LowFile-scopeKotlin Plug & play

Cache expensive operations and API tokens

Memoize expensive results (regex, serializers, tokens) and refresh on expiry using a thread-safe cache.

Why this matters

Reduces latency and external rate-limit pressure.

Side-by-side examples engineers can pattern-match during review.

Avoid

fun token() = client.fetchToken() // every call

Prefer

val tokenCache = ConcurrentHashMap<String, Token>()
fun token(): Token = tokenCache.computeIfAbsent("auth") { client.fetchToken() }

Bad

Regex(pattern) // each use

Good

val re by lazy { Regex(pattern) }

From the same buckets as this rule.

Critical
Fingerprint assets and cache immutably
All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.
web-static-assetscaching-strategy+2
Critical
Idempotent Right to Erasure across all stores
Provide a single idempotency-keyed erasure workflow that scrubs PII in primary DB, caches, search indices, and object storage; emit an audit event with erasure_request_id. (GDPR Art. 17)
compliance-gdprprivacy-pii+2
High
Compress text assets with Brotli/Gzip and set Vary
Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).
web-static-assetsperformance-efficiency+1