cachekit-io · 27Bslash6 · Apr 25, 2026 · Apr 25, 2026 · Apr 25, 2026
diff --git a/.github/workflows/fuzz-smoke.yml b/.github/workflows/fuzz-smoke.yml
@@ -31,11 +31,8 @@ jobs:
     - name: Install Rust nightly
       run: rustup toolchain install nightly
 
-    - name: Install cargo-binstall
-      uses: cargo-bins/cargo-binstall@18470a17439d5a7ec5f5ab40c95a6f0b217e652e # main
-
     - name: Install cargo-fuzz
-      run: cargo binstall --no-confirm cargo-fuzz
+      run: cargo install --locked cargo-fuzz
 
     - name: Run fuzzing smoke tests
       id: fuzz

diff --git a/.github/workflows/security-deep.yml b/.github/workflows/security-deep.yml
@@ -46,11 +46,8 @@ jobs:
         rustup toolchain install nightly
         rustup default nightly
 
-    - name: Install cargo-binstall
-      uses: cargo-bins/cargo-binstall@18470a17439d5a7ec5f5ab40c95a6f0b217e652e # main
-
     - name: Install cargo-fuzz
-      run: cargo binstall --no-confirm cargo-fuzz
+      run: cargo install --locked cargo-fuzz
 
     - name: Fuzz byte_storage_compress (1 hour)
       run: |

diff --git a/.github/workflows/security-fast.yml b/.github/workflows/security-fast.yml
@@ -66,11 +66,8 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-    - name: Install cargo-binstall
-      uses: cargo-bins/cargo-binstall@18470a17439d5a7ec5f5ab40c95a6f0b217e652e # main
-
     - name: Install cargo-machete
-      run: cargo binstall --no-confirm cargo-machete
+      run: cargo install --locked cargo-machete
 
     - name: Check for unused dependencies
       run: |

diff --git a/.github/workflows/security-medium.yml b/.github/workflows/security-medium.yml
@@ -25,11 +25,8 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-    - name: Install cargo-binstall
-      uses: cargo-bins/cargo-binstall@18470a17439d5a7ec5f5ab40c95a6f0b217e652e # main
-
     - name: Install cargo-geiger
-      run: cargo binstall --no-confirm cargo-geiger
+      run: cargo install --locked cargo-geiger
 
     - name: Run unsafe code analysis
       run: |

diff --git a/pyproject.toml b/pyproject.toml
@@ -227,6 +227,7 @@ dev = [
     "pandas>=1.3.0",
     "pyarrow>=21.0.0",
     "pytest-xdist>=3.8.0",
+    "time-machine>=2.19.0",
 ]
 # Linux CI only - Atheris requires libFuzzer (not available on macOS without building LLVM)
 fuzz = [

diff --git a/tests/competitive/test_head_to_head.py b/tests/competitive/test_head_to_head.py
@@ -33,11 +33,12 @@
 import math
 import time
 import uuid
-from datetime import datetime, timezone
+from datetime import datetime, timedelta, timezone
 from functools import lru_cache
 from typing import Any
 
 import pytest
+import time_machine
 from cachetools import TTLCache, cached
 
 from cachekit import cache
@@ -560,25 +561,27 @@ def test_cachekit_has_ttl(self):
         """cachekit supports TTL with decorator parameter."""
         call_count = 0
 
-        @cache(backend=None, ttl=2)
-        def fn(x):
-            nonlocal call_count
-            call_count += 1
-            return x * 2
+        with time_machine.travel(0, tick=False) as traveller:
 
-        fn(1)
-        first_count = call_count
+            @cache(backend=None, ttl=2)
+            def fn(x):
+                nonlocal call_count
+                call_count += 1
+                return x * 2
 
-        fn(1)
-        # May or may not cache depending on L1 implementation details
-        second_count = call_count
+            fn(1)
+            first_count = call_count
 
-        time.sleep(2.5)  # Wait for TTL
-        fn(1)
-        # After TTL expiry, function MUST re-execute
-        assert call_count > second_count, "Function should re-execute after TTL expires"
+            fn(1)
+            # May or may not cache depending on L1 implementation details
+            second_count = call_count
 
-        fn.cache_clear()
+            traveller.shift(timedelta(seconds=3))  # Advance clock past TTL
+            fn(1)
+            # After TTL expiry, function MUST re-execute
+            assert call_count > second_count, "Function should re-execute after TTL expires"
+
+            fn.cache_clear()
 
 
 class TestCacheManagement:

diff --git a/tests/competitive/test_lru_cache_comparison.py b/tests/competitive/test_lru_cache_comparison.py
@@ -107,7 +107,8 @@ def get_data(x: int) -> str:
         assert result == "value_1"
 
         # Wait for TTL to expire
-        time.sleep(1.2)
+        # Server-side TTL — must sleep (time-machine can't mock Redis/Memcached clock)
+        time.sleep(3)
 
         # Data should be expired (in production with Redis)
         # Note: Exact behavior depends on Redis persistence

diff --git a/tests/critical/test_basic_cache_works.py b/tests/critical/test_basic_cache_works.py
@@ -174,7 +174,8 @@ def time_sensitive_data():
         assert call_count == 1
 
         # Wait for TTL to expire
-        time.sleep(1.5)
+        # Server-side TTL — must sleep (time-machine can't mock Redis/Memcached clock)
+        time.sleep(3)
 
         # Third call should execute function again (cache expired)
         result3 = time_sensitive_data()

diff --git a/tests/critical/test_cache_reliability.py b/tests/critical/test_cache_reliability.py
@@ -45,7 +45,8 @@ def time_sensitive_function(key):
         assert call_count == 1
 
         # Wait for TTL to expire
-        time.sleep(1.2)
+        # Server-side TTL — must sleep (time-machine can't mock Redis/Memcached clock)
+        time.sleep(3)
 
         # Third call should get fresh data after expiration
         result3 = time_sensitive_function("data")