feat(driver-web-cache): optimistic concurrency support (putIf + onChange)

[anthony-murphy]

Description

Adds two related primitives to FluidCache so that multiple browser tabs sharing the
same origin's IndexedDB can coordinate on persisted cache state. The motivating
scenario is offline pending-state storage where multiple tabs may race to persist
their version of the same key and the host wants to favor the active/dirty tab.

1. putIf(entry, value, shouldWrite) -- compare-and-swap write

The read of the existing entry and the conditional write happen in a single IndexedDB
readwrite transaction, so the decision sees a consistent view across tabs.

• shouldWrite(existing, proposed) is synchronous by design. IndexedDB
  transactions close automatically on any non-IDB await, which would silently break the
  atomicity that makes the compare-and-swap correct. This is documented in the JSDoc.
• existing is undefined when no entry exists for the key, when the existing
  entry belongs to a different partition, or when the entry is older than
  maxCacheItemAge -- matching the semantics of get.
• Returns true iff the write committed. Errors are logged and not thrown,
  matching put.
• Predicate exceptions are logged under a dedicated FluidCachePutIfPredicateError
  telemetry event (distinct from IDB-write failures under FluidCachePutError) and
  surfaced as false, after the transaction is aborted so the existing row is preserved.

2. events.on("change", listener) => unsubscribe -- cross-instance notifications

FluidCache instances now broadcast their mutations over a BroadcastChannel
(fluid-driver-cache:<guid>), so other FluidCache instances in the same browsing context
(typically other tabs) can observe changes. events is a standard Fluid Framework
Listenable; subscribe via cache.events.on("change", listener).

Event shape:

type FluidCacheChangeEvent =
    | { type: "put" | "remove"; partitionKey: string | null; fileId: string; entryType: string; cacheItemId: string }
    | { type: "removeFile"; fileId: string };

• put/remove events are filtered to the listener's partition (consistent with get).
• removeFile events are delivered unconditionally because removeEntries deletes
  rows regardless of partition.
• Cross-partition broadcast routing: the IDB key omits partitionKey, so a
  partition-A put/putIf/removeEntry can displace a partition-B row.
  put/putIf/removeEntry now read the existing record's partitionKey
  inside the same readwrite transaction, and when the row belonged to a different
  partition, also broadcast a remove event stamped with the displaced
  partition's key so its listeners are notified.
• BroadcastChannel does not echo to the sender, so a write does not invoke its own
  cache's listeners. Other instances (including in the same tab) do.
• If BroadcastChannel is unavailable, the events subscription is a no-op and writes
  do not broadcast.

3. dispose() -- lifecycle (strict contract)

Closes the BroadcastChannel, any open IndexedDB connection, and clears the close timer.
Idempotent. After dispose returns:

• Every public method (get, put, putIf, removeEntry, removeEntries)
  throws UsageError.
• Operations already in flight when dispose was called also reject with UsageError.
• The underlying IndexedDB connection is not lazily reopened by any in-flight call.
• events subscription remains valid but no events fire.

The two constructor scheduleIdleTask callbacks (storage estimate + delete-old-entries
maintenance) also short-circuit on disposed so a construct-then-immediately-dispose
sequence does not open IDB or perform maintenance writes.

The production BroadcastChannel is unref()-ed so an idle FluidCache does not
keep Node's event loop alive (no-op in browsers). This lets the package's mocha
config keep PR #27188's exit: true-free invariant.

All API surface is additive on the existing @legacy @beta class. Per-package type
tests mark Class_FluidCache forwardCompat: false to acknowledge that adding
methods to a class is a forward-compat type-break by definition.

Reviewer Guidance

The review process is outlined on this wiki page.

Specific things I'd appreciate eyes on:

• The IDB-transaction atomicity argument for putIf. The crucial invariant is that
  shouldWrite runs synchronously between tx.store.get and tx.store.put, so the
  transaction never yields to the event loop between the read and the decision. If you
  see a way that any await sneaks in there (e.g. via the predicate, the idb library's
  promise wrapping, or the existing?.partitionKey access), please flag it.
• The cross-partition broadcast policy (put/putIf/removeEntry emit an extra
  remove event stamped with the displaced partition's key). Confirm this matches the
  expectations of hosts that run multiple partitions per process.
• dispatchChangeEvent partition filtering: removeFile is delivered unconditionally,
  everything else gates on event.partitionKey === this.partitionKey. null === null
  is intentional.

[github-actions]

Hi! Thank you for opening this PR. Want me to review it?

Based on the diff (1348 lines, 11 files), I've queued these reviewers:

• Correctness — logic errors, race conditions, lifecycle issues
• Security — vulnerabilities, secret exposure, injection
• API Compatibility — breaking changes, release tags, type design
• Performance — algorithmic regressions, memory leaks
• Testing — coverage gaps, hollow tests

How this works

• Adjust the reviewer set by ticking/unticking boxes above. Reviewer toggles alone don't trigger anything.

• Tick Start review below to dispatch the review fleet.

• After review finishes, tick Start review again to request another run — it auto-resets after each dispatch.

• This comment updates as new commits land; your reviewer selections are preserved.

• Start review

[anthony-murphy]

Pushed d4e7a62 addressing the deep-review feedback.

Decisions made on the open questions:

1. Unified post-dispose contract (S2): all public methods (get, put, putIf, removeEntry, removeEntries, onChange) now throw UsageError after dispose. I went strict on get rather than lenient ΓÇö returning a sentinel undefined from a disposed cache is hard to distinguish from a normal miss, and the symmetric throw makes use-after-dispose bugs visible.

2. Resurrection race (S1): openDb checks this.disposed immediately after awaiting getFluidCacheIndexedDbInstance (both in the closeDbImmediately and persistent-db branches) and closes the just-acquired connection + throws. Combined with throwIfDisposed at the top of each public method and a re-check in the catch block, an in-flight put racing against dispose now always rejects with UsageError and the DB is never lazily reopened. Test added.

3. putIf cross-partition overwrite (Q3): kept the current ΓÇ£predicate sees undefined, true overwrites unconditionallyΓÇ¥ semantics ΓÇö putIf is a guarded put, not a more conservative one. put already overwrites foreign-partition rows; making putIf more cautious would create an asymmetry where consumers couldnΓÇÖt reliably write through putIf after a cross-partition cache pollution (e.g. user account switch). JSDoc and README now call this out explicitly.

4. putIf maxCacheItemAge (Q4): filtered to match get. Existing rows older than maxCacheItemAge are now surfaced to the predicate as undefined, so the predicateΓÇÖs view of ΓÇ£is there an existing value?ΓÇ¥ is consistent with get+put. Test added.

5. JSDoc at dispose(): updated to state the actual contract (throw on every other method, in-flight calls reject, no resurrection).

Build + lint + tests all green (74 passing, both immediateClose modes).

[anthony-murphy]

Deep Review: Thanks for the d4e7a62 push — the unified throwIfDisposed + the post-await re-check inside openDb() cleanly close the resurrection race and the asymmetric-contract concern, and the four answers (strict get, putIf cross-partition overwrite, maxCacheItemAge filtering, JSDoc rewrite) all make sense.

Two Tier 2 gaps in the same dispose-contract family survive on this SHA — posted as new inline threads rather than as replies to the resolved thread because they're different code anchors:

• S1 (success path): put / removeEntry / removeEntries set wrote/removed = true and broadcast after the awaited IDB write succeeds with no post-await throwIfDisposed. The catch-block rethrow you added covers errors, but a dispose() that lands mid-await db.put(...) lets the write commit and emits a "put"/"remove" event after teardown. The new "in-flight dispose race against an awaiting put" test exercises the erroring path, not the success path.
• S2 (constructor idle task): the existing scheduleIdleTask cleanup callback calls getFluidCacheIndexedDbInstance(this.logger) directly, bypassing the new openDb() dispose guard. Construct → immediate-dispose() → wait-for-idle still triggers an IDB open + maintenance write, contradicting the "not lazily reopened" guarantee.

Both are localized — throwIfDisposed() immediately after the awaited write in S1, and an if (this.disposed) return; guard (or routing through openDb()) for S2. Details and suggested patches inline.

[anthony-murphy]

Pushed 4b389ab addressing both Tier 2 gaps from the d4e7a62 deep review:

S1 (success-path dispose race) ΓÇö after each successful awaited IDB write in put, putIf, removeEntry, and removeEntries we now call throwIfDisposed() before setting wrote / removed and before the bottom-of-method broadcast. The previously-leaky path was specifically closeDbImmediately=true: dispose() does not close the local db handle in that mode, so the IDB write committed and the change event leaked past teardown. broadcast() itself now also early-returns on this.disposed for defence in depth. New test does not broadcast a change event when dispose runs mid-flight verifies no event is delivered to other instances.

S2 (constructor idle cleanup task) ΓÇö the scheduleIdleTask cleanup callback calls getFluidCacheIndexedDbInstance directly, bypassing the new openDb() guard. Both idle callbacks (storage estimate + delete-old-entries) now check this.disposed at the top and after every await, so a construct-then-immediately-dispose() sequence no longer opens IDB or performs maintenance writes ΓÇö honoring the "not lazily reopened" invariant documented on dispose().

76 passing across both immediateClose modes. Build and lint green.

[anthony-murphy]

Deep Review: Thanks for the 4b389ab push — the post-await throwIfDisposed() on put/putIf-success/removeEntry/removeEntries and the this.disposed guards on both idle callbacks close the previous two Tier 2 gaps cleanly. The new does not broadcast a change event when dispose runs mid-flight test covers the success-path race well.

Two new Tier 2 gaps in the same dispose-contract family survive on this SHA — posting as new inline threads since they're at different code anchors:

• putIf rejected-write branch (FluidCache.ts:641-643) — after await transaction.done in the !shouldWrite(...) branch, the method returns false with no throwIfDisposed(). A caller whose predicate returned false while dispose() ran in another microtask sees false (a valid contract value meaning predicate rejected) instead of the promised UsageError. The symmetric successful-putIf branch already calls throwIfDisposed() after await transaction.done.
• get/getItemFromCache success path (FluidCache.ts:480-549) — get() checks throwIfDisposed() at entry and then await this.getItemFromCache(cacheEntry), but never re-checks before returning cachedItem?.cachedObject. Inside getItemFromCache, only the catch block calls throwIfDisposed(); the success returns do not. If dispose() lands during await this.openDb() or await db.get(...), get resolves with the cached value rather than rejecting. Every other IDB-resolving await in the file now has the post-await guard — the read success path is the lone holdout.

Details and recommended fixes inline.

[anthony-murphy]

Pushed 9ea3fa2912 addressing the third round of deep-review feedback and the vale failure on aa8ed9f. Per-thread replies posted on each inline thread; high-level summary:

• Cross-partition broadcast routing (FluidCache.ts:493). put / putIf / removeEntry each now wrap the read+write/delete in a single readwrite transaction, capture existing.partitionKey when it differs from this.partitionKey, and emit an additional remove event stamped with the displaced partition's key after the primary broadcast. removeEntry also no longer broadcasts when no row existed at the key (previously over-broadcast). Three new tests cover the routing for all three call sites plus a no-row-no-broadcast test.
• Production BroadcastChannel.unref() (.mocharc.cjs:13). Option (1) from the suggested fixes: production channel is now unref()-ed via a typed cast (browsers no-op via the optional chain). config.exit = true dropped from .mocharc.cjs, restoring test(driver-web-cache): Migrate from jest to mocha #27188's invariant. 88 tests pass and mocha exits cleanly without the flag.
• Cursor vs. transaction (FluidCache.ts:673). Sticking with the readwrite transaction; rationale captured in the putIf JSDoc (get/put pair inside one transaction has the same atomicity as a cursor for a single-key CAS, simpler to reason about).
• Catch-arm error preservation (FluidCache.ts:728). Already addressed on aa8ed9f — all five catch arms call logger.sendErrorEvent(..., error) before throwIfDisposed(), so the original IDB error survives the dispose-race path via telemetry.
• Vale. .changeset/optimistic-driver-web-cache.md + .changeset/driver-web-cache-events.md rewritten with shorter sentences, no spaced em-dashes, no e.g./i.e. abbreviations, and no auto-close hyphenation. CI vale check should now pass.
• PR description. dispose() semantics bullet replaced with the settled contract; added a cross-partition broadcast policy bullet for reviewer attention.

88 passing across both immediateClose modes. Build, lint, biome all green locally.

[anthony-murphy]

Round 4 — fixed in 53a815d.

Tier 2: getItemFromCache IDB connection leak on dispose race

• Refactored getItemFromCache to try / catch / finally. closeDb(db) now lives in finally and always runs. Removed four redundant inline closeDb(db) calls in the success returns and one in the catch arm.
• Under closeDbImmediately: true (the default), every get opens a fresh per-call IDBPDatabase. The previous ordering (catch → log → throwIfDisposed → closeDb) short-circuited at throwIfDisposed, leaking the connection on every disposed-mid-get race.

Tier 3: catch-arm telemetry mis-categorization

• All five catch arms (get / put / putIf / removeEntry / removeEntries) now call throwIfDisposed() before sendErrorEvent. The error in that branch is the UsageError our own post-await throwIfDisposed threw — not an IDB failure — so logging it under FluidCache*Error mis-categorized the dispose race. Real IDB errors still log normally (post-throwIfDisposed is a no-op when disposed is false).

New test

• get rejected mid-flight closes its IDB connection (no leak) — seeds a row, races dispose() against five back-to-back get calls, then calls indexedDB.deleteDatabase. fake-indexeddb resolves deleteDatabase only when no open connections remain (a leak fires blocked). Passes in closeDbImmediately: true, skipped in shared-connection mode (dispose() closes this.db there).

89 passing, 1 properly skipped. Build, biome, eslint all clean.

[github-actions]

🔗 No broken links found! ✅

Your attention to detail is admirable.

linkcheck output

> fluid-framework-docs-site@0.0.0 ci:check-links /home/runner/work/FluidFramework/FluidFramework/docs
> start-server-and-test "npm run serve -- --no-open" 3000 check-links

1: starting server using command "npm run serve -- --no-open"
and when url "[ 'http://127.0.0.1:3000' ]" is responding with HTTP status code 200
running tests using command "npm run check-links"


> fluid-framework-docs-site@0.0.0 serve
> docusaurus serve --no-open

[SUCCESS] Serving "build" directory at: http://localhost:3000/

> fluid-framework-docs-site@0.0.0 check-links
> linkcheck http://localhost:3000 --skip-file skipped-urls.txt

Crawling...

Stats:
  288859 links
    1925 destination URLs
    2175 URLs ignored
       0 warnings
       0 errors

[anthony-murphy]

Deep Review

Reviewed commit 53a815d on 2026-05-21.

Readiness: 8/10 — ALMOST READY

The getItemFromCache catch-arm IDB-connection leak that drove the prior 5/10 has landed cleanly on 53a815d — try / catch / finally ownership of closeDb(db) matches the established put / putIf / removeEntry / removeEntries shape, and the new get rejected mid-flight closes its IDB connection (no leak) regression test pins the contract. No Tier 1–2 issues survive on this SHA. Three Tier 3 polish items remain (one one-line JSDoc fix with a suggested-change block, one design-discussion item on putIf's CAS shape, one low-probability BroadcastChannel.unref() test-harness gap). Settling at 8 (not 9) anchors conservatively against the 5 → 5 → 5 → 7 → 6 → 7 → 5 → 8 trajectory — putIf shape concerns have historically come back on this file.

Path to Ready

• Resolve inline threads
• Decide on putIf CAS shape (see inline): either add an additive update(entry, updater) overload now while the Class_FluidCache forwardCompat: false break is already being taken, or document in the putIf JSDoc that the predicate-only shape is intentional and an updater overload is a planned follow-up. Both Phase 3 blind designs picked the updater shape independently — worth surfacing before the @legacy @beta surface solidifies.

