@salesforce/lds-runtime-aura 1.401.0 → 1.402.0

package/dist/types/__mocks__/instrumentation:thirdPartyTracker.d.ts

@@ -1,7 +1,4 @@
-declare function registerHandler(_cmp: any, _name: string, _loadedCheck: () => boolean): void;
-declare function markLoaded(_cmp: any): void;
 export declare const ThirdPartyTracker: {
-    registerHandler: typeof registerHandler;
-    markLoaded: typeof markLoaded;
+    registerHandler: jest.Mock<void, [_cmp: any, _name: string, _loadedCheck: () => boolean], any>;
+    markLoaded: jest.Mock<void, [_cmp: any], any>;
 };
-export {};

package/dist/types/request-interceptors/csrf-manager.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Manages CSRF token fetching and caching for secure requests.
+ * Implements a singleton pattern to ensure consistent token management across the application.
+ */
+declare class CsrfTokenManager {
+    private static instance;
+    private tokenPromise;
+    private storage;
+    private constructor();
+    static getInstance(): CsrfTokenManager;
+    /**
+     * Obtain a CSRF token, either from AuraStorage or by fetching a fresh one.
+     *
+     * @private
+     */
+    private loadOrFetchToken;
+    /**
+     * Call API endpoint to acquire a CSRF token and cache it.
+     *
+     * @private
+     */
+    private fetchFreshToken;
+    /**
+     * Returns the current token value as a Promise.
+     */
+    getToken(): Promise<string | undefined>;
+    /**
+     * Obtains and returns a new token value as a promise.
+     * This will clear the cached token and fetch a fresh one.
+     */
+    refreshToken(): Promise<string | undefined>;
+    /**
+     * Reset the singleton instance (useful for testing).
+     * @internal
+     */
+    static resetInstance(): void;
+}
+export { CsrfTokenManager };

package/dist/types/request-interceptors/csrf-token.d.ts

@@ -0,0 +1,18 @@
+import { RequestInterceptor } from '@conduit-client/service-fetch-network/v1';
+import { ResourceRequest } from '@luvio/engine';
+/**
+ * Builds a request interceptor that adds CSRF token headers to mutating requests.
+ * The CSRF token is fetched once and cached for subsequent requests.
+ * Only POST, PUT, PATCH, and DELETE requests will have the CSRF token added.
+ *
+ * @returns A RequestInterceptor function for FetchParameters
+ */
+export declare function buildCsrfTokenInterceptor(): RequestInterceptor;
+/**
+ * Builds a Luvio request interceptor that adds CSRF token headers to mutating requests.
+ * The CSRF token is fetched once and cached for subsequent requests.
+ * Only POST, PUT, PATCH, and DELETE requests will have the CSRF token added.
+ *
+ * @returns A request interceptor function for Luvio ResourceRequest objects
+ */
+export declare function buildLuvioCsrfTokenInterceptor(): (resourceRequest: ResourceRequest) => Promise<ResourceRequest>;

