@salesforce/lds-runtime-aura 1.436.0 → 1.438.0

package/dist/ldsEngineCreator.js

@@ -49,11 +49,6 @@ import disableCreateContentDocumentAndVersionHTTPLexRuntime from '@salesforce/ga
 import useHotspotLimit from '@salesforce/gate/lds.pdl.useHotspotLimit';
 import { registerSubRequestNetworkAdapter } from 'force/ldsNetwork';
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 const { create: create$1, freeze, keys: keys$2, entries: entries$1 } = Object;
 const { isArray: isArray$3 } = Array;
 const { stringify: stringify$3, parse: parse$2 } = JSON;
@@ -175,7 +170,7 @@ function rejectedPromiseLike$2(reason) {
   };
 }
 function isPromiseLike$2(x) {
-  return typeof (x == null ? void 0 : x.then) === "function";
+  return typeof x?.then === "function";
 }
 function stableJSONStringify$2(node) {
   if (node && node.toJSON && typeof node.toJSON === "function") {
@@ -322,19 +317,9 @@ function logError$1(error) {
   console.error("OneStore Command threw an error that we did not expect", error);
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class BaseCommand {
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 let NetworkCommand$1 = class NetworkCommand extends BaseCommand {
   constructor(services) {
     super();
@@ -385,11 +370,6 @@ function buildServiceDescriptor$r() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class AuraNetworkCommand extends NetworkCommand$1 {
   constructor(services) {
     super(services);
@@ -496,16 +476,6 @@ function buildServiceDescriptor$q() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 const { isArray: isArray$2 } = Array;
 let Ok$1 = class Ok {
   constructor(value) {
@@ -573,7 +543,7 @@ function rejectedPromiseLike$1(reason) {
   };
 }
 function isPromiseLike$1(x) {
-  return typeof (x == null ? void 0 : x.then) === "function";
+  return typeof x?.then === "function";
 }
 function deepEquals$1(x, y) {
   if (x === void 0) {
@@ -864,7 +834,7 @@ class CacheControlCommand extends BaseCommand {
   unsubscribe() {
     while (this.unsubscribers.length > 0) {
       const unsubscriber = this.unsubscribers.pop();
-      unsubscriber == null ? void 0 : unsubscriber();
+      unsubscriber?.();
     }
   }
   /**
@@ -1048,16 +1018,6 @@ function mergeCacheControlConfigs(baseConfig, overrides) {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 let AuraCacheControlCommand$1 = class AuraCacheControlCommand extends CacheControlCommand {
   constructor(services) {
     super(services);
@@ -1167,8 +1127,7 @@ class AuraResourceCacheControlCommand extends AuraCacheControlCommand$1 {
     this.services = services;
   }
   readFromCache(cache) {
-    var _a;
-    const data = (_a = cache.get(this.buildKey())) == null ? void 0 : _a.value;
+    const data = cache.get(this.buildKey())?.value;
     if (data === void 0) {
       return resolvedPromiseLike$2(err$1(new Error("Failed to find data in cache")));
     }
@@ -1197,16 +1156,6 @@ function buildServiceDescriptor$p() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class AuraCacheControlCommand extends CacheControlCommand {
   constructor(services) {
     super(services);
@@ -1342,16 +1291,6 @@ function buildServiceDescriptor$o() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class HttpCacheControlCommand extends CacheControlCommand {
   constructor(services) {
     super(services);
@@ -1459,16 +1398,6 @@ function buildServiceDescriptor$n() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class NetworkCommand extends BaseCommand {
   constructor(services) {
     super();
@@ -1518,7 +1447,7 @@ function hasFetchParams(command) {
   return command && typeof command === "object" && "fetchParams" in command;
 }
 function createAbortableDecorator(command, options) {
-  if (!(options == null ? void 0 : options.signal) || !((options == null ? void 0 : options.signal) instanceof AbortSignal)) {
+  if (!options?.signal || !(options?.signal instanceof AbortSignal)) {
     return command;
   }
   const { signal } = options;
@@ -1665,11 +1594,6 @@ function buildServiceDescriptor$m() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class StreamingCommand extends BaseCommand {
   constructor(services) {
     super();
@@ -1705,11 +1629,6 @@ function buildServiceDescriptor$l() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class SSECommand extends StreamingCommand {
   constructor(services) {
     super(services);
@@ -1788,11 +1707,6 @@ function buildServiceDescriptor$k() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function buildInstrumentCommand(services) {
   const meter = services.instrumentation.metrics.getMeter("onestore");
   return function instrumentCommand(commandClass, commandName) {
@@ -1812,7 +1726,7 @@ function buildInstrumentCommand(services) {
         try {
           result = super.execute(...args);
         } catch (e) {
-          if ((e == null ? void 0 : e.name) === "AbortError") {
+          if (e?.name === "AbortError") {
             abortCounter.add(1);
           } else {
             errorCounter.add(1);
@@ -1839,16 +1753,6 @@ function buildServiceDescriptor$j(instrumentation) {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class O11yOTelTraceAPI {
   constructor(services) {
     this.services = services;
@@ -1864,9 +1768,9 @@ class O11yTracer {
     this.logger = logger;
   }
   startSpan(name, _options, context) {
-    const traceId = context == null ? void 0 : context.getValue(Symbol.for("traceId"));
-    const spanId = context == null ? void 0 : context.getValue(Symbol.for("spanId"));
-    const traceFlags = context == null ? void 0 : context.getValue(Symbol.for("traceFlags"));
+    const traceId = context?.getValue(/* @__PURE__ */ Symbol.for("traceId"));
+    const spanId = context?.getValue(/* @__PURE__ */ Symbol.for("spanId"));
+    const traceFlags = context?.getValue(/* @__PURE__ */ Symbol.for("traceFlags"));
     let spanContext = void 0;
     if (traceId !== void 0 && spanId !== void 0 && traceFlags !== void 0) {
       spanContext = {
@@ -2109,16 +2013,6 @@ function buildServiceDescriptor$i(logger) {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 const { stringify: stringify$2, parse: parse$1 } = JSON;
 function deepCopy$1(x) {
   const stringified = stringify$2(x);
@@ -2142,7 +2036,7 @@ let DefaultRecordableCache$1 = class DefaultRecordableCache {
     if (value === void 0) {
       this.missingKeysRead.add(key);
     }
-    if (options == null ? void 0 : options.copy) {
+    if (options?.copy) {
       return deepCopy$1(value);
     }
     return value;
@@ -2186,7 +2080,7 @@ let DefaultFilteredCache$1 = class DefaultFilteredCache {
   get(key, options) {
     const result = this.baseCache.get(key);
     if (result && this.predicate(key, result)) {
-      if (options == null ? void 0 : options.copy) {
+      if (options?.copy) {
         return deepCopy$1(result);
       }
       return result;
@@ -2282,7 +2176,7 @@ let DefaultCache$1 = class DefaultCache {
     this.data = {};
   }
   get(key, options) {
-    if (options == null ? void 0 : options.copy) {
+    if (options?.copy) {
       return deepCopy$1(this.data[key]);
     }
     return this.data[key];
@@ -2362,11 +2256,6 @@ function buildServiceDescriptor$h() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class CacheControlStrategy {
   constructor(services, config, requestRunner) {
     this.services = services;
@@ -2427,11 +2316,11 @@ class MaxAgeCacheControlStrategy extends CacheControlStrategy {
       if (value.isOk()) {
         this.collectCacheHitInstrumentation(
           startTime,
-          options == null ? void 0 : options.instrumentationAttributes
+          options?.instrumentationAttributes
         );
         return ok$2(void 0);
       }
-      this.collectCacheMissInstrumentation(startTime, options == null ? void 0 : options.instrumentationAttributes);
+      this.collectCacheMissInstrumentation(startTime, options?.instrumentationAttributes);
       const tempCache = this.filteredCache;
       return new Promise(async (resolve, reject) => {
         try {
@@ -2501,11 +2390,11 @@ class OnlyIfCachedCacheControlStrategy extends CacheControlStrategy {
       if (result.isOk()) {
         this.collectCacheHitInstrumentation(
           startTime,
-          options == null ? void 0 : options.instrumentationAttributes
+          options?.instrumentationAttributes
         );
         return ok$2(void 0);
       }
-      this.collectCacheMissInstrumentation(startTime, options == null ? void 0 : options.instrumentationAttributes);
+      this.collectCacheMissInstrumentation(startTime, options?.instrumentationAttributes);
       const error = new UserVisibleError(
         new FetchResponse(HttpStatusCode$1.GatewayTimeout, {
           error: "Cache miss for only-if-cached request"
@@ -2589,12 +2478,7 @@ function buildServiceDescriptor$g(cache, cacheInclusionPolicy, instrumentation)
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-const EventTypeWildcard = Symbol("EventTypeWildcard");
+const EventTypeWildcard = /* @__PURE__ */ Symbol("EventTypeWildcard");
 class DefaultPubSubService {
   constructor() {
     this.subscriptions = /* @__PURE__ */ new Map();
@@ -2657,11 +2541,6 @@ function buildServiceDescriptor$f() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class NDJSONCommand extends StreamingCommand {
   constructor(services) {
     super(services);
@@ -2762,13 +2641,8 @@ function buildServiceDescriptor$d(luvio) {
         },
     };
 }
-// version: 1.436.0-581b8a5964
+// version: 1.438.0-0ec0a89235
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class AuraGraphQLNormalizedCacheControlCommand extends AuraNormalizedCacheControlCommand {
   constructor(config, documentRootType, services) {
     super(services);
@@ -2949,11 +2823,6 @@ function buildServiceDescriptor$c() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class HttpGraphQLNormalizedCacheControlCommand extends HttpNormalizedCacheControlCommand {
   constructor(config, documentRootType, services) {
     super(services);
@@ -3067,11 +2936,6 @@ function buildServiceDescriptor$b() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class FeatureFlagsService {
   constructor() {
     this.flags = /* @__PURE__ */ new Map();
@@ -3115,13 +2979,8 @@ function buildServiceDescriptor$9(notifyRecordUpdateAvailable, getNormalizedLuvi
         },
     };
 }
-// version: 1.436.0-581b8a5964
+// version: 1.438.0-0ec0a89235
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class RetryService {
   constructor(defaultRetryPolicy) {
     this.defaultRetryPolicy = defaultRetryPolicy;
@@ -3272,11 +3131,6 @@ function buildServiceDescriptor$8(defaultRetryPolicy) {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function isUserVisibleError(error) {
   return error instanceof Error && "type" in error && error.type === "user-visible";
 }
@@ -3301,11 +3155,6 @@ function logError(error) {
   console.error("OneStore Command threw an error that we did not expect", error);
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function buildBaseImperativeInvoker(getCommand, transformResult) {
   return async (...params) => {
     const command = getCommand({ params, assertIsValid });
@@ -3410,7 +3259,7 @@ class SubscribableImperativeBindingsService {
       const api = {
         data: result.value.data,
         subscribe: (cb) => {
-          result.value.subscribe((result2) => {
+          return result.value.subscribe((result2) => {
             if (result2.isErr()) {
               return cb({ data: void 0, error: toError(result2.error) });
             }
@@ -3513,10 +3362,10 @@ class GraphQLImperativeBindingsService {
             acceptedOperations: ["query"]
           };
           const result = resolveAndValidateGraphQLConfig(params[0], options);
-          if (result == null ? void 0 : result.isErr()) {
+          if (result?.isErr()) {
             return result.error;
           }
-          if (result == null ? void 0 : result.isOk()) {
+          if (result?.isOk()) {
             params[0] = result.value;
           }
         }
@@ -3535,7 +3384,7 @@ class GraphQLImperativeBindingsService {
       deepFreeze(result.value);
       consumerEmittedData.data = result.value.data.data;
       consumerEmittedData.subscribe = (cb) => {
-        result.value.subscribe((res) => {
+        return result.value.subscribe((res) => {
           const consumerEmittedData2 = {
             data: void 0,
             errors: void 0
@@ -3608,11 +3457,11 @@ class GraphQLLegacyImperativeBindingsService {
           acceptedOperations: ["query"]
         };
         const result = resolveAndValidateGraphQLConfig(config, options);
-        if (result == null ? void 0 : result.isErr()) {
+        if (result?.isErr()) {
           callback(result.error);
           return;
         }
-        if (result == null ? void 0 : result.isOk()) {
+        if (result?.isOk()) {
           config = result.value;
         }
       }
@@ -3643,12 +3492,12 @@ class GraphQLLegacyImperativeBindingsService {
           acceptedOperations: ["query"]
         };
         const result = resolveAndValidateGraphQLConfig(config, options);
-        if (result == null ? void 0 : result.isErr()) {
+        if (result?.isErr()) {
           callback(result.error);
           return () => {
           };
         }
-        if (result == null ? void 0 : result.isOk()) {
+        if (result?.isOk()) {
           config = result.value;
         }
       }
@@ -3710,13 +3559,13 @@ class GraphQLMutationBindingsService {
             acceptedOperations: ["mutation"]
           };
           const result2 = resolveAndValidateGraphQLConfig(params[0], options);
-          if (result2 == null ? void 0 : result2.isErr()) {
+          if (result2?.isErr()) {
             return {
               data: void 0,
               errors: result2.error.errors
             };
           }
-          if (result2 == null ? void 0 : result2.isOk()) {
+          if (result2?.isOk()) {
             params[0] = result2.value;
           }
         }
@@ -3742,11 +3591,6 @@ function buildServiceDescriptor$7() {
   };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class Sanitizer {
   constructor(obj) {
     this.obj = obj;
@@ -3806,7 +3650,7 @@ class CommandWireAdapterConstructor {
     this.callback = callback;
     this.connected = false;
     this.exposeRefresh = false;
-    if (!(options == null ? void 0 : options.skipEmptyEmit)) {
+    if (!options?.skipEmptyEmit) {
       this.emit();
     }
   }
@@ -4143,11 +3987,6 @@ function buildLWCGraphQLWireBindingsServiceDescriptor() {
     };
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function e$1(e2) {
   this.message = e2;
 }
@@ -4379,7 +4218,7 @@ class JwtManager {
   constructor(jwtRepository, resolver, options) {
     this.jwtRepository = jwtRepository;
     this.resolver = resolver;
-    if (options == null ? void 0 : options.keepTokenUpdated) {
+    if (options?.keepTokenUpdated) {
       jwtRepository.subscribeToTokenNearExpiration(() => this.refreshToken());
     }
   }
@@ -4433,11 +4272,6 @@ class JwtManager {
   }
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function buildServiceDescriptor$2(interceptors = {
   request: [],
   retry: void 0,
@@ -4448,8 +4282,7 @@ function buildServiceDescriptor$2(interceptors = {
     type: "fetch",
     version: "1.0",
     service: function(...args) {
-      var _a;
-      const context = (_a = interceptors.createContext) == null ? void 0 : _a.call(interceptors);
+      const context = interceptors.createContext?.();
       const {
         request: requestInterceptors = [],
         retry: retryInterceptor = void 0,
@@ -4536,25 +4369,25 @@ function setHeader(headerName, headerValue, [resource, options = {}], {
   errorMessage = `Unexpected ${headerName} header encountered`
 } = {}) {
   let hasHeaderBeenSet = false;
-  if (resource instanceof Request && !(options == null ? void 0 : options.headers)) {
+  if (resource instanceof Request && !options?.headers) {
     if (throwOnExisting && resource.headers.has(headerName)) {
       throw new Error(errorMessage);
     }
     resource.headers.set(headerName, headerValue);
     hasHeaderBeenSet = true;
   }
-  if ((options == null ? void 0 : options.headers) instanceof Headers) {
+  if (options?.headers instanceof Headers) {
     if (throwOnExisting && options.headers.has(headerName)) {
       throw new Error(errorMessage);
     }
     options.headers.set(headerName, headerValue);
   } else {
-    if (throwOnExisting && (options == null ? void 0 : options.headers) && Reflect.has(options.headers, headerName)) {
+    if (throwOnExisting && options?.headers && Reflect.has(options.headers, headerName)) {
       throw new Error(errorMessage);
     }
     if (!hasHeaderBeenSet) {
       options.headers = {
-        ...options == null ? void 0 : options.headers,
+        ...options?.headers,
         [headerName]: headerValue
       };
     }
@@ -4625,7 +4458,9 @@ var HttpStatusCode;
     HttpStatusCode[HttpStatusCode["Unauthorized"] = 401] = "Unauthorized";
     HttpStatusCode[HttpStatusCode["Forbidden"] = 403] = "Forbidden";
     HttpStatusCode[HttpStatusCode["NotFound"] = 404] = "NotFound";
+    HttpStatusCode[HttpStatusCode["TooManyRequests"] = 429] = "TooManyRequests";
     HttpStatusCode[HttpStatusCode["ServerError"] = 500] = "ServerError";
+    HttpStatusCode[HttpStatusCode["ServiceUnavailable"] = 503] = "ServiceUnavailable";
     HttpStatusCode[HttpStatusCode["GatewayTimeout"] = 504] = "GatewayTimeout";
 })(HttpStatusCode || (HttpStatusCode = {}));
 /**
@@ -4688,7 +4523,7 @@ var TypeCheckShapes;
     TypeCheckShapes[TypeCheckShapes["Integer"] = 3] = "Integer";
     TypeCheckShapes[TypeCheckShapes["Unsupported"] = 4] = "Unsupported";
 })(TypeCheckShapes || (TypeCheckShapes = {}));
-// engine version: 0.160.4-b7e0ea82
+// engine version: 0.160.5-e6ada846
 
 const { keys: keys$1 } = Object;
 
@@ -5573,11 +5408,6 @@ function logCRUDLightningInteraction(eventSource, attributes) {
 }
 const instrumentation = new Instrumentation();
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 function valueFor(value, path) {
   if (path.length === 0 || path[0] === "") {
     return value;
@@ -5745,7 +5575,7 @@ function getEnvironmentSetting(name) {
     }
     return undefined;
 }
-// version: 1.436.0-7cd4295391
+// version: 1.438.0-242a4ab027
 
 const environmentHasAura = typeof window !== 'undefined' && typeof window.$A !== 'undefined';
 const defaultConfig = {
@@ -6212,6 +6042,7 @@ const CSRF_STORAGE_CONFIG = {
 class CsrfTokenManager {
     constructor() {
         this.tokenPromise = null;
+        this.refreshInFlight = null;
         // Initialize AuraStorage
         this.storage = createStorage(CSRF_STORAGE_CONFIG);
     }
@@ -6287,20 +6118,37 @@ class CsrfTokenManager {
     /**
      * Obtains and returns a new token value as a promise.
      * This will clear the cached token and fetch a fresh one.
+     *
+     * Concurrent calls coalesce onto a single in-flight refresh — important when
+     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
+     * retry policy independently calls refreshToken(). Without this, every caller
+     * triggers its own /session/csrf round-trip.
      */
-    async refreshToken() {
-        // Clear cached token
-        if (this.storage) {
-            try {
-                await this.storage.remove(CSRF_TOKEN_KEY);
+    refreshToken() {
+        if (this.refreshInFlight) {
+            return this.refreshInFlight;
+        }
+        const refresh = (async () => {
+            if (this.storage) {
+                try {
+                    await this.storage.remove(CSRF_TOKEN_KEY);
+                }
+                catch {
+                    // Non-fatal: continue with refresh even if clear fails
+                }
             }
-            catch {
-                // Non-fatal: continue with refresh even if clear fails
+            return this.fetchFreshToken();
+        })();
+        this.refreshInFlight = refresh;
+        this.tokenPromise = refresh;
+        // Clear the in-flight reference once settled (success or failure) so
+        // subsequent token expirations can trigger a fresh refresh.
+        refresh.finally(() => {
+            if (this.refreshInFlight === refresh) {
+                this.refreshInFlight = null;
             }
-        }
-        // Fetch (and cache) fresh token
-        this.tokenPromise = this.fetchFreshToken();
-        return this.tokenPromise;
+        });
+        return refresh;
     }
     /**
      * Reset the singleton instance (useful for testing).
@@ -6635,6 +6483,147 @@ function buildLuvioThirdPartyTrackerFinishInterceptor() {
     };
 }
 
+const DEFAULT_CONFIG$3 = {
+    maxRetries: 1,
+};
+class LuvioCsrfTokenRetryPolicy extends RetryPolicy {
+    constructor(config = DEFAULT_CONFIG$3) {
+        super();
+        this.config = config;
+        this.csrfTokenManager = CsrfTokenManager.getInstance();
+    }
+    setRequestContext(context) {
+        this.requestContext = context;
+    }
+    async shouldRetry(result, context) {
+        if (context.attempt >= this.config.maxRetries) {
+            return false;
+        }
+        // UIAPI returns 401 for invalid/expired CSRF tokens; the default is 400
+        if (result.status !== 400 && result.status !== 401) {
+            return false;
+        }
+        return isCsrfError$1(result);
+    }
+    async calculateDelay(_result, _context) {
+        return 0;
+    }
+    async prepareRetry(_result, _context) {
+        if (!this.requestContext) {
+            return;
+        }
+        const newToken = await this.csrfTokenManager.refreshToken();
+        const req = this.requestContext.request;
+        const { [CSRF_TOKEN_HEADER]: _stale, ...remainingHeaders } = req.headers ?? {};
+        // If refresh failed, drop the stale token entirely so the request interceptor
+        // will fetch a fresh one via getToken() on the retry.
+        const headers = newToken
+            ? { ...remainingHeaders, [CSRF_TOKEN_HEADER]: newToken }
+            : remainingHeaders;
+        this.requestContext.request = { ...req, headers };
+    }
+}
+/**
+ * Returns true when a Luvio FetchResponse indicates a CSRF token error.
+ * Body is already parsed JSON on FetchResponse, so no clone/json() needed.
+ *
+ * UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+ * for single errors, or an array `[{ errorCode, message }]` for endpoints that
+ * return collections of errors. Handle both.
+ */
+function isCsrfError$1(response) {
+    const body = response.body;
+    const errorCode = Array.isArray(body) ? body[0]?.errorCode : body?.errorCode;
+    return errorCode === 'INVALID_ACCESS_TOKEN';
+}
+
+const DEFAULT_CONFIG$2 = {
+    maxRetries: 3,
+    maxTimeToRetry: 10000,
+    baseDelay: 250,
+    maxDelay: 5000,
+    exponentialFactor: 2,
+    jitterPercent: 0.5,
+};
+class LuvioFetchThrottlingRetryPolicy extends RetryPolicy {
+    constructor(config = DEFAULT_CONFIG$2) {
+        super();
+        this.config = config;
+    }
+    async shouldRetry(result, context) {
+        return ((result.status === 429 || result.status === 503) &&
+            context.attempt < this.config.maxRetries &&
+            context.totalElapsedMs <= this.config.maxTimeToRetry);
+    }
+    async calculateDelay(result, context) {
+        let delay;
+        const retryAfterHeader = this.parseRetryAfterHeader(result);
+        if (retryAfterHeader !== undefined) {
+            delay = Math.min(retryAfterHeader, this.config.maxDelay);
+        }
+        else {
+            delay = Math.min(this.config.baseDelay * Math.pow(this.config.exponentialFactor, context.attempt), this.config.maxDelay);
+        }
+        const jitter = delay * this.config.jitterPercent * (Math.random() - 0.5);
+        return Math.max(0, delay + jitter);
+    }
+    parseRetryAfterHeader(result) {
+        const headers = result.headers;
+        if (!headers) {
+            return undefined;
+        }
+        // FetchResponse headers is a plain { [key: string]: string } object
+        // (no Headers.get available), so do a case-insensitive lookup manually.
+        let value;
+        for (const key in headers) {
+            if (key.toLowerCase() === 'retry-after') {
+                value = headers[key];
+                break;
+            }
+        }
+        if (!value) {
+            return undefined;
+        }
+        const trimmed = value.trim();
+        if (/^\d+$/.test(trimmed)) {
+            const seconds = Number(trimmed);
+            if (Number.isFinite(seconds) && seconds >= 0) {
+                return seconds * 1000;
+            }
+            return undefined;
+        }
+        const IMF_FIXDATE = /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT$/;
+        if (!IMF_FIXDATE.test(trimmed)) {
+            return undefined;
+        }
+        const millis = Date.parse(trimmed);
+        if (Number.isFinite(millis)) {
+            return Math.max(0, millis - Date.now());
+        }
+        return undefined;
+    }
+}
+
+/**
+ * Builds the LuvioRetryInterceptor used by the UIAPI fetch adapter.
+ *
+ * A fresh RetryService and policy instances are created per request to keep the
+ * CSRF policy's mutableRequest context isolated from concurrent requests.
+ */
+function buildLuvioFetchRetryInterceptor() {
+    return (request, doFetch) => {
+        const csrfPolicy = new LuvioCsrfTokenRetryPolicy();
+        const composedPolicy = new ComposedRetryPolicy([
+            new LuvioFetchThrottlingRetryPolicy(),
+            csrfPolicy,
+        ]);
+        const retryService = new RetryService(composedPolicy);
+        const mutableRequest = { request };
+        csrfPolicy.setRequestContext(mutableRequest);
+        return retryService.applyRetry(() => doFetch(mutableRequest.request));
+    };
+}
+
 const SFDC_REQUEST_ID_KEY = 'X-SFDC-Request-Id';
 function buildTransportMarksSendInterceptor() {
     return async (fetchArgs, context) => {
@@ -7033,6 +7022,7 @@ const composedFetchNetworkAdapter = {
             buildLuvioPageScopedCacheRequestInterceptor(),
             buildLuvioCsrfTokenInterceptor(),
         ],
+        retry: buildLuvioFetchRetryInterceptor(),
         response: [
             buildLexRuntimeLuvio5xxStatusResponseInterceptor(),
             buildLexRuntimeLuvioAuthExpirationRedirectResponseInterceptor(),
@@ -7099,12 +7089,12 @@ class CsrfTokenRetryPolicy extends RetryPolicy {
         if (context.attempt >= this.config.maxRetries) {
             return false;
         }
-        // Only retry on 400 status
-        if (result.status !== 400) {
+        // UIAPI returns 401 for invalid/expired CSRF tokens; the default is 400.
+        if (result.status !== 400 && result.status !== 401) {
             return false;
         }
         // Check if this is a CSRF error by examining the response body
-        // This avoids retrying all 400s (validation errors, bad requests, etc.)
+        // This avoids retrying all 400s/401s (validation errors, auth errors, etc.)
         return isCsrfError(result);
     }
     /**
@@ -7153,8 +7143,10 @@ async function isCsrfError(response) {
         // Clone to avoid consuming the original response
         const cloned = response.clone();
         const body = await cloned.json();
-        // Check the error array format: body[0].errorCode
-        const errorCode = body?.[0]?.errorCode;
+        // UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+        // for single errors, or an array `[{ errorCode, message }]` for endpoints
+        // that return collections of errors. Handle both.
+        const errorCode = Array.isArray(body) ? body[0]?.errorCode : body?.errorCode;
         return errorCode === 'INVALID_ACCESS_TOKEN';
     }
     catch {
@@ -9442,18 +9434,8 @@ class PredictionsReadyManager {
     }
 }
 
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class CacheInclusionPolicyService {
 }
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 class Ok {
   constructor(value) {
     this.value = value;
@@ -9515,18 +9497,8 @@ function rejectedPromiseLike(reason) {
   };
 }
 function isPromiseLike(x) {
-  return typeof (x == null ? void 0 : x.then) === "function";
+  return typeof x?.then === "function";
 }
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
-/*!
- * Copyright (c) 2022, Salesforce, Inc.,
- * All rights reserved.
- * For full license text, see the LICENSE.txt file
- */
 const { stringify, parse } = JSON;
 function deepCopy(x) {
   const stringified = stringify(x);
@@ -9550,7 +9522,7 @@ class DefaultRecordableCache {
     if (value === void 0) {
       this.missingKeysRead.add(key);
     }
-    if (options == null ? void 0 : options.copy) {
+    if (options?.copy) {
       return deepCopy(value);
     }
     return value;
@@ -9594,7 +9566,7 @@ class DefaultFilteredCache {
   get(key, options) {
     const result = this.baseCache.get(key);
     if (result && this.predicate(key, result)) {
-      if (options == null ? void 0 : options.copy) {
+      if (options?.copy) {
         return deepCopy(result);
       }
       return result;
@@ -9690,7 +9662,7 @@ class DefaultCache {
     this.data = {};
   }
   get(key, options) {
-    if (options == null ? void 0 : options.copy) {
+    if (options?.copy) {
       return deepCopy(this.data[key]);
     }
     return this.data[key];
@@ -10753,4 +10725,4 @@ function ldsEngineCreator() {
 }
 
 export { LexRequestStrategy, PdlPrefetcherEventType, PdlRequestPriority, buildPredictorForContext, configService, ldsEngineCreator as default, initializeLDS, initializeOneStore, notifyUpdateAvailableFactory, registerRequestStrategy, saveRequestAsPrediction, subscribeToPrefetcherEvents, unregisterRequestStrategy, whenPredictionsReady };
-// version: 1.436.0-581b8a5964
+// version: 1.438.0-0ec0a89235

package/dist/types/request-interceptors/csrf-manager.d.ts

@@ -5,6 +5,7 @@
 declare class CsrfTokenManager {
     private static instance;
     private tokenPromise;
+    private refreshInFlight;
     private storage;
     private constructor();
     static getInstance(): CsrfTokenManager;
@@ -28,6 +29,11 @@ declare class CsrfTokenManager {
     /**
      * Obtains and returns a new token value as a promise.
      * This will clear the cached token and fetch a fresh one.
+     *
+     * Concurrent calls coalesce onto a single in-flight refresh — important when
+     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
+     * retry policy independently calls refreshToken(). Without this, every caller
+     * triggers its own /session/csrf round-trip.
      */
     refreshToken(): Promise<string | undefined>;
     /**

package/dist/types/request-interceptors/csrf-token.d.ts

@@ -1,5 +1,6 @@
 import type { RequestInterceptor } from '@conduit-client/service-fetch-network/v1';
 import type { ResourceRequest } from '@luvio/engine';
+export declare const CSRF_TOKEN_HEADER = "X-CSRF-Token";
 /**
  * Builds a request interceptor that adds CSRF token headers to mutating requests.
  * The CSRF token is fetched once and cached for subsequent requests.

package/dist/types/retry-interceptors/luvio-fetch-retry.d.ts

@@ -0,0 +1,8 @@
+import type { LuvioRetryInterceptor } from '@salesforce/lds-network-fetch';
+/**
+ * Builds the LuvioRetryInterceptor used by the UIAPI fetch adapter.
+ *
+ * A fresh RetryService and policy instances are created per request to keep the
+ * CSRF policy's mutableRequest context isolated from concurrent requests.
+ */
+export declare function buildLuvioFetchRetryInterceptor(): LuvioRetryInterceptor;

package/dist/types/retry-policies/luvio-csrf-token-retry-policy.d.ts

@@ -0,0 +1,32 @@
+import type { RetryContext } from '@conduit-client/service-retry/v1';
+import { RetryPolicy } from '@conduit-client/service-retry/v1';
+import type { FetchResponse, ResourceRequest } from '@luvio/engine';
+type LuvioCsrfTokenRetryPolicyConfig = {
+    maxRetries: number;
+};
+/**
+ * Mutable container for the ResourceRequest that can be updated between retries.
+ */
+export interface MutableLuvioRequest {
+    request: ResourceRequest;
+}
+export declare class LuvioCsrfTokenRetryPolicy extends RetryPolicy<FetchResponse<any>> {
+    private config;
+    private csrfTokenManager;
+    private requestContext?;
+    constructor(config?: LuvioCsrfTokenRetryPolicyConfig);
+    setRequestContext(context: MutableLuvioRequest): void;
+    shouldRetry(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<boolean>;
+    calculateDelay(_result: FetchResponse<any>, _context: RetryContext<FetchResponse<any>>): Promise<number>;
+    prepareRetry(_result: FetchResponse<any>, _context: RetryContext<FetchResponse<any>>): Promise<void>;
+}
+/**
+ * Returns true when a Luvio FetchResponse indicates a CSRF token error.
+ * Body is already parsed JSON on FetchResponse, so no clone/json() needed.
+ *
+ * UIAPI error bodies come in both shapes: an object `{ errorCode, message }`
+ * for single errors, or an array `[{ errorCode, message }]` for endpoints that
+ * return collections of errors. Handle both.
+ */
+export declare function isCsrfError(response: FetchResponse<any>): boolean;
+export {};

package/dist/types/retry-policies/luvio-fetch-throttling-retry-policy.d.ts

@@ -0,0 +1,18 @@
+import { RetryPolicy, type RetryContext } from '@conduit-client/service-retry/v1';
+import type { FetchResponse } from '@luvio/engine';
+type LuvioFetchThrottlingRetryPolicyConfig = {
+    maxRetries: number;
+    maxTimeToRetry: number;
+    baseDelay: number;
+    maxDelay: number;
+    exponentialFactor: number;
+    jitterPercent: number;
+};
+export declare class LuvioFetchThrottlingRetryPolicy extends RetryPolicy<FetchResponse<any>> {
+    private config;
+    constructor(config?: LuvioFetchThrottlingRetryPolicyConfig);
+    shouldRetry(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<boolean>;
+    calculateDelay(result: FetchResponse<any>, context: RetryContext<FetchResponse<any>>): Promise<number>;
+    parseRetryAfterHeader(result: FetchResponse<any>): number | undefined;
+}
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-aura",
-    "version": "1.436.0",
+    "version": "1.438.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Aura runtime",
     "main": "dist/ldsEngineCreator.js",
@@ -34,60 +34,60 @@
         "release:corejar": "yarn build && ../core-build/scripts/core.js --name=lds-runtime-aura"
     },
     "devDependencies": {
-        "@conduit-client/service-provisioner": "3.19.5",
-        "@conduit-client/tools-core": "3.19.5",
-        "@salesforce/lds-adapters-apex": "^1.436.0",
-        "@salesforce/lds-adapters-uiapi": "^1.436.0",
-        "@salesforce/lds-ads-bridge": "^1.436.0",
-        "@salesforce/lds-aura-storage": "^1.436.0",
-        "@salesforce/lds-bindings": "^1.436.0",
-        "@salesforce/lds-instrumentation": "^1.436.0",
-        "@salesforce/lds-network-adapter": "^1.436.0",
-        "@salesforce/lds-network-aura": "^1.436.0",
-        "@salesforce/lds-network-fetch": "^1.436.0",
+        "@conduit-client/service-provisioner": "3.20.5",
+        "@conduit-client/tools-core": "3.20.5",
+        "@salesforce/lds-adapters-apex": "^1.438.0",
+        "@salesforce/lds-adapters-uiapi": "^1.438.0",
+        "@salesforce/lds-ads-bridge": "^1.438.0",
+        "@salesforce/lds-aura-storage": "^1.438.0",
+        "@salesforce/lds-bindings": "^1.438.0",
+        "@salesforce/lds-instrumentation": "^1.438.0",
+        "@salesforce/lds-network-adapter": "^1.438.0",
+        "@salesforce/lds-network-aura": "^1.438.0",
+        "@salesforce/lds-network-fetch": "^1.438.0",
         "jwt-encode": "1.0.1"
     },
     "dependencies": {
-        "@conduit-client/command-aura-graphql-normalized-cache-control": "3.19.5",
-        "@conduit-client/command-aura-network": "3.19.5",
-        "@conduit-client/command-aura-normalized-cache-control": "3.19.5",
-        "@conduit-client/command-aura-resource-cache-control": "3.19.5",
-        "@conduit-client/command-fetch-network": "3.19.5",
-        "@conduit-client/command-http-graphql-normalized-cache-control": "3.19.5",
-        "@conduit-client/command-http-normalized-cache-control": "3.19.5",
-        "@conduit-client/command-ndjson": "3.19.5",
-        "@conduit-client/command-network": "3.19.5",
-        "@conduit-client/command-sse": "3.19.5",
-        "@conduit-client/command-streaming": "3.19.5",
-        "@conduit-client/service-aura-network": "3.19.5",
-        "@conduit-client/service-bindings-imperative": "3.19.5",
-        "@conduit-client/service-bindings-lwc": "3.19.5",
-        "@conduit-client/service-cache": "3.19.5",
-        "@conduit-client/service-cache-control": "3.19.5",
-        "@conduit-client/service-cache-inclusion-policy": "3.19.5",
-        "@conduit-client/service-config": "3.19.5",
-        "@conduit-client/service-feature-flags": "3.19.5",
-        "@conduit-client/service-fetch-network": "3.19.5",
-        "@conduit-client/service-instrument-command": "3.19.5",
-        "@conduit-client/service-pubsub": "3.19.5",
-        "@conduit-client/service-store": "3.19.5",
-        "@conduit-client/utils": "3.19.5",
-        "@luvio/network-adapter-composable": "0.160.4",
-        "@luvio/network-adapter-fetch": "0.160.4",
+        "@conduit-client/command-aura-graphql-normalized-cache-control": "3.20.5",
+        "@conduit-client/command-aura-network": "3.20.5",
+        "@conduit-client/command-aura-normalized-cache-control": "3.20.5",
+        "@conduit-client/command-aura-resource-cache-control": "3.20.5",
+        "@conduit-client/command-fetch-network": "3.20.5",
+        "@conduit-client/command-http-graphql-normalized-cache-control": "3.20.5",
+        "@conduit-client/command-http-normalized-cache-control": "3.20.5",
+        "@conduit-client/command-ndjson": "3.20.5",
+        "@conduit-client/command-network": "3.20.5",
+        "@conduit-client/command-sse": "3.20.5",
+        "@conduit-client/command-streaming": "3.20.5",
+        "@conduit-client/service-aura-network": "3.20.5",
+        "@conduit-client/service-bindings-imperative": "3.20.5",
+        "@conduit-client/service-bindings-lwc": "3.20.5",
+        "@conduit-client/service-cache": "3.20.5",
+        "@conduit-client/service-cache-control": "3.20.5",
+        "@conduit-client/service-cache-inclusion-policy": "3.20.5",
+        "@conduit-client/service-config": "3.20.5",
+        "@conduit-client/service-feature-flags": "3.20.5",
+        "@conduit-client/service-fetch-network": "3.20.5",
+        "@conduit-client/service-instrument-command": "3.20.5",
+        "@conduit-client/service-pubsub": "3.20.5",
+        "@conduit-client/service-store": "3.20.5",
+        "@conduit-client/utils": "3.20.5",
+        "@luvio/network-adapter-composable": "0.160.5",
+        "@luvio/network-adapter-fetch": "0.160.5",
         "@lwc/state": "^0.29.0",
-        "@salesforce/lds-adapters-onestore-graphql": "^1.436.0",
+        "@salesforce/lds-adapters-onestore-graphql": "^1.438.0",
         "@salesforce/lds-adapters-uiapi-lex": "^1.415.0",
-        "@salesforce/lds-durable-storage": "^1.436.0",
-        "@salesforce/lds-luvio-service": "^1.436.0",
-        "@salesforce/lds-luvio-uiapi-records-service": "^1.436.0"
+        "@salesforce/lds-durable-storage": "^1.438.0",
+        "@salesforce/lds-luvio-service": "^1.438.0",
+        "@salesforce/lds-luvio-uiapi-records-service": "^1.438.0"
     },
     "luvioBundlesize": [
         {
             "path": "./dist/ldsEngineCreator.js",
             "maxSize": {
-                "none": "376 kB",
+                "none": "383 kB",
                 "min": "190 kB",
-                "compressed": "61.9 kB"
+                "compressed": "63 kB"
             }
         }
     ],