@webex/webex-core 3.10.0 → 3.11.0

package/dist/lib/services/services.js

@@ -11,11 +11,16 @@ _Object$defineProperty(exports, "__esModule", {
   value: true
 });
 exports.default = exports.DEFAULT_CLUSTER_SERVICE = exports.DEFAULT_CLUSTER = void 0;
-var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
+var _regenerator = _interopRequireDefault(require("@babel/runtime-corejs2/regenerator"));
+var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/asyncToGenerator"));
 var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/defineProperty"));
+var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
 var _weakMap = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/weak-map"));
+var _entries = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/entries"));
 var _keys = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/keys"));
 var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
+var _now = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/date/now"));
+var _stringify = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/json/stringify"));
 var _sha = _interopRequireDefault(require("crypto-js/sha256"));
 var _lodash = require("lodash");
 var _webexPlugin = _interopRequireDefault(require("../webex-plugin"));
@@ -35,6 +40,8 @@ var DEFAULT_CLUSTER = exports.DEFAULT_CLUSTER = 'urn:TEAM:us-east-2_a';
 var DEFAULT_CLUSTER_SERVICE = exports.DEFAULT_CLUSTER_SERVICE = 'identityLookup';
 var CLUSTER_SERVICE = process.env.WEBEX_CONVERSATION_CLUSTER_SERVICE || DEFAULT_CLUSTER_SERVICE;
 var DEFAULT_CLUSTER_IDENTIFIER = process.env.WEBEX_CONVERSATION_DEFAULT_CLUSTER || "".concat(DEFAULT_CLUSTER, ":").concat(CLUSTER_SERVICE);
+var CATALOG_CACHE_KEY_V1 = 'services.v1.u2cHostMap';
+var CATALOG_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
 
 /* eslint-disable no-underscore-dangle */
 /**
@@ -69,6 +76,8 @@ var Services = _webexPlugin.default.extend({
   _catalogs: new _weakMap.default(),
   _serviceUrls: null,
   _hostCatalog: null,
+  // Map of active cluster ids per service, e.g. { wdm: 'urn:TEAM:ap-southeast-2_m:wdm' }
+  _activeServices: {},
   /**
    * Get the registry associated with this webex instance.
    *
@@ -98,6 +107,45 @@ var Services = _webexPlugin.default.extend({
   _getCatalog: function _getCatalog() {
     return this._catalogs.get(this.webex);
   },
+  /**
+   * Safely access localStorage if available; returns the Storage or null.
+   * @returns {Storage|null}
+   */
+  _getLocalStorageSafe: function _getLocalStorageSafe() {
+    if (typeof window !== 'undefined' && window.localStorage) {
+      return window.localStorage;
+    }
+    return null;
+  },
+  /**
+   * Determine the intended preauth selection based on the current context.
+   * @param {string|undefined} currentOrgId
+   * @returns {{selectionType: string, selectionValue: string}}
+   */
+  getIntendedPreauthSelection: function getIntendedPreauthSelection(currentOrgId) {
+    var _this$webex$credentia;
+    if ((_this$webex$credentia = this.webex.credentials) !== null && _this$webex$credentia !== void 0 && _this$webex$credentia.canAuthorize) {
+      if (currentOrgId) {
+        return {
+          selectionType: 'orgId',
+          selectionValue: currentOrgId
+        };
+      }
+    }
+    var emailConfig = this.webex.config && this.webex.config.email;
+    if (typeof emailConfig === 'string' && emailConfig.trim()) {
+      return {
+        selectionType: 'emailhash',
+        selectionValue: (0, _sha.default)(emailConfig.toLowerCase()).toString()
+      };
+    }
+
+    // fall back to proximity mode when no orgId or email available
+    return {
+      selectionType: 'mode',
+      selectionValue: 'DEFAULT_BY_PROXIMITY'
+    };
+  },
   /**
    * Get a service url from the current services list by name
    * from the associated instance catalog.
@@ -156,6 +204,53 @@ var Services = _webexPlugin.default.extend({
     var catalog = this._getCatalog();
     return catalog.markFailedUrl(url, noPriorityHosts);
   },
+  /**
+   * Get all Mobius cluster host entries from the legacy host catalog.
+   * @returns {Array<{host: string, id: string, ttl: number, priority: number}>}
+   */
+  getMobiusClusters: function getMobiusClusters() {
+    this.logger.info('services: fetching mobius clusters');
+    var clusters = [];
+    var hostCatalog = this._hostCatalog || {};
+    (0, _entries.default)(hostCatalog).forEach(function (_ref) {
+      var _ref2 = (0, _slicedToArray2.default)(_ref, 2),
+        host = _ref2[0],
+        entries = _ref2[1];
+      (entries || []).forEach(function (entry) {
+        if (typeof (entry === null || entry === void 0 ? void 0 : entry.id) === 'string' && entry.id.endsWith(':mobius')) {
+          // Ensure host is included; prefer entry.host if present, else use the map key
+          var withHost = entry.host ? entry.host : host;
+          // Skip duplicates for the same host
+          if (!clusters.find(function (c) {
+            return c && c.host === withHost;
+          })) {
+            clusters.push(_objectSpread(_objectSpread({}, entry), {}, {
+              host: withHost
+            }));
+          }
+        }
+      });
+    });
+    return clusters;
+  },
+  /**
+   * Check is valid host from the legacy host catalog.
+   * @param {string} host
+   * @returns {Boolean}
+   */
+  isValidHost: function isValidHost(host) {
+    var _hostCatalog$host;
+    var hostCatalog = this._hostCatalog || {};
+    return !!((_hostCatalog$host = hostCatalog[host]) !== null && _hostCatalog$host !== void 0 && _hostCatalog$host.length);
+  },
+  /**
+   * Merge provided active cluster mappings into current state.
+   * @param {Record<string,string>} activeServices
+   * @returns {void}
+   */
+  _updateActiveServices: function _updateActiveServices(activeServices) {
+    this._activeServices = _objectSpread(_objectSpread({}, this._activeServices), activeServices);
+  },
   /**
    * saves all the services from the pre and post catalog service
    * @param {Object} serviceUrls
@@ -186,63 +281,88 @@ var Services = _webexPlugin.default.extend({
    * @returns {Promise<object>}
    */
   updateServices: function updateServices() {
-    var _this = this;
-    var _ref = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
-      from = _ref.from,
-      query = _ref.query,
-      token = _ref.token,
-      forceRefresh = _ref.forceRefresh;
-    var catalog = this._getCatalog();
-    var formattedQuery;
-    var serviceGroup;
-
-    // map catalog name to service group name.
-    switch (from) {
-      case 'limited':
-        serviceGroup = 'preauth';
-        break;
-      case 'signin':
-        serviceGroup = 'signin';
-        break;
-      default:
-        serviceGroup = 'postauth';
-        break;
-    }
-
-    // confirm catalog update for group is not in progress.
-    if (catalog.status[serviceGroup].collecting) {
-      return this.waitForCatalog(serviceGroup);
-    }
-    catalog.status[serviceGroup].collecting = true;
-    if (serviceGroup === 'preauth') {
-      var queryKey = query && (0, _keys.default)(query)[0];
-      if (!['email', 'emailhash', 'userId', 'orgId', 'mode'].includes(queryKey)) {
-        return _promise.default.reject(new Error('a query param of email, emailhash, userId, orgId, or mode is required'));
-      }
-    }
-    // encode email when query key is email
-    if (serviceGroup === 'preauth' || serviceGroup === 'signin') {
-      var _queryKey = (0, _keys.default)(query)[0];
-      formattedQuery = {};
-      if (_queryKey === 'email' && query.email) {
-        formattedQuery.emailhash = (0, _sha.default)(query.email.toLowerCase()).toString();
-      } else {
-        formattedQuery[_queryKey] = query[_queryKey];
-      }
-    }
-    return this._fetchNewServiceHostmap({
-      from: from,
-      token: token,
-      query: formattedQuery,
-      forceRefresh: forceRefresh
-    }).then(function (serviceHostMap) {
-      catalog.updateServiceUrls(serviceGroup, serviceHostMap);
-      _this.updateCredentialsConfig();
-      catalog.status[serviceGroup].collecting = false;
-    }).catch(function (error) {
-      catalog.status[serviceGroup].collecting = false;
-      return _promise.default.reject(error);
-    });
+    var _arguments = arguments,
+      _this = this;
+    return (0, _asyncToGenerator2.default)(/*#__PURE__*/_regenerator.default.mark(function _callee() {
+      var _ref3, from, query, token, forceRefresh, catalog, formattedQuery, serviceGroup, queryKey, _queryKey, _t;
+      return _regenerator.default.wrap(function (_context) {
+        while (1) switch (_context.prev = _context.next) {
+          case 0:
+            _ref3 = _arguments.length > 0 && _arguments[0] !== undefined ? _arguments[0] : {}, from = _ref3.from, query = _ref3.query, token = _ref3.token, forceRefresh = _ref3.forceRefresh;
+            catalog = _this._getCatalog();
+            _t = from;
+            _context.next = _t === 'limited' ? 1 : _t === 'signin' ? 2 : 3;
+            break;
+          case 1:
+            serviceGroup = 'preauth';
+            return _context.abrupt("continue", 4);
+          case 2:
+            serviceGroup = 'signin';
+            return _context.abrupt("continue", 4);
+          case 3:
+            serviceGroup = 'postauth';
+            return _context.abrupt("continue", 4);
+          case 4:
+            if (!catalog.status[serviceGroup].collecting) {
+              _context.next = 5;
+              break;
+            }
+            return _context.abrupt("return", _this.waitForCatalog(serviceGroup));
+          case 5:
+            catalog.status[serviceGroup].collecting = true;
+            if (!(serviceGroup === 'preauth')) {
+              _context.next = 6;
+              break;
+            }
+            queryKey = query && (0, _keys.default)(query)[0];
+            if (['email', 'emailhash', 'userId', 'orgId', 'mode'].includes(queryKey)) {
+              _context.next = 6;
+              break;
+            }
+            return _context.abrupt("return", _promise.default.reject(new Error('a query param of email, emailhash, userId, orgId, or mode is required')));
+          case 6:
+            // encode email when query key is email
+            if (serviceGroup === 'preauth' || serviceGroup === 'signin') {
+              _queryKey = (0, _keys.default)(query)[0];
+              formattedQuery = {};
+              if (_queryKey === 'email' && query.email) {
+                formattedQuery.emailhash = (0, _sha.default)(query.email.toLowerCase()).toString();
+              } else {
+                formattedQuery[_queryKey] = query[_queryKey];
+              }
+            }
+            return _context.abrupt("return", _this._fetchNewServiceHostmap({
+              from: from,
+              token: token,
+              query: formattedQuery,
+              forceRefresh: forceRefresh
+            }).then(function (serviceHostMap) {
+              var formattedServiceHostMap = _this._formatReceivedHostmap(serviceHostMap);
+              // Build selection metadata for caching discrimination
+              var selectionMeta;
+              if (serviceGroup === 'preauth' || serviceGroup === 'signin') {
+                var key = formattedQuery && (0, _keys.default)(formattedQuery || {})[0];
+                if (key) {
+                  selectionMeta = {
+                    selectionType: key,
+                    selectionValue: formattedQuery[key]
+                  };
+                }
+              }
+              _this._cacheCatalog(serviceGroup, serviceHostMap, selectionMeta);
+              catalog.updateServiceUrls(serviceGroup, formattedServiceHostMap);
+              _this.updateCredentialsConfig();
+              catalog.status[serviceGroup].collecting = false;
+            }).catch(function (error) {
+              catalog.status[serviceGroup].collecting = false;
+              return _promise.default.reject(error);
+            }));
+          case 7:
+          case "end":
+            return _context.stop();
+        }
+      }, _callee);
+    }))();
   },
   /**
    * User validation parameter transfer object for {@link validateUser}.
@@ -267,16 +387,16 @@ var Services = _webexPlugin.default.extend({
    * @param {ValidateUserPTO} - The parameter transfer object.
    * @returns {ValidateUserRTO} - The return transfer object.
    */
-  validateUser: function validateUser(_ref2) {
+  validateUser: function validateUser(_ref4) {
     var _this2 = this;
-    var email = _ref2.email,
-      _ref2$reqId = _ref2.reqId,
-      reqId = _ref2$reqId === void 0 ? 'WEBCLIENT' : _ref2$reqId,
-      _ref2$forceRefresh = _ref2.forceRefresh,
-      forceRefresh = _ref2$forceRefresh === void 0 ? false : _ref2$forceRefresh,
-      _ref2$activationOptio = _ref2.activationOptions,
-      activationOptions = _ref2$activationOptio === void 0 ? {} : _ref2$activationOptio,
-      preloginUserId = _ref2.preloginUserId;
+    var email = _ref4.email,
+      _ref4$reqId = _ref4.reqId,
+      reqId = _ref4$reqId === void 0 ? 'WEBCLIENT' : _ref4$reqId,
+      _ref4$forceRefresh = _ref4.forceRefresh,
+      forceRefresh = _ref4$forceRefresh === void 0 ? false : _ref4$forceRefresh,
+      _ref4$activationOptio = _ref4.activationOptions,
+      activationOptions = _ref4$activationOptio === void 0 ? {} : _ref4$activationOptio,
+      preloginUserId = _ref4.preloginUserId;
     this.logger.info('services: validating a user');
 
     // Validate that an email parameter key was provided.
@@ -313,9 +433,9 @@ var Services = _webexPlugin.default.extend({
 
     // Destructure the client authorization details.
     /* eslint-disable camelcase */
-    var _this$webex$credentia = this.webex.credentials.config,
-      client_id = _this$webex$credentia.client_id,
-      client_secret = _this$webex$credentia.client_secret;
+    var _this$webex$credentia2 = this.webex.credentials.config,
+      client_id = _this$webex$credentia2.client_id,
+      client_secret = _this$webex$credentia2.client_secret;
 
     // Validate that client authentication details exist.
     if (!client_id || !client_secret) {
@@ -374,10 +494,10 @@ var Services = _webexPlugin.default.extend({
         activationOptions: activationOptions,
         preloginUserId: preloginUserId
       })]);
-    }).then(function (_ref3) {
-      var _ref4 = (0, _slicedToArray2.default)(_ref3, 2),
-        rto = _ref4[0],
-        user = _ref4[1];
+    }).then(function (_ref5) {
+      var _ref6 = (0, _slicedToArray2.default)(_ref5, 2),
+        rto = _ref6[0],
+        user = _ref6[1];
       return _objectSpread(_objectSpread({}, rto), {}, {
         user: user
       });
@@ -447,28 +567,31 @@ var Services = _webexPlugin.default.extend({
    * @param {SendUserActivationPTO} - The Parameter transfer object.
    * @returns {LicenseDTO} - The DTO returned from the **License** service.
    */
-  sendUserActivation: function sendUserActivation(_ref5) {
+  sendUserActivation: function sendUserActivation(_ref7) {
     var _this5 = this;
-    var email = _ref5.email,
-      reqId = _ref5.reqId,
-      token = _ref5.token,
-      activationOptions = _ref5.activationOptions,
-      preloginUserId = _ref5.preloginUserId;
+    var email = _ref7.email,
+      reqId = _ref7.reqId,
+      token = _ref7.token,
+      activationOptions = _ref7.activationOptions,
+      preloginUserId = _ref7.preloginUserId;
     this.logger.info('services: sending user activation request');
     var countryCode;
     var timezone;
 
     // try to fetch client region info first
     return this.fetchClientRegionInfo().then(function (clientRegionInfo) {
+      var _this5$webex$config$s;
       if (clientRegionInfo) {
         countryCode = clientRegionInfo.countryCode;
         timezone = clientRegionInfo.timezone;
       }
 
-      // Send the user activation request to the **License** service.
+      // Send the user activation request.
+      // Use user-onboarding service if configured, otherwise use license service.
+      var useUserOnboarding = (_this5$webex$config$s = _this5.webex.config.services) === null || _this5$webex$config$s === void 0 ? void 0 : _this5$webex$config$s.useUserOnboardingServiceForActivations;
       return _this5.request({
-        service: 'license',
-        resource: 'users/activations',
+        service: useUserOnboarding ? 'user-onboarding' : 'license',
+        resource: useUserOnboarding ? 'api/v1/users/activations' : 'users/activations',
         method: 'POST',
         headers: {
           accept: 'application/json',
@@ -485,8 +608,8 @@ var Services = _webexPlugin.default.extend({
       });
     })
     // On success, return the **License** user object.
-    .then(function (_ref6) {
-      var body = _ref6.body;
+    .then(function (_ref8) {
+      var body = _ref8.body;
       return body;
     })
     // On failure, reject with error from **License**.
@@ -539,10 +662,10 @@ var Services = _webexPlugin.default.extend({
    * @returns {Promise<void>}
    */
   collectSigninCatalog: function collectSigninCatalog() {
-    var _ref7 = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
-      email = _ref7.email,
-      token = _ref7.token,
-      forceRefresh = _ref7.forceRefresh;
+    var _ref9 = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
+      email = _ref9.email,
+      token = _ref9.token,
+      forceRefresh = _ref9.forceRefresh;
     if (!email) {
       return _promise.default.reject(new Error('`email` is required'));
     }
@@ -580,7 +703,6 @@ var Services = _webexPlugin.default.extend({
           idbroker: {
             url: idbroker.replace(trailingSlashes, '') // remove trailing slash
           },
-
           identity: {
             url: identity.replace(trailingSlashes, '') // remove trailing slash
           }
@@ -621,12 +743,12 @@ var Services = _webexPlugin.default.extend({
    * @param {WaitForServicePTO} - The parameter transfer object.
