Skip to content

chore: audit follow-ups — redis set(ex=), v1.5.0 docs sync, requirements.txt header#95

Merged
brownjuly2003-code merged 2 commits into
mainfrom
chore/audit-27-06-fixes
Jun 27, 2026
Merged

chore: audit follow-ups — redis set(ex=), v1.5.0 docs sync, requirements.txt header#95
brownjuly2003-code merged 2 commits into
mainfrom
chore/audit-27-06-fixes

Conversation

@brownjuly2003-code

Copy link
Copy Markdown
Owner

Follow-ups from the 2026-06-27 project audit. Three hygiene/consistency findings; no behavior change to the serving API.

fix(cache): redis set(ex=) instead of deprecated setex

Redis.setex is @deprecated_function in redis-py 8.0.0 and emits a DeprecationWarning from the query-cache hot path on every cached write. QueryCache.set now calls set(key, value, ex=ttl) (behaviorally identical) and drops the unused timedelta import. All six in-repo Redis test doubles (unit cache / entity_cache / versioning, integration tenant-isolation, chaos RESP client) migrate to set(self, key, value, ex=None); the chaos client issues SET … EX over the wire.

docs: version story → v1.5.0

README Status/badge still said v1.4.0 though v1.5.0 is tagged & published, and CHANGELOG [Unreleased] did not record the DV2 re-architecture already on main. Adds the v1.5.0 release bullet + a post-v1.5.0 note, and documents #91 (raw vault CH→PostgreSQL), #92 (PyIceberg → real MinIO), #93 (LISTEN/NOTIFY freshness), #94 (deps batch).

docs: clarify requirements.txt

Adds a header explaining it is a supplemental OTel pin set (installed by the e2e/mutation/staging workflows and the security Safety scan on top of the pyproject package), not the full dependency set — pyproject.toml is the source of truth.

Verification (no-Docker, local)

  • ruff check + ruff format --check clean
  • mypy src/ clean (99 files)
  • full unit suite 1096 passed, 1 skipped — the redis.setex DeprecationWarning is gone
  • EOL preserved as LF across all 9 files (surgical diffs)

Integration (tenant_isolation) and chaos (conftest) doubles change symmetrically and are exercised by their CI jobs in this PR.

JuliaEdom and others added 2 commits June 28, 2026 00:35
`Redis.setex` is `@deprecated_function` in redis-py 8.0.0 ("Use 'set'
instead") and emits a DeprecationWarning from the query-cache hot path on
every cached write. Switch `QueryCache.set` to `set(key, value, ex=ttl)`,
which is behaviorally identical (int seconds), and drop the now-unused
`timedelta` import.

All six in-repo Redis test doubles (unit cache/entity_cache/versioning,
integration tenant-isolation, chaos RESP client) implemented `setex`; they
move to `set(self, key, value, ex=None)` with the matching argument order,
and the chaos RESP client now issues `SET … EX` over the wire. The two
`set_calls` ttl assertions compare the integer `ex` directly.

Verified no-Docker: ruff + mypy clean, full unit suite 1096 passed / 1
skipped (the redis.setex DeprecationWarning is gone). The integration and
chaos doubles change symmetrically and are validated by their CI jobs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The README Status section and release badge still described v1.4.0 as the
current line even though v1.5.0 is tagged and published, and the CHANGELOG
[Unreleased] section did not record the DV2 re-architecture already on main.

- README: badge v1.4 -> v1.5, "current release line" -> v1.5.0, extend the
  release arc to five increments with a v1.5.0 bullet (argon2id O(1) key
  hashing, NL->SQL guard bypass fix, strict-mypy expansion), and add a note
  that main carries post-v1.5.0 work pending the next tag.
- CHANGELOG [Unreleased]: document the DV2 raw vault migration ClickHouse ->
  PostgreSQL (#91), the PyIceberg sink backed by real MinIO (#92), the
  LISTEN/NOTIFY OLTP->vault freshness (#93), and the dependency batch (#94).
- requirements.txt: add a header explaining it is a supplemental OTel pin
  set installed on top of the pyproject package by the e2e/mutation/staging
  workflows and the security Safety scan, not the full dependency set
  (pyproject.toml is the source of truth). load_requirements() skips comment
  lines and `pip -r` ignores them, so the header is non-breaking.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

DORA Metrics

  • Window: last 30 days
  • Branch: main
  • Deployment frequency: 185 total / 43.17 per week
  • Lead time for changes: avg 0.23h / median 0.0h
  • Change failure rate: 63.78% (118/185)
  • MTTR: 0.47h across 7 incident(s)

@brownjuly2003-code brownjuly2003-code merged commit fb1d292 into main Jun 27, 2026
23 checks passed
@brownjuly2003-code brownjuly2003-code deleted the chore/audit-27-06-fixes branch June 27, 2026 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants