `package` table,
       ]
    2: package `cachet` not found in /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/07a4b35e4f6fae57200270231398d859dbcb2441

Stack backtrace:
   0: anyhow::error::<impl anyhow::Error>::msg
   1: cargo_semver_checks::rustdoc_gen::RustdocFromProjectRoot::get_crate_source
   2: cargo_semver_checks::rustdoc_gen::StatefulRustdocGenerator<cargo_semver_checks::rustdoc_gen::CoupledState>::prepare_generator
   3: cargo_semver_checks::Check::check_release::{{closure}}
   4: cargo_semver_checks::Check::check_release
   5: cargo_semver_checks::exit_on_error
   6: cargo_semver_checks::main
   7: std::sys::backtrace::__rust_begin_short_backtrace
   8: main
   9: <unknown>
  10: __libc_start_main
  11: _start

If the breaking changes are intentional then everything is fine - this message is merely informative.

Remember to apply a version number bump with the correct severity when publishing a version with breaking changes (1.x.x -> 2.x.x or 0.1.x -> 0.2.x).

[Copilot]

Pull request overview

Adds the new Cachet family of crates (tier abstractions, service integration, and a moka-backed memory tier) and wires shared test helpers into the workspace.

Changes:

• Introduce new crates: cachet, cachet_tier, cachet_memory, cachet_service (+ docs, examples, benches, and tests).
• Add testing_aids helpers for log/metric assertions and update seatbelt tests to use them.
• Reduce uniflight::Merger::execute future size by boxing the user future.

