Skip to content

Fix package lookup caching in bundle mode#16318

Open
mitchdenny wants to merge 3 commits intomainfrom
fix-bundle-package-cache
Open

Fix package lookup caching in bundle mode#16318
mitchdenny wants to merge 3 commits intomainfrom
fix-bundle-package-cache

Conversation

@mitchdenny
Copy link
Copy Markdown
Member

Description

BundleNuGetPackageCache (used when the CLI runs as a self-extracting bundle — the default installed mode) was introduced in PR #14105 without integrating the IDiskCache that was added in PR #11394. This meant every invocation of aspire add (or any command that searches NuGet packages in bundle mode) spawned a new aspire-managed process, bypassing the disk cache entirely. Subsequent runs were just as slow as the first.

This PR wires up IDiskCache in BundleNuGetPackageCache.SearchPackagesInternalAsync so that results are cached to disk (3-hour TTL) and subsequent runs return near-instantly from cache, matching the non-bundle (NuGetPackageCache + DotNetCliRunner) behavior.

CLI package lookups (for update notifications) bypass the cache to ensure fresh results, consistent with the non-bundle path.

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
      • If yes, did you have an API Review for it?
        • Yes
        • No
      • Did you add <remarks /> and <code /> elements on your triple slash comments?
        • Yes
        • No
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?

BundleNuGetPackageCache was introduced in PR #14105 without integrating
the IDiskCache that was added in PR #11394. This meant every invocation
of 'aspire add' (or any command that searches NuGet packages in bundle
mode) spawned a new aspire-managed process, bypassing the disk cache
entirely.

Wire up IDiskCache in BundleNuGetPackageCache.SearchPackagesInternalAsync
so that results are cached to disk (3-hour TTL) and subsequent runs
return near-instantly from cache, matching the non-bundle behavior.

CLI package lookups (for update notifications) bypass the cache to
ensure fresh results, consistent with the non-bundle path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 20, 2026 01:45
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16318

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16318"

Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR integrates the existing CLI IDiskCache mechanism into bundle-mode NuGet package search so repeated aspire add (and other NuGet search flows in bundle mode) can return results from disk cache instead of spawning aspire-managed on every invocation, aligning bundle-mode performance with the SDK-based path.

Changes:

  • Inject IDiskCache into BundleNuGetPackageCache and plumb a useCache parameter through internal search calls.
  • Add disk-cache read-through + write-back behavior for bundle-mode search results (JSON payload caching).
  • Explicitly bypass caching for CLI package lookups (useCache: false) to keep update checks fresh.

Comment thread src/Aspire.Cli/NuGet/BundleNuGetPackageCache.cs
Comment thread src/Aspire.Cli/NuGet/BundleNuGetPackageCache.cs
Include workingDirectory.FullName in the disk cache key to prevent
cross-project cache pollution when no explicit nuget.config is provided.

Add BundleNuGetPackageCacheTests covering:
- Cache hit on second call (process not re-invoked)
- useCache:false bypasses disk cache (CLI packages)
- Different working directories get separate cache entries

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The NuGetHelper search command was calling GetVersionsAsync() and
GetDeprecationMetadataAsync() for every package in the search results.
For a search returning 1000 results, this made 2000 additional API
calls and produced a ~3MB JSON payload with all package versions.

The CLI never uses AllVersions (it only needs the latest version) and
uses a hardcoded DeprecatedPackages set instead of NuGet deprecation
metadata. Removing these calls eliminates the N+1 query problem and
reduces the response payload from ~3MB to ~100KB.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown
Contributor

🎬 CLI E2E Test Recordings — 72 recordings uploaded (commit 6d4677e)

