[LOW] No cache headers set on API responses

[kilodesodiq-arch]

Engineering Gap

API responses have no Cache-Control, ETag, or Last-Modified headers. Clients cannot cache responses. Every request hits the database even for unchanged data.

Codebase Evidence

• app/backend/src/main.ts: No caching interceptor configured
• app/backend/src/app.controller.ts: No cache headers on root or health endpoints

Risk Profile

Unnecessary database load. Slower repeat requests.

Remediation Strategy

Add ETag-based caching for GET endpoints that return rarely-changing data. Set Cache-Control: private, max-age for authenticated responses.

Success Conditions

• ETag caching on GET endpoints
• Cache-Control headers set
• Cache invalidation on mutations

Change Surface

Files: main.ts, controller files

Security Review

Ensure no authenticated data cached publicly.

Completion Checklist

• Implementation completed
• Peer reviewed
• Ready for merge

[gbengaeben]

Hi Maintainer,

I’d love to work on this issue. I’ve reviewed the requirements and believe I can implement the solution according to the project’s guidelines and best practices.

If the issue is available, I’d be happy to take ownership and submit a PR for review.

Thank you for your consideration

[grantfox-oss]

🦊 GrantFox — @gbengaeben has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #129)
2. Your PR will be reviewed by the ChainForgee maintainers

Good luck! Track your progress on GrantFox.