LowFile-scopeKotlin Plug & play

Centralize key generation logic

Generate cache/Redis keys through a single utility with clear namespaces and versioning.

Why this matters

Prevents collisions and simplifies migrations/invalidations.

Side-by-side examples engineers can pattern-match during review.

Avoid

val key = "user:" + id

Prefer

object Keys { fun user(id: String) = "v1:user:$id" }

Bad

"session:" + sid

Good

Keys.session(sid)

From the same buckets as this rule.

Critical
Fingerprint assets and cache immutably
All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.
web-static-assetscaching-strategy+2
Critical
Idempotent Right to Erasure across all stores
Provide a single idempotency-keyed erasure workflow that scrubs PII in primary DB, caches, search indices, and object storage; emit an audit event with erasure_request_id. (GDPR Art. 17)
compliance-gdprprivacy-pii+2
High
Compress text assets with Brotli/Gzip and set Vary
Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).
web-static-assetsperformance-efficiency+1