@celerispay/hazelcast-client 3.12.5-8 → 3.12.7-2

package/lib/invocation/ClusterService.js

@@ -25,6 +25,7 @@ var MemberAttributeEvent_1 = require("../core/MemberAttributeEvent");
 var MembershipEvent_1 = require("../core/MembershipEvent");
 var UuidUtil_1 = require("../util/UuidUtil");
 var Address = require("../Address");
+var HazelcastFailoverManager_1 = require("./HazelcastFailoverManager");
 var MemberEvent;
 (function (MemberEvent) {
     MemberEvent[MemberEvent["ADDED"] = 1] = "ADDED";
@@ -58,6 +59,7 @@ var ClusterService = /** @class */ (function () {
         this.members = [];
         this.startReconnectionTask();
         this.startStateLoggingTask();
+        this.failoverManager = new HazelcastFailoverManager_1.HazelcastFailoverManager(client, this.logger);
     }
     /**
      * Starts cluster service.
@@ -109,6 +111,18 @@ var ClusterService = /** @class */ (function () {
     ClusterService.prototype.getOwnerConnection = function () {
         return this.ownerConnection;
     };
+    /**
+     * Returns whether failover is currently in progress
+     */
+    ClusterService.prototype.isFailoverInProgress = function () {
+        return this.failoverInProgress;
+    };
+    /**
+     * Returns the list of known addresses in the cluster
+     */
+    ClusterService.prototype.getKnownAddresses = function () {
+        return this.knownAddresses.slice(); // Return a copy to prevent external modification
+    };
     /**
      * Returns the list of members in the cluster.
      * @returns
@@ -228,7 +242,6 @@ var ClusterService = /** @class */ (function () {
         }
     };
     ClusterService.prototype.triggerFailover = function () {
-        var _this = this;
         var now = Date.now();
         if (this.failoverInProgress || (now - this.lastFailoverAttempt) < this.failoverCooldown) {
             this.logger.debug('ClusterService', 'Failover already in progress or too soon since last attempt');
@@ -236,7 +249,57 @@ var ClusterService = /** @class */ (function () {
         }
         this.failoverInProgress = true;
         this.lastFailoverAttempt = now;
-        this.logger.info('ClusterService', 'Starting failover process...');
+        // Check if this is a single-node scenario
+        var isSingleNode = this.knownAddresses.length === 1;
+        if (isSingleNode) {
+            this.logger.info('ClusterService', '🔄 SINGLE-NODE CLUSTER RESET: Node restart detected, starting fresh...');
+            this.handleSingleNodeClusterReset();
+        }
+        else {
+            this.logger.info('ClusterService', '🚀 Starting failover process - SERVER-FIRST APPROACH...');
+            // SERVER-FIRST: No credential preservation needed
+            // We trust the server will provide correct member information
+            this.logger.info('ClusterService', '🎯 SERVER-FIRST: No credential management - trusting server data');
+            this.handleMultiNodeFailover();
+        }
+    };
+    /**
+     * Handles single-node cluster reset - treats node restart as fresh cluster
+     */
+    ClusterService.prototype.handleSingleNodeClusterReset = function () {
+        var _this = this;
+        this.logger.info('ClusterService', '🧹 SINGLE-NODE RESET: Clearing all credentials and state...');
+        // Clear all stored credentials - node restart means fresh cluster
+        this.client.getConnectionManager().clearAllCredentials();
+        // Reset client UUIDs - will be assigned fresh by server
+        this.uuid = null;
+        this.ownerUuid = null;
+        // Log state before reset
+        this.logCurrentState();
+        // Force cleanup of all dead connections
+        this.client.getConnectionManager().forceCleanupDeadConnections();
+        // Clear partition information
+        this.client.getPartitionService().clearPartitionTable();
+        // Direct reconnection without waiting for member events
+        this.logger.info('ClusterService', '🔄 SINGLE-NODE RESET: Attempting direct reconnection...');
+        this.connectToCluster()
+            .then(function () {
+            _this.logger.info('ClusterService', '✅ Single-node cluster reset completed successfully');
+            _this.logCurrentState();
+        })
+            .catch(function (error) {
+            _this.logger.error('ClusterService', 'Single-node cluster reset failed', error);
+            _this.logCurrentState();
+        })
+            .finally(function () {
+            _this.failoverInProgress = false;
+        });
+    };
+    /**
+     * Handles multi-node failover - preserves existing logic
+     */
+    ClusterService.prototype.handleMultiNodeFailover = function () {
+        var _this = this;