View recordings
Test Recording
AddPackageInteractiveWhileAppHostRunningDetached ▶️ View Recording
AddPackageWhileAppHostRunningDetached ▶️ View Recording
AgentCommands_AllHelpOutputs_AreCorrect ▶️ View Recording
AgentInitCommand_DefaultSelection_InstallsSkillOnly ▶️ View Recording
AgentInitCommand_MigratesDeprecatedConfig ▶️ View Recording
AspireAddPackageVersionToDirectoryPackagesProps ▶️ View Recording
AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps ▶️ View Recording
Banner_DisplayedOnFirstRun ▶️ View Recording
Banner_DisplayedWithExplicitFlag ▶️ View Recording
Banner_NotDisplayedWithNoLogoFlag ▶️ View Recording
CertificatesClean_RemovesCertificates ▶️ View Recording
CertificatesTrust_WithNoCert_CreatesAndTrustsCertificate ▶️ View Recording
CertificatesTrust_WithUntrustedCert_TrustsCertificate ▶️ View Recording
ConfigSetGet_CreatesNestedJsonFormat ▶️ View Recording
CreateAndRunAspireStarterProject ▶️ View Recording
CreateAndRunAspireStarterProjectWithBundle ▶️ View Recording
CreateAndRunEmptyAppHostProject ▶️ View Recording
CreateAndRunJavaEmptyAppHostProject ▶️ View Recording
CreateAndRunJsReactProject ▶️ View Recording
CreateAndRunPythonReactProject ▶️ View Recording
CreateAndRunTypeScriptEmptyAppHostProject ▶️ View Recording
CreateAndRunTypeScriptStarterProject ▶️ View Recording
CreateJavaAppHostWithViteApp ▶️ View Recording
CreateTypeScriptAppHostWithViteApp ▶️ View Recording
DashboardRunWithOtelTracesReturnsNoTraces ▶️ View Recording
DeployK8sBasicApiService ▶️ View Recording
DeployK8sWithGarnet ▶️ View Recording
DeployK8sWithMongoDB ▶️ View Recording
DeployK8sWithMySql ▶️ View Recording
DeployK8sWithPostgres ▶️ View Recording
DeployK8sWithRabbitMQ ▶️ View Recording
DeployK8sWithRedis ▶️ View Recording
DeployK8sWithSqlServer ▶️ View Recording
DeployK8sWithValkey ▶️ View Recording
DeployTypeScriptAppToKubernetes ▶️ View Recording
DescribeCommandResolvesReplicaNames ▶️ View Recording
DescribeCommandShowsRunningResources ▶️ View Recording
DetachFormatJsonProducesValidJson ▶️ View Recording
DetachFormatJsonProducesValidJsonWhenRestartingExistingInstance ▶️ View Recording
DoListStepsShowsPipelineSteps ▶️ View Recording
DoctorCommand_DetectsDeprecatedAgentConfig ▶️ View Recording
DoctorCommand_WithSslCertDir_ShowsTrusted ▶️ View Recording
DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted ▶️ View Recording
GlobalMigration_HandlesCommentsAndTrailingCommas ▶️ View Recording
GlobalMigration_HandlesMalformedLegacyJson ▶️ View Recording
GlobalMigration_PreservesAllValueTypes ▶️ View Recording
GlobalMigration_SkipsWhenNewConfigExists ▶️ View Recording
GlobalSettings_MigratedFromLegacyFormat ▶️ View Recording
InitTypeScriptAppHost_AugmentsExistingViteRepoAtRoot ▶️ View Recording
InvalidAppHostPathWithComments_IsHealedOnRun ▶️ View Recording
LegacySettingsMigration_AdjustsRelativeAppHostPath ▶️ View Recording
LogsCommandShowsResourceLogs ▶️ View Recording
OtelLogsReturnsStructuredLogsFromStarterApp ▶️ View Recording
PsCommandListsRunningAppHost ▶️ View Recording
PsFormatJsonOutputsOnlyJsonToStdout ▶️ View Recording
PublishWithConfigureEnvFileUpdatesEnvOutput ▶️ View Recording
PublishWithDockerComposeServiceCallbackSucceeds ▶️ View Recording
PublishWithoutOutputPathUsesAppHostDirectoryDefault ▶️ View Recording
RestoreGeneratesSdkFiles ▶️ View Recording
RestoreRefreshesGeneratedSdkAfterAddingIntegration ▶️ View Recording
RestoreSupportsConfigOnlyHelperPackageAndCrossPackageTypes ▶️ View Recording
RunFromParentDirectory_UsesExistingConfigNearAppHost ▶️ View Recording
SecretCrudOnDotNetAppHost ▶️ View Recording
SecretCrudOnTypeScriptAppHost ▶️ View Recording
StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels ▶️ View Recording
StartAndWaitForTypeScriptSqlServerAppHostWithNativeAssets ▶️ View Recording
StopAllAppHostsFromAppHostDirectory ▶️ View Recording
StopAllAppHostsFromUnrelatedDirectory ▶️ View Recording
StopNonInteractiveMultipleAppHostsShowsError ▶️ View Recording
StopNonInteractiveSingleAppHost ▶️ View Recording
StopWithNoRunningAppHostExitsSuccessfully ▶️ View Recording
UnAwaitedChainsCompileWithAutoResolvePromises ▶️ View Recording