Reviewed changes

Copilot reviewed 87 out of 88 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
crates/uniflight/src/lib.rs	Box user future in execute.
crates/testing_aids/src/metrics.rs	Add OTel metric test helper.
crates/testing_aids/src/log.rs	Add log capture helper.
crates/testing_aids/src/lib.rs	Re-export new test helpers.
crates/testing_aids/Cargo.toml	Add OTel deps for testing.
crates/seatbelt/src/timeout/service.rs	Switch tests to testing_aids.
crates/seatbelt/src/testing.rs	Remove local testing helpers.
crates/seatbelt/src/retry/service.rs	Switch tests to testing_aids.
crates/seatbelt/src/fallback/service.rs	Switch tests to testing_aids.
crates/seatbelt/src/breaker/service.rs	Switch tests to testing_aids.
crates/seatbelt/src/breaker/engine/engine_telemetry.rs	Switch tests to testing_aids.
crates/seatbelt/Cargo.toml	Add testing_aids dependency.
crates/cachet_tier/tests/tier.rs	Integration tests for CacheTier.
crates/cachet_tier/tests/entry.rs	Integration tests for CacheEntry.
crates/cachet_tier/src/tier.rs	Define core CacheTier trait.
crates/cachet_tier/src/testing.rs	Add MockCache test tier.
crates/cachet_tier/src/lib.rs	Crate entry / exports.
crates/cachet_tier/src/error.rs	Cache error type + helpers.
crates/cachet_tier/src/entry.rs	Cache entry value + TTL metadata.
crates/cachet_tier/src/dynamic.rs	Type-erased DynamicCache.
crates/cachet_tier/logo.png	Crate asset (LFS).
crates/cachet_tier/favicon.ico	Crate asset (LFS).
crates/cachet_tier/README.md	Crate documentation.
crates/cachet_tier/Cargo.toml	New crate manifest/features.
crates/cachet_tier/CHANGELOG.md	New changelog stub.
crates/cachet_service/tests/adapter.rs	Adapter integration tests.
crates/cachet_service/src/request.rs	Define service request/response types.
crates/cachet_service/src/lib.rs	Crate entry / exports.
crates/cachet_service/src/ext.rs	CacheServiceExt helpers.
crates/cachet_service/src/adapter.rs	ServiceAdapter implementation.
crates/cachet_service/logo.png	Crate asset (LFS).
crates/cachet_service/favicon.ico	Crate asset (LFS).
crates/cachet_service/README.md	Crate documentation.
crates/cachet_service/Cargo.toml	New crate manifest.
crates/cachet_service/CHANGELOG.md	New changelog stub.
crates/cachet_memory/tests/cache.rs	In-memory tier integration tests.
crates/cachet_memory/src/tier.rs	Moka-backed InMemoryCache tier.
crates/cachet_memory/src/lib.rs	Crate entry / exports.
crates/cachet_memory/src/builder.rs	InMemoryCacheBuilder API.
crates/cachet_memory/logo.png	Crate asset (LFS).
crates/cachet_memory/favicon.ico	Crate asset (LFS).
crates/cachet_memory/README.md	Crate documentation.
crates/cachet_memory/Cargo.toml	New crate manifest.
crates/cachet_memory/CHANGELOG.md	New changelog stub.
crates/cachet/tests/wrapper.rs	Cache wrapper integration tests.
crates/cachet/tests/future_size.rs	Future size regression tests.
crates/cachet/tests/builder.rs	Builder integration tests.
crates/cachet/src/wrapper.rs	Telemetry + TTL wrapper tier.
crates/cachet/src/telemetry/mod.rs	Telemetry module wiring.
crates/cachet/src/telemetry/metrics.rs	OTel meter/instrument builders.
crates/cachet/src/telemetry/ext.rs	Clock timing helper future.
crates/cachet/src/telemetry/config.rs	Telemetry configuration builder.
crates/cachet/src/telemetry/cache.rs	Telemetry recording logic + tests.
crates/cachet/src/telemetry/attributes.rs	Telemetry attribute constants.
crates/cachet/src/refresh.rs	Background refresh (TTR).
crates/cachet/src/lib.rs	Crate entry / feature exports.
crates/cachet/logo.png	Crate asset (LFS).
crates/cachet/favicon.ico	Crate asset (LFS).
crates/cachet/examples/wrapped.rs	Telemetry/TTL example.
crates/cachet/examples/stampede_protection.rs	Stampede protection example.
crates/cachet/examples/simple.rs	Basic cache usage example.
crates/cachet/examples/service_middleware_composition.rs	Middleware composition example.
crates/cachet/examples/service_as_storage.rs	Service-as-storage example.
crates/cachet/examples/refresh.rs	Refresh (TTR) example.
crates/cachet/examples/multi_tier_service.rs	Multi-tier + service example.
crates/cachet/examples/multi_tier.rs	Multi-tier promotion policy example.
crates/cachet/examples/mock_testing.rs	MockCache testing example.
crates/cachet/examples/get_or_insert.rs	Loading helper example.
crates/cachet/examples/fallback.rs	Fallback tier example.
crates/cachet/examples/error_handling.rs	Typed error handling example.
crates/cachet/examples/dynamic.rs	Dynamic cache type-erasure example.
crates/cachet/examples/cache_as_service.rs	Cache-as-service example.
crates/cachet/benches/refresh.rs	Refresh overhead benchmark.
crates/cachet/benches/operations.rs	Core ops + wrapper benchmark.
crates/cachet/benches/dynamic.rs	Dynamic dispatch benchmark.
crates/cachet/README.md	Crate documentation.
crates/cachet/Cargo.toml	New crate manifest/features.
crates/cachet/CHANGELOG.md	New changelog stub.
README.md	Add cachet + TOC tweaks.
Cargo.toml	Add new workspace crate deps.
CHANGELOG.md	Link cachet changelog.
.spelling	Add new terminology.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The output() docs claim it panics on invalid UTF-8, but the implementation uses String::from_utf8_lossy, which never panics. Please either switch to String::from_utf8(...).expect(...) if you want a panic, or update the docs to match the current behavior.

[Copilot]

LogCapture is described as "thread-local", but it stores logs in an Arc<Mutex<Vec<u8>>> and clones share the same buffer across threads. Either make the storage truly thread-local (e.g., thread_local!) or update the docs to describe it as a shared capture buffer used with thread-local subscriber installation.

[Copilot]

This comment says boxing stores a "16-byte pointer", but Box::pin(func()) here produces a Pin<Box<Fut>>, which is a thin pointer (typically 8 bytes on 64-bit). Consider correcting the comment to avoid misleading future maintainers (the broader point about reducing state machine size still holds).

[geeknoid]

Could you move all changes to non-cachet-related files to a stand-alone PR?

[geeknoid]

Shouldn't this just be:

Suggested change

	//! cache.insert(&"key".to_string(), CacheEntry::new(42)).await?;
	//! cache.insert("key", CacheEntry::new(42)).await?;

[geeknoid]

@martintmk I really wish this had a different name, like new_fake. I find new_frozen confusing at best...

@schgoo Might it be better to show a runtime API example, rather than a test one? So like new_tokio?

[geeknoid]

I think you want a much bigger intro here to sell why this is a good idea. Why multi-level caching, why background refresh, what flexibility does the crate provide, why use this instead of other caches, what is cache stampede and how is it avoided, what are the major types exposed by this crate, how do cache tiers compose and interact, what are the companion crates (the other cachet crates), etc.

[geeknoid]

Also, you should be describing all the cargo features

[geeknoid]

I think you should be making all the modules private and surface the few types you have in this crate all at the top as cachet::*

[geeknoid]

I don't think it's common to have a doc comment on top of an impl block. It shows up in a wierd place in the generated doc. And in this case, it's actually misleading to the user since the constructor isn't public.

I'd remove all comments on impl blocks througout the PR.

[geeknoid]

Why "S"? It's a CacheTier trait, so how about CT instead?

[geeknoid]

Explain the downsides. Why isn't every cache dynanically diapatched?

[geeknoid]

Why isn't this just a builder parameter? Are there scenarios where you have a cache for a while, and then decide to make it dynamic?

[schgoo]

Originally, obviously the difference was that the non-dynamic cache would not require any heap allocations, especially for futures. That has somewhat changed, because stack-allocating the cache futures resulted in huge future sizes (32KB+, bounded on the number of layers), as the Rust type system had to fight with all the possible states whene everything is wrapped in Result<Option<...>>, etc. The solution to this was to Box futures in the fallback tier to limit future sizes to size(L1 future) + size(pointer). At this point, there is a small benefit to not having a dynamic cache, in the event that you either:

1. Expect a high hit % on your L1 cache, which is stack-allocated, or
2. Your cache has no nesting to begin with.

So, since the argument that we should be using dynamic caches at all times has changed since I first added the dynamic cache, it's worth revisiting. Should we even allow non-dynamic caches?

[geeknoid]

Depends on the perf delta I think.

Could we pick a heuristic and figure this out ourselves? If the cache is a single tier, we don't do dynmic, otherwise we do? Or something along those lines?

[geeknoid]

Explain dynamic vs. non-dynamic caches.

[geeknoid]

Can we support Borrow semantics here so you can use a &str to lookup a cache that has String as key?

[geeknoid]

"remove" would probsbly be a better more normal name here.

I very much worry about the fact this is fallible. If I use a cache and need to remove stale data, like a revoked token, and the removal from cache fails, what am I supposed to do as an application? I think my only recourse would be to restart. Or I suppose I could maintain a separate in-memory cache of things that should have been removed but haven't, which seems like something this cache could handle internally. If you've ever had removal failures coming in, then record those failures and use them to prevent returning bad data to the caller. The TTL on this 'failed removals' cache just needs to be longer than the TTL of the original data and it should be reliable.

[schgoo]

I called it invalidate because I was using the Moka cache API as inspiration. I think there they were capturing the idea that invalidate doesn't return the removed entry, whereas remove does.

I agree it would be problematic for invalidate to fail but making it infallible might just mean that errors get swallowed in the cache implementation. At least this way, a user will know if it failed for some reason. You make a good point though that dealing with that failure might not be simple. Is your idea that we would make this method infallible at the call level, but fallible at the CacheTier level? Otherwise, we would have no way of knowing if the operation failed.

[geeknoid]

I think you leave it with the same fallible signature, but provide some feedback:

"When this returns an error, it is signaling that some cache tier has failed to remove the cache entry. You may wish to retry the call using normal retry semantics in order to attempt the removal again later. However, even when an error is returned, this particular cache instance will return NotFound for the supplied cache key for the duration of the TTL. Since cache tiers can be shared across process boundaries (like when a tier is Redis), a failure to remove an entry means that the entry msy remain visible to other processes."

Or something like that...

[geeknoid]

How does this interact with TTL?

When you return a count, can it include items which have already exceeded their TTL? If the TTL is checked primarily when someone calls get on a key, or TTL is checked periodically (like every minute), then len may return innacurate counts.

[schgoo]

Yes, it would be up to the CacheTier implementation to actually remove items that have exceeded their TTL, just as it's up to them to implement len. Potentially, we could fill this gap by adding another method on CacheTier to notify when an item is expired? Or we could just call invalidate on it.

[geeknoid]

I was really asking to document this imprecision to clarify to the user that this length value is a mere approximation of reality and doesn't take into account potentially evicted items. It is in fact a high-water mark more than an accurate count of the valid items in the cache.

Maybe this function deserves a different name?

[geeknoid]

Do you support any form of negative caching? That is, caching the fact a particular key is simply invalid and doesn't need to be tried against the SOT again.

[schgoo]

Yes, you can create a custom PromotionPolicy with a predicate match against your type V

[geeknoid]

Maybe advertise this as a key feature of the cache in your high-level overview, and show an example of this.

In particular, I would expect negative caching to happen when the callback in this try_xxx function returns an error. "DB said no permission" so cache that fact for me. How would the failure in the callback result in negative caching happening?

[geeknoid]

Maybe this crate should be called cachet_moka?

I hope we can design our own cache which is more scalable than moka. So it would be good not to 'hog' the name cachet_memory.

[schgoo]

Well, I was thinking we could just replace Moka with the new cache internally here without changing the API. Do you think that's unreasonable?

[geeknoid]

Sure, that's reasonable since the API is not very specialized. Then maybe stop mentioning "moka" in the docs? If it's not a guarantee of the design and it just an implementation detail, let's just hide that fact.

[geeknoid]

Same as the other crate, don't make the modules public.

[geeknoid]

Shouldn't we make the hasher configurable? There is a substantial perf difference between different hashers in the Rust world. The default hasher used by HashMap is quite slow, being optimized for protection against key attacks. Most caches don't need this protection and so could run considerably faster by using an alternate hashing algorithm.

[schgoo]

I can look into it

[geeknoid]

All three dependencies here should be using workspace = true

[geeknoid]

Suggested change

	cachet_memory = { path = "../cachet_memory", optional = true }
	cachet_service = { path = "../cachet_service", optional = true }
	cachet_tier = { path = "../cachet_tier" }
	cachet_memory = { workspace = true, optional = true }
	cachet_service = { workspace = true, optional = true }
	cachet_tier.workspace = true

[geeknoid]

Suggested change

	cachet_tier = { path = "../cachet_tier", features = ["test-util"] }
	cachet_tier = { workspace = true, features = ["test-util"] }

[geeknoid]

Suggested change

	testing_aids = { path = "../testing_aids" }
	testing_aids.workspace = true

[geeknoid]

Suggested change

	cachet_tier = { path = "../cachet_tier" }
	cachet_tier.workspace = true

[geeknoid]

default-feature is already set by the workspace-level Cargo.toml