@salesforce/lds-runtime-aura 1.404.0 → 1.409.0

package/dist/ldsEngineCreator.js

@@ -22,8 +22,9 @@ import useCmpDefPredictions from '@salesforce/gate/lds.pdl.useCmpDefPredictions'
 import applyPredictionRequestLimit from '@salesforce/gate/lds.pdl.applyRequestLimit';
 import useLocalStorage from '@salesforce/gate/lds.pdl.useLocalStorage';
 import useOneStoreGraphql from '@salesforce/gate/lds.oneStoreGraphqlEnabled.ltng';
+import canCombineRecordLayoutRequests from '@salesforce/gate/lds.pdl.canCombineRecordLayoutRequests';
 import { GetApexWireAdapterFactory, registerPrefetcher as registerPrefetcher$1 } from 'force/ldsAdaptersApex';
-import { instrument, getRecordAvatarsAdapterFactory, getRecordAdapterFactory, coerceFieldIdArray, getRecordsAdapterFactory, getRecordActionsAdapterFactory, getObjectInfosAdapterFactory, coerceObjectIdArray, getObjectInfoAdapterFactory, coerceObjectId, getRelatedListsActionsAdapterFactory, getRelatedListInfoBatchAdapterFactory, getRelatedListInfoAdapterFactory, getRelatedListRecordsBatchAdapterFactory, getRelatedListRecordsAdapterFactory, getListInfoByNameAdapterFactory, getListInfosByObjectNameAdapterFactory, getListRecordsByNameAdapterFactory, getListObjectInfoAdapterFactory, getRelatedListsInfoAdapterFactory, getRelatedListActionsAdapterFactory, getRecordId18Array, buildRecordRepKeyFromId, configuration, InMemoryRecordRepresentationQueryEvaluator, UiApiNamespace, RecordRepresentationRepresentationType, registerPrefetcher, RecordRepresentationVersion } from 'force/ldsAdaptersUiapi';
+import { instrument, getRecordAvatarsAdapterFactory, getRecordAdapterFactory, coerceFieldIdArray, coerceLayoutTypeArray, coerceLayoutModeArray, getRecordsAdapterFactory, getRecordActionsAdapterFactory, getObjectInfosAdapterFactory, coerceObjectIdArray, getObjectInfoAdapterFactory, coerceObjectId, getRelatedListsActionsAdapterFactory, getRelatedListInfoBatchAdapterFactory, getRelatedListInfoAdapterFactory, getRelatedListRecordsBatchAdapterFactory, getRelatedListRecordsAdapterFactory, getListInfoByNameAdapterFactory, getListInfosByObjectNameAdapterFactory, getListRecordsByNameAdapterFactory, getListObjectInfoAdapterFactory, getRelatedListsInfoAdapterFactory, getRelatedListActionsAdapterFactory, getRecordId18Array, buildRecordRepKeyFromId, configuration, InMemoryRecordRepresentationQueryEvaluator, UiApiNamespace, RecordRepresentationRepresentationType, registerPrefetcher, RecordRepresentationVersion } from 'force/ldsAdaptersUiapi';
 import { getInstrumentation } from 'o11y/client';
 import { findExecutableOperation, buildGraphQLInputExtension, addTypenameToDocument } from 'force/luvioGraphqlNormalization';
 import { print, wrapConfigAndVerify, resolveAst, validateGraphQLOperations } from 'force/luvioOnestoreGraphqlParser';
@@ -41,9 +42,14 @@ import { instrument as instrument$5 } from '@lwc/state';
 import { withRegistration, register, setDefaultLuvio } from 'force/ldsEngine';
 import { pageScopedCache } from 'instrumentation/utility';
 import { createStorage, clearStorages } from 'force/ldsStorage';
-import useHotspotLimit from '@salesforce/gate/lds.pdl.useHotspotLimit';
+import lightningConnectEnabled from '@salesforce/gate/ui.services.LightningConnect.enabled';
+import bypassAppRestrictionEnabled from '@salesforce/gate/ui.services.LightningConnect.BypassAppRestriction.enabled';
+import csrfValidationEnabled from '@salesforce/gate/ui.services.LightningConnect.CsrfValidation.enabled';
+import sessionApiEnabled from '@salesforce/gate/ui.uisdk.session.api.enabled';
 import useHttpUiapiOneApp from '@salesforce/gate/lds.useHttpUiapiOneApp';
 import useHttpUiapiOneRuntime from '@salesforce/gate/lds.useHttpUiapiOneRuntime';
+import disableCreateContentDocumentAndVersionHTTPLexRuntime from '@salesforce/gate/lds.lex.http.disableCreateContentDocumentAndVersion';
+import useHotspotLimit from '@salesforce/gate/lds.pdl.useHotspotLimit';
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -2666,7 +2672,7 @@ function buildServiceDescriptor$d(luvio) {
         },
     };
 }
-// version: 1.404.0-d0f3b5bc15
+// version: 1.409.0-355a528ce3
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -3004,7 +3010,7 @@ function buildServiceDescriptor$9(notifyRecordUpdateAvailable, getNormalizedLuvi
         },
     };
 }
-// version: 1.404.0-d0f3b5bc15
+// version: 1.409.0-355a528ce3
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -4707,7 +4713,7 @@ function getEnvironmentSetting(name) {
     }
     return undefined;
 }
-// version: 1.404.0-d0f3b5bc15
+// version: 1.409.0-355a528ce3
 
 /**
  * Observability / Critical Availability Program (230+)
@@ -5715,19 +5721,240 @@ function buildLexRuntimeLuvio5xxStatusResponseInterceptor() {
     };
 }
 
-const API_PATHS = [
-    // getLookupActions
-    // '/ui-api/actions/lookup/{objectApiNames}',
-    // getRecordActions
-    // '/ui-api/actions/record/{recordIds}',
-    // getRelatedListActions
-    // '/ui-api/actions/record/{recordIds}/related-list/{relatedListId}',
-    // getDuplicateConfiguration
-    // '/ui-api/duplicates/{objectApiName}',
-    // getListInfosByObjectName
-    // '/ui-api/list-info/{objectApiName}',
-    // getLookupRecords
-    // '/ui-api/lookups/{objectApiName}/{fieldApiName}',
+const CSRF_TOKEN_KEY = 'salesforce_csrf_token';
+const CSRF_STORAGE_NAME = 'ldsCSRFToken';
+const BASE_URI = '/services/data/v66.0';
+const UI_API_BASE_URI = `${BASE_URI}/ui-api`;
+const CSRF_TOKEN_ENDPOINT = `${UI_API_BASE_URI}/session/csrf`;
+const CSRF_STORAGE_CONFIG = {
+    name: CSRF_STORAGE_NAME,
+    persistent: true,
+    secure: true,
+    maxSize: 1024,
+    expiration: 24 * 60 * 60,
+    clearOnInit: false,
+    debugLogging: false,
+};
+/**
+ * Manages CSRF token fetching and caching for secure requests.
+ * Implements a singleton pattern to ensure consistent token management across the application.
+ */
+class CsrfTokenManager {
+    constructor() {
+        this.tokenPromise = null;
+        // Initialize AuraStorage
+        this.storage = createStorage(CSRF_STORAGE_CONFIG);
+    }
+    static getInstance() {
+        if (!CsrfTokenManager.instance) {
+            CsrfTokenManager.instance = new CsrfTokenManager();
+        }
+        return CsrfTokenManager.instance;
+    }
+    /**
+     * Obtain a CSRF token, either from AuraStorage or by fetching a fresh one.
+     *
+     * @private
+     */
+    async loadOrFetchToken() {
+        // First try to get token from AuraStorage
+        if (this.storage) {
+            try {
+                const cachedToken = await this.storage.get(CSRF_TOKEN_KEY);
+                if (typeof cachedToken === 'string' && cachedToken) {
+                    return cachedToken;
+                }
+            }
+            catch {
+                // If storage read fails, continue to fetch
+            }
+        }
+        // No cached token, fetch from server
+        return this.fetchFreshToken();
+    }
+    /**
+     * Call API endpoint to acquire a CSRF token and cache it.
+     *
+     * @private
+     */
+    async fetchFreshToken() {
+        try {
+            const response = await fetch(CSRF_TOKEN_ENDPOINT, {
+                method: 'GET',
+                credentials: 'same-origin',
+            });
+            if (!response.ok) {
+                return undefined;
+            }
+            const data = await response.json();
+            const token = data.csrfToken;
+            if (token && this.storage) {
+                // Cache the token in AuraStorage
+                try {
+                    await this.storage.set(CSRF_TOKEN_KEY, token);
+                }
+                catch {
+                    // Non-fatal: token is still available even if caching fails
+                }
+            }
+            return token;
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /**
+     * Returns the current token value as a Promise.
+     * Lazy-loads the token on first call (from cache or by fetching).
+     */
+    async getToken() {
+        // Lazy initialization: only fetch token when actually needed
+        if (!this.tokenPromise) {
+            this.tokenPromise = this.loadOrFetchToken();
+        }
+        return this.tokenPromise;
+    }
+    /**
+     * Obtains and returns a new token value as a promise.
+     * This will clear the cached token and fetch a fresh one.
+     */
+    async refreshToken() {
+        // Clear cached token
+        if (this.storage) {
+            try {
+                await this.storage.remove(CSRF_TOKEN_KEY);
+            }
+            catch {
+                // Non-fatal: continue with refresh even if clear fails
+            }
+        }
+        // Fetch (and cache) fresh token
+        this.tokenPromise = this.fetchFreshToken();
+        return this.tokenPromise;
+    }
+    /**
+     * Reset the singleton instance (useful for testing).
+     * @internal
+     */
+    static resetInstance() {
+        CsrfTokenManager.instance = null;
+    }
+}
+CsrfTokenManager.instance = null;
+
+const CSRF_TOKEN_HEADER = 'X-CSRF-Token';
+/**
+ * Checks if all required gates are enabled for CSRF token interceptor.
+ *
+ * @returns true if all gates are enabled, false otherwise
+ */
+function areCsrfGatesEnabled() {
+    try {
+        return (lightningConnectEnabled.isOpen({ fallback: false }) &&
+            bypassAppRestrictionEnabled.isOpen({ fallback: false }) &&
+            csrfValidationEnabled.isOpen({ fallback: false }) &&
+            sessionApiEnabled.isOpen({ fallback: false }));
+    }
+    catch (error) {
+        // If any gate check fails, disable CSRF interceptor
+        return false;
+    }
+}
+/**
+ * Determines if the HTTP method requires CSRF protection.
+ * Only mutating operations (POST, PUT, PATCH, DELETE) require CSRF tokens.
+ *
+ * @param method - The HTTP method to check
+ * @returns true if the method requires CSRF protection
+ */
+function isCsrfMethod(method) {
+    if (!method) {
+        return false;
+    }
+    const normalizedMethod = method.toLowerCase();
+    return (normalizedMethod === 'post' ||
+        normalizedMethod === 'put' ||
+        normalizedMethod === 'patch' ||
+        normalizedMethod === 'delete');
+}
+/**
+ * Builds a request interceptor that adds CSRF token headers to mutating requests.
+ * The CSRF token is fetched once and cached for subsequent requests.
+ * Only POST, PUT, PATCH, and DELETE requests will have the CSRF token added.
+ *
+ * @returns A RequestInterceptor function for FetchParameters
+ */
+function buildCsrfTokenInterceptor() {
+    const csrfTokenManager = CsrfTokenManager.getInstance();
+    return async (fetchArgs) => {
+        // Check if all required gates are enabled before running
+        if (!areCsrfGatesEnabled()) {
+            return resolvedPromiseLike$2(fetchArgs);
+        }
+        const [urlOrRequest, options] = fetchArgs;
+        // Determine the method from either Request object or options
+        let method;
+        if (typeof urlOrRequest !== 'string' && 'method' in urlOrRequest) {
+            method = urlOrRequest.method;
+        }
+        else if (options && 'method' in options) {
+            method = options.method;
+        }
+        // Only add CSRF token for mutating operations
+        if (isCsrfMethod(method)) {
+            const token = await csrfTokenManager.getToken();
+            if (token) {
+                fetchArgs = setHeader(CSRF_TOKEN_HEADER, token, fetchArgs);
+            }
+        }
+        return resolvedPromiseLike$2(fetchArgs);
+    };
+}
+/**
+ * Builds a Luvio request interceptor that adds CSRF token headers to mutating requests.
+ * The CSRF token is fetched once and cached for subsequent requests.
+ * Only POST, PUT, PATCH, and DELETE requests will have the CSRF token added.
+ *
+ * @returns A request interceptor function for Luvio ResourceRequest objects
+ */
+function buildLuvioCsrfTokenInterceptor() {
+    const csrfTokenManager = CsrfTokenManager.getInstance();
+    return async (resourceRequest) => {
+        // Check if all required gates are enabled before running
+        if (!areCsrfGatesEnabled()) {
+            return resolvedPromiseLike$2(resourceRequest);
+        }
+        // Ensure headers object exists
+        if (!resourceRequest.headers) {
+            resourceRequest.headers = {};
+        }
+        // Only add CSRF token for mutating operations
+        if (isCsrfMethod(resourceRequest.method)) {
+            // Don't overwrite existing CSRF token header if it already exists
+            if (!resourceRequest.headers[CSRF_TOKEN_HEADER]) {
+                const token = await csrfTokenManager.getToken();
+                if (token) {
+                    resourceRequest.headers[CSRF_TOKEN_HEADER] = token;
+                }
+            }
+        }
+        return resolvedPromiseLike$2(resourceRequest);
+    };
+}
+
+function isOneRuntime() {
+    return !!globalThis.LWR;
+}
+/**
+ * Base set of url paths that this adapter can serve via HTTP when enabled.
+ * Extend this list to support additional endpoints (see predicate wiring below).
+ *
+ * Examples:
+ * - Add another endpoint pattern:
+ *   "/ui-api/records/{recordId}"
+ * - Keep placeholders for variable segments wrapped in "{}".
+ */
+const UIAPI_PATHS = [
     // getObjectInfo
     '/ui-api/object-info/{objectApiName}',
     // getObjectInfos
@@ -5745,10 +5972,68 @@ const API_PATHS = [
     // getRelatedListRecords
     // '/ui-api/related-list-records/{parentRecordId}/{relatedListId}',
 ];
-const API_PATH_MATCHERS = API_PATHS.map((path) => {
-    const regexString = path.replace(/\{.+?\}/g, '[^/]+');
-    return new RegExp(`^${regexString}$`);
-});
+/**
+ * Single content documents version URL enabled/disabled by killswitch.
+ * Exported for reuse in tests.
+ */
+const CONTENT_DOCUMENTS_VERSIONS_PATH = '/ui-api/records/content-documents/content-versions';
+/**
+ * Configure which path sets are enabled under which conditions.
+ *
+ * To add a new condition:
+ * - Define a new `predicate` function that returns true when your feature gate
+ *   or runtime environment should enable HTTP for its path set.
+ * - Provide the list of `paths`
+ *
+ * Example:
+ * {
+ *   predicate: () => myNewGate.isOpen({ fallback: false }),
+ *   paths: ['/ui-api/some-endpoint/{id}'],
+ * }
+ */
+const PREDICATE_PATH_SETS = [
+    // One Runtime gate
+    {
+        predicate: () => isOneRuntime() && useHttpUiapiOneRuntime.isOpen({ fallback: false }),
+        paths: UIAPI_PATHS,
+    },
+    // one.app gate
+    {
+        predicate: () => !isOneRuntime() && useHttpUiapiOneApp.isOpen({ fallback: false }),
+        paths: UIAPI_PATHS,
+    },
+    // disableCreateContentDocumentAndVersionHTTPLexRuntime killswitch
+    {
+        predicate: () => !disableCreateContentDocumentAndVersionHTTPLexRuntime.isOpen({ fallback: false }),
+        paths: [CONTENT_DOCUMENTS_VERSIONS_PATH],
+    },
+];
+function getEnabledPaths() {
+    const enabled = new Set();
+    for (const { predicate, paths } of PREDICATE_PATH_SETS) {
+        if (predicate()) {
+            for (const p of paths) {
+                enabled.add(p);
+            }
+        }
+    }
+    return Array.from(enabled);
+}
+function buildMatchers(paths) {
+    return paths.map((path) => {
+        const regexString = path.replace(/\{.+?\}/g, '[^/]+');
+        return new RegExp(`^${regexString}$`);
+    });
+}
+// Precompute enabled path matchers at module load to avoid per-request rebuild
+const ENABLED_PATH_MATCHERS = buildMatchers(getEnabledPaths());
+/**
+ * Indicates whether any predicate-enabled path sets are active.
+ * Used by adapter composition to decide whether to include the fetch adapter.
+ */
+function isFetchAdapterEnabled() {
+    return getEnabledPaths().length > 0;
+}
 const requestTracker = {
     hasTracker: () => ThirdPartyTracker !== undefined,
     registerHandler: (request, name, loadedCheck) => {
@@ -5768,15 +6053,19 @@ const requestLogger = {
     },
 };
 const composedFetchNetworkAdapter = {
+    /**
+     * Handles only the enabled paths. The incoming path is normalized
+     * (trailing slash removed) before matching against the precomputed matchers.
