layercache 1.2.2 → 1.2.3

package/dist/index.js

@@ -1,11 +1,11 @@
 import {
   RedisTagIndex
-} from "./chunk-IXCMHVHP.js";
+} from "./chunk-QHWG7QS5.js";
 import {
   MemoryLayer,
   TagIndex,
   createHonoCacheMiddleware
-} from "./chunk-46UH7LNM.js";
+} from "./chunk-KOYGHLVP.js";
 import {
   PatternMatcher,
   createStoredValueEnvelope,
@@ -15,7 +15,7 @@ import {
   remainingStoredTtlSeconds,
   resolveStoredValue,
   unwrapStoredValue
-} from "./chunk-ZMDB5KOK.js";
+} from "./chunk-7V7XAB74.js";
 
 // src/CacheStack.ts
 import { EventEmitter } from "events";
@@ -360,8 +360,9 @@ var CircuitBreakerManager = class {
 
 // src/internal/FetchRateLimiter.ts
 var FetchRateLimiter = class {
-  queue = [];
   buckets = /* @__PURE__ */ new Map();
+  queuesByBucket = /* @__PURE__ */ new Map();
+  pendingBuckets = /* @__PURE__ */ new Set();
   fetcherBuckets = /* @__PURE__ */ new WeakMap();
   nextFetcherBucketId = 0;
   drainTimer;
@@ -374,13 +375,17 @@ var FetchRateLimiter = class {
       return task();
     }
     return new Promise((resolve2, reject) => {
-      this.queue.push({
-        bucketKey: this.resolveBucketKey(normalized, context),
+      const bucketKey = this.resolveBucketKey(normalized, context);
+      const queue = this.queuesByBucket.get(bucketKey) ?? [];
+      queue.push({
+        bucketKey,
         options: normalized,
         task,
         resolve: resolve2,
         reject
       });
+      this.queuesByBucket.set(bucketKey, queue);
+      this.pendingBuckets.add(bucketKey);
       this.drain();
     });
   }
@@ -423,22 +428,30 @@ var FetchRateLimiter = class {
       clearTimeout(this.drainTimer);
       this.drainTimer = void 0;
     }
-    while (this.queue.length > 0) {
-      let nextIndex = -1;
+    while (this.pendingBuckets.size > 0) {
+      let nextBucketKey;
       let nextWaitMs = Number.POSITIVE_INFINITY;
-      for (let index = 0; index < this.queue.length; index += 1) {
-        const next2 = this.queue[index];
+      for (const bucketKey of this.pendingBuckets) {
+        const queue2 = this.queuesByBucket.get(bucketKey);
+        if (!queue2 || queue2.length === 0) {
+          this.pendingBuckets.delete(bucketKey);
+          this.queuesByBucket.delete(bucketKey);
+          continue;
+        }
+        const next2 = queue2[0];
         if (!next2) {
+          this.pendingBuckets.delete(bucketKey);
+          this.queuesByBucket.delete(bucketKey);
           continue;
         }
-        const waitMs = this.waitTime(next2.bucketKey, next2.options);
+        const waitMs = this.waitTime(bucketKey, next2.options);
         if (waitMs <= 0) {
-          nextIndex = index;
+          nextBucketKey = bucketKey;
           break;
         }
         nextWaitMs = Math.min(nextWaitMs, waitMs);
       }
-      if (nextIndex < 0) {
+      if (!nextBucketKey) {
         if (Number.isFinite(nextWaitMs)) {
           this.drainTimer = setTimeout(() => {
             this.drainTimer = void 0;
@@ -448,15 +461,32 @@ var FetchRateLimiter = class {
         }
         return;
       }
-      const next = this.queue.splice(nextIndex, 1)[0];
+      const queue = this.queuesByBucket.get(nextBucketKey);
+      const next = queue?.shift();
       if (!next) {
-        return;
+        this.pendingBuckets.delete(nextBucketKey);
+        this.queuesByBucket.delete(nextBucketKey);
+        continue;
+      }
+      if (!queue || queue.length === 0) {
+        this.pendingBuckets.delete(nextBucketKey);
+        this.queuesByBucket.delete(nextBucketKey);
       }
       const bucket = this.bucketState(next.bucketKey);
+      if (bucket.cleanupTimer) {
+        clearTimeout(bucket.cleanupTimer);
+        bucket.cleanupTimer = void 0;
+      }
       bucket.active += 1;
-      bucket.startedAt.push(Date.now());
+      if (next.options.intervalMs && next.options.maxPerInterval) {
+        bucket.startedAt.push(Date.now());
+      }
       void next.task().then(next.resolve, next.reject).finally(() => {
         bucket.active -= 1;
