@gooddata/sdk-ui-pluggable-host 11.40.0-alpha.3

package/esm/loader/redirectLogic.js

@@ -0,0 +1,143 @@
+// (C) 2026 GoodData Corporation
+import { debugLog } from "../debug.js";
+import { getLastVisitedApp, setLastVisitedApp } from "./lastVisitedApp.js";
+import { getActiveInternalApplication, getApplicationHref } from "./routing.js";
+/**
+ * Thrown when the current URL does not correspond to any accessible application.
+ */
+export class AppNotFoundError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "AppNotFoundError";
+    }
+}
+/**
+ * Returns whether the given pathname is at the root of the specified scope.
+ *
+ * @example
+ * - `/` → true (always considered a scope root)
+ * - `/organization` → true; `/organization/ai-hub` → false
+ * - `/workspace/abc` → true; `/workspace/abc/dashboards` → false
+ * - `/workspace/` with no workspaceId → true (no workspace selected yet)
+ */
+function isAtScopeRoot(pathname, scope, workspaceId) {
+    if (!pathname || pathname === "/") {
+        return true;
+    }
+    if (scope === "organization") {
+        return pathname === "/organization" || pathname === "/organization/";
+    }
+    if (scope === "workspace") {
+        if (!workspaceId) {
+            // No workspace ID in the URL means we haven't landed on a specific workspace yet — treat as root
+            return true;
+        }
+        const wsRoot = `/workspace/${workspaceId}`;
+        return pathname === wsRoot || pathname === wsRoot + "/";
+    }
+    // TypeScript exhaustive check — catches unhandled ApplicationScope additions at compile time
+    const _ = scope;
+    throw new Error(`[host-runtime/redirectLogic] Unhandled application scope: ${_}`);
+}
+/**
+ * Returns the last-visited app for the given scope if it is in the eligible list,
+ * otherwise falls back to the first app.
+ */
+function preferLastVisitedApp(apps, scope) {
+    const lastVisitedId = getLastVisitedApp(scope);
+    if (lastVisitedId) {
+        const match = apps.find((app) => app.id === lastVisitedId);
+        if (match) {
+            return match;
+        }
+    }
+    return apps[0];
+}
+/**
+ * Handles navigation when the user is inside the organization scope.
+ * Either redirects to the preferred org app (last-visited or first, when at the org root)
+ * or validates that the current path maps to a known app.
+ * Individual modules are responsible for their own permission checks.
+ */
+function resolveOrgScopeTarget(apps, ctx, pathname) {
+    if (isAtScopeRoot(pathname, "organization")) {
+        const target = preferLastVisitedApp(apps, "organization");
+        if (!target) {
+            debugLog("[host-runtime/redirect] org scope: at root but no org apps available — throwing not-found");
+            throw new AppNotFoundError("No organization-scoped applications are available.");
+        }
+        const href = getApplicationHref(target, ctx, pathname);
+        debugLog(`[host-runtime/redirect] org scope: at root, redirecting to preferred org app → ${href}`);
+        return href;
+    }
+    const active = getActiveInternalApplication(apps, ctx, pathname);
+    if (!active) {
+        debugLog(`[host-runtime/redirect] org scope: no app matched pathname → ${pathname} — throwing not-found`);
+        throw new AppNotFoundError(`No application found at path: ${pathname}`);
+    }
+    debugLog(`[host-runtime/redirect] org scope: active app matched → ${active.id}`);
+    setLastVisitedApp("organization", active.id);
+    return null;
+}
+/**
+ * Resolves where the shell app should navigate given the current URL and permission context.
+ *
+ * @returns
+ * - A URL string → caller must navigate to this URL (e.g. via React Router)
+ * - `null` → the current URL is valid; render the active app
+ *
+ * @throws {AppNotFoundError} The current path maps to no accessible application (show 404)
+ * @throws {Error} Unexpected failure (show generic error screen)
+ */
+export async function resolveRedirectTarget({ apps, ctx, pathname, fetchFirstWorkspaceId, }) {
+    const scope = ctx.currentApplicationScope;
+    const workspaceId = ctx.currentWorkspaceId;
+    debugLog(`[host-runtime/redirect] resolveRedirectTarget: scope=${scope ?? "(none)"} workspaceId=${workspaceId ?? "(none)"} pathname=${pathname} apps=${apps.length}`);
+    if (scope === "organization") {
+        return resolveOrgScopeTarget(apps, ctx, pathname);
+    }
+    if (scope === "workspace" && !isAtScopeRoot(pathname, scope, workspaceId)) {
+        // User is at a specific path inside workspace scope — validate it maps to a permitted app
+        const active = getActiveInternalApplication(apps, ctx, pathname);
+        if (!active) {
+            debugLog(`[host-runtime/redirect] workspace scope: no app matched pathname → ${pathname} — throwing not-found`);
+            throw new AppNotFoundError(`No application found at path: ${pathname}`);
+        }
+        debugLog(`[host-runtime/redirect] workspace scope: active app matched → ${active.id}`);
+        setLastVisitedApp("workspace", active.id);
+        return null;
+    }
+    // At a workspace root (with or without workspace ID) or the top-level app root.
+    // Strategy: redirect in up to two hops via client-side navigation.
+    //   1. If no workspace ID → fetch the first workspace → redirect to /workspace/{id}
+    //   2. If at workspace root with ID → redirect to the first permitted app
+    if (!workspaceId) {
+        // When scope is undefined (user landed on "/"), prefer organization scope
+        // for users with org management permission.
+        if (!scope && ctx.organizationPermissions?.canManageOrganization) {
+            debugLog("[host-runtime/redirect] user has canManageOrganization — redirecting to /organization");
+            return "/organization";
+        }
+        // Hop 1: resolve a workspace ID and redirect to its root so that the next render cycle
+        // can load workspace permissions and filter apps accurately.
+        debugLog("[host-runtime/redirect] no workspace ID — fetching first workspace");
+        const resolvedWorkspaceId = await fetchFirstWorkspaceId();
+        if (!resolvedWorkspaceId) {
+            debugLog("[host-runtime/redirect] no workspace available for user — throwing not-found");
+            throw new AppNotFoundError("No workspace is available for this user.");
+        }
+        const wsRootHref = `/workspace/${resolvedWorkspaceId}`;
+        debugLog(`[host-runtime/redirect] redirecting to workspace root → ${wsRootHref}`);
+        return wsRootHref;
+    }
+    // Hop 2: workspace ID is known, workspace permissions are loaded, apps are fully filtered.
+    // Redirect to the preferred (last-visited or first) workspace app.
+    const targetApp = preferLastVisitedApp(apps, "workspace");
+    if (!targetApp) {
+        debugLog("[host-runtime/redirect] no permitted workspace apps — throwing not-found");
+        throw new AppNotFoundError("No workspace-scoped applications are available for this workspace.");
+    }
+    const href = getApplicationHref(targetApp, ctx, pathname);
+    debugLog(`[host-runtime/redirect] redirecting to preferred workspace app → ${href} (app: ${targetApp.id})`);
+    return href;
+}