    * @returns {Promise<string>} - Resolves to the priority host of a service.
    */
-  waitForService: function waitForService(_ref8) {
+  waitForService: function waitForService(_ref0) {
     var _this6 = this;
-    var name = _ref8.name,
-      _ref8$timeout = _ref8.timeout,
-      timeout = _ref8$timeout === void 0 ? 5 : _ref8$timeout,
-      url = _ref8.url;
+    var name = _ref0.name,
+      _ref0$timeout = _ref0.timeout,
+      timeout = _ref0$timeout === void 0 ? 5 : _ref0$timeout,
+      url = _ref0.url;
     var services = this.webex.config.services;
 
     // Save memory by grabbing the catalog after there isn't a priortyURL
@@ -804,9 +926,9 @@ var Services = _webexPlugin.default.extend({
    * @returns {String} url of the service
    */
   getServiceUrlFromClusterId: function getServiceUrlFromClusterId() {
-    var _ref9 = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
-      _ref9$cluster = _ref9.cluster,
-      cluster = _ref9$cluster === void 0 ? 'us' : _ref9$cluster;
+    var _ref1 = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
+      _ref1$cluster = _ref1.cluster,
+      cluster = _ref1$cluster === void 0 ? 'us' : _ref1$cluster;
     var clusterId = cluster === 'us' ? DEFAULT_CLUSTER_IDENTIFIER : cluster;
 
     // Determine if cluster has service name (non-US clusters from hydra do not)
@@ -924,9 +1046,223 @@ var Services = _webexPlugin.default.extend({
       return _this7.request(requestObject);
     }, 'internal.get.u2c.time').then(function (_ref12) {
       var body = _ref12.body;
-      return _this7._formatReceivedHostmap(body);
+      return body;
     });
   },
+  /**
+   * Cache the catalog in the bounded storage.
+   * @param {string} serviceGroup - preauth, signin, postauth
+   * @param {object} hostMap - The hostmap to cache
+   * @param {object} [meta] - Optional selection metadata used to validate cache reuse
+   * @returns {Promise<void>}
+   *
+   */
+  _cacheCatalog: function _cacheCatalog(serviceGroup, hostMap, meta) {
+    var _this8 = this;
+    return (0, _asyncToGenerator2.default)(/*#__PURE__*/_regenerator.default.mark(function _callee2() {
+      var current, orgId, _this8$webex$config, _this8$webex$config$c, _this8$webex, _this8$webex$config2, _this8$webex2, _this8$webex2$config, _this8$webex2$config$, _this8$webex2$config$2, _ls, cachedJson, credentials, _current, env, fedramp, u2cDiscoveryUrl, updated, ls, _t2;
+      return _regenerator.default.wrap(function (_context2) {
+        while (1) switch (_context2.prev = _context2.next) {
+          case 0:
+            current = {};
+            _context2.prev = 1;
+            if ((_this8$webex$config = _this8.webex.config) !== null && _this8$webex$config !== void 0 && (_this8$webex$config$c = _this8$webex$config.calling) !== null && _this8$webex$config$c !== void 0 && _this8$webex$config$c.cacheU2C) {
+              _context2.next = 2;
+              break;
+            }
+            _this8.logger.info("services: skipping cache write for ".concat(serviceGroup, " as per the config"));
+            return _context2.abrupt("return");
+          case 2:
+            // Persist to localStorage to survive browser refresh
+            try {
+              _ls = _this8._getLocalStorageSafe();
+              cachedJson = _ls ? _ls.getItem(CATALOG_CACHE_KEY_V1) : null;
+              current = cachedJson ? JSON.parse(cachedJson) : {};
+            } catch (e) {
+              current = {};
+            }
+            try {
+              credentials = _this8.webex.credentials;
+              orgId = credentials.getOrgId();
+            } catch (e) {
+              orgId = current.orgId;
+            }
+
+            // Capture environment fingerprint to invalidate cache across env changes
+            _current = current, env = _current.env;
+            fedramp = !!((_this8$webex = _this8.webex) !== null && _this8$webex !== void 0 && (_this8$webex$config2 = _this8$webex.config) !== null && _this8$webex$config2 !== void 0 && _this8$webex$config2.fedramp);
+            u2cDiscoveryUrl = (_this8$webex2 = _this8.webex) === null || _this8$webex2 === void 0 ? void 0 : (_this8$webex2$config = _this8$webex2.config) === null || _this8$webex2$config === void 0 ? void 0 : (_this8$webex2$config$ = _this8$webex2$config.services) === null || _this8$webex2$config$ === void 0 ? void 0 : (_this8$webex2$config$2 = _this8$webex2$config$.discovery) === null || _this8$webex2$config$2 === void 0 ? void 0 : _this8$webex2$config$2.u2c;
+            env = {
+              fedramp: fedramp,
+              u2cDiscoveryUrl: u2cDiscoveryUrl
+            };
+            updated = _objectSpread(_objectSpread({}, current), {}, (0, _defineProperty2.default)((0, _defineProperty2.default)({
+              orgId: orgId || current.orgId,
+              env: env || current.env
+            }, serviceGroup, meta ? {
+              hostMap: hostMap,
+              meta: meta
+            } : hostMap), "cachedAt", (0, _now.default)()));
+            ls = _this8._getLocalStorageSafe();
+            if (ls) {
+              ls.setItem(CATALOG_CACHE_KEY_V1, (0, _stringify.default)(updated));
+            }
+            _context2.next = 4;
+            break;
+          case 3:
+            _context2.prev = 3;
+            _t2 = _context2["catch"](1);
+            _this8.logger.warn('services: error caching catalog', _t2);
+          case 4:
+          case "end":
+            return _context2.stop();
+        }
+      }, _callee2, null, [[1, 3]]);
+    }))();
+  },
+  /**
+   * Load the catalog from cache and hydrate the in-memory ServiceCatalog.
+   * @returns {Promise<boolean>} true if cache was loaded, false otherwise
+   */
+  _loadCatalogFromCache: function _loadCatalogFromCache() {
+    var _this9 = this;
+    return (0, _asyncToGenerator2.default)(/*#__PURE__*/_regenerator.default.mark(function _callee3() {
+      var currentOrgId, _this9$webex$config, _this9$webex$config$c, _this9$webex$config2, _this9$webex$config3, _this9$webex$config3$, _this9$webex$config3$2, ls, cachedJson, cached, cachedAt, _this9$webex$credenti, credentials, fedramp, u2cDiscoveryUrl, currentEnv, sameEnv, catalog, groups, _t3, _t4;
+      return _regenerator.default.wrap(function (_context3) {
+        while (1) switch (_context3.prev = _context3.next) {
+          case 0:
+            _context3.prev = 0;
+            if ((_this9$webex$config = _this9.webex.config) !== null && _this9$webex$config !== void 0 && (_this9$webex$config$c = _this9$webex$config.calling) !== null && _this9$webex$config$c !== void 0 && _this9$webex$config$c.cacheU2C) {
+              _context3.next = 1;
+              break;
+            }
+            _this9.logger.info('services: skipping cache warm-up as per the cache config');
+            return _context3.abrupt("return", false);
+          case 1:
+            ls = _this9._getLocalStorageSafe();
+            if (ls) {
+              _context3.next = 2;
+              break;
+            }
+            _this9.logger.info('services: skipping cache warm-up as no localStorage is available');
+            return _context3.abrupt("return", false);
+          case 2:
+            cachedJson = ls.getItem(CATALOG_CACHE_KEY_V1);
+            cached = cachedJson ? JSON.parse(cachedJson) : undefined;
+            if (cached) {
+              _context3.next = 3;
+              break;
+            }
+            return _context3.abrupt("return", false);
+          case 3:
+            // TTL enforcement: clear if older than 24 hours
+            cachedAt = Number(cached.cachedAt) || 0;
+            if (!(!cachedAt || (0, _now.default)() - cachedAt > CATALOG_TTL_MS)) {
+              _context3.next = 4;
+              break;
+            }
+            _this9.clearCatalogCache();
+            return _context3.abrupt("return", false);
+          case 4:
+            _context3.prev = 4;
+            if (!((_this9$webex$credenti = _this9.webex.credentials) !== null && _this9$webex$credenti !== void 0 && _this9$webex$credenti.canAuthorize)) {
+              _context3.next = 5;
+              break;
+            }
+            credentials = _this9.webex.credentials;
+            currentOrgId = credentials.getOrgId();
+            if (!(cached.orgId && cached.orgId !== currentOrgId)) {
+              _context3.next = 5;
+              break;
+            }
+            return _context3.abrupt("return", false);
+          case 5:
+            _context3.next = 7;
+            break;
+          case 6:
+            _context3.prev = 6;
+            _t3 = _context3["catch"](4);
+            _this9.logger.warn('services: error checking orgId', _t3);
+          case 7:
+            // Ensure cached environment matches current environment
+            fedramp = !!((_this9$webex$config2 = _this9.webex.config) !== null && _this9$webex$config2 !== void 0 && _this9$webex$config2.fedramp);
+            u2cDiscoveryUrl = (_this9$webex$config3 = _this9.webex.config) === null || _this9$webex$config3 === void 0 ? void 0 : (_this9$webex$config3$ = _this9$webex$config3.services) === null || _this9$webex$config3$ === void 0 ? void 0 : (_this9$webex$config3$2 = _this9$webex$config3$.discovery) === null || _this9$webex$config3$2 === void 0 ? void 0 : _this9$webex$config3$2.u2c;
+            currentEnv = {
+              fedramp: fedramp,
+              u2cDiscoveryUrl: u2cDiscoveryUrl
+            };
+            if (!cached.env) {
+              _context3.next = 8;
+              break;
+            }
+            sameEnv = cached.env.fedramp === currentEnv.fedramp && cached.env.u2cDiscoveryUrl === currentEnv.u2cDiscoveryUrl;
+            if (sameEnv) {
+              _context3.next = 8;
+              break;
+            }
+            _this9.logger.info('services: skipping cache warm due to environment mismatch');
+            return _context3.abrupt("return", false);
+          case 8:
+            catalog = _this9._getCatalog(); // Apply any cached groups (with preauth selection validation if available)
+            groups = ['preauth', 'signin', 'postauth'];
+            groups.forEach(function (serviceGroup) {
+              var cachedGroup = cached[serviceGroup];
+              if (!cachedGroup) {
+                return;
+              }
+
+              // Support legacy (hostMap) and new ({hostMap, meta}) shapes
+              var hostMap = cachedGroup && cachedGroup.hostMap ? cachedGroup.hostMap : cachedGroup;
+              var meta = cachedGroup === null || cachedGroup === void 0 ? void 0 : cachedGroup.meta;
+              if (serviceGroup === 'preauth' && meta) {
+                // For proximity-based selection, always fetch fresh to respect IP/region changes
+                if (meta.selectionType === 'mode') {
+                  _this9.logger.info('services: skipping preauth cache warm for proximity mode');
+                  return;
+                }
+                var intended = _this9.getIntendedPreauthSelection(currentOrgId);
+                var matches = intended && intended.selectionType === meta.selectionType && intended.selectionValue === meta.selectionValue;
+                if (!matches) {
+                  _this9.logger.info('services: skipping preauth cache warm due to selection mismatch');
+                  return;
+                }
+              }
+              if (hostMap) {
+                var formatted = _this9._formatReceivedHostmap(hostMap);
+                catalog.updateServiceUrls(serviceGroup, formatted);
+              }
+            });
+
+            // Align credentials against warmed catalog
+            _this9.updateCredentialsConfig();
+            return _context3.abrupt("return", true);
+          case 9:
+            _context3.prev = 9;
+            _t4 = _context3["catch"](0);
+            _this9.logger.warn('services: error loading catalog from cache', _t4);
+            return _context3.abrupt("return", false);
+          case 10:
+          case "end":
+            return _context3.stop();
+        }
+      }, _callee3, null, [[0, 9], [4, 6]]);
+    }))();
+  },
+  /**
+   * Clear the catalog cache from the bounded storage.
+   * @returns {Promise<void>}
+   */
+  clearCatalogCache: function clearCatalogCache() {
+    try {
+      var ls = this._getLocalStorageSafe();
+      if (ls) {
+        ls.removeItem(CATALOG_CACHE_KEY_V1);
+      }
+    } catch (e) {
+      this.logger.warn('services: error clearing catalog cache', e);
+    }
+    return _promise.default.resolve();
+  },
   /**
    * Initialize the discovery services and the whitelisted services.
    *
@@ -991,7 +1327,7 @@ var Services = _webexPlugin.default.extend({
    * @returns {Promise<void, Error>} - Errors if the token is unavailable.
    */
   initServiceCatalogs: function initServiceCatalogs() {
-    var _this8 = this;
+    var _this0 = this;
     this.logger.info('services: initializing initial service catalogs');
 
     // Destructure the credentials plugin.
@@ -1006,16 +1342,17 @@ var Services = _webexPlugin.default.extend({
     })
     // Begin collecting the preauth/limited catalog.
     .then(function (orgId) {
-      return _this8.collectPreauthCatalog({
+      return _this0.collectPreauthCatalog({
         orgId: orgId
       });
     }).then(function () {
       // Validate if the token is authorized.
       if (credentials.canAuthorize) {
         // Attempt to collect the postauth catalog.
-        return _this8.updateServices().catch(function () {
-          _this8.initFailed = true;
-          _this8.logger.warn('services: cannot retrieve postauth catalog');
+
+        return _this0.updateServices().catch(function () {
+          _this0.initFailed = true;
+          _this0.logger.warn('services: cannot retrieve postauth catalog');
         });
       }
 
@@ -1031,7 +1368,7 @@ var Services = _webexPlugin.default.extend({
    * @returns {Services}
    */
   initialize: function initialize() {
-    var _this9 = this;
+    var _this1 = this;
     var catalog = new _serviceCatalog.default();
     var registry = new _serviceRegistry.default();
     var state = new _serviceState.default();
@@ -1041,33 +1378,54 @@ var Services = _webexPlugin.default.extend({
 
     // Listen for configuration changes once.
     this.listenToOnce(this.webex, 'change:config', function () {
-      _this9.initConfig();
+      _this1.initConfig();
     });
 
     // wait for webex instance to be ready before attempting
     // to update the service catalogs
-    this.listenToOnce(this.webex, 'ready', function () {
-      var supertoken = _this9.webex.credentials.supertoken;
-      // Validate if the supertoken exists.
-      if (supertoken && supertoken.access_token) {
-        _this9.initServiceCatalogs().then(function () {
-          catalog.isReady = true;
-        }).catch(function (error) {
-          _this9.initFailed = true;
-          _this9.logger.error("services: failed to init initial services when credentials available, ".concat(error === null || error === void 0 ? void 0 : error.message));
-        });
-      } else {
-        var email = _this9.webex.config.email;
-        _this9.collectPreauthCatalog(email ? {
-          email: email
-        } : undefined).catch(function (error) {
-          _this9.initFailed = true;
-          _this9.logger.error("services: failed to init initial services when no credentials available, ".concat(error === null || error === void 0 ? void 0 : error.message));
-        });
-      }
-    });
+    // this can cause a race condition because credentials may
+    // not be valid when services is initialized
+    this.listenToOnce(this.webex, 'ready', /*#__PURE__*/(0, _asyncToGenerator2.default)(/*#__PURE__*/_regenerator.default.mark(function _callee4() {
+      var cachedCatalog, supertoken, email;
+      return _regenerator.default.wrap(function (_context4) {
+        while (1) switch (_context4.prev = _context4.next) {
+          case 0:
+            _context4.next = 1;
+            return _this1._loadCatalogFromCache();
+          case 1:
+            cachedCatalog = _context4.sent;
+            if (!cachedCatalog) {
+              _context4.next = 2;
+              break;
+            }
+            catalog.isReady = true;
+            return _context4.abrupt("return");
+          case 2:
+            supertoken = _this1.webex.credentials.supertoken; // Validate if the supertoken exists.
+            if (supertoken && supertoken.access_token) {
+              _this1.initServiceCatalogs().then(function () {
+                catalog.isReady = true;
+              }).catch(function (error) {
+                _this1.initFailed = true;
+                _this1.logger.error("services: failed to init initial services when credentials available, ".concat(error === null || error === void 0 ? void 0 : error.message));
+              });
+            } else {
+              email = _this1.webex.config.email;
+              _this1.collectPreauthCatalog(email ? {
+                email: email
+              } : undefined).catch(function (error) {
+                _this1.initFailed = true;
+                _this1.logger.error("services: failed to init initial services when no credentials available, ".concat(error === null || error === void 0 ? void 0 : error.message));
+              });
+            }
+          case 3:
+          case "end":
+            return _context4.stop();
+        }
+      }, _callee4);
+    })));
   },
-  version: "3.10.0"
+  version: "0.0.0"
 });
 /* eslint-enable no-underscore-dangle */
 var _default = exports.default = Services;