jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4360a17dd3
stemedb/applications/aphoria/dogfood/cachewrap/docs/sources/aws-elasticache.md
jml e758f2ebfb feat(aphoria): implement programmatic extractors for Option<T> semantics 
Completes Task #3 of httpclient dogfooding with 100% detection rate (7/7 violations).

## New Extractors

- **OptionBoundsExtractor**: Detects Option<T> fields set to None (unbounded)
- **OptionValueExtractor**: Extracts values from Some(n) for threshold checks

Both extractors use context-aware pattern matching to understand Rust Option<T>
semantics, which declarative extractors cannot handle.

## Implementation

**Files Created**:
- applications/aphoria/src/extractors/option_bounds.rs (257 lines)
- applications/aphoria/src/extractors/option_value.rs (277 lines)
- applications/aphoria/docs/examples/extractors/programmatic-option-semantics.md

**Files Modified**:
- applications/aphoria/src/extractors/mod.rs - Added module declarations
- applications/aphoria/src/extractors/registry.rs - Registered extractors
- applications/aphoria/dogfood/httpclient/.aphoria/claims.toml - Added 4 claims
- applications/aphoria/dogfood/httpclient/TASK-1-SUMMARY.md - Task #3 completion

## Results

| Metric | Value |
|--------|-------|
| Detection Rate | 100% (7/7 violations) |
| Improvement | +29 percentage points (from 71%) |
| New Violations | 2 (max_redirects, max_retries unbounded) |
| Unit Tests | 13 (all passing) |

## Two-Claim Strategy

For each bounded Option<T> field:
1. **configured** claim - Detects None (unbounded)
2. **max_value** claim - Validates Some(n) threshold

Example:
- `max_redirects: None` → CONFLICT (not configured)
- `max_redirects: Some(20)` → CONFLICT (exceeds 10)
- `max_redirects: Some(5)` → PASS

## Enterprise Quality

✓ Proper error handling (no unwrap/expect)
✓ Comprehensive tests (6+7 unit tests)
✓ Full documentation with examples
✓ Reusable for 10+ similar patterns
✓ Screening patterns for performance

## Cachewrap Dogfood

Also includes complete cachewrap dogfood exercise:
- 10 claims for Redis cache wrapper
- Day 1-5 summaries
- Full retrospective and evaluation
- Declarative extractors for all patterns

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 06:43:10 +00:00

3.9 KiB
Raw Blame History

AWS ElastiCache Best Practices - Key Excerpts for Cache Client

Authority Tier: Tier 2 (Vendor) Source: https://docs.aws.amazon.com/elasticache/ Relevance: Official AWS guidance on security, performance, monitoring for Redis/Memcached

Security Best Practices

User fills in: Fetch AWS ElastiCache security documentation

Look for sections on:

  • Encryption in transit (TLS)
  • Authentication (Redis AUTH)
  • Network isolation (VPC)
  • Credential management

Key Claims:

  • cache/tls_verification :: required = true

    • Consequence: Disabled TLS verification enables MITM attacks - attacker intercepts cache traffic

  • cache/credentials :: storage = "environment"

    • Consequence: Hardcoded credentials in code leak via version control

  • cache/auth_enabled :: required = true

    • Consequence: No authentication allows unauthorized cache access

Performance Tuning

User fills in: Fetch AWS ElastiCache performance best practices

Look for:

  • Connection pooling recommendations
  • Timeout configurations
  • Cache hit/miss optimization
  • Eviction policy selection

Key Claims:

  • cache/connection_pool/max_size :: recommended = 50

    • Consequence: Too small pool causes connection contention, too large exhausts resources

  • cache/timeout :: recommended = 5000

    • Consequence: Excessive timeout (e.g., 60s) causes request queuing during failures

  • cache/read_timeout :: required = true

    • Consequence: No read timeout causes indefinite blocking on slow responses

Monitoring and Metrics

User fills in: Fetch AWS ElastiCache monitoring documentation

Look for:

  • CloudWatch metrics (CacheHits, CacheMisses, Evictions)
  • Recommended alarms
  • Performance baseline establishment

Key Claims:

  • cache/metrics/hit_rate :: required = true

    • Consequence: No hit/miss tracking prevents debugging cache effectiveness

  • cache/metrics/evictions :: required = true

    • Consequence: No eviction metrics hides memory pressure issues

  • cache/metrics/latency :: required = true

    • Consequence: No latency tracking prevents SLA violation detection

High Availability

User fills in: Fetch AWS ElastiCache HA documentation

Look for:

  • Multi-AZ deployment
  • Automatic failover
  • Backup and restore

Key Claims:

  • cache/circuit_breaker :: recommended = true

    • Consequence: No circuit breaker causes cascade failures when cache is down

  • cache/fallback_strategy :: required = true

    • Consequence: No fallback means cache outage = application outage

Common Pitfalls (from AWS docs)

User fills in: Search AWS documentation for "common mistakes", "troubleshooting", "gotchas"

Example pitfalls:

  • Not using connection pooling
  • Oversized keys/values
  • Missing TTL causing memory leaks
  • No eviction policy

Key Claims:

  • cache/value_size :: maximum = 1048576 # 1 MB

    • Consequence: Oversized values degrade performance and waste memory

  • cache/key_prefix :: required = true

    • Consequence: No key prefixing causes collisions in shared cache instances

Extraction Guide

  1. Navigate to AWS docs:

    open https://docs.aws.amazon.com/elasticache/

  2. Search for key sections:

    • Security: Encryption, authentication
    • Performance: Connection pooling, timeouts
    • Monitoring: CloudWatch metrics, alarms
    • Best practices: Common pitfalls

  3. Extract official recommendations:

    • Look for "AWS recommends..." or "Best practice is..."
    • Note consequences from troubleshooting guides
    • Document metric thresholds

  4. Map to concept paths:

    • cache/tls_verification
    • cache/metrics/hit_rate
    • cache/circuit_breaker
    • cache/connection_pool/max_size

  5. Add to claims with provenance:

    • Provenance: "AWS ElastiCache Best Practices Guide - Security Section"
    • Link to specific AWS doc page