package/esm/loader/remoteLoader.d.ts

@@ -0,0 +1,5 @@
+import { type IRemotePluggableApplicationModule } from "@gooddata/sdk-model";
+import { type IPluggableApp, type IHostUiModule } from "@gooddata/sdk-pluggable-application-model";
+export declare function loadRemotePluggableApplication(remote: IRemotePluggableApplicationModule): Promise<IPluggableApp>;
+export declare function loadRemoteHostUiModule(remote: IRemotePluggableApplicationModule): Promise<IHostUiModule>;
+export declare function preloadRemotePluggableApplication(remote: IRemotePluggableApplicationModule): Promise<IPluggableApp>;

package/esm/loader/remoteLoader.js

@@ -0,0 +1,117 @@
+// (C) 2026 GoodData Corporation
+import { createInstance } from "@module-federation/runtime";
+import { isAllowedRemoteHostname } from "./remoteUrlSecurity.js";
+const remoteAppPromises = new Map();
+const registeredRemoteScopeUrls = new Map();
+let federation;
+function getFederation() {
+    if (!federation) {
+        federation = createInstance({ name: "gdc_host", remotes: [] });
+    }
+    return federation;
+}
+function normalizeModuleName(moduleName) {
+    return moduleName.replace(/^\.\//, "");
+}
+function isJSEntry(url) {
+    return /\.m?js(?:$|\?)/.test(url);
+}
+function asPluggableApp(remote, loaded) {
+    const app = loaded.pluggableApp ?? loaded.default;
+    if (!app || typeof app.mount !== "function") {
+        throw new Error(`[host-runtime/remote-loader] Remote module "${remote.scope}/${remote.module}" does not export a valid pluggable app. (type: ${typeof loaded}, hasMount: ${typeof loaded?.mount}, keys: ${Object.keys(loaded ?? {})})`);
+    }
+    return app;
+}
+function getCacheKey(remote) {
+    return `${remote.scope}::${remote.url}::${remote.module}`;
+}
+function registerRemote(remote) {
+    const existingUrl = registeredRemoteScopeUrls.get(remote.scope);
+    if (!remote.url) {
+        throw new Error(existingUrl
+            ? `[host-runtime/remote-loader] Remote "${remote.scope}" has no URL configured. Refusing to load to avoid using previously registered URL "${existingUrl}".`
+            : `[host-runtime/remote-loader] Remote "${remote.scope}" has no URL configured.`);
+    }
+    // Security: reject remotes not hosted on the same hostname or an allowlisted hostname.
+    if (!isAllowedRemoteHostname(remote.url)) {
+        throw new Error(existingUrl
+            ? `[host-runtime/remote-loader] Remote "${remote.scope}" URL "${remote.url}" is not on an allowed hostname. Refusing to load to avoid using previously registered URL "${existingUrl}".`
+            : `[host-runtime/remote-loader] Remote "${remote.scope}" URL "${remote.url}" is not on an allowed hostname.`);
+    }
+    if (existingUrl === remote.url) {
+        return;
+    }
+    const force = existingUrl !== undefined && existingUrl !== remote.url;
+    const remoteRegistration = {
+        name: remote.scope,
+        entry: remote.url,
+        ...(isJSEntry(remote.url) ? { type: "module" } : {}),
+    };
+    try {
+        getFederation().registerRemotes([remoteRegistration], force ? { force: true } : undefined);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`[host-runtime/remote-loader] Failed to register remote "${remote.scope}" from "${remote.url}": ${message}`);
+    }
+    registeredRemoteScopeUrls.set(remote.scope, remote.url);
+}
+async function loadRemoteModule(remote) {
+    registerRemote(remote);
+    const moduleName = normalizeModuleName(remote.module);
+    const loaded = await getFederation().loadRemote(`${remote.scope}/${moduleName}`);
+    if (!loaded) {
+        throw new Error(`[host-runtime/remote-loader] Remote module "${remote.scope}/${moduleName}" resolved to null.`);
+    }
+    return loaded;
+}
+export function loadRemotePluggableApplication(remote) {
+    const cacheKey = getCacheKey(remote);
+    const cached = remoteAppPromises.get(cacheKey);
+    if (cached) {
+        return cached;
+    }
+    const loadingPromise = loadRemoteModule(remote)
+        .then((loaded) => asPluggableApp(remote, loaded))
+        .catch((error) => {
+        remoteAppPromises.delete(cacheKey);
+        throw error;
+    });
+    remoteAppPromises.set(cacheKey, loadingPromise);
+    return loadingPromise;
+}
+function asHostUiModule(remote, loaded) {
+    const mod = loaded.hostUiModule ?? loaded.default;
+    if (!mod || typeof mod.mount !== "function") {
+        throw new Error(`[host-runtime/remote-loader] Remote UI module "${remote.scope}/${remote.module}" does not export a valid IHostUiModule.`);
+    }
+    return mod;
+}
+export async function loadRemoteHostUiModule(remote) {
+    const loaded = await loadRemoteModule(remote);
+    return asHostUiModule(remote, loaded);
+}
+export function preloadRemotePluggableApplication(remote) {
+    registerRemote(remote);
+    // Runtime manifest preloading works for manifest URLs (for example mf-manifest.json).
+    // For JS entry URLs (remoteEntry.js), preloadRemote tries to parse JSON and fails,
+    // so we skip manifest preload and only warm the actual exposed module below.
+    if (!isJSEntry(remote.url)) {
+        void getFederation()
+            .preloadRemote([
+            {
+                nameOrAlias: remote.scope,
+                exposes: [normalizeModuleName(remote.module)],
+            },
+        ])
+            .catch((error) => {
+            console.error(`[host-runtime/remote-loader] Failed to preload remote entry for "${remote.scope}/${remote.module}".`, error);
+        });
+    }
+    // Warm the module promise itself so hover/focus reduces click-to-mount latency.
+    return loadRemotePluggableApplication(remote).catch((error) => {
+        console.error(`[host-runtime/remote-loader] Failed to preload remote module "${remote.scope}/${remote.module}".`, error);
+        throw error;
+    });
+}