package/dist/types/retry-policies/csrf-token-retry-policy.d.ts

@@ -0,0 +1,72 @@
+import { RetryPolicy, RetryContext } from '@conduit-client/service-retry/v1';
+import type { FetchParameters } from '@conduit-client/service-fetch-network/v1';
+type CsrfTokenRetryPolicyConfig = {
+    /**
+     * Maximum number of retry attempts for CSRF token refresh.
+     * Typically should be 1 since we only want to retry once after refreshing.
+     */
+    maxRetries: number;
+};
+/**
+ * Mutable container for fetch arguments that can be modified between retries.
+ */
+export interface MutableFetchRequest {
+    args: FetchParameters;
+}
+/**
+ * Retry policy that handles CSRF token expiration errors.
+ *
+ * When a request fails with a CSRF token error this policy will:
+ * 1. Detect the error condition in shouldRetry
+ * 2. Refresh the CSRF token in prepareRetry hook
+ * 3. Update the request headers with the new token via mutable context
+ * 4. Retry the request once (maxRetries = 1)
+ *
+ */
+export declare class CsrfTokenRetryPolicy extends RetryPolicy<Response> {
+    private config;
+    private csrfTokenManager;
+    private requestContext?;
+    constructor(config?: CsrfTokenRetryPolicyConfig);
+    /**
+     * Allows the fetch service to pass mutable request context.
+     * This is a side-channel that enables request modification between retries.
+     *
+     * @param context - Mutable container holding fetch arguments
+     */
+    setRequestContext(context: MutableFetchRequest): void;
+    /**
+     * Determines if a failed request should be retried due to CSRF token issues.
+     */
+    shouldRetry(result: Response, context: RetryContext<Response>): Promise<boolean>;
+    /**
+     * CSRF token refresh should happen immediately with no delay.
+     */
+    calculateDelay(_result: Response, _context: RetryContext<Response>): Promise<number>;
+    /**
+     * Called by retry service before each retry attempt.
+     *
+     * This hook is supported by the Conduit retry service (with prepareRetry support).
+     * It performs token refresh and request update:
+     * 1. Refreshes the CSRF token from the server
+     * 2. Updates the mutable request context with the new token
+     *
+     * Note: We already validated this is a CSRF error in shouldRetry,
+     * so we can proceed directly to token refresh.
+     *
+     * The fetch service must call setRequestContext() to provide the mutable args container.
+     * When the retry service re-executes the operation, it will use the updated args.
+     *
+     * @param _result - The failed response that triggered the retry (unused, already validated)
+     * @param _context - Current retry context (unused but part of interface)
+     */
+    prepareRetry(_result: Response, _context: RetryContext<Response>): Promise<void>;
+}
+/**
+ * Helper to check if a response indicates a CSRF token error.
+ *
+ * @param response - The response to check
+ * @returns true if the response indicates a CSRF token error (INVALID_ACCESS_TOKEN)
+ */
+export declare function isCsrfError(response: Response): Promise<boolean>;
+export {};

