v0.1.48 — feat: Add HTTP Cache-Control headers to tRPC read-only responses
Release v0.1.48: HTTP Caching for tRPC Read-Only Queries
What changed
- Added
Cache-Control: private, max-age=30, stale-while-revalidate=60headers to whitelisted tRPC query responses - Defined
CACHEABLE_PROCEDURESwhitelist (20+ safe read-only procedures:project.list,feature.list,release.list,observability.*, etc.) - Explicitly excluded sensitive endpoints: auth config, env vars, billing, audit logs, PII
- Batch requests only cached when all procedures are whitelisted
Why it matters
Users with multiple tabs no longer cause duplicate database hits for the same data. Browser caching now works with HTTP semantics, reducing API load while staying consistent with client-side staleTime.
Technical notes
- New file:
src/lib/trpc/cache-headers.ts(whitelist, header builder, batch validator) - Modified:
src/app/api/trpc/[trpc]/route.ts(responseMeta hook) - Mutations (POST) always receive
no-store - Error responses always receive
no-store privatedirective prevents CDN/proxy caching of user-specific data
Release Notes
Merged PR #465 (feat: Add HTTP Cache-Control headers to tRPC read-only responses) via squash merge into main (commit b675c8f). Created GitHub release v0.1.48 at https://github.com/Jugg-ai/Jugg-ai.jugg-ai/releases/tag/v0.1.48. The release adds a conservative HTTP caching layer to the tRPC API route, injecting Cache-Control: private, max-age=30, stale-while-revalidate=60 on whitelisted read-only query responses to reduce redundant DB load across browser tabs and SSR, while ensuring sensitive procedures (billing, auth, env vars, PII) always receive no-store.