package/esm/loader/remoteUrlSecurity.d.ts

@@ -0,0 +1 @@
+export declare function isAllowedRemoteHostname(url: string): boolean;

package/esm/loader/remoteUrlSecurity.js

@@ -0,0 +1,26 @@
+// (C) 2026 GoodData Corporation
+/**
+ * Security guard: only allow remote modules hosted on the same hostname as the host app,
+ * or on an explicit allowlist of trusted hostnames (e.g. the demo-dashboard-plugins bucket).
+ *
+ * This is the sole safeguard preventing arbitrary third-party JavaScript from being loaded
+ * as a Module Federation remote. Remote modules execute with full application privileges,
+ * so loading from an untrusted origin would be equivalent to an XSS attack.
+ *
+ * Relative URLs (e.g. "/__CDN_URL_PLACEHOLDER__/...") always resolve to the current origin
+ * and are therefore allowed. Absolute URLs from a different hostname are blocked unless the
+ * hostname is in ALLOWED_REMOTE_HOSTNAMES.
+ */
+const ALLOWED_REMOTE_HOSTNAMES = new Set([
+    // infra1: s3://gdc-panther-prod-demo-dashboard-plugins (apps from gdc-ui-pluggable-applications playground)
+    "demo-dashboard-plugins.gooddata.com",
+]);
+export function isAllowedRemoteHostname(url) {
+    try {
+        const { hostname } = new URL(url, window.location.origin);
+        return hostname === window.location.hostname || ALLOWED_REMOTE_HOSTNAMES.has(hostname);
+    }
+    catch {
+        return false;
+    }
+}

package/esm/loader/routing.d.ts

@@ -0,0 +1,22 @@
+import { type ApplicationScope, type PluggableApplicationRegistryItem } from "@gooddata/sdk-model";
+import { type IPlatformContext } from "@gooddata/sdk-pluggable-application-model";
+/**
+ * Returns the application scope for the given URL path, or undefined if the path
+ * does not match a known scope.
+ */
+export declare function getApplicationScopeFromPath(path: string): ApplicationScope | undefined;
+/**
+ * Returns the workspace id for the given URL path, or undefined if the path
+ * does not contain a workspace id.
+ */
+export declare function getWorkspaceIdFromPath(pathname: string | undefined): string | undefined;
+/**
+ * Substitutes `{workspaceId}` placeholders in an external app URL with the
+ * currently resolved workspace id. URLs with no placeholder pass through
+ * unchanged, so apps that don't care about workspace context can keep using
+ * a plain literal URL (e.g. `https://docs.example.com`).
+ */
+export declare function substituteExternalUrlPlaceholders(url: string, ctx: IPlatformContext, pathname?: string): string;
+export declare function getApplicationHref(app: PluggableApplicationRegistryItem, ctx: IPlatformContext, pathname?: string): string;
+export declare function isInternalAppRouteActive(app: PluggableApplicationRegistryItem, ctx: IPlatformContext, pathname: string): boolean;
+export declare function getActiveInternalApplication(apps: PluggableApplicationRegistryItem[], ctx: IPlatformContext, pathname: string): PluggableApplicationRegistryItem | undefined;

