accessio 1.3.0 → 1.5.0

package/src/core/fetchAdapter.ts

@@ -25,7 +25,7 @@ async function readResponseData(
         } catch (err) {
           throw new AccessioError(
             `Failed to parse JSON response: ${(err as Error).message}. Raw body: ${
-              text.length > 500 ? text.slice(0, 500) + '…' : text
+              text.length > 500 ? `${text.slice(0, 500)}…` : text
             }`,
             AccessioError.ERR_BAD_RESPONSE,
             config,
@@ -39,17 +39,27 @@ async function readResponseData(
   }
 }
 
-export default async function fetchAdapter(
-  config: AccessioRequestConfig,
-  fullURL: string,
-  fetchOptions: RequestInit,
-  requestStartTime: number,
-): Promise<AccessioResponse> {
-  let abortController: AbortController | null = null;
-  let timeoutId: ReturnType<typeof setTimeout> | null = null;
-  let isTimedOut = false;
-  let onUserAbort: (() => void) | null = null;
+function assertValidURL(fullURL: string, config: AccessioRequestConfig): void {
+  if (!fullURL || !/^[a-z][a-z\d+\-.]*:/i.test(fullURL)) return;
+  try {
+    new URL(fullURL);
+  } catch {
+    throw new AccessioError(
+      `Invalid URL: ${fullURL}`,
+      AccessioError.ERR_INVALID_URL,
+      config,
+      null,
+      null,
+    );
+  }
+}
 
+interface AbortWiring {
+  isTimedOut: () => boolean;
+  cleanup: () => void;
+}
+
+function setupAbort(config: AccessioRequestConfig, fetchOptions: RequestInit): AbortWiring {
   if (
     config.timeout !== undefined &&
     (typeof config.timeout !== 'number' || isNaN(config.timeout) || config.timeout < 0)
@@ -64,84 +74,144 @@ export default async function fetchAdapter(
   }
 
   const timeoutValue = Number(config.timeout);
-  if (!isNaN(timeoutValue) && timeoutValue > 0) {
-    abortController = new AbortController();
-
-    timeoutId = setTimeout(() => {
-      isTimedOut = true;
-      abortController!.abort(
-        new AccessioError(
-          `timeout of ${timeoutValue}ms exceeded`,
-          AccessioError.ETIMEDOUT,
-          config,
-          null,
-          null,
-        ),
-      );
-    }, timeoutValue);
+  const hasTimeout = !isNaN(timeoutValue) && timeoutValue > 0;
 
-    if (config.signal) {
-      if (typeof AbortSignal.any === 'function') {
-        fetchOptions.signal = AbortSignal.any([config.signal, abortController.signal]);
+  if (!hasTimeout) {
+    if (config.signal) fetchOptions.signal = config.signal;
+    return { isTimedOut: () => false, cleanup: () => {} };
+  }
+
+  let timedOut = false;
+  const abortController = new AbortController();
+  const timeoutId = setTimeout(() => {
+    timedOut = true;
+    abortController.abort(
+      new AccessioError(
+        `timeout of ${timeoutValue}ms exceeded`,
+        AccessioError.ETIMEDOUT,
+        config,
+        null,
+        null,
+      ),
+    );
+  }, timeoutValue);
+
+  let onUserAbort: (() => void) | null = null;
+
+  if (config.signal) {
+    if (typeof AbortSignal.any === 'function') {
+      fetchOptions.signal = AbortSignal.any([config.signal, abortController.signal]);
+    } else {
+      if (config.signal.aborted) {
+        abortController.abort(config.signal.reason);
       } else {
-        if (config.signal.aborted) {
-          abortController.abort(config.signal.reason);
-        } else {
-          onUserAbort = () => {
-            if (!isTimedOut && abortController) {
-              abortController.abort(config.signal!.reason);
-            }
-          };
-          config.signal.addEventListener('abort', onUserAbort, {
-            once: true,
-          });
-        }
-        fetchOptions.signal = abortController.signal;
+        onUserAbort = () => {
+          if (!timedOut) abortController.abort(config.signal!.reason);
+        };
+        config.signal.addEventListener('abort', onUserAbort, { once: true });
       }
-    } else {
       fetchOptions.signal = abortController.signal;
     }
-  } else if (config.signal) {
-    fetchOptions.signal = config.signal;
+  } else {
+    fetchOptions.signal = abortController.signal;
   }
 