+        if ((this.queuesByBucket.get(next.bucketKey)?.length ?? 0) > 0) {
+          this.pendingBuckets.add(next.bucketKey);
+        }
+        this.cleanupBucket(next.bucketKey, bucket, next.options.intervalMs);
         this.drain();
       });
     }
@@ -498,6 +528,31 @@ var FetchRateLimiter = class {
     this.buckets.set(bucketKey, bucket);
     return bucket;
   }
+  cleanupBucket(bucketKey, bucket, intervalMs) {
+    const queued = this.queuesByBucket.get(bucketKey)?.length ?? 0;
+    if (queued === 0 && bucket.active === 0 && bucket.startedAt.length === 0) {
+      this.buckets.delete(bucketKey);
+      this.queuesByBucket.delete(bucketKey);
+      this.pendingBuckets.delete(bucketKey);
+      return;
+    }
+    if (!intervalMs || bucket.active > 0 || queued > 0) {
+      return;
+    }
+    if (bucket.cleanupTimer) {
+      clearTimeout(bucket.cleanupTimer);
+    }
+    bucket.cleanupTimer = setTimeout(() => {
+      bucket.cleanupTimer = void 0;
+      this.prune(bucket, Date.now(), intervalMs);
+      if (bucket.active === 0 && bucket.startedAt.length === 0 && (this.queuesByBucket.get(bucketKey)?.length ?? 0) === 0) {
+        this.buckets.delete(bucketKey);
+        this.queuesByBucket.delete(bucketKey);
+        this.pendingBuckets.delete(bucketKey);
+      }
+    }, intervalMs);
+    bucket.cleanupTimer.unref?.();
+  }
 };
 
 // src/internal/MetricsCollector.ts
@@ -686,6 +741,41 @@ var TtlResolver = class {
   }
 };
 
+// src/serialization/JsonSerializer.ts
+var DANGEROUS_JSON_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
+var JsonSerializer = class {
+  serialize(value) {
+    return JSON.stringify(value);
+  }
+  deserialize(payload) {
+    const normalized = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
+    return sanitizeJsonValue(JSON.parse(normalized), 0);
+  }
+};
+var MAX_SANITIZE_DEPTH = 200;
+function sanitizeJsonValue(value, depth) {
+  if (depth > MAX_SANITIZE_DEPTH) {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.map((entry) => sanitizeJsonValue(entry, depth + 1));
+  }
+  if (!isPlainObject(value)) {
+    return value;
+  }
+  const sanitized = {};
+  for (const [key, entry] of Object.entries(value)) {
+    if (DANGEROUS_JSON_KEYS.has(key)) {
+      continue;
+    }
+    sanitized[key] = sanitizeJsonValue(entry, depth + 1);
+  }
+  return sanitized;
+}
+function isPlainObject(value) {
+  return Object.prototype.toString.call(value) === "[object Object]";
+}
+
 // src/stampede/StampedeGuard.ts
 import { Mutex as Mutex2 } from "async-mutex";
 var StampedeGuard = class {
@@ -696,7 +786,8 @@ var StampedeGuard = class {
       return await entry.mutex.runExclusive(task);
     } finally {
       entry.references -= 1;
-      if (entry.references === 0 && !entry.mutex.isLocked()) {
+      const current = this.mutexes.get(key);
+      if (current === entry && entry.references === 0 && !entry.mutex.isLocked()) {
         this.mutexes.delete(key);
       }
     }
@@ -726,8 +817,10 @@ var CacheMissError = class extends Error {
 var DEFAULT_SINGLE_FLIGHT_LEASE_MS = 3e4;
 var DEFAULT_SINGLE_FLIGHT_TIMEOUT_MS = 5e3;
 var DEFAULT_SINGLE_FLIGHT_POLL_MS = 50;
+var DEFAULT_BACKGROUND_REFRESH_TIMEOUT_MS = 3e4;
 var MAX_CACHE_KEY_LENGTH = 1024;
 var DEFAULT_MAX_PROFILE_ENTRIES = 1e5;
+var DANGEROUS_OBJECT_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
 var DebugLogger = class {
   enabled;
   constructor(enabled) {
@@ -774,6 +867,21 @@ var CacheStack = class extends EventEmitter {
     const debugEnv = process.env.DEBUG?.split(",").includes("layercache:debug") ?? false;
     this.logger = typeof options.logger === "object" ? options.logger : new DebugLogger(Boolean(options.logger) || debugEnv);
     this.tagIndex = options.tagIndex ?? new TagIndex();
+    if (!options.tagIndex && layers.some((layer) => layer.isLocal === false)) {
+      this.logger.warn?.(
+        "Using the default in-memory TagIndex with a shared cache layer only tracks keys seen by this process. Use RedisTagIndex for cross-instance tag invalidation."
+      );
+    }
+    if (!options.tagIndex && layers.some((layer) => layer.isLocal === false && !layer.keys)) {
+      this.logger.warn?.(
+        "Using the default in-memory TagIndex with a shared cache layer that does not implement keys() can leave invalidateByPattern() and invalidateByPrefix() incomplete after restarts. Use RedisTagIndex or implement keys() on the shared layer."
+      );
+    }
+    if (options.invalidationBus && options.broadcastL1Invalidation === void 0 && options.publishSetInvalidation === void 0) {
+      this.logger.warn?.(
+        "broadcastL1Invalidation defaults to false when an invalidation bus is configured; opt in explicitly if write-triggered L1 invalidation is desired."
+      );
+    }
     this.initializeWriteBehind(options.writeBehind);
     this.startup = this.initialize();
   }
@@ -787,6 +895,7 @@ var CacheStack = class extends EventEmitter {
   logger;
   tagIndex;
   fetchRateLimiter = new FetchRateLimiter();
+  snapshotSerializer = new JsonSerializer();
   backgroundRefreshes = /* @__PURE__ */ new Map();
   layerDegradedUntil = /* @__PURE__ */ new Map();
   ttlResolver;
@@ -795,6 +904,7 @@ var CacheStack = class extends EventEmitter {
   writeBehindQueue = [];
   writeBehindTimer;
   writeBehindFlushPromise;
+  generationCleanupPromise;
   isDisconnecting = false;
   disconnectPromise;
   /**
@@ -807,6 +917,9 @@ var CacheStack = class extends EventEmitter {
     const normalizedKey = this.qualifyKey(this.validateCacheKey(key));
     this.validateWriteOptions(options);
     await this.awaitStartup("get");
+    return this.getPrepared(normalizedKey, fetcher, options);
+  }
+  async getPrepared(normalizedKey, fetcher, options) {
     const hit = await this.readFromLayers(normalizedKey, options, "allow-stale");
     if (hit.found) {
       this.ttlResolver.recordAccess(normalizedKey);
@@ -884,6 +997,7 @@ var CacheStack = class extends EventEmitter {
             return true;
           }
         } catch {
+          await this.reportRecoverableLayerFailure(layer, "has", new Error(`has() failed for layer "${layer.name}"`));
         }
       } else {
         try {
@@ -891,7 +1005,8 @@ var CacheStack = class extends EventEmitter {
           if (value !== null) {
             return true;
           }
-        } catch {
+        } catch (error) {
+          await this.reportRecoverableLayerFailure(layer, "has", error);
         }
       }
     }
@@ -983,13 +1098,14 @@ var CacheStack = class extends EventEmitter {
     normalizedEntries.forEach((entry) => this.validateWriteOptions(entry.options));
     const canFastPath = normalizedEntries.every((entry) => entry.fetch === void 0 && entry.options === void 0);
     if (!canFastPath) {
+      await this.awaitStartup("mget");
       const pendingReads = /* @__PURE__ */ new Map();
       return Promise.all(
         normalizedEntries.map((entry) => {
           const optionsSignature = this.serializeOptions(entry.options);
           const existing = pendingReads.get(entry.key);
           if (!existing) {
-            const promise = this.get(entry.key, entry.fetch, entry.options);
+            const promise = this.getPrepared(entry.key, entry.fetch, entry.options);
             pendingReads.set(entry.key, {
               promise,
               fetch: entry.fetch,
@@ -1128,14 +1244,14 @@ var CacheStack = class extends EventEmitter {
   }
   async invalidateByPattern(pattern) {
     await this.awaitStartup("invalidateByPattern");
-    const keys = await this.tagIndex.matchPattern(this.qualifyPattern(pattern));
+    const keys = await this.collectKeysMatchingPattern(this.qualifyPattern(pattern));
     await this.deleteKeys(keys);
     await this.publishInvalidation({ scope: "keys", keys, sourceId: this.instanceId, operation: "invalidate" });
   }
   async invalidateByPrefix(prefix) {
     await this.awaitStartup("invalidateByPrefix");
     const qualifiedPrefix = this.qualifyKey(this.validateCacheKey(prefix));
-    const keys = this.tagIndex.keysForPrefix ? await this.tagIndex.keysForPrefix(qualifiedPrefix) : await this.tagIndex.matchPattern(`${qualifiedPrefix}*`);
+    const keys = await this.collectKeysWithPrefix(qualifiedPrefix);
     await this.deleteKeys(keys);
     await this.publishInvalidation({ scope: "keys", keys, sourceId: this.instanceId, operation: "invalidate" });
   }
@@ -1185,9 +1301,18 @@ var CacheStack = class extends EventEmitter {
       })
     );
   }
+  /**
+   * Rotates the active generation prefix used for all future cache keys.
+   * Previous-generation keys remain in the underlying layers until they expire,
+   * unless `generationCleanup` is enabled to prune them in the background.
+   */
   bumpGeneration(nextGeneration) {
     const current = this.currentGeneration ?? 0;
+    const previousGeneration = this.currentGeneration;
     this.currentGeneration = nextGeneration ?? current + 1;
+    if (previousGeneration !== void 0 && previousGeneration !== this.currentGeneration && this.shouldCleanupGenerations()) {
+      this.scheduleGenerationCleanup(previousGeneration);
+    }
     return this.currentGeneration;
   }
   /**
@@ -1271,27 +1396,28 @@ var CacheStack = class extends EventEmitter {
     this.assertActive("persistToFile");
     const snapshot = await this.exportState();
     const { promises: fs2 } = await import("fs");
-    await fs2.writeFile(filePath, JSON.stringify(snapshot, null, 2), "utf8");
+    await fs2.writeFile(await this.validateSnapshotFilePath(filePath), JSON.stringify(snapshot, null, 2), "utf8");
   }
   async restoreFromFile(filePath) {
     this.assertActive("restoreFromFile");
     const { promises: fs2 } = await import("fs");
-    const raw = await fs2.readFile(filePath, "utf8");
+    const raw = await fs2.readFile(await this.validateSnapshotFilePath(filePath), "utf8");
     let parsed;
     try {
-      parsed = JSON.parse(raw, (_key, value) => {
-        if (value !== null && typeof value === "object" && !Array.isArray(value)) {
-          return Object.assign(/* @__PURE__ */ Object.create(null), value);
-        }
-        return value;
-      });
+      parsed = JSON.parse(raw);
     } catch (cause) {
       throw new Error(`Invalid snapshot file: could not parse JSON (${this.formatError(cause)})`);
     }
     if (!this.isCacheSnapshotEntries(parsed)) {
       throw new Error("Invalid snapshot file: expected an array of { key: string, value, ttl? } entries");
     }
-    await this.importState(parsed);
+    await this.importState(
+      parsed.map((entry) => ({
+        key: entry.key,
+        value: this.sanitizeSnapshotValue(entry.value),
+        ttl: entry.ttl
+      }))
+    );
   }
   async disconnect() {
     if (!this.disconnectPromise) {
@@ -1300,6 +1426,7 @@ var CacheStack = class extends EventEmitter {
         await this.startup;
         await this.unsubscribeInvalidation?.();
         await this.flushWriteBehindQueue();
+        await this.generationCleanupPromise;
         await Promise.allSettled([...this.backgroundRefreshes.values()]);
         if (this.writeBehindTimer) {
           clearInterval(this.writeBehindTimer);
@@ -1383,8 +1510,14 @@ var CacheStack = class extends EventEmitter {
       await this.storeEntry(key, "empty", null, options);
       return null;
     }
-    if (options?.shouldCache && !options.shouldCache(fetched)) {
-      return fetched;
+    if (options?.shouldCache) {
+      try {
+        if (!options.shouldCache(fetched)) {
+          return fetched;
+        }
+      } catch (error) {
+        this.logger.warn?.("shouldCache-error", { key, error: this.formatError(error) });
+      }
     }
     await this.storeEntry(key, "value", fetched, options);
     return fetched;
@@ -1611,7 +1744,7 @@ var CacheStack = class extends EventEmitter {
     const refresh = (async () => {
       this.metricsCollector.increment("refreshes");
       try {
-        await this.fetchWithGuards(key, fetcher, options);
+        await this.runBackgroundRefresh(key, fetcher, options);
       } catch (error) {
         this.metricsCollector.increment("refreshErrors");
         this.logger.debug?.("refresh-error", { key, error: this.formatError(error) });
@@ -1621,6 +1754,16 @@ var CacheStack = class extends EventEmitter {
     })();
     this.backgroundRefreshes.set(key, refresh);
   }
+  async runBackgroundRefresh(key, fetcher, options) {
+    const timeoutMs = this.options.backgroundRefreshTimeoutMs ?? DEFAULT_BACKGROUND_REFRESH_TIMEOUT_MS;
+    await this.fetchWithGuards(
+      key,
+      () => this.withTimeout(fetcher(), timeoutMs, () => {
+        return new Error(`Background refresh timed out after ${timeoutMs}ms for key "${key}".`);
+      }),
+      options
+    );
+  }
   resolveSingleFlightOptions() {
     return {
       leaseMs: this.options.singleFlightLeaseMs ?? DEFAULT_SINGLE_FLIGHT_LEASE_MS,
@@ -1688,8 +1831,120 @@ var CacheStack = class extends EventEmitter {
   sleep(ms) {
     return new Promise((resolve2) => setTimeout(resolve2, ms));
   }
+  async withTimeout(promise, timeoutMs, onTimeout) {
+    if (timeoutMs <= 0) {
+      return promise;
+    }
+    let timer;
+    const observedPromise = promise.then(
+      (value) => ({ kind: "value", value }),
+      (error) => ({ kind: "error", error })
+    );
+    try {
+      const result = await Promise.race([
+        observedPromise,
+        new Promise((_, reject) => {
+          timer = setTimeout(() => reject(onTimeout()), timeoutMs);
+          timer.unref?.();
+        })
+      ]);
+      if (result && typeof result === "object" && "kind" in result) {
+        if (result.kind === "error") {
+          throw result.error;
+        }
+        return result.value;
+      }
+      return result;
+    } finally {
+      if (timer) {
+        clearTimeout(timer);
+      }
+    }
+  }
   shouldBroadcastL1Invalidation() {
-    return this.options.broadcastL1Invalidation ?? this.options.publishSetInvalidation ?? true;
+    return this.options.broadcastL1Invalidation ?? this.options.publishSetInvalidation ?? false;
+  }
+  async collectKeysWithPrefix(prefix) {
+    const matches = new Set(
+      this.tagIndex.keysForPrefix ? await this.tagIndex.keysForPrefix(prefix) : await this.tagIndex.matchPattern(`${prefix}*`)
+    );
+    await Promise.all(
+      this.layers.map(async (layer) => {
+        if (!layer.keys || this.shouldSkipLayer(layer)) {
+          return;
+        }
+        try {
+          const keys = await layer.keys();
+          for (const key of keys) {
+            if (key.startsWith(prefix)) {
+              matches.add(key);
+            }
+          }
+        } catch (error) {
+          await this.handleLayerFailure(layer, "invalidate-prefix-scan", error);
+        }
+      })
+    );
+    return [...matches];
+  }
+  async collectKeysMatchingPattern(pattern) {
+    const matches = new Set(await this.tagIndex.matchPattern(pattern));
+    await Promise.all(
+      this.layers.map(async (layer) => {
+        if (!layer.keys || this.shouldSkipLayer(layer)) {
+          return;
+        }
+        try {
+          const keys = await layer.keys();
+          for (const key of keys) {
+            if (PatternMatcher.matches(pattern, key)) {
+              matches.add(key);
+            }
+          }
+        } catch (error) {
+          await this.handleLayerFailure(layer, "invalidate-pattern-scan", error);
+        }
+      })
+    );
+    return [...matches];
+  }
+  shouldCleanupGenerations() {
+    return Boolean(this.options.generationCleanup);
+  }
+  generationCleanupBatchSize() {
+    const configured = typeof this.options.generationCleanup === "object" ? this.options.generationCleanup.batchSize : void 0;
+    return configured ?? 500;
+  }
+  scheduleGenerationCleanup(generation) {
+    const task = (this.generationCleanupPromise ?? Promise.resolve()).then(() => this.cleanupGeneration(generation)).catch((error) => {
+      this.logger.warn?.("generation-cleanup-error", {
+        generation,
+        error: this.formatError(error)
+      });
+    });
+    this.generationCleanupPromise = task.finally(() => {
+      if (this.generationCleanupPromise === task) {
+        this.generationCleanupPromise = void 0;
+      }
+    });
+  }
+  async cleanupGeneration(generation) {
+    const prefix = `v${generation}:`;
+    const keys = await this.collectKeysWithPrefix(prefix);
+    if (keys.length === 0) {
+      return;
+    }
+    const batchSize = this.generationCleanupBatchSize();
+    for (let index = 0; index < keys.length; index += batchSize) {
+      const batch = keys.slice(index, index + batchSize);
+      await this.deleteKeys(batch);
+      await this.publishInvalidation({
+        scope: "keys",
+        keys: batch,
+        sourceId: this.instanceId,
+        operation: "invalidate"
+      });
+    }
   }
   initializeWriteBehind(options) {
     if (this.options.writeStrategy !== "write-behind") {
@@ -1727,7 +1982,17 @@ var CacheStack = class extends EventEmitter {
     const batchSize = this.options.writeBehind?.batchSize ?? 100;
     const batch = this.writeBehindQueue.splice(0, batchSize);
     this.writeBehindFlushPromise = (async () => {
-      await Promise.allSettled(batch.map((operation) => operation()));
+      const results = await Promise.allSettled(batch.map((operation) => operation()));
+      const failures = results.filter((result) => result.status === "rejected");
+      if (failures.length > 0) {
+        this.metricsCollector.increment("writeFailures", failures.length);
+        this.logger.error?.("write-behind-flush-failure", {
+          failed: failures.length,
+          total: batch.length,
+          errors: failures.map((failure) => this.formatError(failure.reason))
+        });
+        this.emitError("write-behind", { failed: failures.length, total: batch.length });
+      }
     })();
     await this.writeBehindFlushPromise;
     this.writeBehindFlushPromise = void 0;
@@ -1832,9 +2097,13 @@ var CacheStack = class extends EventEmitter {
     this.validatePositiveNumber("singleFlightTimeoutMs", this.options.singleFlightTimeoutMs);
     this.validatePositiveNumber("singleFlightPollMs", this.options.singleFlightPollMs);
     this.validatePositiveNumber("singleFlightRenewIntervalMs", this.options.singleFlightRenewIntervalMs);
+    this.validatePositiveNumber("backgroundRefreshTimeoutMs", this.options.backgroundRefreshTimeoutMs);
     this.validateRateLimitOptions("fetcherRateLimit", this.options.fetcherRateLimit);
     this.validateAdaptiveTtlOptions(this.options.adaptiveTtl);
     this.validateCircuitBreakerOptions(this.options.circuitBreaker);
+    if (typeof this.options.generationCleanup === "object") {
+      this.validatePositiveNumber("generationCleanup.batchSize", this.options.generationCleanup.batchSize);
+    }
     if (this.options.generation !== void 0) {
       this.validateNonNegativeNumber("generation", this.options.generation);
     }
@@ -1906,6 +2175,9 @@ var CacheStack = class extends EventEmitter {
     if (/[\u0000-\u001F\u007F]/.test(key)) {
       throw new Error("Cache key contains unsupported control characters.");
     }
+    if (/[\uD800-\uDFFF]/.test(key)) {
+      throw new Error("Cache key contains unsupported surrogate code points.");
+    }
     return key;
   }
   validateTtlPolicy(name, policy) {
@@ -1983,6 +2255,14 @@ var CacheStack = class extends EventEmitter {
     this.emitError(operation, { layer: layer.name, degraded: true, error: this.formatError(error) });
     return null;
   }
+  async reportRecoverableLayerFailure(layer, operation, error) {
+    if (this.isGracefulDegradationEnabled()) {
+      await this.handleLayerFailure(layer, operation, error);
+      return;
+    }
+    this.logger.warn?.("layer-operation-failed", { layer: layer.name, operation, error: this.formatError(error) });
+    this.emitError(operation, { layer: layer.name, degraded: false, error: this.formatError(error) });
+  }
   isGracefulDegradationEnabled() {
     return Boolean(this.options.gracefulDegradation);
   }
@@ -2006,10 +2286,16 @@ var CacheStack = class extends EventEmitter {
     }
   }
   serializeKeyPart(value) {
-    if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
-      return String(value);
+    if (typeof value === "string") {
+      return `s:${value}`;
+    }
+    if (typeof value === "number") {
+      return `n:${value}`;
     }
-    return JSON.stringify(this.normalizeForSerialization(value));
+    if (typeof value === "boolean") {
+      return `b:${value}`;
+    }
+    return `j:${JSON.stringify(this.normalizeForSerialization(value))}`;
   }
   isCacheSnapshotEntries(value) {
     return Array.isArray(value) && value.every((entry) => {
@@ -2017,15 +2303,39 @@ var CacheStack = class extends EventEmitter {
         return false;
       }
       const candidate = entry;
-      return typeof candidate.key === "string";
+      return typeof candidate.key === "string" && (candidate.ttl === void 0 || typeof candidate.ttl === "number" && Number.isFinite(candidate.ttl) && candidate.ttl >= 0);
     });
   }
+  sanitizeSnapshotValue(value) {
+    return this.snapshotSerializer.deserialize(this.snapshotSerializer.serialize(value));
+  }
+  async validateSnapshotFilePath(filePath) {
+    if (filePath.length === 0) {
+      throw new Error("filePath must not be empty.");
+    }
+    if (filePath.includes("\0")) {
+      throw new Error("filePath must not contain null bytes.");
+    }
+    const path = await import("path");
+    const resolved = path.resolve(filePath);
+    const baseDir = this.options.snapshotBaseDir === false ? false : path.resolve(this.options.snapshotBaseDir ?? process.cwd());
+    if (baseDir !== false) {
+      const relative = path.relative(baseDir, resolved);
+      if (relative === ".." || relative.startsWith(`..${path.sep}`) || path.isAbsolute(relative)) {
+        throw new Error(`filePath is outside the allowed snapshot directory: ${baseDir}`);
+      }
+    }
+    return resolved;
+  }
   normalizeForSerialization(value) {
     if (Array.isArray(value)) {
