npm - @celerispay/hazelcast-client - Versions diffs - 3.12.5 → 3.12.7-2 - Mend

@celerispay/hazelcast-client 3.12.5 → 3.12.7-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/CHANGELOG.md +111 -87
package/CHANGES_UNCOMMITTED.md +53 -0
package/FAILOVER_FIXES.md +148 -230
package/FAULT_TOLERANCE_IMPROVEMENTS.md +208 -0
package/HAZELCAST_CLIENT_EVOLUTION.md +402 -0
package/QUICK_START.md +184 -95
package/RELEASE_SUMMARY.md +227 -147
package/lib/HeartbeatService.js +11 -2
package/lib/PartitionService.d.ts +14 -0
package/lib/PartitionService.js +32 -9
package/lib/invocation/ClientConnection.d.ts +14 -0
package/lib/invocation/ClientConnection.js +95 -1
package/lib/invocation/ClientConnectionManager.d.ts +99 -0
package/lib/invocation/ClientConnectionManager.js +394 -10
package/lib/invocation/ClusterService.d.ts +91 -5
package/lib/invocation/ClusterService.js +490 -17
package/lib/invocation/ConnectionAuthenticator.d.ts +11 -0
package/lib/invocation/ConnectionAuthenticator.js +85 -12
package/lib/invocation/CredentialPreservationService.d.ts +141 -0
package/lib/invocation/CredentialPreservationService.js +377 -0
package/lib/invocation/HazelcastFailoverManager.d.ts +102 -0
package/lib/invocation/HazelcastFailoverManager.js +285 -0
package/lib/invocation/InvocationService.js +8 -0
package/lib/nearcache/StaleReadDetectorImpl.js +31 -4
package/lib/proxy/ProxyManager.js +25 -4
package/package.json +20 -28

package/lib/invocation/ConnectionAuthenticator.js CHANGED Viewed

@@ -34,53 +34,126 @@ var ConnectionAuthenticator = /** @class */ (function () {
     }
     ConnectionAuthenticator.prototype.authenticate = function (asOwner) {
         var _this = this;
+        var addressStr = this.connection.getAddress().toString();
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Starting authentication for " + addressStr + " (asOwner=" + asOwner + ")");
         var credentials = this.createCredentials(asOwner);
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending authentication request to " + addressStr + "...");
         return this.client.getInvocationService()
             .invokeOnConnection(this.connection, credentials)
             .then(function (msg) {
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE5 Received authentication response from " + addressStr);
             var authResponse = ClientAuthenticationCodec_1.ClientAuthenticationCodec.decodeResponse(msg);
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD0D Authentication response for " + addressStr + ":");
+            _this.logger.info('ConnectionAuthenticator', "   - Status: " + authResponse.status + " (" + _this.getStatusDescription(authResponse.status) + ")");
+            _this.logger.info('ConnectionAuthenticator', "   - Server UUID: " + (authResponse.uuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Owner UUID: " + (authResponse.ownerUuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Address: " + (authResponse.address ? authResponse.address.toString() : 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Version: " + (authResponse.serverHazelcastVersion || 'NOT PROVIDED'));
             switch (authResponse.status) {
                 case 0 /* AUTHENTICATED */:
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Authentication SUCCESSFUL for " + addressStr);
                     _this.connection.setAddress(authResponse.address);
                     _this.connection.setConnectedServerVersion(authResponse.serverHazelcastVersion);
                     if (asOwner) {
+                        var oldUuid = _this.clusterService.uuid;
+                        var oldOwnerUuid = _this.clusterService.ownerUuid;
                         _this.clusterService.uuid = authResponse.uuid;
                         _this.clusterService.ownerUuid = authResponse.ownerUuid;
+                        _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD04 Updated cluster service for " + addressStr + ":");
+                        _this.logger.info('ConnectionAuthenticator', "   - UUID: " + (oldUuid || 'NOT SET') + " \u2192 " + authResponse.uuid);
+                        _this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (oldOwnerUuid || 'NOT SET') + " \u2192 " + authResponse.ownerUuid);
                     }
-                    _this.logger.info('ConnectionAuthenticator', 'Connection to ' +
-                        _this.connection.getAddress().toString() + ' authenticated');
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Connection to " + addressStr + " authenticated successfully");
                     break;
                 case 1 /* CREDENTIALS_FAILED */:
-                    _this.logger.error('ConnectionAuthenticator', 'Invalid Credentials');
-                    throw new Error('Invalid Credentials, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Invalid Credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Server rejected our credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Check if UUIDs and group credentials are correct");
+                    throw new Error('Invalid Credentials, could not authenticate connection to ' + addressStr);
                 case 2 /* SERIALIZATION_VERSION_MISMATCH */:
-                    _this.logger.error('ConnectionAuthenticator', 'Serialization version mismatch');
-                    throw new Error('Serialization version mismatch, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Serialization version mismatch");
+                    throw new Error('Serialization version mismatch, could not authenticate connection to ' + addressStr);
                 default:
-                    _this.logger.error('ConnectionAuthenticator', 'Unknown authentication status: '
-                        + authResponse.status);
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Unknown status " + authResponse.status);
                     throw new HazelcastError_1.AuthenticationError('Unknown authentication status: ' + authResponse.status +
-                        ' , could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                        ' , could not authenticate connection to ' + addressStr);
             }
+        })
+            .catch(function (error) {
+            _this.logger.error('ConnectionAuthenticator', "\uD83D\uDCA5 Authentication ERROR for " + addressStr + ": " + error.message);
+            throw error;
         });
     };
+    /**
+     * Gets a human-readable description of authentication status
+     */
+    ConnectionAuthenticator.prototype.getStatusDescription = function (status) {
+        switch (status) {
+            case 0 /* AUTHENTICATED */: return 'AUTHENTICATED';
+            case 1 /* CREDENTIALS_FAILED */: return 'CREDENTIALS_FAILED';
+            case 2 /* SERIALIZATION_VERSION_MISMATCH */: return 'SERIALIZATION_VERSION_MISMATCH';
+            default: return "UNKNOWN_STATUS_" + status;
+        }
+    };
+    /**
+     * Creates credentials with optional restoration from preservation service
+     * @param asOwner Whether this is an owner connection
+     * @param preservedCredentials Optional preserved credentials to use
+     * @returns The credentials message
+     */
+    ConnectionAuthenticator.prototype.createCredentialsWithRestoration = function (asOwner, preservedCredentials) {
+        if (preservedCredentials && preservedCredentials.uuid && preservedCredentials.ownerUuid) {
+            this.logger.debug('ConnectionAuthenticator', "Using preserved credentials: uuid=" + preservedCredentials.uuid + ", ownerUuid=" + preservedCredentials.ownerUuid);
+            // Use preserved credentials instead of current cluster state
+            var groupConfig = this.client.getConfig().groupConfig;
+            var customCredentials = this.client.getConfig().customCredentials;
+            var clientMessage = void 0;
+            var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
+            if (customCredentials != null) {
+                var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+                clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            else {
+                clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(preservedCredentials.groupName, preservedCredentials.groupPassword, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            return clientMessage;
+        }
+        // Fall back to normal credential creation
+        return this.createCredentials(asOwner);
+    };
     ConnectionAuthenticator.prototype.createCredentials = function (asOwner) {
         var groupConfig = this.client.getConfig().groupConfig;
         var uuid = this.clusterService.uuid;
         var ownerUuid = this.clusterService.ownerUuid;
         var customCredentials = this.client.getConfig().customCredentials;
+        // LOG EXACTLY WHAT CREDENTIALS WE'RE SENDING
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Creating authentication credentials for " + this.connection.getAddress().toString() + ":");
+        this.logger.info('ConnectionAuthenticator', "   - As Owner: " + asOwner);
+        this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + (customCredentials ? 'YES' : 'NO'));
+        this.logger.info('ConnectionAuthenticator', "   - Client Version: " + BuildInfo_1.BuildInfo.getClientVersion());
         var clientMessage;
         var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
         if (customCredentials != null) {
             var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending CUSTOM authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + typeof credentialsPayload);
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
         else {
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending STANDARD authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(groupConfig.name, groupConfig.password, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCCB Final authentication message created and ready to send");
         return clientMessage;
     };
     return ConnectionAuthenticator;

package/lib/invocation/CredentialPreservationService.d.ts ADDED Viewed

@@ -0,0 +1,141 @@
+import { ILogger } from '../logging/ILogger';
+import Address = require('../Address');
+/**
+ * Interface for node credentials
+ */
+export interface NodeCredentials {
+    uuid: string;
+    ownerUuid: string;
+    groupName: string;
+    groupPassword: string;
+    lastAuthenticated: number;
+    isOwner: boolean;
+}
+/**
+ * Service to preserve and restore authentication credentials across failover cycles
+ * This fixes the "Invalid Credentials" issue that occurs when nodes rejoin after failover
+ */
+export declare class CredentialPreservationService {
+    private readonly logger;
+    /**
+     * Stores authentication context for each node
+     */
+    private nodeCredentials;
+    constructor(logger: ILogger);
+    /**
+     * Preserves authentication credentials for a node before it gets disconnected
+     * @param address The node address
+     * @param uuid The node's UUID
+     * @param ownerUuid The owner UUID
+     * @param groupName The group name
+     * @param groupPassword The group password
+     * @param isOwner Whether this is an owner connection
+     */
+    preserveCredentials(address: Address, uuid: string, ownerUuid: string, groupName: string, groupPassword: string, isOwner: boolean): void;
+    /**
+     * Restores authentication credentials for a specific node
+     * @param address The node address
+     * @returns The preserved credentials or null if not found
+     */
+    restoreCredentials(address: Address): NodeCredentials | null;
+    /**
+     * Updates credentials after successful authentication
+     * @param address The node address
+     * @param uuid The new UUID
+     * @param ownerUuid The new owner UUID
+     */
+    updateCredentials(address: Address, uuid: string, ownerUuid: string): void;
+    /**
+     * Clears credentials for a specific node
+     * @param address The node address
+     */
+    clearCredentials(address: Address): void;
+    /**
+     * Clears all stored credentials - used for cluster reset scenarios
+     */
+    clearAllCredentials(): void;
+    /**
+     * Cleans up stale credentials older than the specified age
+     * @param maxAgeMs Maximum age in milliseconds (default: 5 minutes)
+     */
+    cleanupStaleCredentials(maxAgeMs?: number): void;
+    /**
+     * Gets a summary of preserved credentials for debugging
+     * @returns A summary string
+     */
+    getCredentialsSummary(): string;
+    /**
+     * Smart credential restoration that handles both scenarios:
+     * 1. If member added event occurred -> use new UUID
+     * 2. If no member added event -> use old UUID (node probably never changed)
+     * @param address The address to restore credentials for
+     * @param hasMemberAddedEvent Whether we received a member added event for this address
+     * @returns The appropriate credentials to use
+     */
+    smartRestoreCredentials(address: Address, hasMemberAddedEvent?: boolean): NodeCredentials | null;
+    /**
+     * Checks if we have valid credentials for an address
+     * @param address The address to check
+     * @returns True if we have valid credentials
+     */
+    hasValidCredentials(address: Address): boolean;
+    /**
+     * Gets the last known UUID for an address
+     * @param address The address to get UUID for
+     * @returns The UUID or null if not found
+     */
+    getLastKnownUuid(address: Address): string | null;
+    /**
+     * Updates the owner UUID for ALL preserved credentials
+     * This is called when cluster membership changes and we need to sync all credentials
+     * @param newOwnerUuid The new owner UUID from the current cluster state
+     */
+    updateAllOwnerUuids(newOwnerUuid: string): void;
+    /**
+     * Gets the current owner UUID from preserved credentials
+     * @returns The current owner UUID or null if not found
+     */
+    getCurrentOwnerUuid(): string | null;
+    /**
+     * Validates that all credentials have consistent owner UUIDs
+     * @returns True if all credentials are consistent, false otherwise
+     */
+    validateOwnerUuidConsistency(): boolean;
+    /**
+     * Invalidates ALL credentials that have a specific owner UUID
+     * This is called when cluster membership changes and old owner UUIDs become invalid
