Fail-open cache when persist backend is unreachable (#50)

[poxet]

Closes #50.

Problem

When the persist backend (Redis) times out commands rather than cleanly failing to connect, ICache.GetAsync<T>(key, fetch) threw instead of falling back to the fetch loader. A production Redis outage therefore took the whole service down (every read retried ~15s then threw, blocked threads exhausted the pool at ~60k queued items) even though the backing store was healthy.

Changes

1. Fail-open in CacheBase (provider-agnostic). A backend exception is caught and:

• reads → logged, treated as a miss → control flows to the fetch source loader (GetCoreAsync, PeekAsync, BuyMoreTime);
• writes → logged and swallowed, never fault the caller (FetchCallback, SetCoreAsync).

Gated by an exception filter when (_options.FailOpenOnBackendError), so setting the new CacheOptions.FailOpenOnBackendError = false restores the previous throwing behavior exactly. Because it lives in the base class it protects all IPersist backends (Redis/MongoDB/File). CacheBase gained a nullable ILogger, threaded through the 5 cache subclasses and the DI factory lambdas.

2. Circuit breaker in the Redis provider. New internal RedisResiliencePolicy factory builds a Polly circuit breaker (outer) wrapping the existing retry (inner), so once the circuit is open calls fail fast (BrokenCircuitException, caught by the core fail-open) instead of paying retry latency per call — the fix for the thread-pool starvation. Half-open auto-recovers. CanConnectAsync returns (false, "circuit open") instead of throwing.

3. Options. CacheOptions.FailOpenOnBackendError (default true); RedisCacheOptions.RetryCount / CircuitBreakerFailureThreshold / CircuitBreakerDuration / CommandTimeout.

Acceptance criteria

• With the backend down/timing out, GetAsync(key, fetch) returns fetch()'s result and does not throw.
• A cache write failure does not fault the caller.
• Under a sustained outage, calls fail fast once the breaker is open and recover automatically.

Tests

• FailOpenTests (4) — throwing IPersist: Get returns the loader result; read/write failures don't fault; FailOpenOnBackendError=false re-throws.
• RedisResiliencePolicyTests (3) — breaker opens after the threshold and fast-fails without invoking the backend; success passes through; transient failures still retry.
• Full solution builds clean. Core: 478 pass (4 new). Redis: 5 pass.

Docs: README updated (core feature bullet + Redis "Resilience (fail-open)" section).

[codecov]

Codecov Report

❌ Patch coverage is 35.33835% with 86 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
Tharga.Cache.Tests/FailOpenTests.cs	0.00%	48 Missing ⚠️
Tharga.Cache.Redis/Redis.cs	0.00%	22 Missing ⚠️
Tharga.Cache/Core/CacheBase.cs	80.76%	4 Missing and 1 partial ⚠️
Tharga.Cache.Redis/RedisResiliencePolicy.cs	80.95%	2 Missing and 2 partials ⚠️
Tharga.Cache/CacheRegistrationExtensions.cs	20.00%	3 Missing and 1 partial ⚠️
Tharga.Cache.Redis/RedisCacheOptions.cs	75.00%	1 Missing ⚠️
Tharga.Cache/Core/GenericCache.cs	0.00%	1 Missing ⚠️
Tharga.Cache/Core/GenericTimeCache.cs	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[github-actions]

Released as v0.4.8 — https://github.com/Tharga/Cache/releases/tag/0.4.8