package/esm/loader/routing.js

@@ -0,0 +1,87 @@
+// (C) 2026 GoodData Corporation
+import { isExternalPluggableApplicationRegistryItem, isLocalPluggableApplicationRegistryItem, isRemotePluggableApplicationRegistryItem, } from "@gooddata/sdk-model";
+const WORKSPACE_PATH_PATTERN = /^\/workspace\/(?<workspaceId>[^/]+)(?:\/|$)/;
+/**
+ * Returns the application scope for the given URL path, or undefined if the path
+ * does not match a known scope.
+ */
+export function getApplicationScopeFromPath(path) {
+    const isPathMatching = (definitionPath) => path === definitionPath || path.startsWith(definitionPath + "/");
+    if (isPathMatching("/organization")) {
+        return "organization";
+    }
+    if (isPathMatching("/workspace")) {
+        return "workspace";
+    }
+    return undefined;
+}
+/**
+ * Returns the workspace id for the given URL path, or undefined if the path
+ * does not contain a workspace id.
+ */
+export function getWorkspaceIdFromPath(pathname) {
+    return WORKSPACE_PATH_PATTERN.exec(pathname ?? "")?.groups?.["workspaceId"];
+}
+function ensureLeadingSlash(path) {
+    return path.startsWith("/") ? path : `/${path}`;
+}
+function normalizePath(path) {
+    const prefixed = ensureLeadingSlash(path);
+    if (prefixed === "/") {
+        return prefixed;
+    }
+    return prefixed.replace(/\/+$/, "");
+}
+function resolveWorkspaceId(ctx, pathname) {
+    if (ctx.currentWorkspaceId) {
+        return ctx.currentWorkspaceId;
+    }
+    return getWorkspaceIdFromPath(pathname);
+}
+function composeInternalAppPath(app, routeBase, ctx, pathname) {
+    const scopeBase = app.applicationScope === "organization"
+        ? "/organization"
+        : app.applicationScope === "workspace"
+            ? `/workspace/${resolveWorkspaceId(ctx, pathname) ?? ""}`
+            : undefined;
+    if (!scopeBase) {
+        throw new Error(`[host-runtime/routing] Unsupported application scope "${app.applicationScope}" for app "${app.id}".`);
+    }
+    return normalizePath(`${normalizePath(scopeBase)}${ensureLeadingSlash(routeBase)}`);
+}
+/**
+ * Substitutes `{workspaceId}` placeholders in an external app URL with the
+ * currently resolved workspace id. URLs with no placeholder pass through
+ * unchanged, so apps that don't care about workspace context can keep using
+ * a plain literal URL (e.g. `https://docs.example.com`).
+ */
+export function substituteExternalUrlPlaceholders(url, ctx, pathname) {
+    if (!url.includes("{workspaceId}")) {
+        return url;
+    }
+    const workspaceId = resolveWorkspaceId(ctx, pathname) ?? "";
+    return url.replaceAll("{workspaceId}", workspaceId);
+}
+export function getApplicationHref(app, ctx, pathname) {
+    if (isExternalPluggableApplicationRegistryItem(app)) {
+        return substituteExternalUrlPlaceholders(app.external.url, ctx, pathname);
+    }
+    if (isLocalPluggableApplicationRegistryItem(app)) {
+        return composeInternalAppPath(app, app.local.routeBase, ctx, pathname);
+    }
+    if (isRemotePluggableApplicationRegistryItem(app)) {
+        return composeInternalAppPath(app, app.remote.routeBase, ctx, pathname);
+    }
+    return "#";
+}
+export function isInternalAppRouteActive(app, ctx, pathname) {
+    if (isExternalPluggableApplicationRegistryItem(app)) {
+        return false;
+    }
+    const basePath = normalizePath(getApplicationHref(app, ctx, pathname));
+    const normalizedPathname = normalizePath(pathname);
+    return normalizedPathname === basePath || normalizedPathname.startsWith(`${basePath}/`);
+}
+export function getActiveInternalApplication(apps, ctx, pathname) {
+    return apps.find((app) => !isExternalPluggableApplicationRegistryItem(app) && isInternalAppRouteActive(app, ctx, pathname));
+}