         // Log state before failover
         this.logCurrentState();
         // Force cleanup of all dead connections to prevent leakage
@@ -246,7 +309,8 @@ var ClusterService = /** @class */ (function () {
         // Attempt to reconnect to cluster
         this.connectToCluster()
             .then(function () {
-            _this.logger.info('ClusterService', 'Failover completed successfully');
+            _this.logger.info('ClusterService', '✅ Failover completed successfully - SERVER-FIRST approach');
+            // No credential management needed - server handles everything
             _this.logCurrentState(); // Log state after successful failover
         })
             .catch(function (error) {
@@ -345,7 +409,7 @@ var ClusterService = /** @class */ (function () {
             + ', attempt period: ' + attemptPeriod + ', down addresses: ' + this.getDownAddressesInfo());
         if (this.knownAddresses.length <= index) {
             remainingAttemptLimit = remainingAttemptLimit - 1;
-            if (remainingAttemptLimit === 0) {
+            if (remainingAttemptLimit <= 0) {
                 var errorMessage = 'Unable to connect to any of the following addresses: ' +
                     this.knownAddresses.map(function (element) {
                         return element.toString();
@@ -461,6 +525,8 @@ var ClusterService = /** @class */ (function () {
     };
     ClusterService.prototype.memberAdded = function (member) {
         this.members.push(member);
+        // Handle member added and update preserved credentials
+        this.handleMemberAdded(member);
         var membershipEvent = new MembershipEvent_1.MembershipEvent(member, MemberEvent.ADDED, this.members);
         this.fireMembershipEvent(membershipEvent);
     };
@@ -494,6 +560,76 @@ var ClusterService = /** @class */ (function () {
         var membershipEvent = new MembershipEvent_1.MembershipEvent(member, MemberEvent.REMOVED, this.members);
         this.fireMembershipEvent(membershipEvent);
     };
+    /**
+     * Performs comprehensive credential cleanup when cluster membership changes
+     * This ensures ALL credentials are consistent with the current cluster owner UUID
+     * @param connectionManager The connection manager instance
+     * @param currentClusterOwnerUuid The current cluster owner UUID
+     */
+    /**
+     * Handles member added event - SERVER-FIRST APPROACH
+     * We trust what the server tells us and store it as credentials
+     * @param member The member that was added
+     */
+    ClusterService.prototype.handleMemberAdded = function (member) {
+        this.logger.info('ClusterService', "\u2705 SERVER CONFIRMED: Member[ uuid: " + member.uuid + ", address: " + member.address.toString() + "] added to cluster");
+        // SERVER-FIRST: Store server data as credentials
+        // The server is the authority - we store what it tells us
+        this.logger.info('ClusterService', "\uD83C\uDFAF SERVER-FIRST: Storing server member data as credentials - server is authority");
+        var connectionManager = this.client.getConnectionManager();
+        // Store the server-provided UUID as the authoritative credential
+        if (connectionManager && typeof connectionManager.updatePreservedCredentials === 'function') {
+            connectionManager.updatePreservedCredentials(member.address, member.uuid);
+        }
+        // Record that we received a member added event for this address
+        if (connectionManager && typeof connectionManager.recordMemberAddedEvent === 'function') {
+            connectionManager.recordMemberAddedEvent(member.address);
+        }
+        // Find the current owner from the cluster state
+        var currentOwner = this.findCurrentOwner();
+        if (currentOwner) {
+            this.logger.info('ClusterService', "\uD83D\uDD04 SERVER-FIRST: Updating ALL credentials with current owner UUID: " + currentOwner.uuid);
+            // Update all credentials with the current owner UUID from server
+            if (connectionManager && typeof connectionManager.updateAllCredentialsWithNewOwnerUuid === 'function') {
+                connectionManager.updateAllCredentialsWithNewOwnerUuid(currentOwner.uuid);
+            }
+            // CRITICAL FIX: Update client's own UUIDs to match server expectations
+            this.logger.info('ClusterService', "\uD83D\uDD04 SERVER-FIRST: Updating client UUIDs to match server state");
+            this.logger.info('ClusterService', "   - Old Client UUID: " + (this.uuid || 'NOT SET'));
+            this.logger.info('ClusterService', "   - Old Owner UUID: " + (this.ownerUuid || 'NOT SET'));
+            // Update client's own UUIDs with server-provided data
+            // The client UUID should match the owner's UUID for authentication
+            this.uuid = currentOwner.uuid;
+            this.ownerUuid = currentOwner.uuid;
+            this.logger.info('ClusterService', "   - New Client UUID: " + this.uuid);
+            this.logger.info('ClusterService', "   - New Owner UUID: " + this.ownerUuid);
+        }
+        // Refresh partition table (KEEPING REFRESH METHOD UNTOUCHED as requested)
+        this.client.getPartitionService().refresh();
+        this.logger.info('ClusterService', "\u2705 SERVER-FIRST: Member " + member.uuid + " at " + member.address.toString() + " credentials stored from server data");
+    };
+    /**
+     * Finds the current owner from the cluster state
+     * @returns The current owner member or null if not found
+     */
+    ClusterService.prototype.findCurrentOwner = function () {
+        // Check if we have an active owner connection
+        var ownerConnection = this.ownerConnection;
+        if (ownerConnection && ownerConnection.isAlive()) {
+            var ownerAddress = ownerConnection.getAddress();
+            // Find the member with this address
+            for (var _i = 0, _a = this.members; _i < _a.length; _i++) {
+                var member = _a[_i];
+                if (member.address.toString() === ownerAddress.toString()) {
+                    this.logger.debug('ClusterService', "Found current owner: " + member.uuid + " at " + member.address.toString());
+                    return member;
+                }
+            }
+        }
+        // Fallback: look for any member that might be the owner
+        this.logger.debug('ClusterService', "No active owner connection found, checking member list for potential owner");
+        return null;
+    };
     /**
      * Logs the current state for debugging purposes
      */
@@ -718,6 +854,30 @@ var ClusterService = /** @class */ (function () {
             }
         }, blockDuration);
     };
+    /**
+     * Handles ownership change when failover occurs
+     * @param newOwnerAddress The address of the new owner
+     * @param newOwnerConnection The connection to the new owner
+     */
+    ClusterService.prototype.handleOwnershipChange = function (newOwnerAddress, newOwnerConnection) {
+        this.logger.info('ClusterService', "Handling ownership change to " + newOwnerAddress.toString());
+        // Update owner connection
+        this.ownerConnection = newOwnerConnection;
+        // Note: Owner UUID will be updated when authentication completes
+        // For now, we'll keep the existing owner UUID
+        // Clear any stale partition information
+        this.client.getPartitionService().clearPartitionTable();
+        // Refresh partition information with the new owner
+        this.client.getPartitionService().refresh();
+        this.logger.info('ClusterService', "Ownership change completed, new owner: " + newOwnerAddress.toString());
+    };
+    /**
+     * Gets the failover manager for external access
+     * @returns The failover manager instance
+     */
+    ClusterService.prototype.getFailoverManager = function () {
+        return this.failoverManager;
+    };
     ClusterService.prototype.shutdown = function () {
         if (this.reconnectionTask) {
             clearInterval(this.reconnectionTask);

package/lib/invocation/ConnectionAuthenticator.d.ts

@@ -10,5 +10,16 @@ export declare class ConnectionAuthenticator {
     private logger;
     constructor(connection: ClientConnection, client: HazelcastClient);
     authenticate(asOwner: boolean): Promise<void>;
+    /**
+     * Gets a human-readable description of authentication status
+     */
+    private getStatusDescription(status);
+    /**
+     * Creates credentials with optional restoration from preservation service
+     * @param asOwner Whether this is an owner connection
+     * @param preservedCredentials Optional preserved credentials to use
+     * @returns The credentials message
+     */
+    createCredentialsWithRestoration(asOwner: boolean, preservedCredentials?: any): ClientMessage;
     createCredentials(asOwner: boolean): ClientMessage;
 }

package/lib/invocation/ConnectionAuthenticator.js

@@ -34,53 +34,126 @@ var ConnectionAuthenticator = /** @class */ (function () {
     }
     ConnectionAuthenticator.prototype.authenticate = function (asOwner) {
         var _this = this;
+        var addressStr = this.connection.getAddress().toString();
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Starting authentication for " + addressStr + " (asOwner=" + asOwner + ")");
         var credentials = this.createCredentials(asOwner);
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending authentication request to " + addressStr + "...");
         return this.client.getInvocationService()
             .invokeOnConnection(this.connection, credentials)
             .then(function (msg) {
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE5 Received authentication response from " + addressStr);
             var authResponse = ClientAuthenticationCodec_1.ClientAuthenticationCodec.decodeResponse(msg);
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD0D Authentication response for " + addressStr + ":");
+            _this.logger.info('ConnectionAuthenticator', "   - Status: " + authResponse.status + " (" + _this.getStatusDescription(authResponse.status) + ")");
+            _this.logger.info('ConnectionAuthenticator', "   - Server UUID: " + (authResponse.uuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Owner UUID: " + (authResponse.ownerUuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Address: " + (authResponse.address ? authResponse.address.toString() : 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Version: " + (authResponse.serverHazelcastVersion || 'NOT PROVIDED'));
             switch (authResponse.status) {
                 case 0 /* AUTHENTICATED */:
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Authentication SUCCESSFUL for " + addressStr);
                     _this.connection.setAddress(authResponse.address);
                     _this.connection.setConnectedServerVersion(authResponse.serverHazelcastVersion);
                     if (asOwner) {
+                        var oldUuid = _this.clusterService.uuid;
+                        var oldOwnerUuid = _this.clusterService.ownerUuid;
                         _this.clusterService.uuid = authResponse.uuid;
                         _this.clusterService.ownerUuid = authResponse.ownerUuid;
+                        _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD04 Updated cluster service for " + addressStr + ":");
+                        _this.logger.info('ConnectionAuthenticator', "   - UUID: " + (oldUuid || 'NOT SET') + " \u2192 " + authResponse.uuid);
+                        _this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (oldOwnerUuid || 'NOT SET') + " \u2192 " + authResponse.ownerUuid);
                     }
-                    _this.logger.info('ConnectionAuthenticator', 'Connection to ' +
-                        _this.connection.getAddress().toString() + ' authenticated');
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Connection to " + addressStr + " authenticated successfully");
                     break;
                 case 1 /* CREDENTIALS_FAILED */:
-                    _this.logger.error('ConnectionAuthenticator', 'Invalid Credentials');
-                    throw new Error('Invalid Credentials, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Invalid Credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Server rejected our credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Check if UUIDs and group credentials are correct");
+                    throw new Error('Invalid Credentials, could not authenticate connection to ' + addressStr);
                 case 2 /* SERIALIZATION_VERSION_MISMATCH */:
-                    _this.logger.error('ConnectionAuthenticator', 'Serialization version mismatch');
-                    throw new Error('Serialization version mismatch, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Serialization version mismatch");
+                    throw new Error('Serialization version mismatch, could not authenticate connection to ' + addressStr);
                 default:
-                    _this.logger.error('ConnectionAuthenticator', 'Unknown authentication status: '
-                        + authResponse.status);
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Unknown status " + authResponse.status);
                     throw new HazelcastError_1.AuthenticationError('Unknown authentication status: ' + authResponse.status +
-                        ' , could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                        ' , could not authenticate connection to ' + addressStr);
             }
+        })
+            .catch(function (error) {
+            _this.logger.error('ConnectionAuthenticator', "\uD83D\uDCA5 Authentication ERROR for " + addressStr + ": " + error.message);
+            throw error;
         });
     };
+    /**
+     * Gets a human-readable description of authentication status
+     */
+    ConnectionAuthenticator.prototype.getStatusDescription = function (status) {
+        switch (status) {
+            case 0 /* AUTHENTICATED */: return 'AUTHENTICATED';
+            case 1 /* CREDENTIALS_FAILED */: return 'CREDENTIALS_FAILED';
+            case 2 /* SERIALIZATION_VERSION_MISMATCH */: return 'SERIALIZATION_VERSION_MISMATCH';
+            default: return "UNKNOWN_STATUS_" + status;
+        }
+    };
+    /**
+     * Creates credentials with optional restoration from preservation service
+     * @param asOwner Whether this is an owner connection
+     * @param preservedCredentials Optional preserved credentials to use
+     * @returns The credentials message
+     */
+    ConnectionAuthenticator.prototype.createCredentialsWithRestoration = function (asOwner, preservedCredentials) {
+        if (preservedCredentials && preservedCredentials.uuid && preservedCredentials.ownerUuid) {
+            this.logger.debug('ConnectionAuthenticator', "Using preserved credentials: uuid=" + preservedCredentials.uuid + ", ownerUuid=" + preservedCredentials.ownerUuid);
+            // Use preserved credentials instead of current cluster state
+            var groupConfig = this.client.getConfig().groupConfig;
+            var customCredentials = this.client.getConfig().customCredentials;
+            var clientMessage = void 0;
+            var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
+            if (customCredentials != null) {
+                var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+                clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            else {
+                clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(preservedCredentials.groupName, preservedCredentials.groupPassword, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            return clientMessage;
+        }
+        // Fall back to normal credential creation
+        return this.createCredentials(asOwner);
+    };
     ConnectionAuthenticator.prototype.createCredentials = function (asOwner) {
         var groupConfig = this.client.getConfig().groupConfig;
         var uuid = this.clusterService.uuid;
         var ownerUuid = this.clusterService.ownerUuid;
         var customCredentials = this.client.getConfig().customCredentials;
+        // LOG EXACTLY WHAT CREDENTIALS WE'RE SENDING
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Creating authentication credentials for " + this.connection.getAddress().toString() + ":");
+        this.logger.info('ConnectionAuthenticator', "   - As Owner: " + asOwner);
+        this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + (customCredentials ? 'YES' : 'NO'));
+        this.logger.info('ConnectionAuthenticator', "   - Client Version: " + BuildInfo_1.BuildInfo.getClientVersion());
         var clientMessage;
         var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
         if (customCredentials != null) {
             var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending CUSTOM authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + typeof credentialsPayload);
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
         else {
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending STANDARD authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(groupConfig.name, groupConfig.password, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCCB Final authentication message created and ready to send");
         return clientMessage;
     };
     return ConnectionAuthenticator;

package/lib/invocation/CredentialPreservationService.d.ts

@@ -0,0 +1,141 @@
+import { ILogger } from '../logging/ILogger';
+import Address = require('../Address');
+/**
+ * Interface for node credentials
+ */
+export interface NodeCredentials {
+    uuid: string;
+    ownerUuid: string;
+    groupName: string;
+    groupPassword: string;
+    lastAuthenticated: number;
+    isOwner: boolean;
+}
+/**
+ * Service to preserve and restore authentication credentials across failover cycles
+ * This fixes the "Invalid Credentials" issue that occurs when nodes rejoin after failover
+ */
+export declare class CredentialPreservationService {
+    private readonly logger;
+    /**
+     * Stores authentication context for each node
+     */
+    private nodeCredentials;
+    constructor(logger: ILogger);
+    /**
+     * Preserves authentication credentials for a node before it gets disconnected
+     * @param address The node address
+     * @param uuid The node's UUID
+     * @param ownerUuid The owner UUID
+     * @param groupName The group name
+     * @param groupPassword The group password
+     * @param isOwner Whether this is an owner connection
+     */
+    preserveCredentials(address: Address, uuid: string, ownerUuid: string, groupName: string, groupPassword: string, isOwner: boolean): void;
+    /**
+     * Restores authentication credentials for a specific node
+     * @param address The node address
+     * @returns The preserved credentials or null if not found
+     */
+    restoreCredentials(address: Address): NodeCredentials | null;
+    /**
+     * Updates credentials after successful authentication
+     * @param address The node address
+     * @param uuid The new UUID
+     * @param ownerUuid The new owner UUID
+     */
+    updateCredentials(address: Address, uuid: string, ownerUuid: string): void;
+    /**
+     * Clears credentials for a specific node
+     * @param address The node address
+     */
+    clearCredentials(address: Address): void;
+    /**
+     * Clears all stored credentials - used for cluster reset scenarios
+     */
+    clearAllCredentials(): void;
+    /**
+     * Cleans up stale credentials older than the specified age
+     * @param maxAgeMs Maximum age in milliseconds (default: 5 minutes)
+     */
+    cleanupStaleCredentials(maxAgeMs?: number): void;
+    /**
+     * Gets a summary of preserved credentials for debugging
+     * @returns A summary string
+     */
+    getCredentialsSummary(): string;
+    /**
+     * Smart credential restoration that handles both scenarios:
+     * 1. If member added event occurred -> use new UUID
+     * 2. If no member added event -> use old UUID (node probably never changed)
+     * @param address The address to restore credentials for
+     * @param hasMemberAddedEvent Whether we received a member added event for this address
+     * @returns The appropriate credentials to use
+     */
+    smartRestoreCredentials(address: Address, hasMemberAddedEvent?: boolean): NodeCredentials | null;
+    /**
+     * Checks if we have valid credentials for an address
+     * @param address The address to check
+     * @returns True if we have valid credentials
+     */
+    hasValidCredentials(address: Address): boolean;
+    /**
+     * Gets the last known UUID for an address
+     * @param address The address to get UUID for
+     * @returns The UUID or null if not found
+     */
+    getLastKnownUuid(address: Address): string | null;
+    /**
+     * Updates the owner UUID for ALL preserved credentials
+     * This is called when cluster membership changes and we need to sync all credentials
+     * @param newOwnerUuid The new owner UUID from the current cluster state
+     */
+    updateAllOwnerUuids(newOwnerUuid: string): void;
+    /**
+     * Gets the current owner UUID from preserved credentials
+     * @returns The current owner UUID or null if not found
+     */
+    getCurrentOwnerUuid(): string | null;
+    /**
+     * Validates that all credentials have consistent owner UUIDs
+     * @returns True if all credentials are consistent, false otherwise
+     */
+    validateOwnerUuidConsistency(): boolean;
+    /**
+     * Invalidates ALL credentials that have a specific owner UUID
+     * This is called when cluster membership changes and old owner UUIDs become invalid
+     * @param oldOwnerUuid The old owner UUID that is no longer valid
+     */
+    invalidateCredentialsWithOwnerUuid(oldOwnerUuid: string): void;
+    /**
+     * Invalidates ALL credentials that don't match the current cluster owner UUID
+     * This ensures complete credential consistency across the entire cluster
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateAllCredentialsExceptCurrentOwner(currentClusterOwnerUuid: string): void;
+    /**
+     * Invalidates only problematic credentials while preserving working ones
+     * This prevents breaking working connections (like 192.168.1.108)
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateOnlyProblematicCredentials(currentClusterOwnerUuid: string): void;
+    /**
+     * Checks if an address has had recent authentication issues
+     * This helps determine which credentials to invalidate
+     * @param addressStr The address to check
+     * @returns True if the address has recent auth issues
+     */
+    private hasRecentAuthenticationIssues(addressStr);
+    /**
+     * Clears all credentials for a specific address
+     * This is called when we need to force fresh authentication for a node
+     * @param address The address to clear credentials for
+     */
+    clearCredentialsForAddress(address: Address): void;
+    /**
+     * Gets all addresses that have credentials with a specific owner UUID
+     * @param ownerUuid The owner UUID to search for
+     * @returns Array of addresses that have credentials with this owner UUID
+     */
+    getAddressesWithOwnerUuid(ownerUuid: string): string[];
+}