Context for Reviewers

• IDB lifecycle remains the recurring failure mode in this file — historical fixes cluster here (Fluid Cache: Close DB more consistently, add optional delete DB callbacks #14315 added try { … } finally { db?.close(); } to every public method after signout was blocked by open DB handles; Improve odsp driver fluid cache perf #15549 added openDb / dbCloseTimer / versionchange / close machinery and was hotly contested over signout hangs and openDb races; test(driver-web-cache): Migrate from jest to mocha #27188 added explicit db.close() for fake-indexeddb v3). This PR's dispose() is the host-controlled escape hatch that has been implicitly missing since Improve odsp driver fluid cache perf #15549 — mention "signout teardown" in the changeset to anchor the dispose contract to its historical concern.
• Cross-partition displacement broadcast (FluidCache.ts:619-623) is the PR's strongest novel correctness contribution — the IDB key omits partitionKey, so a partition-A put silently overwrites a partition-B row; the PR captures the prior partitionKey inside the same readwrite transaction and emits a synthesized remove event stamped with the displaced partition's key. Neither blind reviewer caught the silent-overwrite hole independently. Tests at FluidCache.test.ts:621-716 cover all three call sites.
• New telemetry events are all error-path or one-shot (FluidCacheBroadcastChannelUnavailable constructor-only, FluidCacheBroadcastError only on postMessage throw, FluidCachePutIfPredicateError only on predicate exception), consistent with Improve Fluid cache perf for odsp driver #14832's guidance against fire-per-success log overhead.
• Forward-compat type break on Class_FluidCache follows the Add api to remove a single entry from FluidCache #26065 precedent — additive methods on a @legacy @beta class break forward-compat by definition. API reviewers should mainly confirm Class_FluidCache is the intended compatibility boundary.
• Suggested reviewers weighted by historical involvement: vladsud (Improve odsp driver fluid cache perf #15549 openDb race, Improve telemetry in fluid cache and snapshot fetch in odsp driver #15550 JSON-serializable pushback, Improve Fluid cache perf for odsp driver #14832 telemetry overhead — deepest historical reviewer on concurrency / telemetry / serialization), christiango (Improve odsp driver fluid cache perf #15549 signout-hang, Improve Fluid cache perf for odsp driver #14832 main-thread telemetry — best for dispose contract + cross-partition broadcast policy sign-off), Josmithr (test(driver-web-cache): Migrate from jest to mocha #27188 exit: true-free invariant — owns the test infrastructure the 647-line additions must not regress), jatgarg (Improve odsp driver fluid cache perf #15549 / Improve Fluid cache perf for odsp driver #14832 cached-DB / closeDbAfterMs design author), shubhi1092 (Add api to remove a single entry from FluidCache #26065 removeEntry / forwardCompat: false precedent), markfields (Increase maxCacheExpiryTimeoutMs to 5 days, and validate in FluidCache #19997 constructor-validation interest), JasonGore (Fluid Cache: Close DB more consistently, add optional delete DB callbacks #14315 blocked-deletion fix — light touch only if deleteDatabase dispose semantics are questioned), alexvy86 (test(driver-web-cache): Migrate from jest to mocha #27188 blocked-open behavior — light touch only for unref() test interaction).

For human reviewer

• Needs human judgment — putIf CAS shape: keep narrow predicate or add transform-shape overload before shipping @legacy @beta. Owners: shubhi1092 / markfields.
• Needs human judgment — Cross-partition overwrite policy on putIf (settled in inline discussion as "guarded put, unconditional overwrite") and the cross-partition broadcast-routing semantic (extra synthesized remove event stamped with the displaced partition's key). Author explicitly asks domain owners (vladsud / christiango) to confirm against hosts running multiple partitions per process.
• Needs human judgment — dispatchChangeEvent partition-filter semantics: removeFile unconditional, others gated on event.partitionKey === this.partitionKey with null === null intentional. Author explicitly asks reviewers to confirm.
• Needs human judgment — Whether to lift dispose? (and possibly putIf / events) onto IPersistedCache as optional members in a follow-up, matching the removeEntry? precedent from Add api to remove a single entry from FluidCache #26065. Phase 3 evaluators converged that dispose? is the universal one worth lifting; putIf / events are IDB-specific and reasonable to keep class-local.
• Needs human judgment — Owner sign-off from Josmithr that the new BroadcastChannel.unref() + afterEach-dispose() test hygiene preserves PR test(driver-web-cache): Migrate from jest to mocha #27188's exit: true-free invariant.
• Cannot be assessed by the pipeline — idb same-microtask-tick atomicity for putIf's transaction.store.get(key) → predicate → transaction.store.put(...) chain. Author explicitly asks reviewers to verify against idb source that no await sneaks in between read and write. Best fit: vladsud / jatgarg.
• Cannot be assessed by the pipeline — Confirm the test process exits cleanly under mocha now that BroadcastChannel.unref() is in production code and config.exit = true has been dropped, including parallel-run.

Review history (7 prior reviews)

• 9ea3fa2 2026-05-21 · 5/10 — IDB connection leak in getItemFromCache catch arm flagged
• aa8ed9f 2026-05-20 · 7/10 — Tier 1–2 dispose-contract concerns closed; .mocharc.cjs config.exit = true only Tier 3 holdout
• a54d602 2026-05-20 · 6/10 — .mocharc.cjs config.exit = true reverses test(driver-web-cache): Migrate from jest to mocha #27188's leak-clean invariant
• 658765a 2026-05-20 · 7/10 — both Tier 2 dispose-contract gaps closed; six polish items remained
• 4b389ab 2026-05-19 · 5/10 — putIf reject branch + get success path flagged as new Tier 2 dispose-contract holdouts
• d4e7a62 2026-05-19 · 5/10 — uniform throwIfDisposed + openDb() post-await re-check landed; success-path race + constructor idle task flagged
• 0bd441e 2026-05-19 · 5/10 — in-flight openDb resurrection + asymmetric post-dispose contract flagged

[anthony-murphy]

Deep Review: putIf's @param value JSDoc narrows the value contract to "JSON-serializable", but the actual storage path stores it via IDB structured clone — same requirements as put.