+     */
     shouldHandleRequest(resourceRequest) {
         let path = resourceRequest.basePath.trim();
         if (path.endsWith('/')) {
             path = path.substring(0, path.length - 1);
         }
-        return API_PATH_MATCHERS.some((matcher) => matcher.test(path));
+        return ENABLED_PATH_MATCHERS.some((matcher) => matcher.test(path));
     },
     adapter: setupLexNetworkAdapter(requestTracker, requestLogger, {
-        request: [buildLuvioPageScopedCacheRequestInterceptor()],
+        request: [buildLuvioPageScopedCacheRequestInterceptor(), buildLuvioCsrfTokenInterceptor()],
         response: [
             buildLexRuntimeLuvio5xxStatusResponseInterceptor(),
             buildLexRuntimeLuvioAuthExpirationRedirectResponseInterceptor(),
@@ -5855,120 +6144,6 @@ function buildTransportMarksReceiveInterceptor() {
     };
 }
 
-const CSRF_TOKEN_KEY = 'salesforce_csrf_token';
-const CSRF_STORAGE_NAME = 'ldsCSRFToken';
-const CSRF_STORAGE_CONFIG = {
-    name: CSRF_STORAGE_NAME,
-    persistent: true,
-    secure: true,
-    maxSize: 1024,
-    expiration: 24 * 60 * 60,
-    clearOnInit: false,
-    debugLogging: false,
-};
-/**
- * Manages CSRF token fetching and caching for secure requests.
- * Implements a singleton pattern to ensure consistent token management across the application.
- */
-class CsrfTokenManager {
-    constructor() {
-        // Initialize AuraStorage
-        this.storage = createStorage(CSRF_STORAGE_CONFIG);
-        // Try to load token from AuraStorage on initialization
-        this.tokenPromise = this.loadOrFetchToken();
-    }
-    static getInstance() {
-        if (!CsrfTokenManager.instance) {
-            CsrfTokenManager.instance = new CsrfTokenManager();
-        }
-        return CsrfTokenManager.instance;
-    }
-    /**
-     * Obtain a CSRF token, either from AuraStorage or by fetching a fresh one.
-     *
-     * @private
-     */
-    async loadOrFetchToken() {
-        // First try to get token from AuraStorage
-        if (this.storage) {
-            try {
-                const cachedToken = await this.storage.get(CSRF_TOKEN_KEY);
-                if (typeof cachedToken === 'string' && cachedToken) {
-                    return cachedToken;
-                }
-            }
-            catch {
-                // If storage read fails, continue to fetch
-            }
-        }
-        // No cached token, fetch from server
-        return this.fetchFreshToken();
-    }
-    /**
-     * Call API endpoint to acquire a CSRF token and cache it.
-     *
-     * @private
-     */
-    async fetchFreshToken() {
-        try {
-            const response = await fetch('/session/csrf', {
-                method: 'GET',
-                credentials: 'same-origin',
-            });
-            if (!response.ok) {
-                return undefined;
-            }
-            const data = await response.json();
-            const token = data.csrfToken;
-            if (token && this.storage) {
-                // Cache the token in AuraStorage
-                try {
-                    await this.storage.set(CSRF_TOKEN_KEY, token);
-                }
-                catch {
-                    // Non-fatal: token is still available even if caching fails
-                }
-            }
-            return token;
-        }
-        catch {
-            return undefined;
-        }
-    }
-    /**
-     * Returns the current token value as a Promise.
-     */
-    async getToken() {
-        return this.tokenPromise;
-    }
-    /**
-     * Obtains and returns a new token value as a promise.
-     * This will clear the cached token and fetch a fresh one.
-     */
-    async refreshToken() {
-        // Clear cached token
-        if (this.storage) {
-            try {
-                await this.storage.remove(CSRF_TOKEN_KEY);
-            }
-            catch {
-                // Non-fatal: continue with refresh even if clear fails
-            }
-        }
-        // Fetch (and cache) fresh token
-        this.tokenPromise = this.fetchFreshToken();
-        return this.tokenPromise;
-    }
-    /**
-     * Reset the singleton instance (useful for testing).
