redis tls support

[nischitpra]

Summary by CodeRabbit

• New Features

  • Added TLS support for Redis connections, enabling secure rediss:// usage.

• Compatibility

  • Ensured Redis Cluster compatibility by using hash-tagged queue keys so related keys map to the same cluster slot.

• Documentation

  • Updated README and Docker docs with rediss:// examples and guidance for TLS-enabled Redis URLs and env vars.

• Chores

  • Added Rust TLS library to project dependencies to support secure Redis connections.

[coderabbitai]

Walkthrough

Adds TLS support for Redis (new rustls dependency, redis TLS features, server Rustls provider initialization) and updates twmq to use Redis Cluster hash tags for all queue-related keys; documentation and tests updated to show rediss:// examples and hash-tagged key patterns.

Changes

Cohort / File(s)	Summary
Workspace / Root Cargo Cargo.toml	Enabled Redis TLS features (tls-rustls, tls-rustls-webpki-roots, tokio-rustls-comp) and adjusted redis features list.
twmq crate Cargo twmq/Cargo.toml	Added rustls dependency to workspace.
server crate Cargo server/Cargo.toml	Added rustls = { workspace = true } to server dependencies.
Server init server/src/main.rs	Installs a process-wide Rustls CryptoProvider during startup (after Solana signer creation, before Redis client setup); errors are no-ops and logged at debug level.
twmq core changes twmq/src/lib.rs, twmq/src/multilane.rs	Added private redis_hash_tag() helpers and replaced direct queue-id/name usages with hash-tagged variants for all Redis key constructions and Lua KEYS to ensure keys map to the same Redis Cluster slot.
Tests (twmq) twmq/tests/*.rs	Updated test cleanup key patterns to use Redis Cluster hash-tag syntax (wrap queue id/name in {}) across multiple test files.
Documentation README.md, server/DOCKER.md	Added examples and guidance showing TLS-enabled Redis URLs (rediss://) in config, .env, and docker-compose snippets.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Main as Server Main
participant Signer as Solana Signer
participant Crypto as Rustls CryptoProvider
participant Redis as Redis Client
Main->>Signer: construct signer
Main->>Crypto: attempt to install default CryptoProvider
Crypto-->>Main: success / debug no-op
Main->>Redis: create/configure Redis client (may use TLS)
Redis-->>Main: connection established / error

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 18.75% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'redis tls support' directly relates to the primary changes: adding TLS support for Redis connections through rustls dependencies, Rustls CryptoProvider initialization, documentation updates for rediss:// URLs, and Redis Cluster hash-tagging for TLS-enabled environments.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch np/redis_tls

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@Cargo.toml`:
- Line 101: The Cargo.toml currently relies on redis = "0.31.0" with TLS
features but must also add an explicit rustls dependency; update Cargo.toml to
include a rustls crate (e.g., rustls or rustls-native-certs as appropriate) and
then ensure you install a rustls crypto provider at application startup (before
any TLS connections are created) by calling the provider installer (for example,
rustls::crypto::ring::default_provider().install_default()) in your main/startup
initialization routine so the redis TLS connections do not fail with "crypto
provider not installed".

In `@server/DOCKER.md`:
- Around line 135-136: The commented Redis-over-TLS line in the DOCKER.md
docker-compose example breaks YAML indentation; fix it by aligning the comment
with the other environment list items so it matches the same indentation level
as the other `-` entries (e.g., ensure the `#     -
APP__REDIS__URL=rediss://redis:6379` comment is indented to the same column as
other `- APP__...` environment lines), so users can safely uncomment
`APP__REDIS__URL=rediss://redis:6379` without corrupting YAML structure.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

twmq/src/multilane.rs (1)

1045-1052: ⚠️ Potential issue | 🟠 Major

Replace plain queue_id() with redis_hash_tag() in trim script KEYS.

Trim scripts at lines 1046 and 1193 pass untagged KEYS[1] while all other KEYS use redis_hash_tag() internally. This breaks Redis cluster slot alignment, causing CROSSSLOT errors or silent pruning failures. All key-building methods (success_list_name(), job_data_hash_name(), etc.) already use redis_hash_tag() which wraps the queue_id with {} for proper hash tagging.

Fix

-            .key(self.queue_id())
+            .key(self.redis_hash_tag())

Apply at lines 1046 and 1193.