package/dist/types/retry-policies/fetch-throttling-retry-policy.d.ts

@@ -10,8 +10,8 @@ type FetchThrottlingRetryPolicyConfig = {
 export declare class FetchThrottlingRetryPolicy extends RetryPolicy<Response> {
     private config;
     constructor(config?: FetchThrottlingRetryPolicyConfig);
-    shouldRetry(result: Response, context: RetryContext<Response>): boolean;
-    calculateDelay(result: Response, context: RetryContext<Response>): number;
+    shouldRetry(result: Response, context: RetryContext<Response>): Promise<boolean>;
+    calculateDelay(result: Response, context: RetryContext<Response>): Promise<number>;
     parseRetryAfterHeader(result: Response): number | undefined;
 }
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-aura",
-    "version": "1.401.0",
+    "version": "1.402.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Aura runtime",
     "main": "dist/ldsEngineCreator.js",
@@ -34,47 +34,47 @@
         "release:corejar": "yarn build && ../core-build/scripts/core.js --name=lds-runtime-aura"
     },
     "devDependencies": {
-        "@conduit-client/service-provisioner": "2.0.1",
-        "@conduit-client/tools-core": "2.0.1",
-        "@salesforce/lds-adapters-apex": "^1.401.0",
-        "@salesforce/lds-adapters-uiapi": "^1.401.0",
-        "@salesforce/lds-ads-bridge": "^1.401.0",
-        "@salesforce/lds-aura-storage": "^1.401.0",
-        "@salesforce/lds-bindings": "^1.401.0",
-        "@salesforce/lds-instrumentation": "^1.401.0",
-        "@salesforce/lds-network-aura": "^1.401.0",
-        "@salesforce/lds-network-fetch": "^1.401.0",
+        "@conduit-client/service-provisioner": "3.2.0",
+        "@conduit-client/tools-core": "3.2.0",
+        "@salesforce/lds-adapters-apex": "^1.402.0",
+        "@salesforce/lds-adapters-uiapi": "^1.402.0",
+        "@salesforce/lds-ads-bridge": "^1.402.0",
+        "@salesforce/lds-aura-storage": "^1.402.0",
+        "@salesforce/lds-bindings": "^1.402.0",
+        "@salesforce/lds-instrumentation": "^1.402.0",
+        "@salesforce/lds-network-aura": "^1.402.0",
+        "@salesforce/lds-network-fetch": "^1.402.0",
         "jwt-encode": "1.0.1"
     },
     "dependencies": {
-        "@conduit-client/command-aura-graphql-normalized-cache-control": "2.0.1",
-        "@conduit-client/command-aura-network": "2.0.1",
-        "@conduit-client/command-aura-normalized-cache-control": "2.0.1",
-        "@conduit-client/command-aura-resource-cache-control": "2.0.1",
-        "@conduit-client/command-fetch-network": "2.0.1",
-        "@conduit-client/command-http-graphql-normalized-cache-control": "2.0.1",
-        "@conduit-client/command-http-normalized-cache-control": "2.0.1",
-        "@conduit-client/command-ndjson": "2.0.1",
-        "@conduit-client/command-network": "2.0.1",
-        "@conduit-client/command-sse": "2.0.1",
-        "@conduit-client/command-streaming": "2.0.1",
-        "@conduit-client/service-aura-network": "2.0.1",
-        "@conduit-client/service-cache": "2.0.1",
-        "@conduit-client/service-cache-control": "2.0.1",
-        "@conduit-client/service-cache-inclusion-policy": "2.0.1",
-        "@conduit-client/service-feature-flags": "2.0.1",
-        "@conduit-client/service-fetch-network": "2.0.1",
-        "@conduit-client/service-instrument-command": "2.0.1",
-        "@conduit-client/service-pubsub": "2.0.1",
-        "@conduit-client/service-store": "2.0.1",
-        "@conduit-client/utils": "2.0.1",
+        "@conduit-client/command-aura-graphql-normalized-cache-control": "3.2.0",
+        "@conduit-client/command-aura-network": "3.2.0",
+        "@conduit-client/command-aura-normalized-cache-control": "3.2.0",
+        "@conduit-client/command-aura-resource-cache-control": "3.2.0",
+        "@conduit-client/command-fetch-network": "3.2.0",
+        "@conduit-client/command-http-graphql-normalized-cache-control": "3.2.0",
+        "@conduit-client/command-http-normalized-cache-control": "3.2.0",
+        "@conduit-client/command-ndjson": "3.2.0",
+        "@conduit-client/command-network": "3.2.0",
+        "@conduit-client/command-sse": "3.2.0",
+        "@conduit-client/command-streaming": "3.2.0",
+        "@conduit-client/service-aura-network": "3.2.0",
+        "@conduit-client/service-cache": "3.2.0",
+        "@conduit-client/service-cache-control": "3.2.0",
+        "@conduit-client/service-cache-inclusion-policy": "3.2.0",
+        "@conduit-client/service-feature-flags": "3.2.0",
+        "@conduit-client/service-fetch-network": "3.2.0",
+        "@conduit-client/service-instrument-command": "3.2.0",
+        "@conduit-client/service-pubsub": "3.2.0",
+        "@conduit-client/service-store": "3.2.0",
+        "@conduit-client/utils": "3.2.0",
         "@luvio/network-adapter-composable": "0.158.7",
         "@luvio/network-adapter-fetch": "0.158.7",
         "@lwc/state": "^0.23.0",
-        "@salesforce/lds-adapters-onestore-graphql": "^1.401.0",
-        "@salesforce/lds-adapters-uiapi-lex": "^1.401.0",
-        "@salesforce/lds-luvio-service": "^1.401.0",
-        "@salesforce/lds-luvio-uiapi-records-service": "^1.401.0"
+        "@salesforce/lds-adapters-onestore-graphql": "^1.402.0",
+        "@salesforce/lds-adapters-uiapi-lex": "^1.402.0",
+        "@salesforce/lds-luvio-service": "^1.402.0",
+        "@salesforce/lds-luvio-uiapi-records-service": "^1.402.0"
     },
     "luvioBundlesize": [
         {
@@ -82,7 +82,7 @@
             "maxSize": {
                 "none": "350 kB",
                 "min": "190 kB",
-                "compressed": "50 kB"
+                "compressed": "56 kB"
             }
         }
     ],