Silent JWT refresh without the thundering herd
One in-flight refresh, N queued retries
The 401 handler you copy-paste from Stack Overflow will fire N parallel refresh calls the moment your access token expires. Here's the fix.
The bug
Twelve requests fire concurrently. Access token expires. All twelve 401. Each interceptor calls /refresh. Now you have twelve refresh tokens in flight racing to invalidate each other, and one of them wins by luck.
The fix
Store the refresh promise on the client. If a request 401s and a refresh is in flight, await the existing promise instead of starting a new one. When it resolves, retry every queued request with the new token. One refresh, N retries.
RAG that actually works in production
Vector search is the easy part. The hard part is chunking, freshness, and knowing when the model should refuse to answer.
The Firestore listener leak nobody talks about
onSnapshot is easy to add and easy to forget. In a SPA, forgetting means memory leaks and phantom writes.