The JSDoc reads:

* @param value - the proposed JSON-serializable value to write if shouldWrite returns true.

But value: unknown flows through buildRecord (FluidCache.ts:712-716, 776-777) into an IDB schema where cachedObject: any (FluidCacheIndexedDb.ts:111-114). That is structured-clone storage with no JSON constraint, and matches put exactly. The README's putIf section (README.md:69-92) describes the proposed value with no JSON-serializability restriction, which is consistent with the actual code but contradicts this line.

Historical context: PR #15550 (vladsud, 2023-05-12) explicitly pushed back on the JSON-serializable framing for FluidCache values, citing MFS-reported non-serializable content (array buffers, blobs). The same framing is wrong for the same reason here.

Suggested change

	* @param value - the proposed JSON-serializable value to write if `shouldWrite` returns true.
	* @param value - the proposed value to write if `shouldWrite` returns true. Stored via IndexedDB structured clone, with the same value requirements as {@link FluidCache.put}.

[anthony-murphy]

Deep Review: putIf's CAS API shape cannot express read-modify-write — flagging as a design discussion before this @legacy @beta surface solidifies, not as a blocking concern.

The current signature is putIf(entry, value, shouldWrite(existing, proposed): boolean): Promise<boolean> — the proposed value is fixed at call time and the predicate can only accept or reject it. That covers the revision-gating use case in this PR ("active tab wins") but cannot express the canonical CAS shape where the new value is derived from the persisted value — e.g. a monotonic sequence-number bump, or merging the existing record into the new one. The two independent blind redesigns run during review both landed on an updater-callback shape (update(entry, updater) / updateUsingPrevious(entry, update(previous): unknown | noUpdate)) where the callback returns the value to write inside the transaction, and the cross-evaluator scoring put the updater shape at least equal to the predicate on expressiveness (5 vs. 3 on edge cases).

This matters now because the class is @legacy @beta and Class_FluidCache forwardCompat: false is already being taken in validateDriverWebCachePrevious.generated.ts. Reshaping after ship costs both backward- and forward-compat; reshaping while the break is already being taken is much cheaper. An additive update(entry, updater) overload alongside the existing predicate putIf remains forward-compat-compatible as a later addition, so this is not a now-or-never decision — but the next CAS consumer requirement is the natural time to take it, and it is worth surfacing before that consumer needs to work around a missing shape.

Resolutions either way close this:

• (a) Add a sibling update(entry, updater) overload now while the type-validation break is already being taken; or
• (b) Document in the putIf JSDoc that the predicate-only shape is intentional and an updater variant is a planned follow-up if needed.

Flagging shubhi1092 / markfields for the human design call.

[anthony-murphy]

Deep Review: The BroadcastChannel.unref() reliance on an optional chain is not asserted anywhere — if Node ever stops exposing unref on BroadcastChannel, the call silently no-ops and the package's mocha config tips back into needing exit: true.

The call is (this.broadcastChannel as unknown as { unref?: () => void }).unref?.(); — the optional chain is necessary in browsers, but it also masks regressions on Node. PR #27188 (Josmithr, 2026-04-30) migrated driver-web-cache from jest to mocha and explicitly preserved an exit: true-free invariant — "This was needed in order to not specify exit: true in the mocha config." The PR description acknowledges that dependency. The new test file adds 647 lines that construct many FluidCache instances under mocha-on-Node; the afterEach cleanup at FluidCache.test.ts:73-88 disposes every cache (closing each BroadcastChannel via dispose), which mitigates the symptom but does not lock in the contract.

Resolutions either way close this:

• (a) Add a Node-only typeof (channel as { unref?: unknown }).unref === "function" check around the call that asserts/logs when absent — locks in the contract PR test(driver-web-cache): Migrate from jest to mocha #27188 deliberately preserved; or
• (b) Add a smoke test asserting the mocha process exits cleanly without exit: true after constructing and disposing a representative FluidCache.

Low-probability gap on this SHA — flagging Josmithr (PR #27188 owner) as the minimum reviewer.