       return value.map((entry) => this.normalizeForSerialization(entry));
     }
     if (value && typeof value === "object") {
       return Object.keys(value).sort().reduce((normalized, key) => {
+        if (DANGEROUS_OBJECT_KEYS.has(key)) {
+          return normalized;
+        }
         normalized[key] = this.normalizeForSerialization(value[key]);
         return normalized;
       }, {});
@@ -2152,7 +2462,7 @@ function createCachedMethodDecorator(options) {
 function createFastifyLayercachePlugin(cache, options = {}) {
   return async (fastify) => {
     fastify.decorate("cache", cache);
-    if (options.exposeStatsRoute !== false && fastify.get) {
+    if (options.exposeStatsRoute === true && fastify.get) {
       fastify.get(options.statsPath ?? "/cache/stats", async () => cache.getStats());
     }
   };
@@ -2168,7 +2478,8 @@ function createExpressCacheMiddleware(cache, options = {}) {
         next();
         return;
       }
-      const key = options.keyResolver ? options.keyResolver(req) : `${method}:${req.originalUrl ?? req.url ?? "/"}`;
+      const rawUrl = req.originalUrl ?? req.url ?? "/";
+      const key = options.keyResolver ? options.keyResolver(req) : `${method}:${normalizeUrl(rawUrl)}`;
       const cached = await cache.get(key, void 0, options);
       if (cached !== null) {
         res.setHeader?.("content-type", "application/json; charset=utf-8");
@@ -2184,7 +2495,12 @@ function createExpressCacheMiddleware(cache, options = {}) {
       if (originalJson) {
         res.json = (body) => {
           res.setHeader?.("x-cache", "MISS");
-          void cache.set(key, body, options);
+          cache.set(key, body, options).catch((err) => {
+            cache.emit("error", {
+              operation: "set",
+              error: err instanceof Error ? err.message : String(err)
+            });
+          });
           return originalJson(body);
         };
       }
@@ -2194,6 +2510,15 @@ function createExpressCacheMiddleware(cache, options = {}) {
     }
   };
 }
+function normalizeUrl(url) {
+  try {
+    const parsed = new URL(url, "http://localhost");
+    parsed.searchParams.sort();
+    return decodeURIComponent(parsed.pathname) + parsed.search;
+  } catch {
+    return url;
+  }
+}
 
 // src/integrations/graphql.ts
 function cacheGraphqlResolver(cache, prefix, resolver, options = {}) {
@@ -2294,39 +2619,6 @@ function createTrpcCacheMiddleware(cache, prefix, options = {}) {
 // src/layers/RedisLayer.ts
 import { promisify } from "util";
 import { brotliCompress, brotliDecompress, gunzip, gzip } from "zlib";
-
-// src/serialization/JsonSerializer.ts
-var DANGEROUS_JSON_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
-var JsonSerializer = class {
-  serialize(value) {
-    return JSON.stringify(value);
-  }
-  deserialize(payload) {
-    const normalized = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
-    return sanitizeJsonValue(JSON.parse(normalized));
-  }
-};
-function sanitizeJsonValue(value) {
-  if (Array.isArray(value)) {
-    return value.map((entry) => sanitizeJsonValue(entry));
-  }
-  if (!isPlainObject(value)) {
-    return value;
-  }
-  const sanitized = {};
-  for (const [key, entry] of Object.entries(value)) {
-    if (DANGEROUS_JSON_KEYS.has(key)) {
-      continue;
-    }
-    sanitized[key] = sanitizeJsonValue(entry);
-  }
-  return sanitized;
-}
-function isPlainObject(value) {
-  return Object.prototype.toString.call(value) === "[object Object]";
-}
-
-// src/layers/RedisLayer.ts
 var BATCH_DELETE_SIZE = 500;
 var gzipAsync = promisify(gzip);
 var gunzipAsync = promisify(gunzip);
@@ -2343,6 +2635,7 @@ var RedisLayer = class {
   scanCount;
   compression;
   compressionThreshold;
+  decompressionMaxBytes;
   disconnectOnDispose;
   constructor(options) {
     this.client = options.client;
@@ -2354,6 +2647,7 @@ var RedisLayer = class {
     this.scanCount = options.scanCount ?? 100;
     this.compression = options.compression;
     this.compressionThreshold = options.compressionThreshold ?? 1024;
+    this.decompressionMaxBytes = options.decompressionMaxBytes ?? 64 * 1024 * 1024;
     this.disconnectOnDispose = options.disconnectOnDispose ?? false;
   }
   async get(key) {
@@ -2553,16 +2847,29 @@ var RedisLayer = class {
   }
   /**
    * Decompresses the payload asynchronously if a compression header is present.
+   * Enforces a maximum decompressed size to prevent decompression bomb attacks.
    */
   async decodePayload(payload) {
     if (!Buffer.isBuffer(payload)) {
       return payload;
     }
     if (payload.subarray(0, 10).toString() === "LCZ1:gzip:") {
-      return gunzipAsync(payload.subarray(10));
+      const decompressed = await gunzipAsync(payload.subarray(10));
+      if (decompressed.byteLength > this.decompressionMaxBytes) {
+        throw new Error(
+          `Decompressed payload (${decompressed.byteLength} bytes) exceeds decompressionMaxBytes limit (${this.decompressionMaxBytes} bytes).`
+        );
+      }
+      return decompressed;
     }
     if (payload.subarray(0, 12).toString() === "LCZ1:brotli:") {
-      return brotliDecompressAsync(payload.subarray(12));
+      const decompressed = await brotliDecompressAsync(payload.subarray(12));
+      if (decompressed.byteLength > this.decompressionMaxBytes) {
+        throw new Error(
+          `Decompressed payload (${decompressed.byteLength} bytes) exceeds decompressionMaxBytes limit (${this.decompressionMaxBytes} bytes).`
+        );
+      }
+      return decompressed;
     }
     return payload;
   }
@@ -2622,8 +2929,13 @@ var DiskLayer = class {
       const payload = this.serializer.serialize(entry);
       const targetPath = this.keyToPath(key);
       const tempPath = `${targetPath}.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}.tmp`;
-      await fs.writeFile(tempPath, payload);
-      await fs.rename(tempPath, targetPath);
+      try {
+        await fs.writeFile(tempPath, payload);
+        await fs.rename(tempPath, targetPath);
+      } catch (error) {
+        await this.safeDelete(tempPath);
+        throw error;
+      }
       if (this.maxFiles !== void 0) {
         await this.enforceMaxFiles();
       }
@@ -2633,9 +2945,7 @@ var DiskLayer = class {
     return Promise.all(keys.map((key) => this.getEntry(key)));
   }
   async setMany(entries) {
-    for (const entry of entries) {
-      await this.set(entry.key, entry.value, entry.ttl);
-    }
+    await Promise.all(entries.map((entry) => this.set(entry.key, entry.value, entry.ttl)));
   }
   async has(key) {
     const value = await this.getEntry(key);
@@ -2839,6 +3149,7 @@ var MemcachedLayer = class {
     return unwrapStoredValue(await this.getEntry(key));
   }
   async getEntry(key) {
+    this.validateKey(key);
     const result = await this.client.get(this.withPrefix(key));
     if (!result || result.value === null) {
       return null;
@@ -2853,16 +3164,19 @@ var MemcachedLayer = class {
     return Promise.all(keys.map((key) => this.getEntry(key)));
   }
   async set(key, value, ttl = this.defaultTtl) {
+    this.validateKey(key);
     const payload = this.serializer.serialize(value);
     await this.client.set(this.withPrefix(key), payload, {
       expires: ttl && ttl > 0 ? ttl : void 0
     });
   }
   async has(key) {
+    this.validateKey(key);
     const result = await this.client.get(this.withPrefix(key));
     return result !== null && result.value !== null;
   }
   async delete(key) {
+    this.validateKey(key);
     await this.client.delete(this.withPrefix(key));
   }
   async deleteMany(keys) {
@@ -2876,19 +3190,50 @@ var MemcachedLayer = class {
   withPrefix(key) {
     return `${this.keyPrefix}${key}`;
   }
+  validateKey(key) {
+    const fullKey = this.withPrefix(key);
+    if (Buffer.byteLength(fullKey, "utf8") > 250) {
+      throw new Error(`MemcachedLayer: key exceeds 250-byte Memcached limit: "${fullKey.slice(0, 60)}..."`);
+    }
+    if (/[\s\x00-\x1f\x7f]/.test(fullKey)) {
+      throw new Error(
+        "MemcachedLayer: key contains invalid characters (whitespace or control characters are not allowed)."
+      );
+    }
+  }
 };
 
 // src/serialization/MsgpackSerializer.ts
 import { decode, encode } from "@msgpack/msgpack";
+var DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
 var MsgpackSerializer = class {
   serialize(value) {
     return Buffer.from(encode(value));
   }
   deserialize(payload) {
     const normalized = Buffer.isBuffer(payload) ? payload : Buffer.from(payload);
-    return decode(normalized);
+    return sanitizeMsgpackValue(decode(normalized));
   }
 };
+function sanitizeMsgpackValue(value) {
+  if (Array.isArray(value)) {
+    return value.map((entry) => sanitizeMsgpackValue(entry));
+  }
+  if (!isPlainObject2(value)) {
+    return value;
+  }
+  const sanitized = {};
+  for (const [key, entry] of Object.entries(value)) {
+    if (DANGEROUS_KEYS.has(key)) {
+      continue;
+    }
+    sanitized[key] = sanitizeMsgpackValue(entry);
+  }
+  return sanitized;
+}
+function isPlainObject2(value) {
+  return Object.prototype.toString.call(value) === "[object Object]";
+}
 
 // src/singleflight/RedisSingleFlightCoordinator.ts
 import { randomUUID } from "crypto";
@@ -3017,7 +3362,7 @@ function createPrometheusMetricsExporter(stacks) {
   };
 }
 function sanitizeLabel(value) {
-  return value.replace(/["\\\n]/g, "_");
+  return value.replace(/["\\\n\r]/g, "_");
 }
 export {
   CacheMissError,