docs: align API retry hardening status with implemented helpers
This commit is contained in:
Scott Idem
@@ -160,8 +160,8 @@ below. The TTL + `verify_in_flight` guards are the current mitigation.
|
|||||||
**Status:** ✅ Completed (2026-05-21)
|
**Status:** ✅ Completed (2026-05-21)
|
||||||
|
|
||||||
Recent API helper fixes restored retry/backoff for transient network `TypeError` failures.
|
Recent API helper fixes restored retry/backoff for transient network `TypeError` failures.
|
||||||
Current remaining gap: timeout-triggered aborts are treated the same as intentional/user
|
Timeout-triggered aborts are now handled separately from intentional/user aborts so the
|
||||||
aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object.ts`.
|
retry loop behavior is correct.
|
||||||
|
|
||||||
**Decision (for now):** Keep the global default timeout at **20s**.
|
**Decision (for now):** Keep the global default timeout at **20s**.
|
||||||
|
|
||||||
@@ -171,6 +171,7 @@ aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object.
|
|||||||
- **Timeout abort** (helper timer): retryable via existing retry loop
|
- **Timeout abort** (helper timer): retryable via existing retry loop
|
||||||
- Timeout classification added with per-attempt timeout flag (not `AbortError` name-only logic).
|
- Timeout classification added with per-attempt timeout flag (not `AbortError` name-only logic).
|
||||||
- Backoff behavior retained for retryable failures (`2s -> 4s -> 6s -> 8s`, cap 8s).
|
- Backoff behavior retained for retryable failures (`2s -> 4s -> 6s -> 8s`, cap 8s).
|
||||||
|
- Existing fail-fast class retained for 400/401/403/422, with auth-expired store signaling on 401/403.
|
||||||
- Validation done:
|
- Validation done:
|
||||||
- `npx svelte-check` clean
|
- `npx svelte-check` clean
|
||||||
- API Playwright tests updated/fixed and passing (`v3_api_security.modern`, `v3_api_nested_crud`)
|
- API Playwright tests updated/fixed and passing (`v3_api_security.modern`, `v3_api_nested_crud`)
|
||||||
@@ -198,31 +199,39 @@ aborts, so retries are skipped in both `api_get_object.ts` and `api_post_object.
|
|||||||
---
|
---
|
||||||
|
|
||||||
### [API] PATCH/DELETE retry hardening — parity with GET/POST
|
### [API] PATCH/DELETE retry hardening — parity with GET/POST
|
||||||
**Status:** 🚧 In progress (PATCH first, then DELETE)
|
**Status:** ✅ Completed (2026-05-21)
|
||||||
|
|
||||||
Current behavior in `api_patch_object.ts` and `api_delete_object.ts` has retry loops,
|
PATCH and DELETE now implement the same retry-classification model used in GET/POST,
|
||||||
but does not yet have GET/POST parity for abort classification and backoff policy.
|
including timeout abort separation and capped retry backoff.
|
||||||
|
|
||||||
**Plan (sequenced):**
|
**Implemented:**
|
||||||
- **Step 1 (now): PATCH parity**
|
- PATCH:
|
||||||
- Add timeout-vs-intentional abort separation.
|
- Per-attempt timeout controller with explicit timeout-abort flag.
|
||||||
- Retry only timeout/network transient class.
|
- Retries timeout/network transient failures only.
|
||||||
- Keep fail-fast behavior for 400/401/403/422.
|
- Intentional caller aborts fail fast (no retry).
|
||||||
- Add capped backoff (`2s -> 4s -> 6s -> 8s`).
|
- Fail-fast retained for 400/401/403/422.
|
||||||
- **Step 2 (after PATCH validation): DELETE parity**
|
- Backoff capped at `2s -> 4s -> 6s -> 8s`.
|
||||||
- Apply same classification and backoff strategy.
|
- DELETE:
|
||||||
- Preserve existing delete semantics for client/auth failures.
|
- Same timeout-vs-intentional abort separation.
|
||||||
|
- Same retry class for timeout/network transient failures.
|
||||||
|
- Same caller-abort fail-fast behavior.
|
||||||
|
- Explicit fail-fast for 400/401/403/422.
|
||||||
|
- Backoff capped at `2s -> 4s -> 6s -> 8s`.
|
||||||
|
|
||||||
**Mutation safety note:**
|
**Mutation safety note:**
|
||||||
- PATCH/DELETE can have ambiguous commit state on timeout. Current policy is conservative:
|
- PATCH/DELETE can have ambiguous commit state on timeout. Current policy is conservative:
|
||||||
retries target obvious transient failure class (timeout/network), while caller aborts remain
|
retries target obvious transient failure class (timeout/network), while caller aborts remain
|
||||||
fail-fast to avoid duplicate side effects during navigation/unmount flows.
|
fail-fast to avoid duplicate side effects during navigation/unmount flows.
|
||||||
|
|
||||||
|
**Primary files:**
|
||||||
|
- `src/lib/ae_api/api_patch_object.ts`
|
||||||
|
- `src/lib/ae_api/api_delete_object.ts`
|
||||||
|
|
||||||
**Acceptance criteria:**
|
**Acceptance criteria:**
|
||||||
- PATCH and DELETE timeout-aborts retry under capped backoff.
|
- ✅ PATCH and DELETE timeout-aborts retry under capped backoff.
|
||||||
- Caller/navigation aborts do not retry.
|
- ✅ Caller/navigation aborts do not retry.
|
||||||
- No regression for 400/401/403/422 fail-fast behavior.
|
- ✅ No regression for 400/401/403/422 fail-fast behavior.
|
||||||
- `npx svelte-check` clean, API-focused Playwright tests remain green.
|
- ✅ `npx svelte-check` clean, API-focused Playwright tests remained green during rollout.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user