System Design: Offline Caching for Reservations (PWA)

Design a web application that supports offline access to reservation information. The app is a progressive web app (PWA) that uses a Service Worker and IndexedDB. Assume users need to see their upcoming reservations and critical trip details when offline.

Specify the following:

Data Caching

1. What data to cache in IndexedDB (e.g., reservations list, details, assets). Identify which fields are necessary offline and which must never be cached.
2. How to structure the IndexedDB stores and metadata to support consistency and encryption.

Networking and Synchronization

3. How the Service Worker intercepts requests to serve cached data and update in the background (e.g., stale-while-revalidate for GETs).
4. Background sync for queued writes (e.g., modifications/cancellations). Define retry strategy, backoff/jitter, idempotency, and when to give up.
5. Versioning and cache invalidation using ETags/If-None-Match or If-Match, TTLs by data type, and cache busting on logout.
6. Conflict resolution after reconnect: how to detect conflicts and merge or surface them to the user.

Security and Privacy

7. Identify sensitive data (PII/secrets) vs. non-sensitive.
8. How to encrypt cached data at rest in the browser (algorithms, key hierarchy), key derivation and storage, and how keys are unsealed on login.
9. Token lifetimes and refresh strategy compatible with a Service Worker.
10. PII minimization choices: what to omit or mask.
11. Protections against XSS/CSRF exfiltrating cached data and secrets.

Testing and Auditing

12. A test plan covering offline/online transitions, sync correctness, encryption, and failure injection.
13. A security review and audit plan, including logging/telemetry without leaking PII.