-  try {
-    const fetchImpl = config.fetch || fetch;
-    let fetchResponse = await fetchImpl(fullURL, fetchOptions);
-
-    if (config.onDownloadProgress && fetchResponse.body && config.responseType !== 'stream') {
-      const contentLength = fetchResponse.headers.get('content-length');
-      const total = contentLength ? parseInt(contentLength, 10) : 0;
-      let loaded = 0;
-
-      const reader = fetchResponse.body.getReader();
-      const stream = new ReadableStream({
-        async start(controller) {
-          try {
-            while (true) {
-              const { done, value } = await reader.read();
-              if (done) {
-                controller.close();
-                break;
-              }
-              loaded += value.byteLength;
-              config.onDownloadProgress!({ loaded, total });
-              controller.enqueue(value);
-            }
-          } catch (e) {
-            controller.error(e);
+  return {
+    isTimedOut: () => timedOut,
+    cleanup: () => {
+      clearTimeout(timeoutId);
+      if (onUserAbort && config.signal) {
+        config.signal.removeEventListener('abort', onUserAbort);
+      }
+    },
+  };
+}
+
+function wrapDownloadProgress(fetchResponse: Response, config: AccessioRequestConfig): Response {
+  if (!config.onDownloadProgress || !fetchResponse.body || config.responseType === 'stream') {
+    return fetchResponse;
+  }
+
+  const contentLength = fetchResponse.headers.get('content-length');
+  const total = contentLength ? parseInt(contentLength, 10) : 0;
+  let loaded = 0;
+
+  const reader = fetchResponse.body.getReader();
+  const stream = new ReadableStream({
+    async start(controller) {
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) {
+            controller.close();
+            break;
           }
-        },
-      });
-
-      fetchResponse = new Response(stream, {
-        headers: fetchResponse.headers,
-        status: fetchResponse.status,
-        statusText: fetchResponse.statusText,
-      });
-    }
+          loaded += value.byteLength;
+          config.onDownloadProgress!({ loaded, total });
+          controller.enqueue(value);
+        }
+      } catch (e) {
+        controller.error(e);
+      }
+    },
+    cancel(reason) {
+      reader.cancel(reason).catch(() => {});
+    },
+  });
 
-    let responseData: unknown;
+  return new Response(stream, {
+    headers: fetchResponse.headers,
+    status: fetchResponse.status,
+    statusText: fetchResponse.statusText,
+  });
+}
+
+function classifyFetchError(
+  error: unknown,
+  config: AccessioRequestConfig,
+  isTimedOut: boolean,
+): AccessioError {
+  if (error instanceof AccessioError) return error;
+
+  if (isTimedOut) {
+    return new AccessioError(
+      `timeout of ${config.timeout}ms exceeded`,
+      AccessioError.ETIMEDOUT,
+      config,
+      null,
+      null,
+    );
+  }
+
+  const isAbort =
+    (error instanceof Error && error.name === 'AbortError') || !!config.signal?.aborted;
+  if (isAbort) {
+    return new AccessioError('Request aborted', AccessioError.ERR_CANCELED, config, null, null);
+  }
+
+  return AccessioError.from(
+    error instanceof Error ? error : new Error(String(error)),
+    AccessioError.ERR_NETWORK,
+    config,
+    null,
+    null,
+  );
+}
+
+export default async function fetchAdapter(
+  config: AccessioRequestConfig,
+  fullURL: string,
+  fetchOptions: RequestInit,
+  requestStartTime: number,
+): Promise<AccessioResponse> {
+  assertValidURL(fullURL, config);
+
+  const abort = setupAbort(config, fetchOptions);
+
+  try {
+    const fetchImpl = config.fetch || fetch;
+    const rawResponse = await fetchImpl(fullURL, fetchOptions);
+    const fetchResponse = wrapDownloadProgress(rawResponse, config);
 
     const contentLength = fetchResponse.headers.get('content-length');
     if (
@@ -158,6 +228,7 @@ export default async function fetchAdapter(
       );
     }
 