-     * @internal
-     */
-    static resetInstance() {
-        CsrfTokenManager.instance = null;
-    }
-}
-CsrfTokenManager.instance = null;
-
 const DEFAULT_CONFIG$1 = {
     maxRetries: 1, // Only retry once after token refresh
 };
@@ -6077,6 +6252,7 @@ function buildLexRuntimeDefaultFetchServiceDescriptor(logger, retryService) {
             buildThirdPartyTrackerRegisterInterceptor(),
             buildPageScopedCacheRequestInterceptor(),
             buildTransportMarksSendInterceptor(),
+            buildCsrfTokenInterceptor(),
         ],
         response: [
             buildLexRuntime5xxStatusResponseInterceptor(logger),
@@ -6098,6 +6274,7 @@ function buildLexRuntimeAllow5xxFetchServiceDescriptor(logger, retryService) {
             buildThirdPartyTrackerRegisterInterceptor(),
             buildPageScopedCacheRequestInterceptor(),
             buildTransportMarksSendInterceptor(),
+            buildCsrfTokenInterceptor(),
         ],
         response: [buildLexRuntimeAuthExpirationRedirectResponseInterceptor(logger)],
         finally: [
@@ -6691,9 +6868,31 @@ function isFieldsRequest(config) {
         config.modes === undefined &&
         (config.fields !== undefined || config.optionalFields !== undefined));
 }
+function isCombinableLayoutRequest(config) {
+    // We will only consider a layout request combinable if it is a single layout type request
+    // and the only request parameters are:
+    // - layoutTypes
+    // - optionalFields
+    // - modes
+    const hasExtraParams = config.childRelationships !== undefined ||
+        config.pageSize !== undefined ||
+        config.updateMru !== undefined;
+    return config.layoutTypes !== undefined && !hasExtraParams;
+}
+function areCombinableLayoutRequests(reqA, reqB) {
+    const normilizedLayoutTypesA = coerceLayoutTypeArray(reqA.layoutTypes) || [];
+    const normilizedLayoutTypesB = coerceLayoutTypeArray(reqB.layoutTypes) || [];
+    // Let's only combine when the layoutTypes are the same
+    return (isCombinableLayoutRequest(reqA) &&
+        isCombinableLayoutRequest(reqB) &&
+        reqA.recordId === reqB.recordId &&
+        normilizedLayoutTypesA.length === normilizedLayoutTypesB.length &&
+        normilizedLayoutTypesA.every((type, index) => type === normilizedLayoutTypesB[index]));
+}
 class GetRecordRequestStrategy extends LuvioAdapterRequestStrategy {
-    constructor() {
-        super(...arguments);
+    constructor(luvio, canCombineRecordLayoutRequests = false) {
+        super(luvio);
+        this.canCombineRecordLayoutRequests = canCombineRecordLayoutRequests;
         this.adapterName = GET_RECORD_ADAPTER_NAME;
         this.adapterFactory = getRecordAdapterFactory;
     }
@@ -6722,10 +6921,41 @@ class GetRecordRequestStrategy extends LuvioAdapterRequestStrategy {
         };
     }
     canCombine(reqA, reqB) {
-        // must be same record and
-        return reqA.recordId === reqB.recordId && isFieldsRequest(reqA) && isFieldsRequest(reqB);
+        // must be same record and either both are fields requests or both are combinable layout requests
+        return (reqA.recordId === reqB.recordId &&
+            ((isFieldsRequest(reqA) && isFieldsRequest(reqB)) ||
+                (this.canCombineRecordLayoutRequests && areCombinableLayoutRequests(reqA, reqB))));
     }
     combineRequests(reqA, reqB) {
+        if (isFieldsRequest(reqA)) {
+            return this.combineFieldsRequests(reqA, reqB);
+        }
+        else {
+            return this.combineLayoutRequests(reqA, reqB);
+        }
+    }
+    combineLayoutRequests(reqA, reqB) {
+        const combined = {
+            recordId: reqA.recordId,
+            layoutTypes: coerceLayoutTypeArray(reqA.layoutTypes),
+        };
+        // combine Modes.
+        // Note: the || ['View'] is important; it is to cover the case in which it needs to
+        // combine mode: undefined (defaults to View) with mode: ['something else than View']
+        const modeA = coerceLayoutModeArray(reqA.modes) || ['View'];
+        const modeB = coerceLayoutModeArray(reqB.modes) || ['View'];
+        if (reqA.modes !== undefined || reqB.modes !== undefined) {
+            combined.modes = Array.from(new Set([...modeA, ...modeB]));
+        }
+        // combine Optional Fields.
