feat: implement TAPI retry handling - Phase 2 (Settings Integration) (#295)

didiergarcia · claude · web-flow · commit a2636de83d8b · 2026-02-25T12:44:04.000-05:00
* feat: implement Phase 2 - Settings Integration

Task 9: Add httpConfig field to SegmentSettings
- Added httpConfig: JsonObject? field to SegmentSettings data class
- Imported kotlinx.serialization.json.JsonObject

Task 10: Create RetryConfigParser with defensive parsing
- Parse httpConfig JSON from CDN into RetryConfig
- Comprehensive defensive error handling:
  * Returns defaults on null/corrupt JSON
  * Clamps all numeric values to safe ranges
  * Validates retry behaviors and status codes
  * Never throws exceptions
- 17 tests covering:
  * Default handling
  * Value clamping
  * Status code overrides
  * Error recovery
  * Partial configurations

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;

* docs: clarify statusCodeOverrides empty object behavior

Document that an empty statusCodeOverrides JSON object {} intentionally
clears all defaults, allowing the CDN to remove overrides when needed.
This differs from other fields but is the desired behavior.

Addresses low-confidence copilot review comment.

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;

* refactor: rename maxTotalBackoffDuration to maxRateLimitDuration in RateLimitConfig

Renamed for clarity since 'backoff duration' semantically belongs to
exponential backoff (5xx), not rate limiting (429).

- RateLimitConfig.maxTotalBackoffDuration → maxRateLimitDuration
- Updated parser to use new field name
- All tests pass

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;

* refactor: replace RetryConfigParser with HttpConfig data class and custom serializer

Address PR review feedback to use typed data class instead of manual JSON parsing.

Changes:
- Created HttpConfig data class with custom serializer
- Added validation methods to RateLimitConfig and BackoffConfig
- Updated SegmentSettings to use HttpConfig instead of JsonObject
- Deleted RetryConfigParser (manual parsing no longer needed)
- Created HttpConfigTest with 16 tests (covers validation and error handling)
- Deleted RetryConfigParserTest (replaced by HttpConfigTest)

Benefits:
- Type-safe access to config properties (httpConfig.rateLimitConfig.enabled)
- Automatic deserialization via kotlinx.serialization
- Still provides defensive error handling via custom serializer
- Maintains value clamping and validation
- Cleaner code following codebase patterns

Custom serializer ensures:
- Corrupt JSON → returns default HttpConfig()
- Out-of-range values → automatically clamped
- Never throws exceptions

All tests pass (16 new validation tests + 24 existing state machine tests)

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/core/src/main/java/com/segment/analytics/kotlin/core/platform/plugins/SegmentDestination.kt b/core/src/main/java/com/segment/analytics/kotlin/core/platform/plugins/SegmentDestination.kt
@@ -8,14 +8,16 @@ import com.segment.analytics.kotlin.core.platform.VersionedPlugin
 import com.segment.analytics.kotlin.core.platform.policies.CountBasedFlushPolicy
 import com.segment.analytics.kotlin.core.platform.policies.FlushPolicy
 import com.segment.analytics.kotlin.core.platform.policies.FrequencyFlushPolicy
+import com.segment.analytics.kotlin.core.retry.HttpConfig
 import kotlinx.coroutines.launch
 import kotlinx.serialization.Serializable
 import sovran.kotlin.Subscriber
 
 @Serializable
 data class SegmentSettings(
     var apiKey: String,
-    var apiHost: String? = null
+    var apiHost: String? = null,
+    var httpConfig: HttpConfig? = null
 )
 
 /**
diff --git a/core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryConfig.kt b/core/src/main/java/com/segment/analytics/kotlin/core/retry/RetryConfig.kt
@@ -1,6 +1,10 @@
 package com.segment.analytics.kotlin.core.retry
 
-import kotlinx.serialization.Serializable
+import kotlinx.serialization.*
+import kotlinx.serialization.descriptors.SerialDescriptor
+import kotlinx.serialization.encoding.Decoder
+import kotlinx.serialization.encoding.Encoder
+import kotlinx.serialization.json.*
 
 @Serializable
 data class RetryConfig(
@@ -13,8 +17,17 @@ data class RateLimitConfig(
     val enabled: Boolean = true,
     val maxRetryCount: Int = 100,
     val maxRetryInterval: Int = 300,
-    val maxTotalBackoffDuration: Long = 43200
-)
+    val maxRateLimitDuration: Long = 43200
+) {
+    /**
+     * Validate and clamp all numeric values to safe ranges.
+     */
+    fun validated(): RateLimitConfig = copy(
+        maxRetryCount = maxRetryCount.coerceIn(0, 1000),
+        maxRetryInterval = maxRetryInterval.coerceIn(1, 3600),
+        maxRateLimitDuration = maxRateLimitDuration.coerceIn(0, 604800)
+    )
+}
 
 @Serializable
 data class BackoffConfig(
@@ -35,4 +48,80 @@ data class BackoffConfig(
         501 to RetryBehavior.DROP,
         505 to RetryBehavior.DROP
     )
+) {
+    /**
+     * Validate and clamp all numeric values to safe ranges.
+     * Filter status code overrides to valid range (100-599).
+     */
+    fun validated(): BackoffConfig = copy(
+        maxRetryCount = maxRetryCount.coerceIn(0, 1000),
+        baseBackoffInterval = baseBackoffInterval.coerceIn(0.1, 60.0),
+        maxBackoffInterval = maxBackoffInterval.coerceIn(1, 3600),
+        maxTotalBackoffDuration = maxTotalBackoffDuration.coerceIn(0, 604800),
+        jitterPercent = jitterPercent.coerceIn(0, 50),
+        statusCodeOverrides = statusCodeOverrides.filterKeys { it in 100..599 }
+    )
+}
+
+/**
+ * HTTP configuration for retry handling, parsed from CDN settings.
+ *
+ * Uses custom serializer to provide defensive error handling:
+ * - Corrupt JSON gracefully falls back to defaults
+ * - All numeric values are automatically clamped to safe ranges
+ * - Invalid status codes are filtered out
+ */
+@Serializable(with = HttpConfigSerializer::class)
+data class HttpConfig(
+    val rateLimitConfig: RateLimitConfig = RateLimitConfig(),
+    val backoffConfig: BackoffConfig = BackoffConfig()
 )
+
+/**
+ * Custom serializer for HttpConfig that provides defensive error handling.
+ *
+ * On deserialization:
+ * - Validates and clamps all numeric values to safe ranges
+ * - Returns default HttpConfig on any SerializationException
+ * - Never throws exceptions
+ */
+object HttpConfigSerializer : KSerializer<HttpConfig> {
+    @Serializable
+    @SerialName("HttpConfig")
+    private data class HttpConfigSurrogate(
+        val rateLimitConfig: RateLimitConfig = RateLimitConfig(),
+        val backoffConfig: BackoffConfig = BackoffConfig()
+    )
+
+    private val json = Json { ignoreUnknownKeys = true; isLenient = true }
+
+    override val descriptor: SerialDescriptor = HttpConfigSurrogate.serializer().descriptor
+
+    override fun serialize(encoder: Encoder, value: HttpConfig) {
+        val surrogate = HttpConfigSurrogate(
+            rateLimitConfig = value.rateLimitConfig,
+            backoffConfig = value.backoffConfig
+        )
+        encoder.encodeSerializableValue(HttpConfigSurrogate.serializer(), surrogate)
+    }
+
+    override fun deserialize(decoder: Decoder): HttpConfig {
+        return try {
+            // Decode as JsonElement first for more defensive parsing
+            val element = decoder.decodeSerializableValue(JsonElement.serializer())
+            if (element !is JsonObject) {
+                return HttpConfig()
+            }
+
+            // Try to deserialize from the JsonElement
+            val surrogate = json.decodeFromJsonElement(HttpConfigSurrogate.serializer(), element)
+            HttpConfig(
+                rateLimitConfig = surrogate.rateLimitConfig.validated(),
+                backoffConfig = surrogate.backoffConfig.validated()
+            )
+        } catch (e: Exception) {
+            // Any parse error → return defaults
+            HttpConfig()
+        }
+    }
+}
diff --git a/core/src/test/kotlin/com/segment/analytics/kotlin/core/retry/HttpConfigTest.kt b/core/src/test/kotlin/com/segment/analytics/kotlin/core/retry/HttpConfigTest.kt
@@ -0,0 +1,225 @@
+package com.segment.analytics.kotlin.core.retry
+
+import kotlinx.serialization.json.*
+import org.junit.jupiter.api.Assertions.*
+import org.junit.jupiter.api.Test
+
+class HttpConfigTest {
+
+    @Test
+    fun `HttpConfig deserializes from valid JSON`() {
+        val json = """
+            {
+              "rateLimitConfig": {
+                "enabled": true,
+                "maxRetryCount": 50,
+                "maxRetryInterval": 600,
+                "maxRateLimitDuration": 7200
+              },
+              "backoffConfig": {
+                "enabled": true,
+                "maxRetryCount": 25,
+                "baseBackoffInterval": 1.0,
+                "maxBackoffInterval": 600,
+                "maxTotalBackoffDuration": 3600,
+                "jitterPercent": 20,
+                "default4xxBehavior": "DROP",
+                "default5xxBehavior": "RETRY",
+                "unknownCodeBehavior": "DROP",
+                "statusCodeOverrides": {
+                  "408": "RETRY",
+                  "501": "DROP"
+                }
+              }
+            }
+        """.trimIndent()
+
+        val config = Json.decodeFromString<HttpConfig>(json)
+
+        assertEquals(true, config.rateLimitConfig.enabled)
+        assertEquals(50, config.rateLimitConfig.maxRetryCount)
+        assertEquals(600, config.rateLimitConfig.maxRetryInterval)
+        assertEquals(7200L, config.rateLimitConfig.maxRateLimitDuration)
+
+        assertEquals(true, config.backoffConfig.enabled)
+        assertEquals(25, config.backoffConfig.maxRetryCount)
+        assertEquals(1.0, config.backoffConfig.baseBackoffInterval)
+        assertEquals(600, config.backoffConfig.maxBackoffInterval)
+        assertEquals(3600L, config.backoffConfig.maxTotalBackoffDuration)
+        assertEquals(20, config.backoffConfig.jitterPercent)
+        assertEquals(RetryBehavior.RETRY, config.backoffConfig.statusCodeOverrides[408])
+        assertEquals(RetryBehavior.DROP, config.backoffConfig.statusCodeOverrides[501])
+    }
+
+    @Test
+    fun `HttpConfig returns defaults on corrupt JSON`() {
+        val json = """{"rateLimitConfig": "not an object"}"""
+
+        val config = Json.decodeFromString<HttpConfig>(json)
+
+        // Should return defaults without throwing
+        assertEquals(true, config.rateLimitConfig.enabled)
+        assertEquals(100, config.rateLimitConfig.maxRetryCount)
+        assertEquals(true, config.backoffConfig.enabled)
+    }
+
+    @Test
+    fun `HttpConfig returns defaults on empty JSON`() {
+        val json = "{}"
+
+        val config = Json.decodeFromString<HttpConfig>(json)
+
+        assertEquals(true, config.rateLimitConfig.enabled)
+        assertEquals(100, config.rateLimitConfig.maxRetryCount)
+        assertEquals(true, config.backoffConfig.enabled)
+    }
+
+    @Test
+    fun `HttpConfig handles partial configuration`() {
+        val json = """
+            {
+              "rateLimitConfig": {
+                "maxRetryCount": 75
+              }
+            }
+        """.trimIndent()
+
+        val config = Json.decodeFromString<HttpConfig>(json)
+
+        assertEquals(75, config.rateLimitConfig.maxRetryCount)
+        assertEquals(300, config.rateLimitConfig.maxRetryInterval) // Default
+        assertEquals(true, config.backoffConfig.enabled) // Default
+    }
+
+    @Test
+    fun `RateLimitConfig validation clamps maxRetryCount`() {
+        val config = RateLimitConfig(maxRetryCount = 2000)
+        val validated = config.validated()
+
+        assertEquals(1000, validated.maxRetryCount) // Clamped to max
+    }
+
+    @Test
+    fun `RateLimitConfig validation clamps maxRetryInterval to max`() {
+        val config = RateLimitConfig(maxRetryInterval = 5000)
+        val validated = config.validated()
+
+        assertEquals(3600, validated.maxRetryInterval) // Clamped to 1 hour
+    }
+
+    @Test
+    fun `RateLimitConfig validation clamps maxRetryInterval to min`() {
+        val config = RateLimitConfig(maxRetryInterval = 0)
+        val validated = config.validated()
+
+        assertEquals(1, validated.maxRetryInterval) // Clamped to 1 second
+    }
+
+    @Test
+    fun `RateLimitConfig validation clamps maxRateLimitDuration`() {
+        val config = RateLimitConfig(maxRateLimitDuration = 1000000)
+        val validated = config.validated()
+
+        assertEquals(604800, validated.maxRateLimitDuration) // Clamped to 1 week
+    }
+
+    @Test
+    fun `BackoffConfig validation clamps maxRetryCount`() {
+        val config = BackoffConfig(maxRetryCount = 2000)
+        val validated = config.validated()
+
+        assertEquals(1000, validated.maxRetryCount) // Clamped to max
+    }
+
+    @Test
+    fun `BackoffConfig validation clamps baseBackoffInterval to max`() {
+        val config = BackoffConfig(baseBackoffInterval = 100.0)
+        val validated = config.validated()
+
+        assertEquals(60.0, validated.baseBackoffInterval) // Clamped to 60 seconds
+    }
+
+    @Test
+    fun `BackoffConfig validation clamps baseBackoffInterval to min`() {
+        val config = BackoffConfig(baseBackoffInterval = 0.05)
+        val validated = config.validated()
+
+        assertEquals(0.1, validated.baseBackoffInterval) // Clamped to 100ms
+    }
+
+    @Test
+    fun `BackoffConfig validation clamps jitterPercent`() {
+        val config = BackoffConfig(jitterPercent = 100)
+        val validated = config.validated()
+
+        assertEquals(50, validated.jitterPercent) // Clamped to 50%
+    }
+
+    @Test
+    fun `BackoffConfig validation filters invalid status codes`() {
+        val config = BackoffConfig(
+            statusCodeOverrides = mapOf(
+                99 to RetryBehavior.RETRY,   // Below valid range
+                408 to RetryBehavior.RETRY,  // Valid
+                600 to RetryBehavior.RETRY   // Above valid range
+            )
+        )
+        val validated = config.validated()
+
+        assertNull(validated.statusCodeOverrides[99])
+        assertNull(validated.statusCodeOverrides[600])
+        assertEquals(RetryBehavior.RETRY, validated.statusCodeOverrides[408])
+    }
+
+    @Test
+    fun `BackoffConfig validation handles negative values`() {
+        val config = BackoffConfig(
+            maxRetryCount = -10,
+            baseBackoffInterval = -1.0,
+            jitterPercent = -5
+        )
+        val validated = config.validated()
+
+        assertEquals(0, validated.maxRetryCount) // Clamped to 0
+        assertEquals(0.1, validated.baseBackoffInterval) // Clamped to min
+        assertEquals(0, validated.jitterPercent) // Clamped to 0
+    }
+
+    @Test
+    fun `HttpConfig automatic validation clamps out-of-range values on deserialize`() {
+        val json = """
+            {
+              "rateLimitConfig": {
+                "maxRetryCount": 5000,
+                "maxRetryInterval": 10000
+              },
+              "backoffConfig": {
+                "jitterPercent": 200
+              }
+            }
+        """.trimIndent()
+
+        val config = Json.decodeFromString<HttpConfig>(json)
+
+        // Values should be automatically clamped during deserialization
+        assertEquals(1000, config.rateLimitConfig.maxRetryCount)
+        assertEquals(3600, config.rateLimitConfig.maxRetryInterval)
+        assertEquals(50, config.backoffConfig.jitterPercent)
+    }
+
+    @Test
+    fun `HttpConfig handles malformed JSON gracefully`() {
+        val malformedJsons = listOf(
+            """{"rateLimitConfig": []}""",  // Wrong type
+            """{"backoffConfig": 123}""",    // Wrong type
+            """{"rateLimitConfig": {"maxRetryCount": "invalid"}}"""  // Wrong value type
+        )
+
+        malformedJsons.forEach { json ->
+            val config = Json.decodeFromString<HttpConfig>(json)
+            // Should return defaults without throwing
+            assertNotNull(config)
+            assertEquals(100, config.rateLimitConfig.maxRetryCount)
+        }
+    }
+}