package/esm/platformContext/backend.d.ts

@@ -0,0 +1,44 @@
+import { type IAnalyticalBackend, type NotAuthenticatedHandler } from "@gooddata/sdk-backend-spi";
+import { type IAuthCredentials } from "@gooddata/sdk-pluggable-application-model";
+export interface ICreateBackendOptions {
+    /**
+     * Package name reported to the backend for telemetry.
+     * Defaults to `"@gooddata/sdk-ui-pluggable-host"`.
+     */
+    packageName?: string;
+    /**
+     * Optional override for the package version reported to backend.
+     *
+     * @remarks
+     * By default, this is taken from `window.COMMITHASH` (same as AD), falling back to `"dev"`.
+     */
+    packageVersion?: string;
+    auth?: IAuthCredentials;
+}
+export interface IBackendFactory {
+    getBackend: () => IAnalyticalBackend;
+    getAuthCredentials: () => IAuthCredentials;
+    setNotAuthenticatedHandler: (handler: NotAuthenticatedHandler) => void;
+    setApiToken: (token: string) => void;
+    setJwt: (jwt: string, secondsBeforeTokenExpirationToCallReminder?: number) => void;
+}
+export declare function createBackendFactory(options?: ICreateBackendOptions): IBackendFactory;
+/**
+ * Sets the package name reported to the backend for telemetry.
+ * Must be called before the first backend request (i.e., before Root renders).
+ *
+ * @alpha
+ */
+export declare function setRuntimePackageName(name: string): void;
+/**
+ * Recreates backend lifecycle instance with new auth configuration.
+ */
+export declare function reinitializeBackend(auth?: IAuthCredentials): void;
+/**
+ * @alpha
+ */
+export declare function getBackend(): IAnalyticalBackend;
+export declare function getAuthCredentials(): IAuthCredentials;
+export declare function setNotAuthenticatedHandler(handler: NotAuthenticatedHandler): void;
+export declare function setApiToken(token: string): void;
+export declare function setJwt(jwt: string, secondsBeforeTokenExpirationToCallReminder?: number): void;