+    let responseData: unknown;
     try {
       responseData = await readResponseData(fetchResponse, config);
       if (config.schema) {
@@ -178,59 +249,18 @@ export default async function fetchAdapter(
       );
     }
 
-    const responseHeaders = parseHeaders(fetchResponse.headers);
-
     return {
       data: responseData,
       status: fetchResponse.status,
       statusText: fetchResponse.statusText,
-      headers: responseHeaders,
-      config: config,
+      headers: parseHeaders(fetchResponse.headers),
+      config,
       request: fetchResponse,
       duration: Date.now() - requestStartTime,
     };
   } catch (error) {
-    if (error instanceof AccessioError) {
-      throw error;
-    }
-
-    if (error instanceof Error && error.name === 'AbortError') {
-      if (isTimedOut) {
-        throw new AccessioError(
-          `timeout of ${config.timeout}ms exceeded`,
-          AccessioError.ETIMEDOUT,
-          config,
-          null,
-          null,
-        );
-      }
-      throw new AccessioError('Request aborted', AccessioError.ERR_CANCELED, config, null, null);
-    }
-
-    if (
-      error instanceof TypeError &&
-      (error.message.toLowerCase().includes('url') || error.message.toLowerCase().includes('fetch'))
-    ) {
-      throw new AccessioError(
-        `Invalid URL: ${fullURL}`,
-        AccessioError.ERR_INVALID_URL,
-        config,
-        null,
-        null,
-      );
-    }
-
-    throw AccessioError.from(
-      error instanceof Error ? error : new Error(String(error)),
-      AccessioError.ERR_NETWORK,
-      config,
-      null,
-      null,
-    );
+    throw classifyFetchError(error, config, abort.isTimedOut());
   } finally {
-    if (timeoutId) clearTimeout(timeoutId);
-    if (config.signal && onUserAbort) {
-      config.signal.removeEventListener('abort', onUserAbort);
-    }
+    abort.cleanup();
   }
 }

package/src/core/request.ts

@@ -10,6 +10,31 @@ import { defaultMemoryCache } from '../helpers/memoryCache';
 import type { AccessioRequestConfig, AccessioResponse, TransformFunction } from '../types';
 
 type HeadersConfig = Record<string, Record<string, string | string[]>>;
+type FlatHeaders = Record<string, string | string[]>;
+
+function lookupHeader(headers: FlatHeaders, name: string): string {
+  const target = name.toLowerCase();
+  for (const k of Object.keys(headers)) {
+    if (k.toLowerCase() === target) {
+      const v = headers[k];
+      return Array.isArray(v) ? v.join(',') : (v ?? '');
+    }
+  }
+  return '';
+}
+
+function buildCacheKey(
+  config: AccessioRequestConfig,
+  fullURL: string,
+  flatHeaders: FlatHeaders,
+): string {
+  const method = (config.method || 'GET').toUpperCase();
+  const auth = lookupHeader(flatHeaders, 'authorization');
+  const accept = lookupHeader(flatHeaders, 'accept');
+  const withCreds = config.withCredentials ? '1' : '0';
+  const respType = config.responseType || 'json';
+  return `${method}:${fullURL}|a=${auth}|x=${accept}|c=${withCreds}|t=${respType}`;
+}
 
 function buildTransformArray(
   transform: TransformFunction | TransformFunction[] | undefined,
@@ -27,7 +52,7 @@ function assertAllowedProtocol(fullURL: string, config: AccessioRequestConfig):
 
   let scheme: string | null = null;
   const match = /^([a-z][a-z\d+\-.]*):/i.exec(fullURL);
-  if (match) scheme = match[1].toLowerCase() + ':';
+  if (match) scheme = `${match[1].toLowerCase()}:`;
   if (!scheme) return;
 
   if (!allowed.includes(scheme)) {
@@ -43,6 +68,21 @@ function assertAllowedProtocol(fullURL: string, config: AccessioRequestConfig):
 }
 
 const activeRequests = new Map<string, Promise<AccessioResponse>>();
+const MAX_ACTIVE_REQUESTS = 1024;
+
+export function __activeRequestsSize(): number {
+  return activeRequests.size;
+}
+
+function trackActiveRequest(key: string, promise: Promise<AccessioResponse>): void {
+  activeRequests.set(key, promise);
+  // Evict the oldest entry if we've grown past the cap. Map preserves insertion order.
+  while (activeRequests.size > MAX_ACTIVE_REQUESTS) {
+    const oldest = activeRequests.keys().next().value;
+    if (oldest === undefined || oldest === key) break;
+    activeRequests.delete(oldest);
+  }
+}
 
 export default async function dispatchRequest(
   config: AccessioRequestConfig,
@@ -62,28 +102,36 @@ export default async function dispatchRequest(
     await config.hooks.onBeforeRequest(config);
   }
 
+  const flatHeaders = flattenHeaders(config.headers as HeadersConfig | undefined, config.method);
+  setBasicAuth(config, flatHeaders);
+
   const isGet = (config.method || 'GET').toUpperCase() === 'GET';
-  const cacheKey = isGet ? `GET:${fullURL}` : '';
+  const cacheKey = isGet ? buildCacheKey(config, fullURL, flatHeaders) : '';
 
   if (isGet && config.cache) {
     const cacheProvider = typeof config.cache === 'object' ? config.cache : defaultMemoryCache;
     const cached = await cacheProvider.get(cacheKey);
     if (cached) {
+      const cachedView: AccessioResponse = {
+        ...cached,
+        config: redactConfig(config) as typeof cached.config,
+      };
       if (config.hooks?.onRequestResponse) {
-        await config.hooks.onRequestResponse(cached);
+        await config.hooks.onRequestResponse(cachedView);
       }
-      return cached;
+      return cachedView;
     }
   }
 
   if (isGet && config.dedupe) {
-    if (activeRequests.has(cacheKey)) {
-      return activeRequests.get(cacheKey)!;
+    const inflight = activeRequests.get(cacheKey);
+    if (inflight) {
+      const shared = await inflight;
+      return finalizeResponse(shared, config);
     }
   }
 
-  const performRequest = async () => {
-    const flatHeaders = flattenHeaders(config.headers as HeadersConfig | undefined, config.method);
+  const performRequest = async (): Promise<AccessioResponse> => {
     const requestTransforms = buildTransformArray(config.transformRequest);
     const requestData = await transformData(requestTransforms, config.data, flatHeaders, config);
 
@@ -95,8 +143,6 @@ export default async function dispatchRequest(
       removeContentType(flatHeaders);
     }
 
-    setBasicAuth(config, flatHeaders);
-
     const fetchOptions: RequestInit = {
       method: (config.method || 'GET').toUpperCase(),
       headers: buildFetchHeaders(flatHeaders),
@@ -123,12 +169,9 @@ export default async function dispatchRequest(
     }
 
     const requestStartTime = Date.now();
-
     const response = await fetchAdapter(config, fullURL, fetchOptions, requestStartTime);
-    response.config = redactConfig(response.config) as typeof response.config;
 
     const responseTransforms = buildTransformArray(config.transformResponse);
-
     response.data = await transformData(
       responseTransforms,
       response.data,
@@ -137,39 +180,44 @@ export default async function dispatchRequest(
       'response',
     );
 
-    return new Promise<AccessioResponse>((resolve, reject) => {
-      settle(
-        resolve as (value: AccessioResponse) => void,
-        reject as (reason: AccessioError) => void,
-        response,
-        config,
-      );
-    });
+    return response;
   };
 
   const promise = performRequest();
 
   if (isGet && config.dedupe) {
-    activeRequests.set(cacheKey, promise);
+    trackActiveRequest(cacheKey, promise);
     const cleanup = () => {
-      activeRequests.delete(cacheKey);
+      if (activeRequests.get(cacheKey) === promise) {
+        activeRequests.delete(cacheKey);
+      }
     };
     promise.then(cleanup, cleanup);
   }
 
   try {
-    const response = await promise;
+    const shared = await promise;
+    const response = finalizeResponse(shared, config);
 
     if (isGet && config.cache) {
       const cacheProvider = typeof config.cache === 'object' ? config.cache : defaultMemoryCache;
-      await cacheProvider.set(cacheKey, response, config.cacheTTL);
+      await cacheProvider.set(cacheKey, shared, config.cacheTTL);
     }
 
+    const settled = await new Promise<AccessioResponse>((resolve, reject) => {
+      settle(
+        resolve as (value: AccessioResponse) => void,
+        reject as (reason: AccessioError) => void,
+        response,
+        config,
+      );
+    });
+
     if (config.hooks?.onRequestResponse) {
-      await config.hooks.onRequestResponse(response);
+      await config.hooks.onRequestResponse(settled);
     }
 
-    return response;
+    return settled;
   } catch (error) {
     if (config.hooks?.onRequestError && error instanceof AccessioError) {
       await config.hooks.onRequestError(error);
@@ -177,3 +225,13 @@ export default async function dispatchRequest(
     throw error;
   }
 }
+
+function finalizeResponse(
+  shared: AccessioResponse,
+  config: AccessioRequestConfig,
+): AccessioResponse {
+  return {
+    ...shared,
+    config: redactConfig(config) as typeof shared.config,
+  };
+}

package/src/core/retry.ts

@@ -10,6 +10,7 @@ import type {
 function isUnretriableBody(data: unknown): boolean {
   if (data == null) return false;
   if (typeof ReadableStream !== 'undefined' && data instanceof ReadableStream) return true;
+  if (data && typeof (data as any).pipe === 'function') return true;
   return false;
 }
 
@@ -33,10 +34,11 @@ function defaultRetryCondition(error: any): boolean {
   return false;
 }
 
-function calculateDelay(attempt: number, baseDelay: number): number {
+function calculateDelay(attempt: number, baseDelay: number, maxDelay: number = 30000): number {
   const exponentialDelay = baseDelay * Math.pow(2, attempt);
   const jitter = exponentialDelay * 0.25 * (Math.random() * 2 - 1);
-  return Math.round(exponentialDelay + jitter);
+  const calculated = Math.round(exponentialDelay + jitter);
+  return Math.min(calculated, maxDelay);
 }
 
 function sleep(ms: number, options?: { signal?: AbortSignal }): Promise<void> {
@@ -89,8 +91,9 @@ async function retryRequest(
     } catch (error) {
       lastError = error;
 
-      const isLastAttempt = attempt >= actualMaxRetries;
-      const shouldRetry = !isLastAttempt && retryCondition(error as AccessioError);
+      const is429 = (error as any).response?.status === 429;
+      const attemptLimit = is429 && config.retryOn429 ? Math.max(maxRetries, 3) : maxRetries;
+      const shouldRetry = attempt < attemptLimit && retryCondition(error as AccessioError);
 
       if (!shouldRetry) {
         throw error;
@@ -107,7 +110,7 @@ async function retryRequest(
         );
       }
 
-      let delay = calculateDelay(attempt, retryDelay);
+      let delay = calculateDelay(attempt, retryDelay, config.maxRetryDelay ?? 30000);
 
       if (config.retryOn429 && (error as any).response?.status === 429) {
         const headers = (error as any).response?.headers;

package/src/helpers/debug.ts

@@ -1,5 +1,5 @@
 import type { AccessioRequestConfig, AccessioResponse } from '../types';
-import AccessioError from '../core/accessioError';
+import AccessioError, { redactBody } from '../core/accessioError';
 
 function formatBytes(bytes: number): string {
   if (bytes === 0) return '0 B';
@@ -35,7 +35,12 @@ export function logRequest(config: AccessioRequestConfig, fullUrl: string): void
   }
 
   if (config.data && typeof config.data === 'object') {
-    const preview = JSON.stringify(config.data);
+    let preview: string;
+    try {
+      preview = JSON.stringify(redactBody(config.data));
+    } catch {
+      preview = '[unserializable body]';
+    }
     const truncated = preview.length > 200 ? `${preview.substring(0, 200)}...` : preview;
     parts.push(`   Body: ${truncated}`);
   }

package/src/helpers/flattenHeaders.ts

@@ -76,10 +76,13 @@ export function removeContentType(headers: Record<string, string | string[]>): v
 export function buildFetchHeaders(headers: Record<string, string | string[]>): Headers {
   const fetchHeaders = new Headers();
   for (const [key, value] of Object.entries(headers)) {
+    if (value === undefined || value === null) continue;
     assertSafeHeader(key, value);
     if (Array.isArray(value)) {
       for (const v of value) {
-        fetchHeaders.append(key, v);
+        if (v !== undefined && v !== null) {
+          fetchHeaders.append(key, v);
+        }
       }
     } else {
       fetchHeaders.set(key, value);

package/src/helpers/rateLimiter.ts

@@ -23,11 +23,15 @@ export function createRateLimiter(
   let destroyed = false;
   const queue: QueueItem[] = [];
 
-  function acquire(): Promise<void> {
+  function acquire(signal?: AbortSignal): Promise<void> {
     if (destroyed) {
       return Promise.reject(new Error('[Accessio] Rate limiter has been destroyed'));
     }
 
+    if (signal?.aborted) {
+      return Promise.reject(signal.reason || new Error('Request aborted'));
+    }
+
     if (active < maxConcurrent) {
       active++;
       return Promise.resolve();
@@ -40,7 +44,35 @@ export function createRateLimiter(
     }
 
     return new Promise((resolve, reject) => {
-      queue.push({ resolve, reject });
+      let onAbort: (() => void) | undefined;
+
+      const item = {
+        resolve: () => {
+          if (signal && onAbort) {
+            signal.removeEventListener('abort', onAbort);
+          }
+          resolve();
+        },
+        reject: (err: Error) => {
+          if (signal && onAbort) {
+            signal.removeEventListener('abort', onAbort);
+          }
+          reject(err);
+        },
+      };
+
+      queue.push(item);
+
+      if (signal) {
+        onAbort = () => {
+          const index = queue.indexOf(item);
+          if (index !== -1) {
+            queue.splice(index, 1);
+          }
+          reject(signal.reason || new Error('Request aborted'));
+        };
+        signal.addEventListener('abort', onAbort, { once: true });
+      }
     });
   }
 
@@ -85,7 +117,7 @@ export async function rateLimitedRequest<T = unknown>(
   limiter: RateLimiter,
   config: AccessioRequestConfig,
 ): Promise<AccessioResponse<T>> {
-  await limiter.acquire();
+  await limiter.acquire(config.signal);
   try {
     return await dispatchFn(config);
   } finally {

package/src/helpers/settle.ts

@@ -9,7 +9,7 @@ export default function settle(
 ): void {
   const validateStatus = config.validateStatus;
 
-  if (!response.status || !validateStatus || validateStatus(response.status)) {
+  if (!validateStatus || validateStatus(response.status)) {
     resolve(response);
   } else {
     const error = new AccessioError(