+        const optionalFieldsA = coerceFieldIdArray(reqA.optionalFields, COERCE_FIELD_ID_ARRAY_OPTIONS) || [];
+        const optionalFieldsB = coerceFieldIdArray(reqB.optionalFields, COERCE_FIELD_ID_ARRAY_OPTIONS) || [];
+        if (optionalFieldsA !== undefined || optionalFieldsB !== undefined) {
+            combined.optionalFields = Array.from(new Set([...optionalFieldsA, ...optionalFieldsB]));
+        }
+        return combined;
+    }
+    combineFieldsRequests(reqA, reqB) {
         const fields = new Set();
         const optionalFields = new Set();
         if (reqA.fields !== undefined) {
@@ -8334,24 +8564,12 @@ function buildComposableNetworkAdapter(composedAdapters) {
     };
 }
 
-function shouldUseHttp() {
-    // Check if we're in One Runtime (has LWR set)
-    const isOneRuntime = !!globalThis.LWR;
-    // If we're in One Runtime and the One Runtime gate is open, use HTTP
-    if (isOneRuntime && useHttpUiapiOneRuntime.isOpen({ fallback: false })) {
-        return true;
-    }
-    // If we're in one.app and the one.app gate is open, use HTTP
-    if (!isOneRuntime && useHttpUiapiOneApp.isOpen({ fallback: false })) {
-        return true;
-    }
-    return false;
-}
 function getComposedAdapters() {
     const composedAdapters = [
         composedNetworkAdapter$1, // SFAP adapter
     ];
-    if (shouldUseHttp()) {
+    // Add the UIAPI Fetch adapter if any of its API paths are enabled
+    if (isFetchAdapterEnabled()) {
         composedAdapters.push(composedFetchNetworkAdapter); // UIAPI Fetch adapter
     }
     return composedAdapters;
@@ -9411,7 +9629,7 @@ function whenPredictionsReady(callback) {
 }
 function setupPredictivePrefetcher(luvio) {
     const allStrategies = [
-        new GetRecordRequestStrategy(luvio),
+        new GetRecordRequestStrategy(luvio, canCombineRecordLayoutRequests.isOpen({ fallback: false })),
         new GetRecordsRequestStrategy(luvio),
         new GetRecordActionsRequestStrategy(luvio),
         new GetRecordAvatarsRequestStrategy(luvio),
@@ -9704,4 +9922,4 @@ function ldsEngineCreator() {
 }
 
 export { LexRequestStrategy, PdlRequestPriority, buildPredictorForContext, ldsEngineCreator as default, initializeLDS, initializeOneStore, notifyUpdateAvailableFactory, registerRequestStrategy, saveRequestAsPrediction, unregisterRequestStrategy, whenPredictionsReady };
-// version: 1.404.0-fa9e7b68e4
+// version: 1.409.0-19a3d9bdf5

package/dist/types/network-fetch.d.ts

@@ -1,8 +1,32 @@
 import { type ResourceRequest } from '@luvio/engine';
 import type { RequestLogger, RequestTracker } from '@salesforce/lds-network-fetch';
+/**
+ * Base set of url paths that this adapter can serve via HTTP when enabled.
+ * Extend this list to support additional endpoints (see predicate wiring below).
+ *
+ * Examples:
+ * - Add another endpoint pattern:
+ *   "/ui-api/records/{recordId}"
+ * - Keep placeholders for variable segments wrapped in "{}".
+ */
+export declare const UIAPI_PATHS: string[];
+/**
+ * Single content documents version URL enabled/disabled by killswitch.
+ * Exported for reuse in tests.
+ */
+export declare const CONTENT_DOCUMENTS_VERSIONS_PATH = "/ui-api/records/content-documents/content-versions";
+/**
+ * Indicates whether any predicate-enabled path sets are active.
+ * Used by adapter composition to decide whether to include the fetch adapter.
+ */
+export declare function isFetchAdapterEnabled(): boolean;
 export declare const instrumentationTracker: RequestTracker;
 export declare const requestLogger: RequestLogger;
 export declare const composedFetchNetworkAdapter: {
+    /**
+     * Handles only the enabled paths. The incoming path is normalized
+     * (trailing slash removed) before matching against the precomputed matchers.
+     */
     shouldHandleRequest(resourceRequest: ResourceRequest): boolean;
     adapter: import("@luvio/engine").NetworkAdapter;
 };

package/dist/types/predictive-loading/request-strategy/get-record-request-strategy.d.ts

@@ -1,3 +1,4 @@
+import type { Luvio } from '@luvio/engine';
 import type { GetRecordConfig } from '@salesforce/lds-adapters-uiapi';
 import { LuvioAdapterRequestStrategy } from './luvio-adapter-request-strategy';
 export type GetRecordRequest = {
@@ -9,12 +10,16 @@ type GetRecordContext = {
 };
 export declare const GET_RECORD_ADAPTER_NAME = "getRecord";
 export declare class GetRecordRequestStrategy extends LuvioAdapterRequestStrategy<GetRecordConfig, GetRecordRequest, GetRecordContext> {
+    private readonly canCombineRecordLayoutRequests;
     adapterName: string;
     adapterFactory: import("@luvio/engine").AdapterFactory<GetRecordConfig, import("@salesforce/lds-adapters-uiapi").RecordRepresentation>;
+    constructor(luvio: Luvio, canCombineRecordLayoutRequests?: boolean);
     buildConcreteRequest(similarRequest: GetRecordRequest, context: GetRecordContext): GetRecordRequest;
     transformForSave(request: GetRecordRequest): GetRecordRequest;
     canCombine(reqA: GetRecordConfig, reqB: GetRecordConfig): boolean;
     combineRequests(reqA: GetRecordConfig, reqB: GetRecordConfig): GetRecordConfig;
+    combineLayoutRequests(reqA: GetRecordConfig, reqB: GetRecordConfig): GetRecordConfig;
+    combineFieldsRequests(reqA: GetRecordConfig, reqB: GetRecordConfig): GetRecordConfig;
     isContextDependent(context: GetRecordContext, request: GetRecordRequest): boolean;
     transformForSaveSimilarRequest(request: GetRecordRequest): GetRecordRequest;
 }

package/dist/types/request-interceptors/csrf-manager.d.ts

@@ -22,6 +22,7 @@ declare class CsrfTokenManager {
     private fetchFreshToken;
     /**
      * Returns the current token value as a Promise.
+     * Lazy-loads the token on first call (from cache or by fetching).
      */
     getToken(): Promise<string | undefined>;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-aura",
-    "version": "1.404.0",
+    "version": "1.409.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Aura runtime",
     "main": "dist/ldsEngineCreator.js",
@@ -36,14 +36,14 @@
     "devDependencies": {
         "@conduit-client/service-provisioner": "3.2.0",
         "@conduit-client/tools-core": "3.2.0",
-        "@salesforce/lds-adapters-apex": "^1.404.0",
-        "@salesforce/lds-adapters-uiapi": "^1.404.0",
-        "@salesforce/lds-ads-bridge": "^1.404.0",
-        "@salesforce/lds-aura-storage": "^1.404.0",
-        "@salesforce/lds-bindings": "^1.404.0",
-        "@salesforce/lds-instrumentation": "^1.404.0",
-        "@salesforce/lds-network-aura": "^1.404.0",
-        "@salesforce/lds-network-fetch": "^1.404.0",
+        "@salesforce/lds-adapters-apex": "^1.409.0",
+        "@salesforce/lds-adapters-uiapi": "^1.409.0",
+        "@salesforce/lds-ads-bridge": "^1.409.0",
+        "@salesforce/lds-aura-storage": "^1.409.0",
+        "@salesforce/lds-bindings": "^1.409.0",
+        "@salesforce/lds-instrumentation": "^1.409.0",
+        "@salesforce/lds-network-aura": "^1.409.0",
+        "@salesforce/lds-network-fetch": "^1.409.0",
         "jwt-encode": "1.0.1"
     },
     "dependencies": {
@@ -59,6 +59,8 @@
         "@conduit-client/command-sse": "3.2.0",
         "@conduit-client/command-streaming": "3.2.0",
         "@conduit-client/service-aura-network": "3.2.0",
+        "@conduit-client/service-bindings-imperative": "3.2.0",
+        "@conduit-client/service-bindings-lwc": "3.2.0",
         "@conduit-client/service-cache": "3.2.0",
         "@conduit-client/service-cache-control": "3.2.0",
         "@conduit-client/service-cache-inclusion-policy": "3.2.0",
@@ -71,10 +73,10 @@
         "@luvio/network-adapter-composable": "0.158.7",
         "@luvio/network-adapter-fetch": "0.158.7",
         "@lwc/state": "^0.23.0",
-        "@salesforce/lds-adapters-onestore-graphql": "^1.404.0",
-        "@salesforce/lds-adapters-uiapi-lex": "^1.404.0",
-        "@salesforce/lds-luvio-service": "^1.404.0",
-        "@salesforce/lds-luvio-uiapi-records-service": "^1.404.0"
+        "@salesforce/lds-adapters-onestore-graphql": "^1.409.0",
+        "@salesforce/lds-adapters-uiapi-lex": "^1.409.0",
+        "@salesforce/lds-luvio-service": "^1.409.0",
+        "@salesforce/lds-luvio-uiapi-records-service": "^1.409.0"
     },
     "luvioBundlesize": [
         {
@@ -82,7 +84,7 @@
             "maxSize": {
                 "none": "350 kB",
                 "min": "190 kB",
-                "compressed": "56 kB"
+                "compressed": "57 kB"
             }
         }
     ],