+     * @param oldOwnerUuid The old owner UUID that is no longer valid
+     */
+    invalidateCredentialsWithOwnerUuid(oldOwnerUuid: string): void;
+    /**
+     * Invalidates ALL credentials that don't match the current cluster owner UUID
+     * This ensures complete credential consistency across the entire cluster
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateAllCredentialsExceptCurrentOwner(currentClusterOwnerUuid: string): void;
+    /**
+     * Invalidates only problematic credentials while preserving working ones
+     * This prevents breaking working connections (like 192.168.1.108)
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateOnlyProblematicCredentials(currentClusterOwnerUuid: string): void;
+    /**
+     * Checks if an address has had recent authentication issues
+     * This helps determine which credentials to invalidate
+     * @param addressStr The address to check
+     * @returns True if the address has recent auth issues
+     */
+    private hasRecentAuthenticationIssues(addressStr);
+    /**
+     * Clears all credentials for a specific address
+     * This is called when we need to force fresh authentication for a node
+     * @param address The address to clear credentials for
+     */
+    clearCredentialsForAddress(address: Address): void;
+    /**
+     * Gets all addresses that have credentials with a specific owner UUID
+     * @param ownerUuid The owner UUID to search for
+     * @returns Array of addresses that have credentials with this owner UUID
+     */
+    getAddressesWithOwnerUuid(ownerUuid: string): string[];
+}

package/lib/invocation/CredentialPreservationService.js ADDED Viewed

@@ -0,0 +1,377 @@
+"use strict";
+/*
+ * Copyright (c) 2008-2021, Hazelcast, Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Service to preserve and restore authentication credentials across failover cycles
+ * This fixes the "Invalid Credentials" issue that occurs when nodes rejoin after failover
+ */
+var CredentialPreservationService = /** @class */ (function () {
+    function CredentialPreservationService(logger) {
+        /**
+         * Stores authentication context for each node
+         */
+        this.nodeCredentials = new Map();
+        this.logger = logger;
+    }
+    /**
+     * Preserves authentication credentials for a node before it gets disconnected
+     * @param address The node address
+     * @param uuid The node's UUID
+     * @param ownerUuid The owner UUID
+     * @param groupName The group name
+     * @param groupPassword The group password
+     * @param isOwner Whether this is an owner connection
+     */
+    CredentialPreservationService.prototype.preserveCredentials = function (address, uuid, ownerUuid, groupName, groupPassword, isOwner) {
+        var addressStr = address.toString();
+        this.nodeCredentials.set(addressStr, {
+            uuid: uuid,
+            ownerUuid: ownerUuid,
+            groupName: groupName,
+            groupPassword: groupPassword,
+            lastAuthenticated: Date.now(),
+            isOwner: isOwner
+        });
+        this.logger.debug('CredentialPreservationService', "Preserved credentials for " + addressStr + ": uuid=" + uuid + ", ownerUuid=" + ownerUuid + ", isOwner=" + isOwner);
+    };
+    /**
+     * Restores authentication credentials for a specific node
+     * @param address The node address
+     * @returns The preserved credentials or null if not found
+     */
+    CredentialPreservationService.prototype.restoreCredentials = function (address) {
+        var _this = this;
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (credentials) {
+            this.logger.info('CredentialPreservationService', "\u2705 Found preserved credentials for " + addressStr + ": uuid=" + credentials.uuid + ", ownerUuid=" + credentials.ownerUuid);
+            return credentials;
+        }
+        // Log all available credentials for debugging
+        this.logger.info('CredentialPreservationService', "\u274C No preserved credentials found for " + addressStr);
+        this.logger.info('CredentialPreservationService', "\uD83D\uDCCB Available credentials: " + this.nodeCredentials.size + " entries");
+        if (this.nodeCredentials.size > 0) {
+            this.nodeCredentials.forEach(function (cred, addr) {
+                _this.logger.info('CredentialPreservationService', "   - " + addr + ": uuid=" + cred.uuid + ", ownerUuid=" + cred.ownerUuid + ", isOwner=" + cred.isOwner);
+            });
+        }
+        return null;
+    };
+    /**
+     * Updates credentials after successful authentication
+     * @param address The node address
+     * @param uuid The new UUID
+     * @param ownerUuid The new owner UUID
+     */
+    CredentialPreservationService.prototype.updateCredentials = function (address, uuid, ownerUuid) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (credentials) {
+            credentials.uuid = uuid;
+            credentials.ownerUuid = ownerUuid;
+            credentials.lastAuthenticated = Date.now();
+            this.logger.debug('CredentialPreservationService', "Updated credentials for " + addressStr + ": uuid=" + uuid + ", ownerUuid=" + ownerUuid);
+        }
+    };
+    /**
+     * Clears credentials for a specific node
+     * @param address The node address
+     */
+    CredentialPreservationService.prototype.clearCredentials = function (address) {
+        var addressStr = address.toString();
+        if (this.nodeCredentials.delete(addressStr)) {
+            this.logger.debug('CredentialPreservationService', "Cleared credentials for " + addressStr);
+        }
+    };
+    /**
+     * Clears all stored credentials - used for cluster reset scenarios
+     */
+    CredentialPreservationService.prototype.clearAllCredentials = function () {
+        var credentialCount = this.nodeCredentials.size;
+        this.nodeCredentials.clear();
+        this.logger.info('CredentialPreservationService', "\uD83E\uDDF9 Cleared all " + credentialCount + " stored credentials for cluster reset");
+    };
+    /**
+     * Cleans up stale credentials older than the specified age
+     * @param maxAgeMs Maximum age in milliseconds (default: 5 minutes)
+     */
+    CredentialPreservationService.prototype.cleanupStaleCredentials = function (maxAgeMs) {
+        var _this = this;
+        if (maxAgeMs === void 0) { maxAgeMs = 300000; }
+        var now = Date.now();
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            var age = now - credentials.lastAuthenticated;
+            if (age > maxAgeMs) {
+                addressesToRemove.push(addressStr);
+            }
+        });
+        if (addressesToRemove.length > 0) {
+            addressesToRemove.forEach(function (addressStr) {
+                _this.nodeCredentials.delete(addressStr);
+            });
+            this.logger.debug('CredentialPreservationService', "Cleaned up " + addressesToRemove.length + " stale credential entries");
+        }
+    };
+    /**
+     * Gets a summary of preserved credentials for debugging
+     * @returns A summary string
+     */
+    CredentialPreservationService.prototype.getCredentialsSummary = function () {
+        var entries = Array.from(this.nodeCredentials.entries());
+        if (entries.length === 0) {
+            return 'none';
+        }
+        return entries.map(function (_a) {
+            var address = _a[0], creds = _a[1];
+            return address + ": uuid=" + (creds.uuid || 'null') + ", ownerUuid=" + (creds.ownerUuid || 'null') + ", isOwner=" + creds.isOwner;
+        }).join('; ');
+    };
+    /**
+     * Smart credential restoration that handles both scenarios:
+     * 1. If member added event occurred -> use new UUID
+     * 2. If no member added event -> use old UUID (node probably never changed)
+     * @param address The address to restore credentials for
+     * @param hasMemberAddedEvent Whether we received a member added event for this address
+     * @returns The appropriate credentials to use
+     */
+    CredentialPreservationService.prototype.smartRestoreCredentials = function (address, hasMemberAddedEvent) {
+        if (hasMemberAddedEvent === void 0) { hasMemberAddedEvent = false; }
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (!credentials) {
+            this.logger.debug('CredentialPreservationService', "No preserved credentials found for " + addressStr);
+            return null;
+        }
+        if (hasMemberAddedEvent) {
+            // Member actually left and rejoined - use the updated credentials
+            this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Member added event detected for " + addressStr + ", using updated credentials: uuid=" + credentials.uuid);
+            return credentials;
+        }
+        else {
+            // No member added event - node probably never changed, use original credentials
+            this.logger.info('CredentialPreservationService', "\uD83D\uDD04 No member added event for " + addressStr + ", assuming node unchanged, using original credentials: uuid=" + credentials.uuid);
+            return credentials;
+        }
+    };
+    /**
+     * Checks if we have valid credentials for an address
+     * @param address The address to check
+     * @returns True if we have valid credentials
+     */
+    CredentialPreservationService.prototype.hasValidCredentials = function (address) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        return !!(credentials && credentials.uuid && credentials.ownerUuid);
+    };
+    /**
+     * Gets the last known UUID for an address
