@salesforce/lds-runtime-aura 1.436.0 → 1.437.0

package/dist/ldsEngineCreator.js

@@ -2762,7 +2762,7 @@ function buildServiceDescriptor$d(luvio) {
         },
     };
 }
-// version: 1.436.0-581b8a5964
+// version: 1.437.0-90398d3223
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -3115,7 +3115,7 @@ function buildServiceDescriptor$9(notifyRecordUpdateAvailable, getNormalizedLuvi
         },
     };
 }
-// version: 1.436.0-581b8a5964
+// version: 1.437.0-90398d3223
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -4625,7 +4625,9 @@ var HttpStatusCode;
     HttpStatusCode[HttpStatusCode["Unauthorized"] = 401] = "Unauthorized";
     HttpStatusCode[HttpStatusCode["Forbidden"] = 403] = "Forbidden";
     HttpStatusCode[HttpStatusCode["NotFound"] = 404] = "NotFound";
+    HttpStatusCode[HttpStatusCode["TooManyRequests"] = 429] = "TooManyRequests";
     HttpStatusCode[HttpStatusCode["ServerError"] = 500] = "ServerError";
+    HttpStatusCode[HttpStatusCode["ServiceUnavailable"] = 503] = "ServiceUnavailable";
     HttpStatusCode[HttpStatusCode["GatewayTimeout"] = 504] = "GatewayTimeout";
 })(HttpStatusCode || (HttpStatusCode = {}));
 /**
@@ -4688,7 +4690,7 @@ var TypeCheckShapes;
     TypeCheckShapes[TypeCheckShapes["Integer"] = 3] = "Integer";
     TypeCheckShapes[TypeCheckShapes["Unsupported"] = 4] = "Unsupported";
 })(TypeCheckShapes || (TypeCheckShapes = {}));
-// engine version: 0.160.4-b7e0ea82
+// engine version: 0.160.5-e6ada846
 
 const { keys: keys$1 } = Object;
 
@@ -5745,7 +5747,7 @@ function getEnvironmentSetting(name) {
     }
     return undefined;
 }
-// version: 1.436.0-7cd4295391
+// version: 1.437.0-f680421dc4
 
 const environmentHasAura = typeof window !== 'undefined' && typeof window.$A !== 'undefined';
 const defaultConfig = {
@@ -6212,6 +6214,7 @@ const CSRF_STORAGE_CONFIG = {
 class CsrfTokenManager {
     constructor() {
         this.tokenPromise = null;
+        this.refreshInFlight = null;
         // Initialize AuraStorage
         this.storage = createStorage(CSRF_STORAGE_CONFIG);
     }
@@ -6287,20 +6290,37 @@ class CsrfTokenManager {
     /**
      * Obtains and returns a new token value as a promise.
      * This will clear the cached token and fetch a fresh one.
+     *
+     * Concurrent calls coalesce onto a single in-flight refresh — important when
+     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
+     * retry policy independently calls refreshToken(). Without this, every caller
+     * triggers its own /session/csrf round-trip.
      */
-    async refreshToken() {
-        // Clear cached token
-        if (this.storage) {
-            try {
-                await this.storage.remove(CSRF_TOKEN_KEY);
+    refreshToken() {
+        if (this.refreshInFlight) {
+            return this.refreshInFlight;
+        }
+        const refresh = (async () => {
+            if (this.storage) {
+                try {
+                    await this.storage.remove(CSRF_TOKEN_KEY);
+                }
+                catch {
+                    // Non-fatal: continue with refresh even if clear fails
+                }
             }
-            catch {
-                // Non-fatal: continue with refresh even if clear fails
+            return this.fetchFreshToken();
+        })();
+        this.refreshInFlight = refresh;
+        this.tokenPromise = refresh;
+        // Clear the in-flight reference once settled (success or failure) so
+        // subsequent token expirations can trigger a fresh refresh.
+        refresh.finally(() => {
+            if (this.refreshInFlight === refresh) {
+                this.refreshInFlight = null;
             }
-        }
-        // Fetch (and cache) fresh token
-        this.tokenPromise = this.fetchFreshToken();
-        return this.tokenPromise;
+        });
+        return refresh;
     }
     /**
      * Reset the singleton instance (useful for testing).
@@ -6635,6 +6655,147 @@ function buildLuvioThirdPartyTrackerFinishInterceptor() {
     };
 }
 
+const DEFAULT_CONFIG$3 = {
+    maxRetries: 1,
+};
+class LuvioCsrfTokenRetryPolicy extends RetryPolicy {
+    constructor(config = DEFAULT_CONFIG$3) {
+        super();
+        this.config = config;
+        this.csrfTokenManager = CsrfTokenManager.getInstance();
+    }
+    setRequestContext(context) {
+        this.requestContext = context;
+    }
+    async shouldRetry(result, context) {
+        if (context.attempt >= this.config.maxRetries) {
+            return false;
+        }
+        // UIAPI returns 401 for invalid/expired CSRF tokens; the default is 400
+        if (result.status !== 400 && result.status !== 401) {
+            return false;
+        }
+        return isCsrfError$1(result);
+    }
+    async calculateDelay(_result, _context) {
+        return 0;
+    }
+    async prepareRetry(_result, _context) {
+        if (!this.requestContext) {
+            return;
+        }
+        const newToken = await this.csrfTokenManager.refreshToken();
+        const req = this.requestContext.request;
+        const { [CSRF_TOKEN_HEADER]: _stale, ...remainingHeaders } = req.headers ?? {};
+        // If refresh failed, drop the stale token entirely so the request interceptor
+        // will fetch a fresh one via getToken() on the retry.
+        const headers = newToken
+            ? { ...remainingHeaders, [CSRF_TOKEN_HEADER]: newToken }
+            : remainingHeaders;
+        this.requestContext.request = { ...req, headers };
+    }
+}
+/**
+ * Returns true when a Luvio FetchResponse indicates a CSRF token error.
+ * Body is already parsed JSON on FetchResponse, so no clone/json() needed.
+ *
+ * UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+ * for single errors, or an array `[{ errorCode, message }]` for endpoints that
+ * return collections of errors. Handle both.
+ */
+function isCsrfError$1(response) {
+    const body = response.body;
+    const errorCode = Array.isArray(body) ? body[0]?.errorCode : body?.errorCode;
+    return errorCode === 'INVALID_ACCESS_TOKEN';
+}
+
+const DEFAULT_CONFIG$2 = {
+    maxRetries: 3,
+    maxTimeToRetry: 10000,
+    baseDelay: 250,
+    maxDelay: 5000,
+    exponentialFactor: 2,
+    jitterPercent: 0.5,
+};
+class LuvioFetchThrottlingRetryPolicy extends RetryPolicy {
+    constructor(config = DEFAULT_CONFIG$2) {
+        super();
+        this.config = config;
+    }
+    async shouldRetry(result, context) {
+        return ((result.status === 429 || result.status === 503) &&
+            context.attempt < this.config.maxRetries &&
+            context.totalElapsedMs <= this.config.maxTimeToRetry);
+    }
+    async calculateDelay(result, context) {
+        let delay;
+        const retryAfterHeader = this.parseRetryAfterHeader(result);
+        if (retryAfterHeader !== undefined) {
+            delay = Math.min(retryAfterHeader, this.config.maxDelay);
+        }
+        else {
+            delay = Math.min(this.config.baseDelay * Math.pow(this.config.exponentialFactor, context.attempt), this.config.maxDelay);
+        }
+        const jitter = delay * this.config.jitterPercent * (Math.random() - 0.5);
+        return Math.max(0, delay + jitter);
+    }
+    parseRetryAfterHeader(result) {
+        const headers = result.headers;
+        if (!headers) {
+            return undefined;
+        }
+        // FetchResponse headers is a plain { [key: string]: string } object
+        // (no Headers.get available), so do a case-insensitive lookup manually.
+        let value;
+        for (const key in headers) {
+            if (key.toLowerCase() === 'retry-after') {
+                value = headers[key];
+                break;
+            }
+        }
+        if (!value) {
+            return undefined;
+        }
+        const trimmed = value.trim();
+        if (/^\d+$/.test(trimmed)) {
+            const seconds = Number(trimmed);
+            if (Number.isFinite(seconds) && seconds >= 0) {
+                return seconds * 1000;
+            }
+            return undefined;
+        }
+        const IMF_FIXDATE = /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT$/;
+        if (!IMF_FIXDATE.test(trimmed)) {
+            return undefined;
+        }
+        const millis = Date.parse(trimmed);
+        if (Number.isFinite(millis)) {
+            return Math.max(0, millis - Date.now());
+        }
+        return undefined;
+    }
+}
+
+/**
+ * Builds the LuvioRetryInterceptor used by the UIAPI fetch adapter.
+ *
+ * A fresh RetryService and policy instances are created per request to keep the
+ * CSRF policy's mutableRequest context isolated from concurrent requests.
+ */
+function buildLuvioFetchRetryInterceptor() {
+    return (request, doFetch) => {
+        const csrfPolicy = new LuvioCsrfTokenRetryPolicy();
+        const composedPolicy = new ComposedRetryPolicy([
+            new LuvioFetchThrottlingRetryPolicy(),
+            csrfPolicy,
+        ]);
+        const retryService = new RetryService(composedPolicy);
+        const mutableRequest = { request };
+        csrfPolicy.setRequestContext(mutableRequest);
+        return retryService.applyRetry(() => doFetch(mutableRequest.request));
+    };
+}
+
 const SFDC_REQUEST_ID_KEY = 'X-SFDC-Request-Id';
 function buildTransportMarksSendInterceptor() {
     return async (fetchArgs, context) => {
@@ -7033,6 +7194,7 @@ const composedFetchNetworkAdapter = {
             buildLuvioPageScopedCacheRequestInterceptor(),
             buildLuvioCsrfTokenInterceptor(),
         ],
+        retry: buildLuvioFetchRetryInterceptor(),
         response: [
             buildLexRuntimeLuvio5xxStatusResponseInterceptor(),
             buildLexRuntimeLuvioAuthExpirationRedirectResponseInterceptor(),
@@ -7099,12 +7261,12 @@ class CsrfTokenRetryPolicy extends RetryPolicy {
         if (context.attempt >= this.config.maxRetries) {
             return false;
         }
-        // Only retry on 400 status
-        if (result.status !== 400) {
+        // UIAPI returns 401 for invalid/expired CSRF tokens; the default is 400.
+        if (result.status !== 400 && result.status !== 401) {
             return false;
         }
         // Check if this is a CSRF error by examining the response body
-        // This avoids retrying all 400s (validation errors, bad requests, etc.)
+        // This avoids retrying all 400s/401s (validation errors, auth errors, etc.)
         return isCsrfError(result);
     }
     /**
@@ -7153,8 +7315,10 @@ async function isCsrfError(response) {
         // Clone to avoid consuming the original response
         const cloned = response.clone();
         const body = await cloned.json();
-        // Check the error array format: body[0].errorCode
-        const errorCode = body?.[0]?.errorCode;
+        // UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+        // for single errors, or an array `[{ errorCode, message }]` for endpoints
+        // that return collections of errors. Handle both.
+        const errorCode = Array.isArray(body) ? body[0]?.errorCode : body?.errorCode;
         return errorCode === 'INVALID_ACCESS_TOKEN';
     }
     catch {
@@ -10753,4 +10917,4 @@ function ldsEngineCreator() {
 }
 
 export { LexRequestStrategy, PdlPrefetcherEventType, PdlRequestPriority, buildPredictorForContext, configService, ldsEngineCreator as default, initializeLDS, initializeOneStore, notifyUpdateAvailableFactory, registerRequestStrategy, saveRequestAsPrediction, subscribeToPrefetcherEvents, unregisterRequestStrategy, whenPredictionsReady };
-// version: 1.436.0-581b8a5964
+// version: 1.437.0-90398d3223

package/dist/types/request-interceptors/csrf-manager.d.ts

@@ -5,6 +5,7 @@
 declare class CsrfTokenManager {
     private static instance;
     private tokenPromise;
+    private refreshInFlight;
     private storage;
     private constructor();
     static getInstance(): CsrfTokenManager;
@@ -28,6 +29,11 @@ declare class CsrfTokenManager {
     /**
      * Obtains and returns a new token value as a promise.
      * This will clear the cached token and fetch a fresh one.
+     *
+     * Concurrent calls coalesce onto a single in-flight refresh — important when
+     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
+     * retry policy independently calls refreshToken(). Without this, every caller
+     * triggers its own /session/csrf round-trip.
      */
     refreshToken(): Promise<string | undefined>;
     /**

package/dist/types/request-interceptors/csrf-token.d.ts

@@ -1,5 +1,6 @@
 import type { RequestInterceptor } from '@conduit-client/service-fetch-network/v1';
 import type { ResourceRequest } from '@luvio/engine';
+export declare const CSRF_TOKEN_HEADER = "X-CSRF-Token";
 /**
  * Builds a request interceptor that adds CSRF token headers to mutating requests.
  * The CSRF token is fetched once and cached for subsequent requests.

package/dist/types/retry-interceptors/luvio-fetch-retry.d.ts

@@ -0,0 +1,8 @@
+import type { LuvioRetryInterceptor } from '@salesforce/lds-network-fetch';
+/**
+ * Builds the LuvioRetryInterceptor used by the UIAPI fetch adapter.
+ *
+ * A fresh RetryService and policy instances are created per request to keep the
+ * CSRF policy's mutableRequest context isolated from concurrent requests.
+ */
+export declare function buildLuvioFetchRetryInterceptor(): LuvioRetryInterceptor;

package/dist/types/retry-policies/luvio-csrf-token-retry-policy.d.ts

@@ -0,0 +1,32 @@
+import type { RetryContext } from '@conduit-client/service-retry/v1';
+import { RetryPolicy } from '@conduit-client/service-retry/v1';
+import type { FetchResponse, ResourceRequest } from '@luvio/engine';
+type LuvioCsrfTokenRetryPolicyConfig = {
+    maxRetries: number;
+};
+/**
+ * Mutable container for the ResourceRequest that can be updated between retries.
+ */
+export interface MutableLuvioRequest {
+    request: ResourceRequest;
+}
+export declare class LuvioCsrfTokenRetryPolicy extends RetryPolicy<FetchResponse<any>> {
+    private config;
+    private csrfTokenManager;
+    private requestContext?;
+    constructor(config?: LuvioCsrfTokenRetryPolicyConfig);
+    setRequestContext(context: MutableLuvioRequest): void;
+    shouldRetry(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<boolean>;
+    calculateDelay(_result: FetchResponse<any>, _context: RetryContext<FetchResponse<any>>): Promise<number>;
+    prepareRetry(_result: FetchResponse<any>, _context: RetryContext<FetchResponse<any>>): Promise<void>;
+}
+/**
+ * Returns true when a Luvio FetchResponse indicates a CSRF token error.
+ * Body is already parsed JSON on FetchResponse, so no clone/json() needed.
+ *
+ * UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+ * for single errors, or an array `[{ errorCode, message }]` for endpoints that
+ * return collections of errors. Handle both.
+ */
+export declare function isCsrfError(response: FetchResponse<any>): boolean;
+export {};

package/dist/types/retry-policies/luvio-fetch-throttling-retry-policy.d.ts

@@ -0,0 +1,18 @@
+import { RetryPolicy, type RetryContext } from '@conduit-client/service-retry/v1';
+import type { FetchResponse } from '@luvio/engine';
+type LuvioFetchThrottlingRetryPolicyConfig = {
+    maxRetries: number;
+    maxTimeToRetry: number;
+    baseDelay: number;
+    maxDelay: number;
+    exponentialFactor: number;
+    jitterPercent: number;
+};
+export declare class LuvioFetchThrottlingRetryPolicy extends RetryPolicy<FetchResponse<any>> {
+    private config;
+    constructor(config?: LuvioFetchThrottlingRetryPolicyConfig);
+    shouldRetry(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<boolean>;
+    calculateDelay(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<number>;
+    parseRetryAfterHeader(result: FetchResponse<any>): number | undefined;
+}
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-aura",
-    "version": "1.436.0",
+    "version": "1.437.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Aura runtime",
     "main": "dist/ldsEngineCreator.js",
@@ -36,15 +36,15 @@
     "devDependencies": {
         "@conduit-client/service-provisioner": "3.19.5",
         "@conduit-client/tools-core": "3.19.5",
-        "@salesforce/lds-adapters-apex": "^1.436.0",
-        "@salesforce/lds-adapters-uiapi": "^1.436.0",
-        "@salesforce/lds-ads-bridge": "^1.436.0",
-        "@salesforce/lds-aura-storage": "^1.436.0",
-        "@salesforce/lds-bindings": "^1.436.0",
-        "@salesforce/lds-instrumentation": "^1.436.0",
-        "@salesforce/lds-network-adapter": "^1.436.0",
-        "@salesforce/lds-network-aura": "^1.436.0",
-        "@salesforce/lds-network-fetch": "^1.436.0",
+        "@salesforce/lds-adapters-apex": "^1.437.0",
+        "@salesforce/lds-adapters-uiapi": "^1.437.0",
+        "@salesforce/lds-ads-bridge": "^1.437.0",
+        "@salesforce/lds-aura-storage": "^1.437.0",
+        "@salesforce/lds-bindings": "^1.437.0",
+        "@salesforce/lds-instrumentation": "^1.437.0",
+        "@salesforce/lds-network-adapter": "^1.437.0",
+        "@salesforce/lds-network-aura": "^1.437.0",
+        "@salesforce/lds-network-fetch": "^1.437.0",
         "jwt-encode": "1.0.1"
     },
     "dependencies": {
@@ -72,22 +72,22 @@
         "@conduit-client/service-pubsub": "3.19.5",
         "@conduit-client/service-store": "3.19.5",
         "@conduit-client/utils": "3.19.5",
-        "@luvio/network-adapter-composable": "0.160.4",
-        "@luvio/network-adapter-fetch": "0.160.4",
+        "@luvio/network-adapter-composable": "0.160.5",
+        "@luvio/network-adapter-fetch": "0.160.5",
         "@lwc/state": "^0.29.0",
-        "@salesforce/lds-adapters-onestore-graphql": "^1.436.0",
+        "@salesforce/lds-adapters-onestore-graphql": "^1.437.0",
         "@salesforce/lds-adapters-uiapi-lex": "^1.415.0",
-        "@salesforce/lds-durable-storage": "^1.436.0",
-        "@salesforce/lds-luvio-service": "^1.436.0",
-        "@salesforce/lds-luvio-uiapi-records-service": "^1.436.0"
+        "@salesforce/lds-durable-storage": "^1.437.0",
+        "@salesforce/lds-luvio-service": "^1.437.0",
+        "@salesforce/lds-luvio-uiapi-records-service": "^1.437.0"
     },
     "luvioBundlesize": [
         {
             "path": "./dist/ldsEngineCreator.js",
             "maxSize": {
-                "none": "376 kB",
+                "none": "383 kB",
                 "min": "190 kB",
-                "compressed": "61.9 kB"
+                "compressed": "63 kB"
             }
         }
     ],