diff --git a/documentation/TODO__Agents.md b/documentation/TODO__Agents.md index cf667a33..41cccf31 100644 --- a/documentation/TODO__Agents.md +++ b/documentation/TODO__Agents.md @@ -160,8 +160,8 @@ below. The TTL + `verify_in_flight` guards are the current mitigation. **Status:** ✅ Completed (2026-05-21) Recent API helper fixes restored retry/backoff for transient network `TypeError` failures. -Current remaining gap: timeout-triggered aborts are treated the same as intentional/user -aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object.ts`. +Timeout-triggered aborts are now handled separately from intentional/user aborts so the +retry loop behavior is correct. **Decision (for now):** Keep the global default timeout at **20s**. @@ -171,6 +171,7 @@ aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object. - **Timeout abort** (helper timer): retryable via existing retry loop - Timeout classification added with per-attempt timeout flag (not `AbortError` name-only logic). - Backoff behavior retained for retryable failures (`2s -> 4s -> 6s -> 8s`, cap 8s). +- Existing fail-fast class retained for 400/401/403/422, with auth-expired store signaling on 401/403. - Validation done: - `npx svelte-check` clean - API Playwright tests updated/fixed and passing (`v3_api_security.modern`, `v3_api_nested_crud`) @@ -198,31 +199,39 @@ aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object. --- ### [API] PATCH/DELETE retry hardening — parity with GET/POST -**Status:** 🚧 In progress (PATCH first, then DELETE) +**Status:** ✅ Completed (2026-05-21) -Current behavior in `api_patch_object.ts` and `api_delete_object.ts` has retry loops, -but does not yet have GET/POST parity for abort classification and backoff policy. +PATCH and DELETE now implement the same retry-classification model used in GET/POST, +including timeout abort separation and capped retry backoff. -**Plan (sequenced):** -- **Step 1 (now): PATCH parity** - - Add timeout-vs-intentional abort separation. - - Retry only timeout/network transient class. - - Keep fail-fast behavior for 400/401/403/422. - - Add capped backoff (`2s -> 4s -> 6s -> 8s`). -- **Step 2 (after PATCH validation): DELETE parity** - - Apply same classification and backoff strategy. - - Preserve existing delete semantics for client/auth failures. +**Implemented:** +- PATCH: + - Per-attempt timeout controller with explicit timeout-abort flag. + - Retries timeout/network transient failures only. + - Intentional caller aborts fail fast (no retry). + - Fail-fast retained for 400/401/403/422. + - Backoff capped at `2s -> 4s -> 6s -> 8s`. +- DELETE: + - Same timeout-vs-intentional abort separation. + - Same retry class for timeout/network transient failures. + - Same caller-abort fail-fast behavior. + - Explicit fail-fast for 400/401/403/422. + - Backoff capped at `2s -> 4s -> 6s -> 8s`. **Mutation safety note:** - PATCH/DELETE can have ambiguous commit state on timeout. Current policy is conservative: retries target obvious transient failure class (timeout/network), while caller aborts remain fail-fast to avoid duplicate side effects during navigation/unmount flows. +**Primary files:** +- `src/lib/ae_api/api_patch_object.ts` +- `src/lib/ae_api/api_delete_object.ts` + **Acceptance criteria:** -- PATCH and DELETE timeout-aborts retry under capped backoff. -- Caller/navigation aborts do not retry. -- No regression for 400/401/403/422 fail-fast behavior. -- `npx svelte-check` clean, API-focused Playwright tests remain green. +- ✅ PATCH and DELETE timeout-aborts retry under capped backoff. +- ✅ Caller/navigation aborts do not retry. +- ✅ No regression for 400/401/403/422 fail-fast behavior. +- ✅ `npx svelte-check` clean, API-focused Playwright tests remained green during rollout. ---