fix: guard close race and error overwrite in cache-only init

Two subtle bugs in the cache-only exhaustion branch:

1. Close race: if close() runs before runInitializers starts, the loop
   was skipped entirely and the exhaustion branch fired VALID and marked
   the start() promise resolved, where it should reject with "closed
   before initialization completed." Add an early return when closed is
   set before the exhaustion branch.

2. VALID-over-error: the branch unconditionally requested VALID on cache
   miss. Today's default CacheInitializer never emits error statuses, but
   a custom cache-marked factory could. Track errorReportedDuringInit
   from the interrupted/terminal_error cases and skip the VALID request
   when an error was reported.

Adds regression tests for both paths: close-before-init rejects and
emits no VALID, and a cache-only factory emitting interrupted leaves
the error status intact.

Author: kinyoklion

packages/shared/sdk-client/__tests__/datasource/fdv2/FDv2DataSource.test.ts

@@ -193,6 +193,62 @@ it('does not overwrite an error status when a later initializer fails after data
   ds.close();
 });
 
+it('rejects start() when close() is called before cache-only initialization runs', async () => {
+  // Race: close() happens before the runInitializers microtask starts.
+  // The cache-only success path must not fire a spurious VALID or resolve
+  // the start() promise; it must reject with "closed before initialization".
+  const dataCallback = jest.fn();
+  const statusManager = makeStatusManager();
+  const nonePayload = makePayload({ type: 'none' });
+
+  const ds = createFDv2DataSource({
+    initializerFactories: [
+      makeCacheInitFactory(makeMockInitializer(changeSet(nonePayload, false))),
+    ],
+    synchronizerSlots: [],
+    dataCallback,
+    statusManager,
+    selectorGetter: noSelector,
+  });
+
+  const startPromise = ds.start().catch((e) => e);
+  ds.close();
+  const error = await startPromise;
+
+  expect(error).toBeInstanceOf(Error);
+  expect((error as Error).message).toContain('closed before initialization');
+  expect(statusManager.requestStateUpdate).not.toHaveBeenCalledWith('VALID');
+});
+
+it('does not overwrite error status when a cache-only initializer reports interrupted', async () => {
+  // Latent guard: even though the default CacheInitializer never emits
+  // interrupted/terminal_error, a custom cache-marked factory could.
+  // The cache-only exhaustion branch must not overwrite the reported
+  // error status with VALID.
+  const dataCallback = jest.fn();
+  const statusManager = makeStatusManager();
+  const logger = makeLogger();
+
+  const ds = createFDv2DataSource({
+    initializerFactories: [
+      makeCacheInitFactory(makeMockInitializer(interrupted(makeErrorInfo(), false))),
+    ],
+    synchronizerSlots: [],
+    dataCallback,
+    statusManager,
+    selectorGetter: noSelector,
+    logger,
+  });
+
+  // Initialization still completes (cache-only mode is always ready) but
+  // without overriding the reported error status.
+  await ds.start();
+
+  expect(statusManager.reportError).toHaveBeenCalled();
+  expect(statusManager.requestStateUpdate).not.toHaveBeenCalledWith('VALID');
+  ds.close();
+});
+
 it('rejects when a cache initializer is followed by a non-cache initializer and neither delivers data', async () => {
   // Cache initializer misses (transfer-none) and a non-cache initializer
   // also returns transfer-none. Because the chain includes a non-cache

packages/shared/sdk-client/src/datasource/fdv2/FDv2DataSource.ts

@@ -145,6 +145,11 @@ export function createFDv2DataSource(config: FDv2DataSourceConfig): FDv2DataSour
   // The orchestration loops intentionally use await-in-loop for sequential
   // state machine processing — one result at a time.
   async function runInitializers(): Promise<void> {
+    // Tracks whether any initializer reported interrupted/terminal_error.
+    // Used below so the cache-only exhaustion branch does not overwrite
+    // that error status with VALID.
+    let errorReportedDuringInit = false;
+
     while (!closed) {
       const initializer = sourceManager.getNextInitializerAndSetActive();
       if (initializer === undefined) {
@@ -181,6 +186,7 @@ export function createFDv2DataSource(config: FDv2DataSourceConfig): FDv2DataSour
           case 'terminal_error':
             logger?.warn(`Initializer failed: ${result.errorInfo?.message ?? 'unknown error'}`);
             reportStatusError(result);
+            errorReportedDuringInit = true;
             break;
           case 'shutdown':
             return;
@@ -194,13 +200,23 @@ export function createFDv2DataSource(config: FDv2DataSourceConfig): FDv2DataSour
       }
     }
 
+    // close() between the last loop iteration and the exhaustion branch.
+    // Exit without marking initialized or emitting a spurious VALID; the
+    // start() promise will be rejected by the post-orchestration handler
+    // with "closed before initialization completed."
+    if (closed) {
+      return;
+    }
+
     // All initializers exhausted.
     if (cacheOnlyDataSystem) {
       // Cache-only data system with no synchronizer to produce a VALID
-      // status on its own. On a cache miss, nothing else has asserted
-      // VALID yet, so do it here. On a cache hit, applyChangeSet already
-      // asserted VALID -- skip the redundant call for idempotence.
-      if (!dataReceived) {
+      // status on its own. On a cache miss with no errors, nothing else
+      // has asserted VALID yet, so do it here. Skip the update if:
+      //   - dataReceived (cache hit): applyChangeSet already asserted VALID.
+      //   - errorReportedDuringInit: reportError set an error status that
+      //     must not be silently overwritten.
+      if (!dataReceived && !errorReportedDuringInit) {
         statusManager.requestStateUpdate('VALID');
       }
       markInitialized();