📹 Recordings uploaded automatically from CI run #24646866397

private static async Task<string> ComputeFileHashAsync(FileInfo file, CancellationToken cancellationToken)
{
using var stream = file.OpenRead();
var hashBytes = await SHA256.HashDataAsync(stream, cancellationToken).ConfigureAwait(false);
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've seen other hash algo being used in places where it's not used for security. I don't remember the exact name. Should it be used here instead of SHA256?

Comment on lines +115 to +138
private sealed class InMemoryDiskCache : IDiskCache
{
private readonly Dictionary<string, string> _entries = new();

public Task<string?> GetAsync(string key, CancellationToken cancellationToken = default)
{
_entries.TryGetValue(key, out var value);
return Task.FromResult(value);
}

public Task SetAsync(string key, string content, CancellationToken cancellationToken = default)
{
_entries[key] = content;
return Task.CompletedTask;
}

public Task ClearAsync(CancellationToken cancellationToken = default)
{
_entries.Clear();
return Task.CompletedTask;
}
}

private sealed class FakeBundleService : IBundleService
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use shared test services. Avoid many private implementations

Copy link
Copy Markdown
Member

@JamesNK JamesNK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: 4 items flagged — 1 bug (cache write failure discards results), 1 convention violation (SHA-256 for non-security hash), 2 minor test issues (temp directory leak, duplicate test helper).

Comment on lines 250 to +255
return [];
}

// Persist the raw JSON to disk cache for future lookups
if (cacheEnabled && cacheKey is not null)
{
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: If _diskCache.SetAsync throws (e.g. IOException, UnauthorizedAccessException), the exception propagates and the successfully-fetched search results are never returned to the caller.

The cache read path correctly handles these exceptions (lines 159–163 catch and set cacheEnabled = false), but the write path does not. Consider wrapping this in a try/catch similar to the read path so that a cache-write failure doesn't discard valid results:

try
{
    await _diskCache.SetAsync(cacheKey, output, cancellationToken).ConfigureAwait(false);
}
catch (Exception ex) when (ex is IOException or UnauthorizedAccessException or System.Security.SecurityException)
{
    _logger.LogDebug(ex, "Failed to write package search results to disk cache.");
}

Comment on lines +210 to +215
private sealed class TestFeatures : IFeatures
{
public bool IsFeatureEnabled(string featureName, bool defaultValue = false) => defaultValue;

public void LogFeatureState() { }
}
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: There's already a shared TestFeatures class in tests/Aspire.Cli.Tests/TestServices/TestFeatures.cs with the same behavior (plus the ability to set feature flags). Consider reusing it instead of duplicating here.

_tempDir = Directory.CreateTempSubdirectory("aspire-test-bundle").FullName;
var managedDir = Path.Combine(_tempDir, "managed");
Directory.CreateDirectory(managedDir);
var exeName = OperatingSystem.IsWindows() ? "aspire-managed.exe" : "aspire-managed";
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: FakeBundleService creates a temp directory via Directory.CreateTempSubdirectory (system temp, not inside the TemporaryWorkspace) but never cleans it up — each test run leaks a directory. If this is intentional (OS cleans temp eventually), feel free to ignore; otherwise consider making FakeBundleService implement IDisposable and deleting _tempDir on dispose.

Comment on lines 271 to +276
}
}

private static async Task<string> ComputeFileHashAsync(FileInfo file, CancellationToken cancellationToken)
{
using var stream = file.OpenRead();
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Convention: Per AGENTS.md, cryptographic hashes like SHA-256 should not be used when the hash is not security-related. This hash is solely for cache key construction/invalidation. Prefer System.IO.Hashing.XxHash3 instead:

private static async Task<string> ComputeFileHashAsync(FileInfo file, CancellationToken cancellationToken)
{
    using var stream = file.OpenRead();
    var hashBytes = await System.IO.Hashing.XxHash3.HashAsync(stream, cancellationToken).ConfigureAwait(false);
    return Convert.ToHexString(hashBytes);
}

(The existing NuGetPackageCache.ComputeNuGetConfigHashSuffixAsync has the same pre-existing issue, but this is new code.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants