@salesforce/lds-runtime-aura 1.442.0 → 1.443.0

package/dist/ldsEngineCreator.js

@@ -22,7 +22,7 @@ import { instrument, getRecordAvatarsAdapterFactory, getRecordAdapterFactory, co
 import { getInstrumentation } from 'o11y/client';
 import { findExecutableOperation, buildGraphQLInputExtension, addTypenameToDocument } from 'force/luvioGraphqlNormalization';
 import { print, resolveAndValidateGraphQLConfig, toGraphQLErrorResponse } from 'force/luvioOnestoreGraphqlParser';
-import { setServices } from 'force/luvioServiceProvisioner1';
+import getServices, { setServices } from 'force/luvioServiceProvisioner1';
 import { assertIsValid, JsonSchemaViolationError, MissingRequiredPropertyError } from 'force/luvioJsonschemaValidate5';
 import { dispatchGlobalEvent, executeGlobalControllerRawResponse } from 'aura';
 import auraNetworkAdapter, { dispatchAuraAction, defaultActionConfig, instrument as instrument$1, forceRecordTransactionsDisabled as forceRecordTransactionsDisabled$1, ldsNetworkAdapterInstrument, CrudEventState, CrudEventType, UIAPI_RECORDS_PATH, UIAPI_RELATED_LIST_RECORDS_BATCH_PATH, UIAPI_RELATED_LIST_RECORDS_PATH } from 'force/ldsNetwork';
@@ -36,7 +36,6 @@ import { instrument as instrument$5 } from '@lwc/state';
 import { withRegistration, register, setDefaultLuvio } from 'force/ldsEngine';
 import applyPredictionRequestLimit from '@salesforce/gate/lds.pdl.applyRequestLimit';
 import { pageScopedCache } from 'instrumentation/utility';
-import { createStorage, clearStorages } from 'force/ldsDurableStorage';
 import lightningConnectEnabled from '@salesforce/gate/ui.services.LightningConnect.enabled';
 import bypassAppRestrictionEnabled from '@salesforce/gate/ui.services.LightningConnect.BypassAppRestriction.enabled';
 import csrfValidationEnabled from '@salesforce/gate/ui.services.LightningConnect.CsrfValidation.enabled';
@@ -47,6 +46,7 @@ import useHttpUiapiOneRuntimePublic from '@salesforce/gate/lds.useHttpUiapiOneRu
 import useHttpUiapiOneRuntimePrivate from '@salesforce/gate/lds.useHttpUiapiOneRuntimePrivate';
 import disableCreateContentDocumentAndVersionHTTPLexRuntime from '@salesforce/gate/lds.lex.http.disableCreateContentDocumentAndVersion';
 import useHotspotLimit from '@salesforce/gate/lds.pdl.useHotspotLimit';
+import { createStorage, clearStorages } from 'force/ldsDurableStorage';
 import { registerSubRequestNetworkAdapter } from 'force/ldsNetwork';
 
 const { create: create$1, freeze, keys: keys$2, entries: entries$1 } = Object;
@@ -2644,7 +2644,7 @@ function buildServiceDescriptor$d(luvio) {
         },
     };
 }
-// version: 1.442.0-e47893165a
+// version: 1.443.0-be70f6bb6e
 
 class AuraGraphQLNormalizedCacheControlCommand extends AuraNormalizedCacheControlCommand {
   constructor(config, documentRootType, services) {
@@ -2982,7 +2982,7 @@ function buildServiceDescriptor$9(notifyRecordUpdateAvailable, getNormalizedLuvi
         },
     };
 }
-// version: 1.442.0-e47893165a
+// version: 1.443.0-be70f6bb6e
 
 class RetryService {
   constructor(defaultRetryPolicy) {
@@ -3134,6 +3134,50 @@ function buildServiceDescriptor$8(defaultRetryPolicy) {
   };
 }
 
+class BasicRenewableResourceManager {
+  constructor(config) {
+    this.config = config;
+  }
+  get() {
+    return this.config.storage.get().then((cached) => cached !== void 0 ? cached : this.fetchAndStore());
+  }
+  refresh(staleValue) {
+    if (staleValue === void 0) {
+      return this.fetchAndStore();
+    }
+    return this.config.storage.get().then(
+      (current) => current !== void 0 && current !== staleValue ? current : this.fetchAndStore()
+    );
+  }
+  clear() {
+    return this.config.storage.clear();
+  }
+  /**
+   * Single in-flight fetch shared by all concurrent `get`/`refresh` callers.
+   * Overwrites storage on a successful fetch of a defined value only; a
+   * rejected fetch or a resolved-`undefined` leaves the cached value intact.
+   */
+  fetchAndStore() {
+    if (this.inFlightFetch) return this.inFlightFetch;
+    const pending = this.config.fetch().then(
+      (fetched) => fetched === void 0 ? fetched : this.config.storage.set(fetched).then(() => fetched)
+    );
+    this.inFlightFetch = pending;
+    const releaseSlot = () => {
+      if (this.inFlightFetch === pending) this.inFlightFetch = void 0;
+    };
+    pending.then(releaseSlot, releaseSlot);
+    return pending;
+  }
+}
+function buildRenewableResourceManagerDescriptor(type, service) {
+  return {
+    version: "1.0",
+    service,
+    type
+  };
+}
+
 function isUserVisibleError(error) {
   return error instanceof Error && "type" in error && error.type === "user-visible";
 }
@@ -5673,9 +5717,28 @@ function getEnvironmentSetting(name) {
     }
     return undefined;
 }
-// version: 1.442.0-d73ebfc396
+// version: 1.443.0-3de9a44799
+
+/**
+ * Helpers for reaching the Aura framework from the LDS Aura runtime.
+ *
+ * `window.$A` is only present when the runtime is hosted inside LEX; in tests
+ * and non-Aura runtimes it is absent. Centralizing the guarded access keeps the
+ * `$A` lookup in one place instead of duplicating the `environmentHasAura`
+ * check across modules.
+ */
+/**
+ * Returns `$A.clientService` when running inside an Aura environment, or
+ * `undefined` otherwise. Defensive: never throws.
+ */
+function getAuraClientService() {
+    if (typeof window === 'undefined' || typeof window.$A === 'undefined') {
+        return undefined;
+    }
+    return window.$A.clientService;
+}
 
-const environmentHasAura = typeof window !== 'undefined' && typeof window.$A !== 'undefined';
+const auraClientService = getAuraClientService();
 const defaultConfig = {
     maxAllowedParallelXHRCounts: 9,
     forceRecordTransactionsDisabled: false,
@@ -5686,10 +5749,11 @@ const configServiceDescriptor = buildServiceDescriptor$1({
     default: defaultConfig,
 });
 const configService = configServiceDescriptor.service;
-if (environmentHasAura) {
+if (auraClientService?.maxAllowedParallelXHRCounts) {
     configService.set('lex', (config) => {
         config.maxAllowedParallelXHRCounts =
-            window['$A'].clientService.maxAllowedParallelXHRCounts();
+            auraClientService.maxAllowedParallelXHRCounts?.() ??
+                defaultConfig.maxAllowedParallelXHRCounts;
         config.forceRecordTransactionsDisabled = getEnvironmentSetting(EnvironmentSettings.ForceRecordTransactionsDisabled);
     });
 }
@@ -6119,146 +6183,91 @@ function buildLexRuntimeLuvio5xxStatusResponseInterceptor() {
     };
 }
 
-const CSRF_TOKEN_KEY = 'salesforce_csrf_token';
-const CSRF_STORAGE_NAME = 'ldsCSRFToken';
-const BASE_URI = '/services/data/v68.0';
-const UI_API_BASE_URI = `${BASE_URI}/ui-api`;
-const CSRF_TOKEN_ENDPOINT = `${UI_API_BASE_URI}/session/csrf`;
-const CSRF_STORAGE_CONFIG = {
-    name: CSRF_STORAGE_NAME,
-    persistent: true,
-    secure: true,
-    maxSize: 1024,
-    expiration: 24 * 60 * 60,
-    clearOnInit: false,
-    debugLogging: false,
-};
 /**
- * Manages CSRF token fetching and caching for secure requests.
- * Implements a singleton pattern to ensure consistent token management across the application.
+ * Normalizes Connect REST error envelopes into the Aura Shape A
+ * (ConnectInJava) shape, so consumers can read `response.body.errorCode`
+ * regardless of transport.
+ *
+ * - HTTP error envelope (this path): `[{ errorCode, message }, ...]`
+ * - Aura Shape A: `{ errorCode, message, statusCode, ... }`
+ *
+ * The full array is preserved at `body.enhancedErrorInfo.allErrors` since
+ * Connect can return multiple errors per response.
+ *
+ * Aura Shape B (`{ error: "..." }`) is an Aura-only fallback that never
+ * appears on the HTTP path, so no normalization is needed for it here.
+ *
+ * Ordering: must run AFTER any other interceptor that inspects the raw
+ * error body shape (e.g. the 5xx interceptor's ErrorId extraction reads
+ * `body[0].message` from the array form).
  */
-class CsrfTokenManager {
-    constructor() {
-        this.tokenPromise = null;
-        this.refreshInFlight = null;
-        // Initialize AuraStorage
-        this.storage = createStorage(CSRF_STORAGE_CONFIG);
-    }
-    static getInstance() {
-        if (!CsrfTokenManager.instance) {
-            CsrfTokenManager.instance = new CsrfTokenManager();
-        }
-        return CsrfTokenManager.instance;
-    }
-    /**
-     * Obtain a CSRF token, either from AuraStorage or by fetching a fresh one.
-     *
-     * @private
-     */
-    async loadOrFetchToken() {
-        // First try to get token from AuraStorage
-        if (this.storage) {
-            try {
-                const cachedToken = await this.storage.get(CSRF_TOKEN_KEY);
-                if (typeof cachedToken === 'string' && cachedToken) {
-                    return cachedToken;
-                }
-            }
-            catch {
-                // If storage read fails, continue to fetch
-            }
-        }
-        // No cached token, fetch from server
-        return this.fetchFreshToken();
-    }
-    /**
-     * Call API endpoint to acquire a CSRF token and cache it.
-     *
-     * @private
-     */
-    async fetchFreshToken() {
-        try {
-            const response = await fetch(CSRF_TOKEN_ENDPOINT, {
-                method: 'GET',
-                credentials: 'same-origin',
-            });
-            if (!response.ok) {
-                return undefined;
-            }
-            const data = await response.json();
-            const token = data.csrfToken;
-            if (token && this.storage) {
-                // Cache the token in AuraStorage
-                try {
-                    await this.storage.set(CSRF_TOKEN_KEY, token);
-                }
-                catch {
-                    // Non-fatal: token is still available even if caching fails
-                }
-            }
-            return token;
-        }
-        catch {
-            return undefined;
-        }
-    }
-    /**
-     * Returns the current token value as a Promise.
-     * Lazy-loads the token on first call (from cache or by fetching).
-     */
-    async getToken() {
-        // Lazy initialization: only fetch token when actually needed
-        if (!this.tokenPromise) {
-            this.tokenPromise = this.loadOrFetchToken();
-        }
-        return this.tokenPromise;
-    }
-    /**
-     * Obtains and returns a new token value as a promise.
-     * This will clear the cached token and fetch a fresh one.
-     *
-     * Concurrent calls coalesce onto a single in-flight refresh — important when
-     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
-     * retry policy independently calls refreshToken(). Without this, every caller
-     * triggers its own /session/csrf round-trip.
-     */
-    refreshToken() {
-        if (this.refreshInFlight) {
-            return this.refreshInFlight;
+function buildLuvioErrorBodyNormalizationInterceptor() {
+    return async (response) => {
+        if (!response.ok && Array.isArray(response.body)) {
+            const allErrors = response.body;
+            response.body = {
+                ...allErrors[0],
+                statusCode: response.status,
+                enhancedErrorInfo: {
+                    allErrors,
+                },
+            };
         }
-        const refresh = (async () => {
-            if (this.storage) {
-                try {
-                    await this.storage.remove(CSRF_TOKEN_KEY);
-                }
-                catch {
-                    // Non-fatal: continue with refresh even if clear fails
-                }
-            }
-            return this.fetchFreshToken();
-        })();
-        this.refreshInFlight = refresh;
-        this.tokenPromise = refresh;
-        // Clear the in-flight reference once settled (success or failure) so
-        // subsequent token expirations can trigger a fresh refresh.
-        refresh.finally(() => {
-            if (this.refreshInFlight === refresh) {
-                this.refreshInFlight = null;
-            }
+        return response;
+    };
+}
+
+/**
+ * Service name the CSRF token manager is registered under by
+ * `initializeOneStore` (see `buildRenewableResourceManagerDescriptor`).
+ */
+const CSRF_TOKEN_MANAGER_SERVICE = 'csrfTokenManager';
+const CSRF_TOKEN_MANAGER_REQUEST = {
+    [CSRF_TOKEN_MANAGER_SERVICE]: {
+        type: CSRF_TOKEN_MANAGER_SERVICE,
+        version: '1.0',
+    },
+};
+let cached;
+/**
+ * Resolves the CSRF token manager from the service provisioner.
+ *
+ * The manager is registered during `initializeOneStore`, which runs before any
+ * request flows; the interceptors and retry policies that call this resolve
+ * lazily (per request / per retry), so the service is always available by then.
+ *
+ * The resolved promise is memoized so resolution happens once rather than per
+ * request. A rejection is NOT memoized — `getServices` rejects when the service
+ * is unavailable, and caching that would permanently wedge CSRF handling — so a
+ * later call retries the resolution.
+ */
+function getCsrfTokenManager() {
+    if (!cached) {
+        cached = Promise.resolve(getServices(CSRF_TOKEN_MANAGER_REQUEST))
+            .then((services) => services[CSRF_TOKEN_MANAGER_SERVICE])
+            .catch((error) => {
+            cached = undefined;
+            throw error;
         });
-        return refresh;
-    }
-    /**
-     * Reset the singleton instance (useful for testing).
-     * @internal
-     */
-    static resetInstance() {
-        CsrfTokenManager.instance = null;
     }
+    return cached;
 }
-CsrfTokenManager.instance = null;
 
 const CSRF_TOKEN_HEADER = 'X-CSRF-Token';
+/**
+ * Resolves the CSRF token manager and returns the current token. Returns
+ * `undefined` if the manager cannot be resolved (service not yet provisioned)
+ * or has no token, so a request is never blocked by token resolution.
+ */
+async function getCsrfToken() {
+    try {
+        const manager = await getCsrfTokenManager();
+        return await manager.get();
+    }
+    catch {
+        return undefined;
+    }
+}
 /**
  * Checks if all required gates are enabled for CSRF token interceptor.
  *
@@ -6301,7 +6310,6 @@ function isCsrfMethod(method) {
  * @returns A RequestInterceptor function for FetchParameters
  */
 function buildCsrfTokenInterceptor() {
-    const csrfTokenManager = CsrfTokenManager.getInstance();
     return async (fetchArgs) => {
         // Check if all required gates are enabled before running
         if (!areCsrfGatesEnabled()) {
@@ -6318,7 +6326,7 @@ function buildCsrfTokenInterceptor() {
         }
         // Only add CSRF token for mutating operations
         if (isCsrfMethod(method)) {
-            const token = await csrfTokenManager.getToken();
+            const token = await getCsrfToken();
             if (token) {
                 // eslint-disable-next-line no-param-reassign
                 fetchArgs = setHeader(CSRF_TOKEN_HEADER, token, fetchArgs);
@@ -6335,7 +6343,6 @@ function buildCsrfTokenInterceptor() {
  * @returns A request interceptor function for Luvio ResourceRequest objects
  */
 function buildLuvioCsrfTokenInterceptor() {
-    const csrfTokenManager = CsrfTokenManager.getInstance();
     return async (resourceRequest) => {
         // Check if all required gates are enabled before running
         if (!areCsrfGatesEnabled()) {
@@ -6349,7 +6356,7 @@ function buildLuvioCsrfTokenInterceptor() {
         if (isCsrfMethod(resourceRequest.method)) {
             // Don't overwrite existing CSRF token header if it already exists
             if (!resourceRequest.headers[CSRF_TOKEN_HEADER]) {
-                const token = await csrfTokenManager.getToken();
+                const token = await getCsrfToken();
                 if (token) {
                     resourceRequest.headers[CSRF_TOKEN_HEADER] = token;
                 }
@@ -6389,6 +6396,39 @@ function buildLuvioEntityEncodingInterceptor() {
     };
 }
 
+const FIRST_PARTY_HEADER = 'X-Salesforce-First-Party';
+const FIRST_PARTY_VALUE = 'platform-ui';
+/**
+ * Builds a request interceptor that adds the LDS first party header to every
+ * outbound request.
+ *
+ * @returns A RequestInterceptor function for FetchParameters
+ */
+function buildFirstPartyHeaderInterceptor() {
+    return async (fetchArgs) => {
+        const returnedFetchArgs = setHeader(FIRST_PARTY_HEADER, FIRST_PARTY_VALUE, fetchArgs);
+        return resolvedPromiseLike$2(returnedFetchArgs);
+    };
+}
+/**
+ * Builds a Luvio request interceptor that adds the LDS first party header to
+ * every outbound `ResourceRequest`. See {@link buildFirstPartyHeaderInterceptor} for
+ * the header semantics.
+ *
+ * @returns A request interceptor for Luvio ResourceRequest objects
+ */
+function buildLuvioFirstPartyHeaderInterceptor() {
+    return async (resourceRequest) => {
+        if (!resourceRequest.headers) {
+            resourceRequest.headers = {};
+        }
+        if (!resourceRequest.headers[FIRST_PARTY_HEADER]) {
+            resourceRequest.headers[FIRST_PARTY_HEADER] = FIRST_PARTY_VALUE;
+        }
+        return resolvedPromiseLike$2(resourceRequest);
+    };
+}
+
 function createInstrumentationIdContext() {
     return () => ({
         instrumentationId: generateRequestId(),
@@ -6618,7 +6658,6 @@ class LuvioCsrfTokenRetryPolicy extends RetryPolicy {
     constructor(config = DEFAULT_CONFIG$3) {
         super();
         this.config = config;
-        this.csrfTokenManager = CsrfTokenManager.getInstance();
     }
     setRequestContext(context) {
         this.requestContext = context;
@@ -6640,11 +6679,20 @@ class LuvioCsrfTokenRetryPolicy extends RetryPolicy {
         if (!this.requestContext) {
             return;
         }
-        const newToken = await this.csrfTokenManager.refreshToken();
+        let newToken;
+        try {
+            const manager = await getCsrfTokenManager();
+            newToken = await manager.refresh();
+        }
+        catch {
+            // Manager unavailable — drop the stale token below so the request
+            // interceptor refetches on the retry.
+            newToken = undefined;
+        }
         const req = this.requestContext.request;
         const { [CSRF_TOKEN_HEADER]: _stale, ...remainingHeaders } = req.headers ?? {};
         // If refresh failed, drop the stale token entirely so the request interceptor
-        // will fetch a fresh one via getToken() on the retry.
+        // will fetch a fresh one via get() on the retry.
         const headers = newToken
             ? { ...remainingHeaders, [CSRF_TOKEN_HEADER]: newToken }
             : remainingHeaders;
@@ -7149,12 +7197,14 @@ const composedFetchNetworkAdapter = {
             buildLuvioTransportMarksSendInterceptor(),
             buildLuvioPageScopedCacheRequestInterceptor(),
             buildLuvioCsrfTokenInterceptor(),
+            buildLuvioFirstPartyHeaderInterceptor(),
             buildLuvioEntityEncodingInterceptor(),
         ],
         retry: buildLuvioFetchRetryInterceptor(),
         response: [
             buildLexRuntimeLuvio5xxStatusResponseInterceptor(),
             buildLexRuntimeLuvioAuthExpirationRedirectResponseInterceptor(),
+            buildLuvioErrorBodyNormalizationInterceptor(),
             buildLuvioTransportMarksReceiveInterceptor(),
             buildLuvioActionMarksReceiveInterceptor(),
         ],
@@ -7199,7 +7249,6 @@ class CsrfTokenRetryPolicy extends RetryPolicy {
     constructor(config = DEFAULT_CONFIG$1) {
         super();
         this.config = config;
-        this.csrfTokenManager = CsrfTokenManager.getInstance();
     }
     /**
      * Allows the fetch service to pass mutable request context.
@@ -7251,7 +7300,15 @@ class CsrfTokenRetryPolicy extends RetryPolicy {
      */
     async prepareRetry(_result, _context) {
         // Refresh the CSRF token (we already know this is a CSRF error from shouldRetry)
-        const newToken = await this.csrfTokenManager.refreshToken();
+        let newToken;
+        try {
+            const manager = await getCsrfTokenManager();
+            newToken = await manager.refresh();
+        }
+        catch {
+            // Manager unavailable — the retry will fail again, which is expected.
+            newToken = undefined;
+        }
         if (!newToken || !this.requestContext) {
             // If we can't get a new token or don't have request context,
             // the retry will fail again but that's expected
@@ -10084,6 +10141,7 @@ function getLexRuntimeDefaultInterceptorConfig(logger) {
             buildTransportMarksSendInterceptor(),
             buildCsrfTokenInterceptor(),
             buildEntityEncodingInterceptor(),
+            buildFirstPartyHeaderInterceptor(),
         ],
         retry: buildCsrfRetryInterceptor(),
         response: [
@@ -10195,6 +10253,149 @@ class FetchThrottlingRetryPolicy extends RetryPolicy {
     }
 }
 
+const CSRF_TOKEN_KEY = 'salesforce_csrf_token';
+const CSRF_STORAGE_NAME = 'ldsCSRFToken';
+const BASE_URI = '/services/data/v68.0';
+const UI_API_BASE_URI = `${BASE_URI}/ui-api`;
+const CSRF_TOKEN_ENDPOINT = `${UI_API_BASE_URI}/session/csrf`;
+const CSRF_STORAGE_CONFIG = {
+    name: CSRF_STORAGE_NAME,
+    persistent: true,
+    secure: true,
+    maxSize: 1024,
+    expiration: 24 * 60 * 60,
+    clearOnInit: false,
+    debugLogging: false,
+};
+/**
+ * Reads the CSRF token Aura preloads onto the bootstrap payload. When the
+ * Connect Framework CSRF token is minted at template-render time it is exposed
+ * via `$A.clientService.getConnectCsrfToken()`. Reading it here lets the first
+ * state-changing request skip the cold `/ui-api/session/csrf` round trip.
+ *
+ * Defensive against a missing getter or server killswitch: returns `undefined`,
+ * never throws.
+ */
+function readPreloadedToken() {
+    const clientService = getAuraClientService();
+    if (typeof clientService?.getConnectCsrfToken !== 'function') {
+        return undefined;
+    }
+    try {
+        const token = clientService.getConnectCsrfToken();
+        return typeof token === 'string' && token ? token : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Fetches a fresh CSRF token from the server. Resolves `undefined` (not a
+ * rejection) on any non-ok response, missing token, or network/parse error so
+ * the manager treats it as "no value" and leaves any cached token intact. The
+ * CSRF retry policy — not this fetch — owns retry semantics.
+ */
+async function fetchFreshToken() {
+    try {
+        const response = await fetch(CSRF_TOKEN_ENDPOINT, {
+            method: 'GET',
+            credentials: 'same-origin',
+        });
+        if (!response.ok) {
+            return undefined;
+        }
+        const data = await response.json();
+        const token = data.csrfToken;
+        return typeof token === 'string' && token ? token : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Adapts the durable AuraStorage backing store to the {@link ResourceStorage}
+ * contract the renewable-resource manager expects.
+ *
+ * The Aura-preloaded token is written into the store **once at creation** (only
+ * when the store is otherwise empty), so the first `get()` finds it and the
+ * first mutation skips the network. Seeding the store — rather than having
+ * `get()` fall back to the preload on every empty read — means a later
+ * `clear()` (logout / org switch) is not silently resurrected by the preload.
+ *
+ * Every operation awaits the one-time seed so reads and writes observe a
+ * consistent store. Storage read/write failures are non-fatal.
+ */
+function buildCsrfResourceStorage() {
+    const storage = createStorage(CSRF_STORAGE_CONFIG);
+    // Pre-seed the preloaded token into the store, once, if the store is empty.
+    const seeded = (async () => {
+        const preloadedToken = readPreloadedToken();
+        if (!storage || !preloadedToken) {
+            return;
+        }
+        try {
+            const existing = await storage.get(CSRF_TOKEN_KEY);
+            if (typeof existing !== 'string' || !existing) {
+                await storage.set(CSRF_TOKEN_KEY, preloadedToken);
+            }
+        }
+        catch {
+            // Non-fatal: fall back to fetching a fresh token on first use.
+        }
+    })();
+    return {
+        get: async () => {
+            await seeded;
+            if (storage) {
+                try {
+                    const cached = await storage.get(CSRF_TOKEN_KEY);
+                    if (typeof cached === 'string' && cached) {
+                        return cached;
+                    }
+                }
+                catch {
+                    // Non-fatal: treat as a cache miss so the manager fetches.
+                }
+            }
+            return undefined;
+        },
+        set: async (value) => {
+            await seeded;
+            if (storage) {
+                try {
+                    await storage.set(CSRF_TOKEN_KEY, value);
+                }
+                catch {
+                    // Non-fatal: token is still usable even if caching fails.
+                }
+            }
+        },
+        clear: async () => {
+            await seeded;
+            if (storage) {
+                try {
+                    await storage.remove(CSRF_TOKEN_KEY);
+                }
+                catch {
+                    // Non-fatal: continue even if the clear fails.
+                }
+            }
+        },
+    };
+}
+/**
+ * Builds the CSRF token manager: a {@link BasicRenewableResourceManager} that
+ * lazily caches the token in durable storage, coalesces concurrent fetches onto
+ * a single in-flight request, and dedups refresh storms. Registered as a
+ * provisioner service (`csrfTokenManager`) by `initializeOneStore`.
+ */
+function buildCsrfTokenManager() {
+    return new BasicRenewableResourceManager({
+        fetch: fetchFreshToken,
+        storage: buildCsrfResourceStorage(),
+    });
+}
+
 /* eslint-disable no-console */
 /**
  * Default storage configuration for the durable cache
@@ -10789,6 +10990,7 @@ function initializeOneStore(luvio) {
     const retryPolicy = new ComposedRetryPolicy([throttlingPolicy, csrfPolicy]);
     const retryServiceDescriptor = buildServiceDescriptor$8(retryPolicy);
     const retryService = retryServiceDescriptor.service;
+    const csrfTokenManagerServiceDescriptor = buildRenewableResourceManagerDescriptor(CSRF_TOKEN_MANAGER_SERVICE, buildCsrfTokenManager());
     const prefetchSfapJwtServiceDescriptor = {
         type: 'prefetchSfapJwt',
         version: '1.0',
@@ -10836,6 +11038,7 @@ function initializeOneStore(luvio) {
         buildLWCGraphQLWireBindingsServiceDescriptor(),
         configServiceDescriptor,
         prefetchSfapJwtServiceDescriptor,
+        csrfTokenManagerServiceDescriptor,
     ];
     setServices(services);
 }
@@ -10855,4 +11058,4 @@ function ldsEngineCreator() {
 }
 
 export { LexRequestStrategy, PdlPrefetcherEventType, PdlRequestPriority, buildPredictorForContext, configService, ldsEngineCreator as default, initializeLDS, initializeOneStore, notifyUpdateAvailableFactory, registerRequestStrategy, saveRequestAsPrediction, subscribeToPrefetcherEvents, unregisterRequestStrategy, whenPredictionsReady };
-// version: 1.442.0-e47893165a
+// version: 1.443.0-be70f6bb6e

package/dist/types/aura-utils.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Helpers for reaching the Aura framework from the LDS Aura runtime.
+ *
+ * `window.$A` is only present when the runtime is hosted inside LEX; in tests
+ * and non-Aura runtimes it is absent. Centralizing the guarded access keeps the
+ * `$A` lookup in one place instead of duplicating the `environmentHasAura`
+ * check across modules.
+ */
+/**
+ * The subset of the Aura client service LDS reaches for. Methods are optional
+ * because availability depends on the host's Aura version and server gates.
+ */
+export interface AuraClientService {
+    maxAllowedParallelXHRCounts?: () => number;
+    getConnectCsrfToken?: () => unknown;
+}
+/**
+ * Returns `$A.clientService` when running inside an Aura environment, or
+ * `undefined` otherwise. Defensive: never throws.
+ */
+export declare function getAuraClientService(): AuraClientService | undefined;

package/dist/types/request-interceptors/csrf-manager.d.ts

@@ -1,45 +1,8 @@
+import { type RenewableResourceManager } from '@conduit-client/service-renewable-resource-manager/v1';
 /**
- * Manages CSRF token fetching and caching for secure requests.
- * Implements a singleton pattern to ensure consistent token management across the application.
+ * Builds the CSRF token manager: a {@link BasicRenewableResourceManager} that
+ * lazily caches the token in durable storage, coalesces concurrent fetches onto
+ * a single in-flight request, and dedups refresh storms. Registered as a
+ * provisioner service (`csrfTokenManager`) by `initializeOneStore`.
  */
-declare class CsrfTokenManager {
-    private static instance;
-    private tokenPromise;
-    private refreshInFlight;
-    private storage;
-    private constructor();
-    static getInstance(): CsrfTokenManager;
-    /**
-     * Obtain a CSRF token, either from AuraStorage or by fetching a fresh one.
-     *
-     * @private
-     */
-    private loadOrFetchToken;
-    /**
-     * Call API endpoint to acquire a CSRF token and cache it.
-     *
-     * @private
-     */
-    private fetchFreshToken;
-    /**
-     * Returns the current token value as a Promise.
-     * Lazy-loads the token on first call (from cache or by fetching).
-     */
-    getToken(): Promise<string | undefined>;
-    /**
-     * Obtains and returns a new token value as a promise.
-     * This will clear the cached token and fetch a fresh one.
-     *
-     * Concurrent calls coalesce onto a single in-flight refresh — important when
-     * multiple requests fail with INVALID_ACCESS_TOKEN simultaneously and each
-     * retry policy independently calls refreshToken(). Without this, every caller
-     * triggers its own /session/csrf round-trip.
-     */
-    refreshToken(): Promise<string | undefined>;
-    /**
-     * Reset the singleton instance (useful for testing).
-     * @internal
-     */
-    static resetInstance(): void;
-}
-export { CsrfTokenManager };
+export declare function buildCsrfTokenManager(): RenewableResourceManager<string>;

package/dist/types/request-interceptors/csrf-service.d.ts

@@ -0,0 +1,19 @@
+import type { RenewableResourceManager } from '@conduit-client/service-renewable-resource-manager/v1';
+/**
+ * Service name the CSRF token manager is registered under by
+ * `initializeOneStore` (see `buildRenewableResourceManagerDescriptor`).
+ */
+export declare const CSRF_TOKEN_MANAGER_SERVICE = "csrfTokenManager";
+/**
+ * Resolves the CSRF token manager from the service provisioner.
+ *
+ * The manager is registered during `initializeOneStore`, which runs before any
+ * request flows; the interceptors and retry policies that call this resolve
+ * lazily (per request / per retry), so the service is always available by then.
+ *
+ * The resolved promise is memoized so resolution happens once rather than per
+ * request. A rejection is NOT memoized — `getServices` rejects when the service
+ * is unavailable, and caching that would permanently wedge CSRF handling — so a
+ * later call retries the resolution.
+ */
+export declare function getCsrfTokenManager(): Promise<RenewableResourceManager<string>>;

package/dist/types/request-interceptors/first-party-header.d.ts

@@ -0,0 +1,17 @@
+import { type RequestInterceptor } from '@conduit-client/service-fetch-network/v1';
+import type { ResourceRequest } from '@luvio/engine';
+/**
+ * Builds a request interceptor that adds the LDS first party header to every
+ * outbound request.
+ *
+ * @returns A RequestInterceptor function for FetchParameters
+ */
+export declare function buildFirstPartyHeaderInterceptor(): RequestInterceptor;
+/**
+ * Builds a Luvio request interceptor that adds the LDS first party header to
+ * every outbound `ResourceRequest`. See {@link buildFirstPartyHeaderInterceptor} for
+ * the header semantics.
+ *
+ * @returns A request interceptor for Luvio ResourceRequest objects
+ */
+export declare function buildLuvioFirstPartyHeaderInterceptor(): (resourceRequest: ResourceRequest) => Promise<ResourceRequest>;

package/dist/types/response-interceptors/error-body-normalization.d.ts

@@ -0,0 +1,20 @@
+import type { ResponseInterceptor as LuvioResponseInterceptor } from '@salesforce/lds-network-fetch';
+/**
+ * Normalizes Connect REST error envelopes into the Aura Shape A
+ * (ConnectInJava) shape, so consumers can read `response.body.errorCode`
+ * regardless of transport.
+ *
+ * - HTTP error envelope (this path): `[{ errorCode, message }, ...]`
+ * - Aura Shape A: `{ errorCode, message, statusCode, ... }`
+ *
+ * The full array is preserved at `body.enhancedErrorInfo.allErrors` since
+ * Connect can return multiple errors per response.
+ *
+ * Aura Shape B (`{ error: "..." }`) is an Aura-only fallback that never
+ * appears on the HTTP path, so no normalization is needed for it here.
+ *
+ * Ordering: must run AFTER any other interceptor that inspects the raw
+ * error body shape (e.g. the 5xx interceptor's ErrorId extraction reads
+ * `body[0].message` from the array form).
+ */
+export declare function buildLuvioErrorBodyNormalizationInterceptor(): LuvioResponseInterceptor;

package/dist/types/retry-policies/csrf-token-retry-policy.d.ts

@@ -26,7 +26,6 @@ export interface MutableFetchRequest {
  */
 export declare class CsrfTokenRetryPolicy extends RetryPolicy<Response> {
     private config;
-    private csrfTokenManager;
     private requestContext?;
     constructor(config?: CsrfTokenRetryPolicyConfig);
     /**

package/dist/types/retry-policies/luvio-csrf-token-retry-policy.d.ts

@@ -12,7 +12,6 @@ export interface MutableLuvioRequest {
 }
 export declare class LuvioCsrfTokenRetryPolicy extends RetryPolicy<FetchResponse<any>> {
     private config;
-    private csrfTokenManager;
     private requestContext?;
     constructor(config?: LuvioCsrfTokenRetryPolicyConfig);
     setRequestContext(context: MutableLuvioRequest): void;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-aura",
-    "version": "1.442.0",
+    "version": "1.443.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Aura runtime.",
     "main": "dist/ldsEngineCreator.js",
@@ -34,60 +34,61 @@
         "release:corejar": "yarn build && ../core-build/scripts/core.js --name=lds-runtime-aura"
     },
     "devDependencies": {
-        "@conduit-client/service-provisioner": "3.21.0",
-        "@conduit-client/tools-core": "3.21.0",
-        "@salesforce/lds-adapters-apex": "^1.442.0",
-        "@salesforce/lds-adapters-uiapi": "^1.442.0",
-        "@salesforce/lds-ads-bridge": "^1.442.0",
-        "@salesforce/lds-aura-storage": "^1.442.0",
-        "@salesforce/lds-bindings": "^1.442.0",
-        "@salesforce/lds-instrumentation": "^1.442.0",
-        "@salesforce/lds-network-adapter": "^1.442.0",
-        "@salesforce/lds-network-aura": "^1.442.0",
-        "@salesforce/lds-network-fetch": "^1.442.0",
+        "@conduit-client/service-provisioner": "3.22.0",
+        "@conduit-client/tools-core": "3.22.0",
+        "@salesforce/lds-adapters-apex": "^1.443.0",
+        "@salesforce/lds-adapters-uiapi": "^1.443.0",
+        "@salesforce/lds-ads-bridge": "^1.443.0",
+        "@salesforce/lds-aura-storage": "^1.443.0",
+        "@salesforce/lds-bindings": "^1.443.0",
+        "@salesforce/lds-instrumentation": "^1.443.0",
+        "@salesforce/lds-network-adapter": "^1.443.0",
+        "@salesforce/lds-network-aura": "^1.443.0",
+        "@salesforce/lds-network-fetch": "^1.443.0",
         "jwt-encode": "1.0.1"
     },
     "dependencies": {
-        "@conduit-client/command-aura-graphql-normalized-cache-control": "3.21.0",
-        "@conduit-client/command-aura-network": "3.21.0",
-        "@conduit-client/command-aura-normalized-cache-control": "3.21.0",
-        "@conduit-client/command-aura-resource-cache-control": "3.21.0",
-        "@conduit-client/command-fetch-network": "3.21.0",
-        "@conduit-client/command-http-graphql-normalized-cache-control": "3.21.0",
-        "@conduit-client/command-http-normalized-cache-control": "3.21.0",
-        "@conduit-client/command-ndjson": "3.21.0",
-        "@conduit-client/command-network": "3.21.0",
-        "@conduit-client/command-sse": "3.21.0",
-        "@conduit-client/command-streaming": "3.21.0",
-        "@conduit-client/service-aura-network": "3.21.0",
-        "@conduit-client/service-bindings-imperative": "3.21.0",
-        "@conduit-client/service-bindings-lwc": "3.21.0",
-        "@conduit-client/service-cache": "3.21.0",
-        "@conduit-client/service-cache-control": "3.21.0",
-        "@conduit-client/service-cache-inclusion-policy": "3.21.0",
-        "@conduit-client/service-config": "3.21.0",
-        "@conduit-client/service-feature-flags": "3.21.0",
-        "@conduit-client/service-fetch-network": "3.21.0",
-        "@conduit-client/service-instrument-command": "3.21.0",
-        "@conduit-client/service-pubsub": "3.21.0",
-        "@conduit-client/service-store": "3.21.0",
-        "@conduit-client/utils": "3.21.0",
+        "@conduit-client/command-aura-graphql-normalized-cache-control": "3.22.0",
+        "@conduit-client/command-aura-network": "3.22.0",
+        "@conduit-client/command-aura-normalized-cache-control": "3.22.0",
+        "@conduit-client/command-aura-resource-cache-control": "3.22.0",
+        "@conduit-client/command-fetch-network": "3.22.0",
+        "@conduit-client/command-http-graphql-normalized-cache-control": "3.22.0",
+        "@conduit-client/command-http-normalized-cache-control": "3.22.0",
+        "@conduit-client/command-ndjson": "3.22.0",
+        "@conduit-client/command-network": "3.22.0",
+        "@conduit-client/command-sse": "3.22.0",
+        "@conduit-client/command-streaming": "3.22.0",
+        "@conduit-client/service-aura-network": "3.22.0",
+        "@conduit-client/service-bindings-imperative": "3.22.0",
+        "@conduit-client/service-bindings-lwc": "3.22.0",
+        "@conduit-client/service-cache": "3.22.0",
+        "@conduit-client/service-cache-control": "3.22.0",
+        "@conduit-client/service-cache-inclusion-policy": "3.22.0",
+        "@conduit-client/service-config": "3.22.0",
+        "@conduit-client/service-feature-flags": "3.22.0",
+        "@conduit-client/service-fetch-network": "3.22.0",
+        "@conduit-client/service-instrument-command": "3.22.0",
+        "@conduit-client/service-pubsub": "3.22.0",
+        "@conduit-client/service-renewable-resource-manager": "3.22.0",
+        "@conduit-client/service-store": "3.22.0",
+        "@conduit-client/utils": "3.22.0",
         "@luvio/network-adapter-composable": "0.160.5",
         "@luvio/network-adapter-fetch": "0.160.5",
         "@lwc/state": "^0.29.0",
-        "@salesforce/lds-adapters-onestore-graphql": "^1.442.0",
+        "@salesforce/lds-adapters-onestore-graphql": "^1.443.0",
         "@salesforce/lds-adapters-uiapi-lex": "^1.415.0",
-        "@salesforce/lds-durable-storage": "^1.442.0",
-        "@salesforce/lds-luvio-service": "^1.442.0",
-        "@salesforce/lds-luvio-uiapi-records-service": "^1.442.0"
+        "@salesforce/lds-durable-storage": "^1.443.0",
+        "@salesforce/lds-luvio-service": "^1.443.0",
+        "@salesforce/lds-luvio-uiapi-records-service": "^1.443.0"
     },
     "luvioBundlesize": [
         {
             "path": "./dist/ldsEngineCreator.js",
             "maxSize": {
-                "none": "383 kB",
+                "none": "390 kB",
                 "min": "190 kB",
-                "compressed": "64.5 kB"
+                "compressed": "65.5 kB"
             }
         }
     ],