package/esm/platformContext/backend.js

@@ -0,0 +1,131 @@
+// (C) 2026 GoodData Corporation
+import { RecommendedCachingConfiguration, withCaching } from "@gooddata/sdk-backend-base";
+import { ContextDeferredAuthProvider, TigerJwtAuthProvider, TigerTokenAuthProvider, tigerFactory, } from "@gooddata/sdk-backend-tiger";
+import { createNotAuthenticatedHandler } from "./tigerNotAuthenticatedHandler.js";
+const decorateBackend = (backend) => {
+    return withCaching(backend, RecommendedCachingConfiguration);
+};
+function getDefaultAuthCredentials() {
+    const apiToken = typeof TIGER_API_TOKEN === "string" && TIGER_API_TOKEN.length ? TIGER_API_TOKEN : undefined;
+    if (apiToken) {
+        return { type: "apiToken", token: apiToken };
+    }
+    return { type: "contextDeferred" };
+}
+export function createBackendFactory(options = {}) {
+    let setApiTokenHandler = undefined;
+    let setJwtHandler = undefined;
+    const jwtIsAboutToExpire = (setJwt) => {
+        setJwtHandler = setJwt;
+    };
+    const packageVersion = options.packageVersion ??
+        (typeof window === "undefined" || !window.COMMITHASH ? "dev" : window.COMMITHASH);
+    let currentAuth = options.auth ?? getDefaultAuthCredentials();
+    let notAuthenticatedErrorHandler;
+    const baseBackend = tigerFactory(undefined, {
+        packageName: options.packageName ?? "@gooddata/sdk-ui-pluggable-host",
+        packageVersion,
+    });
+    const externalProviderId = currentAuth.type === "contextDeferred" ? currentAuth.externalProviderId : undefined;
+    const defaultNotAuthenticatedHandler = createNotAuthenticatedHandler(externalProviderId);
+    const backendNotAuthenticatedHandler = (context, error) => {
+        const handler = notAuthenticatedErrorHandler;
+        if (handler) {
+            handler(context, error);
+            return;
+        }
+        defaultNotAuthenticatedHandler(context, error);
+    };
+    const getBackendImplementation = (auth) => {
+        switch (auth.type) {
+            case "apiToken": {
+                const tigerTokenAuthProvider = new TigerTokenAuthProvider(auth.token, backendNotAuthenticatedHandler);
+                setApiTokenHandler = tigerTokenAuthProvider.updateApiToken;
+                return baseBackend.withAuthentication(tigerTokenAuthProvider);
+            }
+            case "jwt": {
+                const jwtAuthProvider = new TigerJwtAuthProvider(auth.token, backendNotAuthenticatedHandler, jwtIsAboutToExpire, auth.secondsBeforeTokenExpirationToCallReminder);
+                setJwtHandler = jwtAuthProvider.updateJwt;
+                return baseBackend.withAuthentication(jwtAuthProvider);
+            }
+            case "contextDeferred":
+                return baseBackend.withAuthentication(new ContextDeferredAuthProvider(backendNotAuthenticatedHandler));
+        }
+    };
+    let backend = decorateBackend(getBackendImplementation(currentAuth));
+    const setNotAuthenticatedHandler = (handler) => {
+        notAuthenticatedErrorHandler = handler;
+    };
+    const setApiToken = (token) => {
+        currentAuth = { type: "apiToken", token };
+        if (setApiTokenHandler) {
+            setApiTokenHandler(token);
+            return;
+        }
+        backend = decorateBackend(getBackendImplementation(currentAuth));
+    };
+    const setJwt = (jwt, secondsBeforeTokenExpirationToCallReminder) => {
+        currentAuth = { type: "jwt", token: jwt, secondsBeforeTokenExpirationToCallReminder };
+        if (setJwtHandler) {
+            setJwtHandler(jwt, secondsBeforeTokenExpirationToCallReminder);
+            return;
+        }
+        backend = decorateBackend(getBackendImplementation(currentAuth));
+    };
+    /**
+     * Returns a snapshot of the current auth credentials.
+     *
+     * Note: callers receive a point-in-time snapshot. If tokens change after
+     * the snapshot is taken, the caller must re-invoke `getAuthCredentials()`
+     * or the host must push an updated context via `updateContext`.
+     */
+    const getAuthCredentials = () => currentAuth;
+    return {
+        getBackend: () => backend,
+        getAuthCredentials,
+        setNotAuthenticatedHandler,
+        setApiToken,
+        setJwt,
+    };
+}
+let runtimePackageName = "@gooddata/sdk-ui-pluggable-host";
+let backendFactory;
+function getOrCreateFactory() {
+    if (!backendFactory) {
+        backendFactory = createBackendFactory({ packageName: runtimePackageName });
+    }
+    return backendFactory;
+}
+/**
+ * Sets the package name reported to the backend for telemetry.
+ * Must be called before the first backend request (i.e., before Root renders).
+ *
+ * @alpha
+ */
+export function setRuntimePackageName(name) {
+    runtimePackageName = name;
+}
+/**
+ * Recreates backend lifecycle instance with new auth configuration.
+ */
+export function reinitializeBackend(auth) {
+    backendFactory = createBackendFactory({ packageName: runtimePackageName, auth });
+}
+/**
+ * @alpha
+ */
+export function getBackend() {
+    return getOrCreateFactory().getBackend();
+}
+export function getAuthCredentials() {
+    return getOrCreateFactory().getAuthCredentials();
+}
+export function setNotAuthenticatedHandler(handler) {
+    getOrCreateFactory().setNotAuthenticatedHandler(handler);
+}
+export function setApiToken(token) {
+    getOrCreateFactory().setApiToken(token);
+}
+export function setJwt(jwt, secondsBeforeTokenExpirationToCallReminder) {
+    getOrCreateFactory().setJwt(jwt, secondsBeforeTokenExpirationToCallReminder);
+}

package/esm/platformContext/bootstrap.d.ts

@@ -0,0 +1,15 @@
+import { type IAnalyticalBackend } from "@gooddata/sdk-backend-spi";
+import { type IEntitlementDescriptor, type ITheme, type IWhiteLabeling } from "@gooddata/sdk-model";
+import { type IOrganization, type IOrganizationPermissions, type IPlatformContext, PantherTier } from "@gooddata/sdk-pluggable-application-model";
+export interface IBootstrapResult {
+    user: IPlatformContext["user"];
+    userSettings: IPlatformContext["userSettings"];
+    organization: IOrganization | undefined;
+    organizationPermissions: IOrganizationPermissions;
+    entitlements: IEntitlementDescriptor[];
+    whiteLabeling: IWhiteLabeling;
+    pantherTier: PantherTier;
+    theme: ITheme;
+}
+export declare const PLATFORM_CONTEXT_VERSION: IPlatformContext["version"];
+export declare function bootstrapApplication(backend: IAnalyticalBackend): Promise<IBootstrapResult>;