feat: implement TAPI retry handling - Phase 1 (State Machine Core) (#293)

* feat: add retry system data structures

- Add RetryState with pipeline state and batch metadata
- Add RetryConfig with rate limit and backoff configuration
- Add enums and sealed classes for decisions
- All immutable data classes with kotlinx.serialization support

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: add TimeProvider abstraction for testing

- TimeProvider interface for time access
- SystemTimeProvider for production
- FakeTimeProvider for deterministic tests

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: implement status code resolution with tests

- Add status code behavior resolution (overrides -> defaults)
- Handle retryable errors with exponential backoff
- Drop non-retryable errors
- Comprehensive test coverage for 4xx, 5xx, unknown codes

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: implement 429 rate limiting

- Add handleRateLimitResponse for global pipeline state
- Transition to RATE_LIMITED on 429
- Increment globalRetryCount, reset on success
- Clamp Retry-After to maxRetryInterval

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: implement shouldUploadBatch with upload gate logic

- Check global rate limiting (skip all batches)
- Check per-batch backoff time (skip this batch)
- Check max retries and duration (drop batch)
- Return explicit upload decisions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: implement getRetryCount for X-Retry-Count header

- Return max of per-batch failureCount and global retry count
- Return 0 for new batches (first attempt)
- Tests verify header value calculation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: implement legacy mode fallback

- When both configs disabled, revert to legacy behavior
- Try all batches on every flush
- Keep on 429/5xx, drop on 4xx (not 429)
- Emergency escape hatch if smart retry has bugs

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: address co-pilot review feedback

- Inject Random provider for deterministic backoff jitter
- Clear stale rate limit state when expired in shouldUploadBatch
- Rename retryAfterMs to waitUntilTimeMs for clarity
- Update test comment to clarify positive-only jitter
- Clamp backoff after jitter to enforce maxBackoffInterval hard ceiling

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: didiergarcia

core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryConfig.kt

@@ -0,0 +1,38 @@
+package com.segment.analytics.kotlin.core.retry
+
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class RetryConfig(
+    val rateLimitConfig: RateLimitConfig = RateLimitConfig(),
+    val backoffConfig: BackoffConfig = BackoffConfig()
+)
+
+@Serializable
+data class RateLimitConfig(
+    val enabled: Boolean = true,
+    val maxRetryCount: Int = 100,
+    val maxRetryInterval: Int = 300,
+    val maxTotalBackoffDuration: Long = 43200
+)
+
+@Serializable
+data class BackoffConfig(
+    val enabled: Boolean = true,
+    val maxRetryCount: Int = 100,
+    val baseBackoffInterval: Double = 0.5,
+    val maxBackoffInterval: Int = 300,
+    val maxTotalBackoffDuration: Long = 43200,
+    val jitterPercent: Int = 10,
+    val default4xxBehavior: RetryBehavior = RetryBehavior.DROP,
+    val default5xxBehavior: RetryBehavior = RetryBehavior.RETRY,
+    val unknownCodeBehavior: RetryBehavior = RetryBehavior.DROP,
+    val statusCodeOverrides: Map<Int, RetryBehavior> = mapOf(
+        408 to RetryBehavior.RETRY,
+        410 to RetryBehavior.RETRY,
+        429 to RetryBehavior.RETRY,
+        460 to RetryBehavior.RETRY,
+        501 to RetryBehavior.DROP,
+        505 to RetryBehavior.DROP
+    )
+)

core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryState.kt

@@ -0,0 +1,28 @@
+package com.segment.analytics.kotlin.core.retry
+
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class RetryState(
+    val pipelineState: PipelineState = PipelineState.READY,
+    val waitUntilTime: Long? = null,
+    val globalRetryCount: Int = 0,
+    val batchMetadata: Map<String, BatchMetadata> = emptyMap()
+) {
+    fun isRateLimited(currentTime: Long): Boolean =
+        pipelineState == PipelineState.RATE_LIMITED &&
+        waitUntilTime?.let { currentTime < it } == true
+}
+
+@Serializable
+data class BatchMetadata(
+    val failureCount: Int = 0,
+    val nextRetryTime: Long? = null,
+    val firstFailureTime: Long? = null
+) {
+    fun shouldRetry(currentTime: Long): Boolean =
+        nextRetryTime?.let { currentTime >= it } ?: true
+
+    fun exceedsMaxDuration(currentTime: Long, maxDuration: Long): Boolean =
+        firstFailureTime?.let { (currentTime - it) > maxDuration } ?: false
+}

core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryStateMachine.kt

@@ -0,0 +1,179 @@
+package com.segment.analytics.kotlin.core.retry
+
+import kotlin.random.Random
+
+class RetryStateMachine(
+    private val config: RetryConfig,
+    private val timeProvider: TimeProvider = SystemTimeProvider(),
+    private val random: Random = Random.Default
+) {
+    private val isLegacyMode: Boolean
+        get() = !config.rateLimitConfig.enabled && !config.backoffConfig.enabled
+
+    fun handleResponse(
+        state: RetryState,
+        response: ResponseInfo
+    ): RetryState {
+        // Legacy mode: both configs disabled
+        if (isLegacyMode) {
+            return when {
+                response.statusCode in 200..299 -> state.removeBatch(response.batchFile)
+                response.statusCode == 429 || response.statusCode in 500..599 -> state  // Keep
+                else -> state.removeBatch(response.batchFile)  // Drop on 4xx
+            }
+        }
+
+        val currentTime = response.currentTime
+        val behavior = resolveStatusCodeBehavior(response.statusCode)
+
+        return when {
+            response.statusCode in 200..299 -> {
+                state.copy(
+                    pipelineState = PipelineState.READY,
+                    waitUntilTime = null,
+                    globalRetryCount = 0,
+                    batchMetadata = state.batchMetadata - response.batchFile
+                )
+            }
+
+            response.statusCode == 429 && config.rateLimitConfig.enabled -> {
+                handleRateLimitResponse(state, response, currentTime)
+            }
+
+            behavior == RetryBehavior.RETRY && config.backoffConfig.enabled -> {
+                handleRetryableError(state, response, currentTime)
+            }
+
+            else -> {
+                state.removeBatch(response.batchFile)
+            }
+        }
+    }
+
+    private fun handleRateLimitResponse(
+        state: RetryState,
+        response: ResponseInfo,
+        currentTime: Long
+    ): RetryState {
+        val waitUntilTimeMs = calculateWaitUntilTimeMs(response.retryAfterSeconds, currentTime)
+
+        return state.copy(
+            pipelineState = PipelineState.RATE_LIMITED,
+            waitUntilTime = waitUntilTimeMs,
+            globalRetryCount = state.globalRetryCount + 1
+        )
+    }
+
+    private fun calculateWaitUntilTimeMs(retryAfterSeconds: Int?, currentTime: Long): Long {
+        val seconds = retryAfterSeconds?.coerceAtLeast(0) ?: config.rateLimitConfig.maxRetryInterval
+        val clampedSeconds = minOf(seconds, config.rateLimitConfig.maxRetryInterval)
+        return currentTime + (clampedSeconds * 1000L)
+    }
+
+    private fun handleRetryableError(
+        state: RetryState,
+        response: ResponseInfo,
+        currentTime: Long
+    ): RetryState {
+        val existingMetadata = state.batchMetadata[response.batchFile]
+        val newFailureCount = (existingMetadata?.failureCount ?: 0) + 1
+        val firstFailureTime = existingMetadata?.firstFailureTime ?: currentTime
+        val nextRetryTime = currentTime + calculateBackoffMs(newFailureCount)
+
+        val newMetadata = BatchMetadata(
+            failureCount = newFailureCount,
+            nextRetryTime = nextRetryTime,
+            firstFailureTime = firstFailureTime
+        )
+
+        return state.copy(
+            batchMetadata = state.batchMetadata + (response.batchFile to newMetadata)
+        )
+    }
+
+    private fun calculateBackoffMs(failureCount: Int): Long {
+        val base = config.backoffConfig.baseBackoffInterval * 1000
+        val max = config.backoffConfig.maxBackoffInterval * 1000L
+
+        val exponentialBackoff = base * Math.pow(2.0, (failureCount - 1).toDouble())
+        val cappedBackoff = minOf(exponentialBackoff, max.toDouble())
+
+        val jitterAmount = cappedBackoff * (config.backoffConfig.jitterPercent / 100.0)
+        val jitter = (random.nextDouble() * jitterAmount).toLong()
+
+        return minOf(cappedBackoff + jitter, max.toDouble()).toLong()
+    }
+
+    fun shouldUploadBatch(
+        state: RetryState,
+        batchFile: String
+    ): Pair<UploadDecision, RetryState> {
+        // Legacy mode: skip all smart retry logic
+        if (isLegacyMode) {
+            return UploadDecision.Proceed to state
+        }
+
+        val currentTime = timeProvider.currentTimeMillis()
+
+        // Check 1: Global rate limiting
+        if (state.isRateLimited(currentTime)) {
+            return UploadDecision.SkipAllBatches to state
+        }
+
+        // Clear stale rate limit state if it has expired
+        val clearedState = if (state.pipelineState == PipelineState.RATE_LIMITED &&
+                               state.waitUntilTime != null &&
+                               currentTime >= state.waitUntilTime) {
+            state.copy(
+                pipelineState = PipelineState.READY,
+                waitUntilTime = null
+            )
+        } else {
+            state
+        }
+
+        // Check 2: Per-batch metadata
+        val metadata = clearedState.batchMetadata[batchFile]
+        if (metadata != null) {
+            // Check retry count limit (must be checked before duration per spec)
+            if (config.backoffConfig.enabled &&
+                metadata.failureCount >= config.backoffConfig.maxRetryCount) {
+                return UploadDecision.DropBatch(DropReason.MAX_RETRIES_EXCEEDED) to
+                       clearedState.removeBatch(batchFile)
+            }
+
+            // Check duration limit
+            if (config.backoffConfig.enabled &&
+                metadata.exceedsMaxDuration(currentTime, config.backoffConfig.maxTotalBackoffDuration * 1000)) {
+                return UploadDecision.DropBatch(DropReason.MAX_DURATION_EXCEEDED) to
+                       clearedState.removeBatch(batchFile)
+            }
+
+            // Check if backoff time has passed
+            if (config.backoffConfig.enabled && !metadata.shouldRetry(currentTime)) {
+                return UploadDecision.SkipThisBatch to clearedState
+            }
+        }
+
+        return UploadDecision.Proceed to clearedState
+    }
+
+    fun getRetryCount(state: RetryState, batchFile: String): Int {
+        val batchRetryCount = state.batchMetadata[batchFile]?.failureCount ?: 0
+        return maxOf(batchRetryCount, state.globalRetryCount)
+    }
+
+    private fun resolveStatusCodeBehavior(code: Int): RetryBehavior {
+        config.backoffConfig.statusCodeOverrides[code]?.let { return it }
+
+        return when (code) {
+            in 400..499 -> config.backoffConfig.default4xxBehavior
+            in 500..599 -> config.backoffConfig.default5xxBehavior
+            else -> config.backoffConfig.unknownCodeBehavior
+        }
+    }
+}
+
+private fun RetryState.removeBatch(batchFile: String): RetryState {
+    return copy(batchMetadata = batchMetadata - batchFile)
+}

core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryTypes.kt

@@ -0,0 +1,37 @@
+package com.segment.analytics.kotlin.core.retry
+
+import kotlinx.serialization.Serializable
+
+@Serializable
+enum class PipelineState {
+    READY,
+    RATE_LIMITED
+}
+
+@Serializable
+enum class RetryBehavior {
+    RETRY,
+    DROP
+}
+
+@Serializable
+enum class DropReason {
+    MAX_RETRIES_EXCEEDED,
+    MAX_DURATION_EXCEEDED,
+    NON_RETRYABLE_ERROR
+}
+
+sealed class UploadDecision {
+    object Proceed : UploadDecision()
+    object SkipThisBatch : UploadDecision()
+    object SkipAllBatches : UploadDecision()
+    data class DropBatch(val reason: DropReason) : UploadDecision()
+}
+
+@Serializable
+data class ResponseInfo(
+    val statusCode: Int,
+    val retryAfterSeconds: Int? = null,
+    val batchFile: String,
+    val currentTime: Long
+)

core/src/main/java/com/segment/analytics/kotlin/core/retry/TimeProvider.kt

@@ -0,0 +1,9 @@
+package com.segment.analytics.kotlin.core.retry
+
+interface TimeProvider {
+    fun currentTimeMillis(): Long
+}
+
+class SystemTimeProvider : TimeProvider {
+    override fun currentTimeMillis(): Long = System.currentTimeMillis()
+}

core/src/test/kotlin/com/segment/analytics/kotlin/core/retry/FakeTimeProvider.kt

@@ -0,0 +1,13 @@
+package com.segment.analytics.kotlin.core.retry
+
+class FakeTimeProvider(private var currentTime: Long = 0L) : TimeProvider {
+    override fun currentTimeMillis(): Long = currentTime
+
+    fun setTime(millis: Long) {
+        currentTime = millis
+    }
+
+    fun advanceBy(millis: Long) {
+        currentTime += millis
+    }
+}