+     * @param address The address to get UUID for
+     * @returns The UUID or null if not found
+     */
+    CredentialPreservationService.prototype.getLastKnownUuid = function (address) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        return credentials ? credentials.uuid : null;
+    };
+    /**
+     * Updates the owner UUID for ALL preserved credentials
+     * This is called when cluster membership changes and we need to sync all credentials
+     * @param newOwnerUuid The new owner UUID from the current cluster state
+     */
+    CredentialPreservationService.prototype.updateAllOwnerUuids = function (newOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Updating ALL preserved credentials with new owner UUID: " + newOwnerUuid);
+        var updatedCount = 0;
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid !== newOwnerUuid) {
+                var oldOwnerUuid = credentials.ownerUuid;
+                credentials.ownerUuid = newOwnerUuid;
+                updatedCount++;
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Updated " + addressStr + ": ownerUuid " + oldOwnerUuid + " \u2192 " + newOwnerUuid);
+            }
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Updated " + updatedCount + " credential entries with new owner UUID");
+    };
+    /**
+     * Gets the current owner UUID from preserved credentials
+     * @returns The current owner UUID or null if not found
+     */
+    CredentialPreservationService.prototype.getCurrentOwnerUuid = function () {
+        // Find any credential that has isOwner=true
+        for (var _i = 0, _a = Array.from(this.nodeCredentials.values()); _i < _a.length; _i++) {
+            var credentials = _a[_i];
+            if (credentials.isOwner) {
+                return credentials.ownerUuid;
+            }
+        }
+        // If no owner found, return the first available ownerUuid
+        for (var _b = 0, _c = Array.from(this.nodeCredentials.values()); _b < _c.length; _b++) {
+            var credentials = _c[_b];
+            if (credentials.ownerUuid) {
+                return credentials.ownerUuid;
+            }
+        }
+        return null;
+    };
+    /**
+     * Validates that all credentials have consistent owner UUIDs
+     * @returns True if all credentials are consistent, false otherwise
+     */
+    CredentialPreservationService.prototype.validateOwnerUuidConsistency = function () {
+        var ownerUuids = new Set();
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid) {
+                ownerUuids.add(credentials.ownerUuid);
+            }
+        });
+        var isConsistent = ownerUuids.size <= 1;
+        if (!isConsistent) {
+            this.logger.warn('CredentialPreservationService', "\u26A0\uFE0F Owner UUID inconsistency detected: " + Array.from(ownerUuids).join(', '));
+        }
+        return isConsistent;
+    };
+    /**
+     * Invalidates ALL credentials that have a specific owner UUID
+     * This is called when cluster membership changes and old owner UUIDs become invalid
+     * @param oldOwnerUuid The old owner UUID that is no longer valid
+     */
+    CredentialPreservationService.prototype.invalidateCredentialsWithOwnerUuid = function (oldOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating ALL credentials with old owner UUID: " + oldOwnerUuid);
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid === oldOwnerUuid) {
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating credentials for " + addressStr + ": old ownerUuid=" + oldOwnerUuid);
+                addressesToRemove.push(addressStr);
+                invalidatedCount++;
+            }
+        });
+        // Remove the invalidated credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Invalidated " + invalidatedCount + " credential entries with old owner UUID: " + oldOwnerUuid);
+    };
+    /**
+     * Invalidates ALL credentials that don't match the current cluster owner UUID
+     * This ensures complete credential consistency across the entire cluster
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    CredentialPreservationService.prototype.invalidateAllCredentialsExceptCurrentOwner = function (currentClusterOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Comprehensive credential cleanup: Invalidating ALL credentials except those with current owner UUID: " + currentClusterOwnerUuid);
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid !== currentClusterOwnerUuid) {
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating credentials for " + addressStr + ": old ownerUuid=" + credentials.ownerUuid + " \u2260 current=" + currentClusterOwnerUuid);
+                addressesToRemove.push(addressStr);
+                invalidatedCount++;
+            }
+            else {
+                _this.logger.debug('CredentialPreservationService', "\u2705 Keeping valid credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " matches current");
+            }
+        });
+        // Remove the invalidated credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Comprehensive cleanup completed: Invalidated " + invalidatedCount + " credential entries, kept " + this.nodeCredentials.size + " valid entries");
+        // Log remaining valid credentials for debugging
+        if (this.nodeCredentials.size > 0) {
+            this.logger.info('CredentialPreservationService', "\uD83D\uDCCB Remaining valid credentials after cleanup:");
+            this.nodeCredentials.forEach(function (credentials, addressStr) {
+                _this.logger.info('CredentialPreservationService', "   - " + addressStr + ": uuid=" + credentials.uuid + ", ownerUuid=" + credentials.ownerUuid + ", isOwner=" + credentials.isOwner);
+            });
+        }
+    };
+    /**
+     * Invalidates only problematic credentials while preserving working ones
+     * This prevents breaking working connections (like 192.168.1.108)
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    CredentialPreservationService.prototype.invalidateOnlyProblematicCredentials = function (currentClusterOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83C\uDFAF Targeted credential cleanup: Only invalidating problematic credentials, preserving working ones");
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            // Only invalidate if the ownerUuid is clearly wrong AND we've had authentication issues
+            if (credentials.ownerUuid !== currentClusterOwnerUuid) {
+                // Check if this address has had recent authentication failures
+                var hasAuthIssues = _this.hasRecentAuthenticationIssues(addressStr);
+                if (hasAuthIssues) {
+                    _this.logger.info('CredentialPreservationService', "\uD83C\uDFAF Invalidating problematic credentials for " + addressStr + ": old ownerUuid=" + credentials.ownerUuid + " \u2260 current=" + currentClusterOwnerUuid + " (has auth issues)");
+                    addressesToRemove.push(addressStr);
+                    invalidatedCount++;
+                }
+                else {
+                    _this.logger.info('CredentialPreservationService', "\u2705 Keeping working credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " (no auth issues)");
+                }
+            }
+            else {
+                _this.logger.debug('CredentialPreservationService', "\u2705 Keeping valid credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " matches current");
+            }
+        });
+        // Remove only the problematic credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Targeted cleanup completed: Invalidated " + invalidatedCount + " problematic credential entries, kept " + this.nodeCredentials.size + " working entries");
+    };
+    /**
+     * Checks if an address has had recent authentication issues
+     * This helps determine which credentials to invalidate
+     * @param addressStr The address to check
+     * @returns True if the address has recent auth issues
+     */
+    CredentialPreservationService.prototype.hasRecentAuthenticationIssues = function (addressStr) {
+        // For now, we'll be conservative and only invalidate if we're certain
+        // In the future, we could track authentication failure history
+        return false; // Don't invalidate anything for now - revert to previous working behavior
+    };
+    /**
+     * Clears all credentials for a specific address
+     * This is called when we need to force fresh authentication for a node
+     * @param address The address to clear credentials for
+     */
+    CredentialPreservationService.prototype.clearCredentialsForAddress = function (address) {
+        var addressStr = address.toString();
+        if (this.nodeCredentials.has(addressStr)) {
+            this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Clearing credentials for " + addressStr);
+            this.nodeCredentials.delete(addressStr);
+        }
+    };
+    /**
+     * Gets all addresses that have credentials with a specific owner UUID
+     * @param ownerUuid The owner UUID to search for
+     * @returns Array of addresses that have credentials with this owner UUID
+     */
+    CredentialPreservationService.prototype.getAddressesWithOwnerUuid = function (ownerUuid) {
+        var addresses = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid === ownerUuid) {
+                addresses.push(addressStr);
+            }
+        });
+        return addresses;
+    };
+    return CredentialPreservationService;
+}());
+exports.CredentialPreservationService = CredentialPreservationService;