Skip to content

docs: amend ADR 0009 to tie cache key to OFREP resource (domain, url, auth)#80

Open
jonathannorris wants to merge 14 commits into
mainfrom
worktree-adr9-domain-cache-key
Open

docs: amend ADR 0009 to tie cache key to OFREP resource (domain, url, auth)#80
jonathannorris wants to merge 14 commits into
mainfrom
worktree-adr9-domain-cache-key

Conversation

@jonathannorris

@jonathannorris jonathannorris commented Jun 19, 2026

Copy link
Copy Markdown
Member

Amends ADR 0009 (static-context local persistence) to tie the persisted cache key to the OFREP resource the evaluation was fetched from, by including the provider's bound domain, the OFREP base URL, and the auth credential, in addition to the targetingKey.

Motivation

The accepted ADR keys the persisted cache on targetingKey (optionally prefixed with an application-supplied cacheKeyPrefix), leaving collision avoidance up to the application. A persisted evaluation is really a function of the resource it came from (server + credential + bound domain) and the identity it was requested for, so the cache key should reflect that automatically.

Surfaced in open-feature/js-sdk-contrib#1566, where the OFREP web provider's local persistence has no way to know which domain it's bound to.

Changes

  • Cache key becomes hash(url + ":" + auth + ":" + domain + ":" + targetingKey) (with optional cacheKeyPrefix still prepended). cacheKeyPrefix is demoted to a supplement for app-controlled namespacing.
  • Updated the Decision, cache-matching, example payload, and Open Questions feat: OpenAPI proposal for V1 OFREP #2/chore: add pr lint workflow #3/chore: Configure Renovate #4 to match.
  • The bound domain relies on open-feature/spec#393, which supplies the domain to initialize and adds an opt-in domain-scoped declaration the API enforces, so a persisting OFREP provider is bound to a single domain and the domain component of the key is unambiguous.

Open for discussion

Two points flagged as open questions in the ADR:

  • Including the auth credential (Open Question chore: add pr lint workflow #3) is the piece most open to discussion. OFREP supports rotating/short-lived tokens via headersFactory, and a token that rotates on every request would defeat persistence. But auth doesn't change on every request, so for the common case of a stable credential it still provides useful separation between projects/environments/keys against the same URL. The original ADR dropped authToken for the rotation reason (see protocol#64); reviewers may prefer a stable credential identifier or making the auth component opt-in.
  • Removing cacheKeyPrefix (Open Question chore: Configure Renovate #4): now that the URL, auth, and domain are in the key by default, the collisions cacheKeyPrefix was added to solve are handled automatically. I lean toward removing it to simplify the config surface, but open to keeping it as an explicit escape hatch.

Marked as a draft for discussion.

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

ADR-0009 revises the persisted cache key for OFREP static-context providers to include OFREP base URL, auth credential, bound domain, and targetingKey, and updates matching, implementation notes, and open questions to use the generator-based approach.

Changes

ADR-0009 Cache Key Strategy Amendment

Layer / File(s) Summary
Amendment header and Decision text
service/adrs/0009-local-storage-for-static-context-providers.md
Adds the 2026-06-19 amendment notice and rewrites the Decision section to define persisted cacheKeyHash from OFREP base URL, auth credential, bound domain, and targetingKey, including the cache-key generator contract and updated persisted JSON example.
Cache matching and disabled mode
service/adrs/0009-local-storage-for-static-context-providers.md
Updates the disabled mode text and revises cache matching to require cacheKeyHash derived from OFREP resource identity plus targetingKey, with invalidation tied to changes in base URL, auth credential, bound domain, or targetingKey.
Implementation notes and open questions
service/adrs/0009-local-storage-for-static-context-providers.md
Replaces cacheKeyPrefix guidance with default separation by OFREP base URL, auth, and bound domain, requires domain-scoped declarations for unambiguous scoping, adds provider rebinding to a different domain as a cache replacement trigger, and updates the open questions to describe the generator-based approach.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change to ADR 0009 about cache-key derivation for OFREP resources.
Description check ✅ Passed The description is directly related to the ADR amendment and explains the cache-key change and motivation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@jonathannorris jonathannorris marked this pull request as ready for review June 19, 2026 15:06
@jonathannorris jonathannorris requested a review from a team as a code owner June 19, 2026 15:06

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
service/adrs/0009-local-storage-for-static-context-providers.md (1)

309-316: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Align the cacheKeyPrefix wording everywhere.

This amendment says the prefix is only a supplemental namespace, but the earlier answer still describes it as wrapping targetingKey alone. Please update that section too, or the ADR will present two incompatible formulas.

Proposed fix
- When provided, the cache key becomes `hash(cacheKeyPrefix + ":" + targetingKey)` instead of `hash(targetingKey)`.
+ When provided, the cache key becomes `hash(cacheKeyPrefix + ":" + url + ":" + auth + ":" + domain + ":" + targetingKey)` instead of `hash(url + ":" + auth + ":" + domain + ":" + targetingKey)`.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@service/adrs/0009-local-storage-for-static-context-providers.md` around lines
309 - 316, The ADR contains inconsistent descriptions of cacheKeyPrefix between
sections. The new amendment (2026-06-19) describes cacheKeyPrefix as a
supplemental namespace for storage partition separation, but an earlier section
still presents it as wrapping targetingKey alone. Locate the earlier section
that describes the cacheKeyPrefix configuration and update its wording to
clarify that cacheKeyPrefix is now only a supplement for namespacing across
storage partitions the application controls directly, not the primary mechanism
for preventing collisions. The cache key collision avoidance now relies on
hashing the OFREP URL, auth credential, domain, and targetingKey together by
default, with cacheKeyPrefix serving as an optional escape hatch only.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@service/adrs/0009-local-storage-for-static-context-providers.md`:
- Around line 39-49: The cache key hash construction using simple
colon-separated concatenation of raw fields is ambiguous and collision-prone
because URLs, credentials, domains, and other fields can contain colon
characters, causing different field combinations to potentially hash to the same
value. Update the hash input construction to use an unambiguous serialization
approach such as length-prefixed encoding for each field, a serialization format
like JSON, or delimiters that encode field boundaries explicitly to ensure that
the hash inputs for the OFREP base URL, auth credential, domain, targetingKey,
and optional cacheKeyPrefix remain distinguishable regardless of their content.

---

Outside diff comments:
In `@service/adrs/0009-local-storage-for-static-context-providers.md`:
- Around line 309-316: The ADR contains inconsistent descriptions of
cacheKeyPrefix between sections. The new amendment (2026-06-19) describes
cacheKeyPrefix as a supplemental namespace for storage partition separation, but
an earlier section still presents it as wrapping targetingKey alone. Locate the
earlier section that describes the cacheKeyPrefix configuration and update its
wording to clarify that cacheKeyPrefix is now only a supplement for namespacing
across storage partitions the application controls directly, not the primary
mechanism for preventing collisions. The cache key collision avoidance now
relies on hashing the OFREP URL, auth credential, domain, and targetingKey
together by default, with cacheKeyPrefix serving as an optional escape hatch
only.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: fca43c2e-4ef6-4694-a3e4-947f09fb839e

📥 Commits

Reviewing files that changed from the base of the PR and between d1a63a4 and ab411b2.

📒 Files selected for processing (1)
  • service/adrs/0009-local-storage-for-static-context-providers.md

Comment thread service/adrs/0009-local-storage-for-static-context-providers.md Outdated
…che key

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
service/adrs/0009-local-storage-for-static-context-providers.md (1)

291-295: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Clarify the rebinding contract.

domain-scoped says one instance can only bind to one domain, but the next bullet still describes what to do when the provider is rebound to a different domain. Please make one of those behaviors explicit so implementers don't end up with conflicting cache-invalidation rules.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@service/adrs/0009-local-storage-for-static-context-providers.md` around lines
291 - 295, There is a contradiction in the provider requirements: the first
bullet states that persisting providers should be domain-scoped so each instance
binds to at most one domain, but the last bullet describes behavior for when the
provider is rebound to a different domain. Clarify the rebinding contract by
either removing the domain-rebinding requirement from the last bullet if
domain-scoped truly means no rebinding is possible, or revise the domain-scoped
explanation to explicitly allow rebinding with appropriate cache invalidation.
Choose one clear behavior pattern and ensure all bullets align with it.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@service/adrs/0009-local-storage-for-static-context-providers.md`:
- Around line 291-295: There is a contradiction in the provider requirements:
the first bullet states that persisting providers should be domain-scoped so
each instance binds to at most one domain, but the last bullet describes
behavior for when the provider is rebound to a different domain. Clarify the
rebinding contract by either removing the domain-rebinding requirement from the
last bullet if domain-scoped truly means no rebinding is possible, or revise the
domain-scoped explanation to explicitly allow rebinding with appropriate cache
invalidation. Choose one clear behavior pattern and ensure all bullets align
with it.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e976145c-67ce-4a5d-8b34-25aa8d523cc8

📥 Commits

Reviewing files that changed from the base of the PR and between ab411b2 and 46615d6.

📒 Files selected for processing (1)
  • service/adrs/0009-local-storage-for-static-context-providers.md

@MattIPv4 MattIPv4 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but is there interest in discussing the transformer approach I proposed in open-feature/js-sdk-contrib#1566 -- that seems even more versatile than this proposed update, while still solving for the concerns that originally landed on just having targeting key to avoid volatility?

@jonathannorris

Copy link
Copy Markdown
Member Author

open-feature/js-sdk-contrib#1566

@MattIPv4 we can look at that separately to this, would likely need an ADR change as well. I think this change to include the url + auth + domain is more important to try and fix the default behaviour. I guess the main question would be what's the use-case that needs a transformer when the hash is: hash(url + ":" + auth + ":" + domain + ":" + targetingKey) with or without the cacheKeyPrefix.

@MattIPv4

Copy link
Copy Markdown
Member

👍 That's fair, can be looked into after. I can't think of an immediate use case (domain solves our issue), but it seems like a nice bit of flexibility to ensure folks have full control of the caching rather than the caching making assumptions (which is what caused this change to be needed).

Comment thread service/adrs/0009-local-storage-for-static-context-providers.md Outdated
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>

@askpt askpt left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment. The rest looks good.

- **Amendment:** Collision avoidance no longer depends on an application-supplied prefix. The cache key now ties to the OFREP resource and identity by default (`hash(url + ":" + auth + ":" + domain + ":" + targetingKey)`), so providers pointing at different servers, using different credentials, or bound to different domains on the same storage partition do not collide without any application configuration. The bound `domain` relies on [open-feature/spec#393](https://github.com/open-feature/spec/pull/393) supplying it to the provider's `initialize` function. The optional `cacheKeyPrefix` above remains as a supplement for namespacing across storage partitions an application controls directly. See Open Question #3 for the resource-binding rationale.
3. Should the cache key also be tied to the OFREP resource the evaluation was fetched from, rather than relying on the application to supply a distinguishing `cacheKeyPrefix`?
- **OFREP URL** Folding the OFREP base URL into the cache key (e.g. `hash(url + ":" + domain + ":" + targetingKey)`) ties cached results directly to the resource that produced them, so a provider reconfigured to point at a different server does not serve another server's cached evaluations, and same-origin instances pointing at different servers separate automatically without an explicitly configured prefix. The base URL is stable across restarts, so it does not reintroduce the volatile-input problem. This mirrors vendor SDKs that key their persisted cache by SDK key or environment (Statsig, Eppo, ConfigCat). The cost is that changing the configured URL silently invalidates the cache, which is usually the desired behavior.
- **Auth header:** Including the auth credential would tie the cache even more tightly to the protected resource, but credentials are not always stable. OFREP supports rotating/short-lived tokens via `headersFactory`, and a rotating bearer token would change the hash on every rotation. This is the same reason the original ADR dropped `authToken` from the cache key (see the [protocol#64](https://github.com/open-feature/protocol/pull/64) discussion).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This open question is very provider-dependent. I would prefer to get it removed from the key. If a provider has a refresh of 10 minutes, that would mean the cache is invalidated quite often.

Wouldn't make more sense to tie to the ETag instead of auth header?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed the auth credential isn't always stable, I called that out in the open question. on ETag: it can be used differently depending on the provider, but generally it's a caching/version identifier rather than a resource identifier, so I'm not sure it fits as a key component. you'd also want the local cache to survive across ETag versions, keying on it would mean every config change misses the existing entry and defeats the persistence. it also can't be computed offline on a cold start to find the right entry, and we already persist it alongside the entry as a staleness signal.

the real question is what makes the better default. including auth almost guarantees isolation: two different credentials (projects, environments, keys) against the same url + domain can't read each other's cache without the app configuring anything. dropping it makes the default looser, that isolation is no longer guaranteed unless the app sets a cacheKeyPrefix. the cost of including it is that a short-lived credential (a JWT rotating every few minutes) fragments and effectively invalidates the cache on every rotation.

so it comes down to how common very low refresh times are for OFREP static-context providers in practice. if rotating-per-request tokens are the exception, the safer default seems worth it. a middle ground is keying on a stable credential identifier rather than the raw token, or making the auth component opt-in. curious where you both land.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think perhaps a lambda for a key generation might still be the best method, but by default I would do "maximum scoping" and allow people to narrow it from there. The worst thing that can happen is caches trampling each-other as we saw happen with @MattIPv4 ... between that and performance loss, I would default to maximum isolation and allow users (and wrapping providers) to relax the caching to their needs.

WRT Etag: I think it's a poor cache key ingredient. It's a cache validator, not a key. A cache key should be "assemblable" before any response is received - to put it another way, it should be based on PARAMs to a request, not RESULTS of a request, or key caching use-cases become impossible.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think perhaps a lambda for a key generation might still be the best method, but by default I would do "maximum scoping" and allow people to narrow it from there

What do you mean by "maximum scoping"?

I had a lambda approach in open-feature/js-sdk-contrib#1566, where by default the entire context is used. This guarantees maximum safety out of the box, so no trampling by default, and folks have to opt in to having a less specific key that introduces risk.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by "maximum scoping"?

I mean that the out-of-the-box defaults should add as many factors the to cache key as possible, and if they are un-needed or un-wanted in some cases, people can relax them; that's "fail safe but slow" in worse case scenarios.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, perfect -- that's the same way I've been thinking about this.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No concerns to me then.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good, will update this PR to reflect that.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

implemented the change with the full hash as the default + cache key generator function to override.

@lukas-reining lukas-reining left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Only the auth token is still open to me.

Static-context evaluations on the server can depend on context properties beyond `targetingKey`, so cached values may not reflect the current full context.
However, hashing the full context is impractical for local-cache-first startup because many implementations set volatile context properties on initialization (e.g. `lastSessionTime`, `lastSeen`, `sessionId`) that would change the hash on every app restart, defeating the purpose of persistence.
The accepted tradeoff is that the cache is keyed by stable user identity: a change in `targetingKey` (user switch, logout) invalidates the cache, but changes to other context properties do not.
The accepted tradeoff is that the cache is keyed by stable inputs (the OFREP base URL, the auth credential, the bound `domain`, and the `targetingKey`): a change in `targetingKey` (user switch, logout), in the bound `domain`, or in the resource the provider points at invalidates the cache, but changes to other context properties do not.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My largest concern is that the auth credential might not be "stable" in that sense e.g. with a JWT of 5 minutes expiry.
This might be okay though.
What I think could become complicated is when an app starts it might try to fetch a new token first, then fail do the evaluation and be stuck with a new credential but wanting to use the cache.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replied on André's thread with the same theme: the tradeoff is a safer default (auth in the key guarantees cache isolation between credentials) vs the fragmentation risk you're describing with short-lived tokens. your app-startup scenario (fetch new token, evaluation fails, stuck wanting the old cache) is the sharp edge of that. let's converge there.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My 2c: #80 (comment)

Comment thread service/adrs/0009-local-storage-for-static-context-providers.md
Comment thread service/adrs/0009-local-storage-for-static-context-providers.md Outdated
Co-authored-by: Lukas Reining <lukas.reining@codecentric.de>
Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
- **Auth header:** Including the auth credential would tie the cache even more tightly to the protected resource, but credentials are not always stable. OFREP supports rotating/short-lived tokens via `headersFactory`, and a rotating bearer token would change the hash on every rotation. This is the same reason the original ADR dropped `authToken` from the cache key (see the [protocol#64](https://github.com/open-feature/protocol/pull/64) discussion).
- **Answer:** Include all three (OFREP base URL, auth credential, and bound `domain`) in the default cache key, following the principle of maximum isolation out of the box: the default scopes as tightly as possible, and applications relax it where they do not need it. The auth credential is included by default; setups with rotating or short-lived credentials can drop it via the cache-key generator (Open Question #4) rather than weakening the default for everyone.
4. Should the optional `cacheKeyPrefix` configuration option be removed entirely?
- **Answer:** Yes, removed. `cacheKeyPrefix` is replaced by a more general cache-key generator function. The generator receives the request inputs (OFREP base URL, auth credential, bound `domain`, `targetingKey`, and the full static context) and returns the key material the provider hashes into `cacheKeyHash`. This subsumes prefixing (prepend a namespace string) and additionally lets applications narrow the key (e.g. drop the auth credential for rotating tokens) or broaden it (e.g. add stable context fields). The provider always controls hashing; the generator only returns the value to hash.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes this amendment a breaking change for providers who have already implemented this. Are we comfortable with that?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seeing that OFREP is still pre-1.0 I believe we are generally.

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
service/adrs/0009-local-storage-for-static-context-providers.md (1)

327-335: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Remove the stale cacheKeyPrefix answer.

Open Question #2 still describes cacheKeyPrefix as supported, but the amendment and Open Question #4 replace that option with the cache-key generator. Keeping both paths in the document makes the ADR self-contradictory.

Proposed fix
-   - **Answer:** Yes. Providers should support an optional `cacheKeyPrefix` configuration option. When provided, the cache key becomes `hash(cacheKeyPrefix + ":" + targetingKey)` instead of `hash(targetingKey)`. The prefix value is left to the application author (e.g., the OFREP base URL, a project or auth token, or any other distinguishing string). The default (no prefix) keeps the single-provider case simple. See the `cacheKeyPrefix` section in the Decision above.
+   - **Answer:** No. Collision avoidance is handled by the default key inputs, and custom namespacing now uses the cache-key generator instead of `cacheKeyPrefix`.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@service/adrs/0009-local-storage-for-static-context-providers.md` around lines
327 - 335, The Open Question `#2` answer still refers to the removed
cacheKeyPrefix option, which conflicts with the later amendment and Open
Question `#4`. Update the answer in this ADR section to remove the stale
cacheKeyPrefix guidance and align it with the cache-key generator approach,
using the surrounding cacheKeyPrefix/cache-key generator discussion to keep the
document consistent.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@service/adrs/0009-local-storage-for-static-context-providers.md`:
- Around line 57-63: The CacheKeyGenerator contract currently marks targetingKey
as optional, which weakens the cache-key guarantees and should match the OpenAPI
requirement. Update the type definition in the local storage ADR so targetingKey
is required in the input object for CacheKeyGenerator, and make sure any related
references to the generator contract or EvaluationContext-based cache key logic
align with that required field.

---

Outside diff comments:
In `@service/adrs/0009-local-storage-for-static-context-providers.md`:
- Around line 327-335: The Open Question `#2` answer still refers to the removed
cacheKeyPrefix option, which conflicts with the later amendment and Open
Question `#4`. Update the answer in this ADR section to remove the stale
cacheKeyPrefix guidance and align it with the cache-key generator approach,
using the surrounding cacheKeyPrefix/cache-key generator discussion to keep the
document consistent.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3b8862d6-1d46-48b9-bffd-e31fad2457a1

📥 Commits

Reviewing files that changed from the base of the PR and between 12cee18 and 0ba5e5e.

📒 Files selected for processing (1)
  • service/adrs/0009-local-storage-for-static-context-providers.md

Comment thread service/adrs/0009-local-storage-for-static-context-providers.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants