bundis 0.1.0 → 0.2.0

package/README.md

@@ -60,17 +60,34 @@ await server.stop(); // kills the child and waits for exit
 
 Options for both: `host` (default `127.0.0.1`), `port` (default `6379`, `0` =
 ephemeral), `dbPath` (default `./data.db`, `":memory:"` for non-persistent),
-`password`, `reaperIntervalMs`. `spawnServer` additionally takes `bunPath` and
+`password`, `reaperIntervalMs`, `maxMemoryMb` (default `256` — overall memory
+budget: 50% SQLite page cache, 25% hot cache), `cacheMb` (hot-cache ceiling,
+default `maxMemoryMb/4`, `0` disables), `cacheIdleSec` (hot-cache base
+time-to-idle, default `300`). `spawnServer` additionally takes `bunPath` and
 `readyTimeoutMs`. The returned `url` already embeds the password when set.
 
+### Hot cache
+
+Every `SET` is written through to SQLite **and** kept in an in-memory hot cache;
+`GET`s served from memory skip SQLite entirely (~2.8x read throughput on hot
+working sets). Entries fall out after an idle period that grows with hit count
+(adaptive TTI, capped at 8x), under an LRU byte ceiling. The cache is a pure
+read accelerator — SQLite remains the source of truth, so durability and
+restart behavior are unchanged. Stats appear under `# Cache` in `INFO`.
+
 ### Standalone daemon — CLI
 
 ```bash
 bunx bundis --port 6379 --db ./data.db
 # (in this repo: bun run src/cli.ts)
-# flags (or env): --host/REDIS_HOST  --port/REDIS_PORT
+# flags (or env): --host/REDIS_HOST (default 127.0.0.1; use 0.0.0.0 to expose)
+#                 --port/REDIS_PORT
 #                 --db/REDIS_DB_PATH (":memory:" for in-memory)
 #                 --password/REDIS_PASSWORD
+#                 --max-memory-mb/REDIS_MAX_MEMORY_MB (default 256)
+#                 --cache-mb/REDIS_CACHE_MB (default maxMemory/4; 0 = off)
+#                 --cache-idle/REDIS_CACHE_IDLE_SEC (default 300)
+#                 --max-clients/REDIS_MAX_CLIENTS (default 10000)
 ```
 
 stdout prints one JSON ready line (`{"event":"bundis:ready",...}`);
@@ -89,12 +106,18 @@ await client.get("k"); // "v"
 - **String / numeric:** SET (EX/PX/EXAT/PXAT/NX/XX/KEEPTTL/GET), GET, GETSET,
   GETDEL, APPEND, STRLEN, DEL/UNLINK, EXISTS, INCR/DECR/INCRBY/DECRBY/INCRBYFLOAT
 - **Multi-key:** MGET, MSET, MSETNX, SETEX, PSETEX, SETNX
-- **Expiry:** EXPIRE, PEXPIRE, EXPIREAT, PEXPIREAT, TTL, PTTL, PERSIST
+- **Expiry:** EXPIRE/PEXPIRE/EXPIREAT/PEXPIREAT (with NX/XX/GT/LT), TTL, PTTL, PERSIST
 - **Hash:** HSET, HMSET, HSETNX, HGET, HMGET, HGETALL, HDEL, HEXISTS, HKEYS,
   HVALS, HLEN, HINCRBY, HINCRBYFLOAT
 - **Set:** SADD, SREM, SISMEMBER, SMEMBERS, SCARD, SRANDMEMBER, SPOP
 - **Pub/Sub:** SUBSCRIBE, UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB
 - **Transactions:** MULTI, EXEC, DISCARD, WATCH, UNWATCH
+- **Server/admin:** TYPE, DBSIZE, FLUSHDB, FLUSHALL, CONFIG GET/SET, COMMAND
+
+The only supported client is the stock `Bun.RedisClient`, which always speaks
+RESP3 — that is the wire-compatibility contract, and the server is RESP3-only by
+design. Default bind is `127.0.0.1`; set `--host 0.0.0.0` (ideally with
+`--password`) to expose the server beyond loopback.
 
 ## Test
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bundis",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "RESP3-compatible server backed by SQLite — works with the stock Bun.RedisClient",
   "license": "MIT",
   "type": "module",

package/src/cli.ts

@@ -36,3 +36,17 @@ function shutdown(): void {
 
 process.on("SIGINT", shutdown);
 process.on("SIGTERM", shutdown);
+
+// Last-resort backstop: log, try to close storage cleanly, exit non-zero.
+process.on("uncaughtException", (err) => {
+  console.error("bundis: uncaught exception:", err);
+  try {
+    running.stop();
+  } catch {
+    // already torn down
+  }
+  process.exit(1);
+});
+process.on("unhandledRejection", (err) => {
+  console.error("bundis: unhandled rejection:", err);
+});

package/src/commands/admin.ts

@@ -0,0 +1,108 @@
+/**
+ * Server/admin commands: TYPE, DBSIZE, FLUSHDB, FLUSHALL, CONFIG, COMMAND.
+ *
+ * These exist because real tooling sends them before doing anything useful:
+ * integration tests flush between cases, redis-cli probes TYPE/COMMAND on
+ * connect, and client libraries (BullMQ, connect-redis, health checks) read
+ * CONFIG GET at init. CONFIG SET is a lenient stub — it never honors
+ * security-sensitive parameters (dir, save, …); values are accepted and
+ * dropped so init-time probes succeed.
+ */
+
+import { R, type Reply } from "../resp/types";
+import { Errors } from "../engine/errors";
+import { commandCount } from "../dispatcher";
+import type { CommandContext } from "../engine/context";
+
+export function type(ctx: CommandContext): Reply {
+  ctx.requireExactArgc(1);
+  return R.simple(ctx.storage.typeOf(ctx.arg(0), ctx.nowMs) ?? "none");
+}
+
+export function dbsize(ctx: CommandContext): Reply {
+  ctx.requireExactArgc(0);
+  return R.int(ctx.storage.dbsize(ctx.nowMs));
+}
+
+/** FLUSHDB/FLUSHALL [ASYNC|SYNC] — single DB, so both clear everything. */
+export function flushall(ctx: CommandContext): Reply {
+  if (ctx.argc > 1) return R.error("ERR", "syntax error");
+  if (ctx.argc === 1) {
+    const mode = ctx.upper(0);
+    if (mode !== "ASYNC" && mode !== "SYNC") return R.error("ERR", "syntax error");
+  }
+  ctx.storage.flushAll();
+  return R.ok();
+}
+
+/** Values reported by CONFIG GET (kept truthful to the actual configuration). */
+function configValues(ctx: CommandContext): Record<string, string> {
+  return {
+    maxmemory: String(ctx.server.config.maxMemoryBytes),
+    "maxmemory-policy": "noeviction",
+    appendonly: "no",
+    save: "",
+    databases: "1",
+    "proto-max-bulk-len": String(512 * 1024 * 1024),
+  };
+}
+
+export function config(ctx: CommandContext): Reply {
+  ctx.requireArgc(1);
+  const sub = ctx.upper(0);
+  switch (sub) {
+    case "GET": {
+      ctx.requireArgc(2);
+      const values = configValues(ctx);
+      // Dedupe across overlapping patterns: each parameter appears at most once.
+      const matched = new Map<string, string>();
+      for (let i = 1; i < ctx.argc; i++) {
+        const pattern = ctx.str(i).toLowerCase();
+        for (const [name, value] of Object.entries(values)) {
+          if (globMatch(pattern, name)) matched.set(name, value);
+        }
+      }
+      return R.map([...matched].map(([name, value]) => [R.bulk(name), R.bulk(value)]));
+    }
+    case "SET":
+      // Lenient stub: accepted, never applied. Still validate arity like Redis
+      // (at least one name/value pair → an even number of trailing tokens).
+      if (ctx.argc < 3 || ctx.argc % 2 === 0) throw Errors.wrongArgs("config|set");
+      return R.ok();
+    case "RESETSTAT":
+    case "REWRITE":
+      return R.ok();
+    default:
+      return R.error("ERR", `Unknown CONFIG subcommand or wrong number of arguments for '${ctx.str(0)}'`);
+  }
+}
+
+export function command(ctx: CommandContext): Reply {
+  if (ctx.argc === 0) return R.array([]); // full introspection unsupported; empty is accepted by clients
+  switch (ctx.upper(0)) {
+    case "COUNT":
+      return R.int(commandCount());
+    case "DOCS":
+      return R.map([]);
+    case "INFO":
+      // One reply element per requested command name (nil = no details), so
+      // positional consumers that map request→reply slots stay aligned.
+      return R.array(Array.from({ length: Math.max(0, ctx.argc - 1) }, () => R.nullReply()));
+    case "GETKEYS":
+    case "GETKEYSANDFLAGS":
+      return R.error("ERR", "The command has no key arguments");
+    default:
+      return R.error(
+        "ERR",
+        `Unknown subcommand or wrong number of arguments for '${ctx.str(0)}'. Try COMMAND HELP.`,
+      );
+  }
+}
+
+/** Minimal glob: `*`, `?` (enough for CONFIG GET patterns). */
+function globMatch(pattern: string, s: string): boolean {
+  const re = new RegExp(
+    "^" + pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".") + "$",
+  );
+  return re.test(s);
+}

package/src/commands/expire.ts

@@ -1,32 +1,61 @@
 /**
  * Expiry commands (Phase 0): EXPIRE, PEXPIRE, EXPIREAT, PEXPIREAT, TTL, PTTL,
  * PERSIST. TTL/PTTL return -2 (missing), -1 (no expiry), or remaining time.
+ *
+ * EXPIRE-family commands accept one optional NX|XX|GT|LT flag (Redis ≥ 7.0):
+ * NX = only when no TTL exists, XX = only when one exists, GT/LT = only when
+ * the new expiry is later/earlier than the current one (a key without TTL
+ * counts as infinitely late, so GT never applies and LT always does).
  */
 
 import { R, type Reply } from "../resp/types";
+import { Errors } from "../engine/errors";
 import type { CommandContext } from "../engine/context";
 
 export function expire(ctx: CommandContext): Reply {
   ctx.requireArgc(2);
-  const atMs = ctx.nowMs + Number(ctx.int(1)) * 1000;
-  return R.int(ctx.storage.expireSet(ctx.arg(0), atMs, ctx.nowMs) ? 1 : 0);
+  return expireGeneric(ctx, ctx.nowMs + Number(ctx.int(1)) * 1000);
 }
 
 export function pexpire(ctx: CommandContext): Reply {
   ctx.requireArgc(2);
-  const atMs = ctx.nowMs + Number(ctx.int(1));
-  return R.int(ctx.storage.expireSet(ctx.arg(0), atMs, ctx.nowMs) ? 1 : 0);
+  return expireGeneric(ctx, ctx.nowMs + Number(ctx.int(1)));
 }
 
 export function expireat(ctx: CommandContext): Reply {
   ctx.requireArgc(2);
-  const atMs = Number(ctx.int(1)) * 1000;
-  return R.int(ctx.storage.expireSet(ctx.arg(0), atMs, ctx.nowMs) ? 1 : 0);
+  return expireGeneric(ctx, Number(ctx.int(1)) * 1000);
 }
 
 export function pexpireat(ctx: CommandContext): Reply {
   ctx.requireArgc(2);
-  const atMs = Number(ctx.int(1));
+  return expireGeneric(ctx, Number(ctx.int(1)));
+}
+
+function expireGeneric(ctx: CommandContext, atMs: number): Reply {
+  const flags: string[] = [];
+  for (let i = 2; i < ctx.argc; i++) {
+    const f = ctx.upper(i);
+    if (f !== "NX" && f !== "XX" && f !== "GT" && f !== "LT") throw Errors.syntax();
+    flags.push(f);
+  }
+  if (flags.includes("NX") && flags.length > 1) {
+    return R.error("ERR", "NX and XX, GT or LT options at the same time are not compatible");
+  }
+  if (flags.includes("GT") && flags.includes("LT")) {
+    return R.error("ERR", "GT and LT options at the same time are not compatible");
+  }
+  const flag = (flags[0] ?? null) as "NX" | "XX" | "GT" | "LT" | null;
+  if (flag !== null) {
+    const cur = ctx.storage.pttl(ctx.arg(0), ctx.nowMs);
+    if (cur === -2) return R.int(0); // missing key: no flag can apply
+    const hasTtl = cur >= 0;
+    const curAtMs = hasTtl ? ctx.nowMs + cur : Infinity; // no TTL = infinitely late
+    if (flag === "NX" && hasTtl) return R.int(0);
+    if (flag === "XX" && !hasTtl) return R.int(0);
+    if (flag === "GT" && atMs <= curAtMs) return R.int(0);
+    if (flag === "LT" && atMs >= curAtMs) return R.int(0);
+  }
   return R.int(ctx.storage.expireSet(ctx.arg(0), atMs, ctx.nowMs) ? 1 : 0);
 }
 

package/src/commands/handshake.ts

@@ -59,8 +59,12 @@ export function ping(ctx: CommandContext): Reply {
   return R.simple("PONG");
 }
 
-export function select(_ctx: CommandContext): Reply {
-  // Single logical DB; accept any index for client compatibility.
+export function select(ctx: CommandContext): Reply {
+  // Single logical DB (CLAUDE.md scope): index 0 is accepted, anything else is
+  // an honest error — silently mapping /1 onto /0's data would clobber it.
+  ctx.requireExactArgc(1);
+  const idx = Number(ctx.int(0));
+  if (idx !== 0) return R.error("ERR", "DB index is out of range");
   return R.ok();
 }
 
@@ -86,10 +90,29 @@ export function info(ctx: CommandContext): Reply {
     "# Clients",
     "connected_clients:1",
     "",
+    "# Memory",
+    `used_memory:${process.memoryUsage().rss}`,
+    `maxmemory:${ctx.server.config.maxMemoryBytes}`,
+    "maxmemory_policy:noeviction", // data lives in SQLite; only caches evict
+    "",
     "# Keyspace",
     `db0:keys=${ctx.storage.dbsize(ctx.nowMs)},expires=0,avg_ttl=0`,
     "",
   ];
+  const stats = (ctx.storage as { stats?: () => Record<string, number> }).stats?.();
+  if (stats) {
+    lines.push(
+      "# Cache",
+      `cache_entries:${stats.entries}`,
+      `cache_bytes:${stats.bytes}`,
+      `cache_max_bytes:${stats.maxBytes}`,
+      `cache_hits:${stats.hits}`,
+      `cache_misses:${stats.misses}`,
+      `cache_evicted_idle:${stats.evictedIdle}`,
+      `cache_evicted_lru:${stats.evictedLru}`,
+      "",
+    );
+  }
   return R.verbatim("txt", lines.join("\r\n"));
 }
 

package/src/commands/multikey.ts

@@ -44,15 +44,19 @@ export function msetnx(ctx: CommandContext): Reply {
 
 export function setex(ctx: CommandContext): Reply {
   ctx.requireExactArgc(3);
-  const atMs = ctx.nowMs + Number(ctx.int(1)) * 1000;
-  ctx.storage.kvSet(ctx.arg(0), ctx.arg(2), ctx.nowMs, { expireAtMs: atMs });
+  const seconds = Number(ctx.int(1));
+  if (seconds <= 0) throw Errors.invalidExpire("setex"); // Redis semantics
+  ctx.storage.kvSet(ctx.arg(0), ctx.arg(2), ctx.nowMs, {
+    expireAtMs: ctx.nowMs + seconds * 1000,
+  });
   return R.ok();
 }
 
 export function psetex(ctx: CommandContext): Reply {
   ctx.requireExactArgc(3);
-  const atMs = ctx.nowMs + Number(ctx.int(1));
-  ctx.storage.kvSet(ctx.arg(0), ctx.arg(2), ctx.nowMs, { expireAtMs: atMs });
+  const ms = Number(ctx.int(1));
+  if (ms <= 0) throw Errors.invalidExpire("psetex"); // Redis semantics
+  ctx.storage.kvSet(ctx.arg(0), ctx.arg(2), ctx.nowMs, { expireAtMs: ctx.nowMs + ms });
   return R.ok();
 }
 

package/src/commands/pubsub.ts

@@ -80,8 +80,12 @@ export function pubsub(ctx: CommandContext): Reply {
   ctx.requireArgc(1);
   const sub = ctx.upper(0);
   switch (sub) {
-    case "CHANNELS":
-      return R.array(ctx.server.hub.channelNames().map((c) => R.bulk(c)));
+    case "CHANNELS": {
+      const names = ctx.server.hub.channelNames();
+      const filtered =
+        ctx.argc >= 2 ? names.filter((c) => globMatch(ctx.str(1), c)) : names;
+      return R.array(filtered.map((c) => R.bulk(c)));
+    }
     case "NUMSUB": {
       const out: Reply[] = [];
       for (let i = 1; i < ctx.argc; i++) {
@@ -90,11 +94,30 @@ export function pubsub(ctx: CommandContext): Reply {
       }
       return R.array(out);
     }
+    case "NUMPAT":
+      if (ctx.argc !== 1) {
+        return R.error(
+          "ERR",
+          `Unknown PUBSUB subcommand or wrong number of arguments for '${ctx.str(0)}'`,
+        );
+      }
+      return R.int(ctx.server.hub.numPat());
     default:
-      return R.array([]);
+      return R.error(
+        "ERR",
+        `Unknown PUBSUB subcommand or wrong number of arguments for '${ctx.str(0)}'`,
+      );
   }
 }
 
+/** Minimal glob matcher (`*`, `?`) for PUBSUB CHANNELS [pattern]. */
+function globMatch(pattern: string, s: string): boolean {
+  const re = new RegExp(
+    "^" + pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".") + "$",
+  );
+  return re.test(s);
+}
+
 function rangeArgs(ctx: CommandContext, from: number): string[] {
   const out: string[] = [];
   for (let i = from; i < ctx.argc; i++) out.push(ctx.str(i));

package/src/commands/set.ts

@@ -7,6 +7,7 @@
  */
 
 import { R, type Reply } from "../resp/types";
+import { Errors } from "../engine/errors";
 import type { CommandContext } from "../engine/context";
 
 export function sadd(ctx: CommandContext): Reply {
@@ -36,6 +37,7 @@ export function scard(ctx: CommandContext): Reply {
 
 export function srandmember(ctx: CommandContext): Reply {
   ctx.requireArgc(1);
+  if (ctx.argc > 2) throw Errors.syntax();
   const hasCount = ctx.argOpt(1) !== undefined;
   const count = hasCount ? Number(ctx.int(1)) : null;
   const res = ctx.storage.sRandMember(ctx.arg(0), count, ctx.nowMs);
@@ -48,11 +50,15 @@ export function srandmember(ctx: CommandContext): Reply {
 
 export function spop(ctx: CommandContext): Reply {
   ctx.requireArgc(1);
+  if (ctx.argc > 2) throw Errors.syntax();
   const hasCount = ctx.argOpt(1) !== undefined;
   const count = hasCount ? Number(ctx.int(1)) : null;
+  if (count !== null && count < 0) {
+    return R.error("ERR", "value is out of range, must be positive");
+  }
   const res = ctx.storage.sPop(ctx.arg(0), count, ctx.nowMs);
   if (count === null) {
     return res === null ? R.nullReply() : R.bulk(res as Uint8Array);
   }
-  return R.set((res as Uint8Array[]).map((m) => R.bulk(m)));
+  return R.array((res as Uint8Array[]).map((m) => R.bulk(m)));
 }

package/src/commands/string.ts

@@ -24,14 +24,20 @@ export function set(ctx: CommandContext): Reply {
   while (ctx.argOpt(i) !== undefined) {
     const o = ctx.upper(i);
     switch (o) {
-      case "EX":
-        opts.expireAtMs = ctx.nowMs + Number(ctx.int(i + 1)) * 1000;
+      case "EX": {
+        const sec = Number(ctx.int(i + 1));
+        if (sec <= 0) throw Errors.invalidExpire("set"); // Redis semantics
+        opts.expireAtMs = ctx.nowMs + sec * 1000;
         i += 2;
         break;
-      case "PX":
-        opts.expireAtMs = ctx.nowMs + Number(ctx.int(i + 1));
+      }
+      case "PX": {
+        const ms = Number(ctx.int(i + 1));
+        if (ms <= 0) throw Errors.invalidExpire("set");
+        opts.expireAtMs = ctx.nowMs + ms;
         i += 2;
         break;
+      }
       case "EXAT":
         opts.expireAtMs = Number(ctx.int(i + 1)) * 1000;
         i += 2;
@@ -61,13 +67,20 @@ export function set(ctx: CommandContext): Reply {
     }
   }
 
-  let old: Uint8Array | null = null;
-  const result = ctx.storage.withTransaction(() => {
-    if (wantGet) old = ctx.storage.kvGet(key, ctx.nowMs);
-    return ctx.storage.kvSet(key, value, ctx.nowMs, opts);
-  });
-
-  if (wantGet) return R.bulk(old);
+  if (wantGet) {
+    // GET option returns the old value whether or not the write happened; it
+    // needs read-then-write atomicity, so the cache fill is suppressed inside
+    // this transaction (correct — a rollback must not cache a phantom).
+    let old: Uint8Array | null = null;
+    ctx.storage.withTransaction(() => {
+      old = ctx.storage.kvGet(key, ctx.nowMs);
+      ctx.storage.kvSet(key, value, ctx.nowMs, opts);
+    });
+    return R.bulk(old);
+  }
+  // Plain SET: kvSet is already internally transactional, so we DON'T wrap it —
+  // wrapping would set #inTxn and suppress the hot-cache write-through fill.
+  const result = ctx.storage.kvSet(key, value, ctx.nowMs, opts);
   return result === "set" ? R.ok() : R.nullReply();
 }
 

package/src/commands/transaction.ts

@@ -12,7 +12,7 @@ import { R, type Reply } from "../resp/types";
 import { Errors } from "../engine/errors";
 import { executeCore } from "../dispatcher";
 import type { CommandContext } from "../engine/context";
-import { hashKey, type WatchSnapshot } from "../sidecar/watch";
+import { hashKey, releaseSnapshot, type WatchSnapshot } from "../sidecar/watch";
 
 export function multi(ctx: CommandContext): Reply {
   if (ctx.conn.txn) return R.error("ERR", "MULTI calls can not be nested");
@@ -23,7 +23,7 @@ export function multi(ctx: CommandContext): Reply {
 export function discard(ctx: CommandContext): Reply {
   if (!ctx.conn.txn) throw Errors.discardWithoutMulti();
   ctx.conn.txn = null;
-  ctx.conn.watch = null;
+  clearWatch(ctx);
   return R.ok();
 }
 
@@ -34,14 +34,14 @@ export function exec(ctx: CommandContext): Reply {
   conn.txn = null;
 
   if (txn.error) {
-    conn.watch = null;
+    clearWatch(ctx);
     throw Errors.execAbort();
   }
   if (conn.watch && isWatchDirty(conn.watch, ctx)) {
-    conn.watch = null;
+    clearWatch(ctx);
     return R.nullReply(); // a watched key changed → abort
   }
-  conn.watch = null;
+  clearWatch(ctx);
 
   const results = ctx.storage.withTransaction(() =>
     txn.queued.map((cmd) => {
@@ -58,28 +58,38 @@ export function watch(ctx: CommandContext): Reply {
   const snap: WatchSnapshot = ctx.conn.watch ?? new Map();
   for (let i = 0; i < ctx.argc; i++) {
     const key = ctx.arg(i);
-    snap.set(hashKey(key), { key, version: ctx.server.watch.version(key) });
+    const k = hashKey(key);
+    if (snap.has(k)) continue; // already watched: keep the earlier snapshot
+    snap.set(k, { key, version: ctx.server.watch.acquire(key) });
   }
   ctx.conn.watch = snap;
   return R.ok();
 }
 
 export function unwatch(ctx: CommandContext): Reply {
-  ctx.conn.watch = null;
+  clearWatch(ctx);
   return R.ok();
 }
 
 export function reset(ctx: CommandContext): Reply {
   ctx.conn.txn = null;
-  ctx.conn.watch = null;
+  clearWatch(ctx);
   ctx.server.hub.drop(ctx.conn);
   ctx.conn.state = "READY";
   return R.simple("RESET");
 }
 
+/** Drop the connection's WATCH snapshot, releasing registry interest. */
+function clearWatch(ctx: CommandContext): void {
+  if (ctx.conn.watch) {
+    releaseSnapshot(ctx.server.watch, ctx.conn.watch);
+    ctx.conn.watch = null;
+  }
+}
+
 function isWatchDirty(snap: WatchSnapshot, ctx: CommandContext): boolean {
   for (const { key, version } of snap.values()) {
-    if (ctx.server.watch.version(key) !== version) return true;
+    if (ctx.server.watch.peek(key) !== version) return true;
   }
   return false;
 }

package/src/config.ts

@@ -2,10 +2,14 @@
  * Server configuration, resolved from CLI flags and environment.
  *
  * Precedence: CLI flag > env var > default. Kept tiny and dependency-free.
- *   --host / REDIS_HOST          (default 0.0.0.0)
+ *   --host / REDIS_HOST          (default 127.0.0.1; use 0.0.0.0 to expose)
  *   --port / REDIS_PORT          (default 6379; 0 = ephemeral, used by tests)
  *   --db   / REDIS_DB_PATH       (default ./data.db; ":memory:" for in-memory)
  *   --password / REDIS_PASSWORD  (default none → AUTH always succeeds)
+ *   --max-memory-mb / REDIS_MAX_MEMORY_MB (default 256 — overall budget:
+ *       50% SQLite page cache, 25% hot cache unless --cache-mb given)
+ *   --cache-mb / REDIS_CACHE_MB  (default: maxMemory/4; 0 disables hot cache)
+ *   --cache-idle / REDIS_CACHE_IDLE_SEC (default 300 — hot-cache base TTI)
  */
 
 export interface ServerConfig {
@@ -15,17 +19,40 @@ export interface ServerConfig {
   password: string | null;
   /** Active-expiry sweep interval in ms. */
   reaperIntervalMs: number;
+  /** Max simultaneous client connections. */
+  maxClients: number;
+  /**
+   * Overall memory budget for the server in bytes. A budget, not a hard OS
+   * limit: it sizes the SQLite page cache (50%) and, when --cache-mb is not
+   * given, the hot cache (25%); the rest is headroom for connections/JS heap.
+   */
+  maxMemoryBytes: number;
+  /** Hot-cache byte ceiling; 0 disables the in-memory cache. */
+  cacheMaxBytes: number;
+  /** Hot-cache base time-to-idle in ms. */
+  cacheIdleMs: number;
 }
 
 export function loadConfig(argv: string[] = Bun.argv.slice(2)): ServerConfig {
   const flags = parseFlags(argv);
   const env = Bun.env;
+  const MB = 1024 * 1024;
+  const maxMemoryMb = int(flags["max-memory-mb"] ?? env.REDIS_MAX_MEMORY_MB, 256);
+  // Unless set explicitly, the hot cache takes 25% of the overall budget.
+  const cacheMbRaw = flags["cache-mb"] ?? env.REDIS_CACHE_MB;
+  const cacheMb = cacheMbRaw !== undefined ? int(cacheMbRaw, 64) : Math.floor(maxMemoryMb / 4);
   return {
-    host: flags.host ?? env.REDIS_HOST ?? "0.0.0.0",
+    // Loopback by default: exposing a (possibly password-less) server to the
+    // LAN must be an explicit decision (--host 0.0.0.0).
+    host: flags.host ?? env.REDIS_HOST ?? "127.0.0.1",
     port: int(flags.port ?? env.REDIS_PORT, 6379),
     dbPath: flags.db ?? env.REDIS_DB_PATH ?? "./data.db",
     password: flags.password ?? env.REDIS_PASSWORD ?? null,
     reaperIntervalMs: int(flags.reaper ?? env.REDIS_REAPER_MS, 100),
+    maxClients: int(flags["max-clients"] ?? env.REDIS_MAX_CLIENTS, 10_000),
+    maxMemoryBytes: maxMemoryMb * MB,
+    cacheMaxBytes: cacheMb * MB,
+    cacheIdleMs: int(flags["cache-idle"] ?? env.REDIS_CACHE_IDLE_SEC, 300) * 1000,
   };
 }