@kumori/aurora-backend-handler 1.0.88 → 1.0.90

package/api/account-api-service.ts

@@ -642,6 +642,7 @@ export const createAccount = async (account: Account, security: Security) => {
         account: account.name,
         tenant: account.tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(accountErrorNotification);
     throw error;
@@ -758,6 +759,7 @@ export const deleteAccount = async (account: Account, security: Security) => {
         account: account.name,
         tenant: account.tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(accountErrorNotification);
     throw error;
@@ -818,6 +820,7 @@ export const clearAccount = async (account: Account, security: Security) => {
         account: account.name,
         tenant: account.tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(accountErrorNotification);
     throw error;

package/api/environment-api-service.ts

@@ -143,7 +143,8 @@ export const createEnvironment = async (
         environment: env.name,
         account: env.account,
         tenant: env.tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(envErrorNotification);
     throw error;
@@ -232,7 +233,8 @@ export const deleteEnvironment = async (
         environment: env.name,
         account: env.account,
         tenant: env.tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(envErrorNotification);
     throw error;
@@ -319,7 +321,8 @@ export const clearEnvironment = async (
         environment: env.name,
         account: env.account,
         tenant: env.tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(envErrorNotification);
     throw error;
@@ -456,7 +459,8 @@ export const updateEnvironment = async (
         environment: env.name,
         account: env.account,
         tenant: env.tenant
-      }
+      },
+      userError: true
     };
     eventHelper.notification.publish.creation(envErrorNotification);
     throw error;
@@ -534,7 +538,8 @@ export const scaleEnvironment = async (
         environment: env.name,
         account: env.account,
         tenant: env.tenant
-      }
+      },
+      userError: true
     };
     eventHelper.notification.publish.creation(envErrorNotification);
     throw error;

package/api/resources-api-service.ts

@@ -98,7 +98,8 @@ export const createDomain = async (
       data: {
         resource: domain.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -177,7 +178,8 @@ export const createPort = async (
       data: {
         resource: port.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -256,7 +258,8 @@ export const createCA = async (
       data: {
         resource: ca.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -348,7 +351,8 @@ export const createCertificate = async (
       data: {
         resource: certificate.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -427,7 +431,8 @@ export const createSecret = async (
       data: {
         resource: secret.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -526,7 +531,8 @@ export const createVolume = async (
       data: {
         resource: volume.name,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -632,7 +638,8 @@ const deleteResourceBase = async (
         resource: resource.name,
         type: resource.type,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;
@@ -726,7 +733,8 @@ const updateResourceBase = async (
         resource: resource.name,
         type: resource.type,
         tenant: tenant
-      }
+      },
+      userError: true,
     };
     eventHelper.notification.publish.creation(resourceErrorNotification);
     throw error;

package/api/service-api-service.ts

@@ -636,6 +636,7 @@ export const updateService = async (
         service: data.name,
         tenant: data.tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(notification);
     eventHelper.service.publish.updateError(data);
@@ -692,6 +693,7 @@ export const unlinkServices = async (service: Service, token: string) => {
               service: service.name,
               tenant: service.tenant,
             },
+            userError: true,
           };
           eventHelper.notification.publish.creation(notification);
         }
@@ -753,6 +755,7 @@ export const updateServiceLinks = async (link: Link, token: string) => {
           service: link.origin,
           tenant: link.tenant,
         },
+        userError: true,
       };
       eventHelper.notification.publish.creation(notification);
     }

package/api/tenant-api-service.ts

@@ -109,6 +109,7 @@ export const createTenant = async (tenant: Tenant, security: Security) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantCreationErrorNotification);
     throw error;
@@ -176,6 +177,7 @@ export const deleteTenant = async (tenant: Tenant, security: string) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantDeletionErrorNotification);
     throw err;
@@ -265,6 +267,7 @@ export const updateTenant = async (tenant: Tenant, security: string) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantUpdateErrorNotification);
     throw err;
@@ -364,6 +367,7 @@ export const createTenantHTTP = async (tenant: Tenant) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
 
     eventHelper.notification.publish.creation(tenantCreationErrorNotification);
@@ -423,6 +427,7 @@ export const deleteTenantHTTP = async (tenant: Tenant) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantDeletionErrorNotification);
   }
@@ -514,6 +519,7 @@ export const updateTenantHTTP = async (tenant: Tenant) => {
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantUpdateErrorNotification);
   }
@@ -602,6 +608,7 @@ export const createRegistry = async (
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       dregistryCreationErrorNotification
@@ -703,6 +710,7 @@ export const updateRegistry = async (
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(dregistryUpdateErrorNotification);
     throw error;
@@ -785,6 +793,7 @@ export const deleteRegistry = async (
       data: {
         tenant: tenant.name,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       dregistryDeletionErrorNotification
@@ -872,6 +881,7 @@ export const inviteUser = async (
         role,
         tenantRole,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(tenantInviteErrorNotification);
     throw error;
@@ -948,6 +958,7 @@ export const removeUser = async (
         tenant: tenant,
         user: userId,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       tenantUserRemovedErrorNotification
@@ -1031,6 +1042,7 @@ export const updateUserRole = async (
         user: userId,
         role: role,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       tenantUserUpdatedErrorNotification
@@ -1099,6 +1111,7 @@ export const acceptInvite = async (tenant: string, security: string) => {
       data: {
         tenant: tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       tenantInviteAcceptedErrorNotification
@@ -1167,6 +1180,7 @@ export const rejectInvite = async (tenant: string, security: string) => {
       data: {
         tenant: tenant,
       },
+      userError: true,
     };
     eventHelper.notification.publish.creation(
       tenantInviteRejectedErrorNotification

package/api/user-api-service.ts

@@ -1091,6 +1091,7 @@ export const updateUser = async (user: User) => {
         message: (error as any).error.content,
       },
       data: { user: user.name },
+      userError: true,
     });
     throw error;
   }
@@ -1129,6 +1130,7 @@ export const deleteUSer = async (user: User, security: string) => {
         message: (error as any).error.content,
       },
       data: { user: user.name },
+      userError: true,
     });
     throw error;
   }

package/helpers/account-helper.ts

@@ -1,5 +1,28 @@
 import { Account, Notification } from "@kumori/aurora-interfaces";
+const CREDENTIAL_ERROR_CODES = new Set([
+  "_error_retrieving_credentials_",
+  "_invalid_account_credentials_",
+  "_unsupported_region_",
+]);
 
+/**
+ * All statuses that mean the account has reached a final error state.
+ * Pollers and status-strategy consumers should treat these as terminal.
+ */
+export const ACCOUNT_ERROR_STATUSES = new Set([
+  "error",
+  "invalid_credentials",
+  "failed",
+]);
+
+/**
+ * Map a raw backend error code to the normalized account status
+ * we write to accountsMap / the Account object.
+ */
+export const resolveErrorStatus = (
+  code: string,
+): "invalid_credentials" | "error" =>
+  CREDENTIAL_ERROR_CODES.has(code) ? "invalid_credentials" : "error";
 
 interface HandleAccountEventParams {
   entityId: string;
@@ -39,10 +62,10 @@ interface HandleAccountOperationErrorResult {
   eventType: "creationError" | "updateError" | "deletionError";
 }
 /**
- * Extract cloud provider credentials from event data
+ * Extract cloud provider credentials from event data.
  */
 const extractCloudProviderCredentials = (
-  eventData: any
+  eventData: any,
 ): { providerType: string; credentials: any } => {
   let providerType = "";
   let credentials = {};
@@ -52,18 +75,24 @@ const extractCloudProviderCredentials = (
     credentials = {
       region: eventData.spec.credentials.openstack?.region_name || "",
       interface: eventData.spec.credentials.openstack?.interface || "",
-      apiVersion: eventData.spec.credentials.openstack?.identity_api_version || "",
+      apiVersion:
+        eventData.spec.credentials.openstack?.identity_api_version || "",
       authType: eventData.spec.credentials.openstack?.auth_type || "",
       authUrl: eventData.spec.credentials.openstack?.auth?.auth_url || "",
-      credentialId: eventData.spec.credentials.openstack?.auth?.application_credential_id || "",
-      credentialSecret: eventData.spec.credentials.openstack?.auth?.application_credential_secret || "",
+      credentialId:
+        eventData.spec.credentials.openstack?.auth?.application_credential_id ||
+        "",
+      credentialSecret:
+        eventData.spec.credentials.openstack?.auth
+          ?.application_credential_secret || "",
     };
   } else if (eventData.spec.credentials.aws) {
     providerType = "aws";
     credentials = {
       region: eventData.spec.credentials.aws?.region || "",
       credentialId: eventData.spec.credentials.aws?.aws_access_key_id || "",
-      credentialSecret: eventData.spec.credentials.aws?.aws_secret_access_key || "",
+      credentialSecret:
+        eventData.spec.credentials.aws?.aws_secret_access_key || "",
     };
   } else if (eventData.spec.credentials.azure) {
     providerType = "azure";
@@ -87,28 +116,72 @@ const extractCloudProviderCredentials = (
 };
 
 /**
- * Determine account status from event data
+ * Determine the canonical account status from a WebSocket event.
+ *
+ * Priority order:
+ *   1. Soft-deleted accounts → 'deleting'
+ *   2. validCredentials status reported by the backend (covers both
+ *      success and the async credential-validation path)
+ *   3. Keep the existing status so we never regress a terminal state
+ *      (e.g. don't overwrite 'invalid_credentials' with 'pending')
+ *   4. Default to 'pending' for brand-new accounts
  */
 const determineAccountStatus = (
   eventData: any,
-  existingAccount: Account | undefined
+  existingAccount: Account | undefined,
 ): string => {
   if (eventData.meta?.deleted) {
     return "deleting";
   }
-  if (eventData.status.validCredentials?.status) {
-    return eventData.status.validCredentials.status;
+  const rawStatus: string | undefined =
+    eventData.status?.validCredentials?.status;
+  if (rawStatus) {
+    if (CREDENTIAL_ERROR_CODES.has(rawStatus)) {
+      return "invalid_credentials";
+    }
+    return rawStatus;
   }
-  if (existingAccount?.status) {
+  if (existingAccount?.status && existingAccount.status !== "pending") {
     return existingAccount.status;
   }
   return "pending";
 };
 
+/**
+ * Translates account error notifications → account.status on accountsMap
+ * so that waitForAccountStatus only needs to poll account.status, not notifications.
+ *
+ * Called from the websocket-manager's `user` event case immediately after
+ * handleUserEvent so the status is always written in the same event-loop tick.
+ */
+export const syncAccountStatusFromNotifications = (
+  notifications: any[] = [],
+  accountsMap: Map<string, Account>,
+): void => {
+  for (const notification of notifications) {
+    if (notification.type !== "error") continue;
+    if (
+      notification.subtype !== "account-creation-error" &&
+      notification.subtype !== "account-update-error"
+    )
+      continue;
+
+    const accountName: string = notification.data?.account;
+    if (!accountName) continue;
+
+    const account = accountsMap.get(accountName);
+    if (!account || ACCOUNT_ERROR_STATUSES.has(account.status)) continue;
+
+    const code: string = notification.info_content?.code ?? "";
+    accountsMap.set(accountName, {
+      ...account,
+      status: resolveErrorStatus(code),
+    });
+  }
+};
 
 /**
- * Handles the "account" event from WebSocket messages
- * Processes account data updates and cloud provider credentials
+ * Handles the "account" kind event from WebSocket messages.
  */
 export const handleAccountEvent = ({
   entityId,
@@ -117,11 +190,13 @@ export const handleAccountEvent = ({
   accountsMap,
 }: HandleAccountEventParams): HandleAccountEventResult => {
   const accountTenantId = parentParts.tenant;
-  const { providerType, credentials } = extractCloudProviderCredentials(eventData);
+  const { providerType, credentials } =
+    extractCloudProviderCredentials(eventData);
   const accountLabels: Record<string, string> = eventData.meta.labels;
   const hasCredentials = "__axebow::managedCredentials" in accountLabels;
   const existingAccount = accountsMap.get(entityId);
   const accountStatus = determineAccountStatus(eventData, existingAccount);
+
   const newAccount: Account = {
     id: entityId,
     name: entityId,
@@ -196,9 +271,8 @@ export const handleAccountEvent = ({
   };
 };
 
-
 /**
- * Handles successful account operations (CREATE, UPDATE, DELETE)
+ * Handles successful account operations (CREATE, UPDATE, DELETE).
  */
 export const handleAccountOperationSuccess = ({
   action,
@@ -206,57 +280,37 @@ export const handleAccountOperationSuccess = ({
   originalData,
 }: HandleAccountOperationSuccessParams): HandleAccountOperationSuccessResult => {
   if (action === "DELETE") {
-    const accountNotification: Notification = {
-      type: "success",
-      subtype: "account-deleted",
-      date: Date.now().toString(),
-      status: "unread",
-      callToAction: false,
-      data: {
-        account: originalData.name,
-        tenant: originalData.tenant,
-      },
-    };
-
     return {
       updatedAccount: null,
       shouldDelete: true,
-      notification: accountNotification,
+      notification: {
+        type: "success",
+        subtype: "account-deleted",
+        date: Date.now().toString(),
+        status: "unread",
+        callToAction: false,
+        data: { account: originalData.name, tenant: originalData.tenant },
+      },
       eventType: "deleted",
     };
   }
 
   if (originalData) {
-    const updatedAccount = { ...originalData, status: "active" };
-
-    let subtype: string;
-    let eventType: "created" | "updated" | null = null;
-
-    if (action === "CREATE") {
-      subtype = "account-created";
-      eventType = "created";
-    } else {
-      subtype = "account-updated";
-      eventType = "updated";
-    }
-
-    const accountNotification: Notification = {
-      type: "success",
-      subtype,
-      date: Date.now().toString(),
-      status: "unread",
-      callToAction: false,
-      data: {
-        account: updatedAccount.name,
-        tenant: updatedAccount.tenant,
-      },
-    };
+    const updatedAccount: Account = { ...originalData, status: "active" };
+    const isCreate = action === "CREATE";
 
     return {
       updatedAccount,
       shouldDelete: false,
-      notification: accountNotification,
-      eventType,
+      notification: {
+        type: "success",
+        subtype: isCreate ? "account-created" : "account-updated",
+        date: Date.now().toString(),
+        status: "unread",
+        callToAction: false,
+        data: { account: updatedAccount.name, tenant: updatedAccount.tenant },
+      },
+      eventType: isCreate ? "created" : "updated",
     };
   }
 
@@ -275,9 +329,12 @@ export const handleAccountOperationSuccess = ({
   };
 };
 
-
 /**
- * Handles failed account operations (CREATE, UPDATE, DELETE)
+ * Handles failed account operations (CREATE, UPDATE, DELETE).
+ *
+ * For CREATE failures the account is removed from the map (shouldDelete = true).
+ * For UPDATE failures the existing account is kept but stamped with the
+ * resolved error status so waitForAccountStatus can terminate cleanly.
  */
 export const handleAccountOperationError = ({
   action,
@@ -285,52 +342,53 @@ export const handleAccountOperationError = ({
   originalData,
   error,
 }: HandleAccountOperationErrorParams): HandleAccountOperationErrorResult => {
-  let subtype: string;
-  let eventType: "creationError" | "updateError" | "deletionError";
-  let shouldDelete = false;
+  const isCreate = action === "CREATE";
+  const isUpdate = action === "UPDATE";
 
-  if (action === "CREATE") {
-    subtype = "account-creation-error";
-    eventType = "creationError";
-    shouldDelete = true;
-  } else if (action === "UPDATE") {
-    subtype = "account-update-error";
-    eventType = "updateError";
-  } else {
-    subtype = "account-deletion-error";
-    eventType = "deletionError";
-  }
+  const subtype = isCreate
+    ? "account-creation-error"
+    : isUpdate
+      ? "account-update-error"
+      : "account-deletion-error";
+
+  const eventType: "creationError" | "updateError" | "deletionError" = isCreate
+    ? "creationError"
+    : isUpdate
+      ? "updateError"
+      : "deletionError";
+  const errorCode: string = error?.error?.code ?? error?.code ?? "";
+  const errorStatus = resolveErrorStatus(errorCode);
 
-  const accountErrorNotification: Notification = {
+  const notification: Notification = {
     type: "error",
     subtype,
     date: Date.now().toString(),
     status: "unread",
     info_content: {
-      code: error?.error?.code || "UNKNOWN_ERROR",
-      message: error?.error?.content || error?.error?.message || "Unknown error",
-      timestamp: error?.error?.timestamp || Date.now().toString(),
+      code: errorCode || "UNKNOWN_ERROR",
+      message:
+        error?.error?.content ?? error?.error?.message ?? "Unknown error",
+      timestamp: error?.error?.timestamp ?? Date.now().toString(),
     },
     callToAction: false,
     data: {
-      account: entityName || originalData?.name || originalData?.account || "unknown",
-      tenant: originalData?.tenant || "unknown",
+      account:
+        entityName || originalData?.name || originalData?.account || "unknown",
+      tenant: originalData?.tenant ?? "unknown",
     },
+    userError: true,
   };
-
-  let updatedAccount: Account | null = null;
-
-  if (!shouldDelete && originalData) {
-    updatedAccount = {
-      ...originalData,
-      status: "error",
+  if (isCreate) {
+    return {
+      updatedAccount: null,
+      shouldDelete: true,
+      notification,
+      eventType,
     };
   }
+  const updatedAccount: Account | null = originalData
+    ? { ...originalData, status: errorStatus }
+    : null;
 
-  return {
-    updatedAccount,
-    shouldDelete,
-    notification: accountErrorNotification,
-    eventType,
-  };
-};
+  return { updatedAccount, shouldDelete: false, notification, eventType };
+};

package/helpers/environment-helper.ts

@@ -270,6 +270,7 @@ export const handleEnvironmentOperationError = ({
       account: originalData.account,
       tenant: originalData.tenant,
     },
+      userError: true,
   };
 
   const updatedEnvironment: Environment = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kumori/aurora-backend-handler",
-  "version": "1.0.88",
+  "version": "1.0.90",
   "description": "backend handler",
   "main": "backend-handler.ts",
   "scripts": {
@@ -11,7 +11,7 @@
     "glob": "^11.0.0"
   },
   "dependencies": {
-    "@kumori/aurora-interfaces": "^1.0.9",
+    "@kumori/aurora-interfaces": "^1.0.11",
     "@kumori/kumori-dsl-generator": "^1.0.4",
     "@kumori/kumori-module-generator": "^1.1.6",
     "ts-node": "^10.9.2",

package/websocket-manager.ts

@@ -53,6 +53,7 @@ import {
   handleAccountEvent,
   handleAccountOperationError,
   handleAccountOperationSuccess,
+  syncAccountStatusFromNotifications,
 } from "./helpers/account-helper";
 import {
   handleCAEvent,
@@ -191,7 +192,6 @@ const REPORTING_ITERATIONS = 5;
 const REPORTING_INTERVAL = 1000;
 let hasLoadedReportingOnce = false;
 let recentlyUpdatedServices = new Map<string, Service>();
-
 /**
  * Helper function to safely stringify error objects
  */
@@ -644,6 +644,7 @@ const handleEvent = async (message: WSMessage) => {
         userEventResult.deletedTenantKeys.forEach((key) => {
           tenantsMap.delete(key);
         });
+        syncAccountStatusFromNotifications(userData.notifications, accountsMap);
         break;
       case "environment":
         const envEventResult = handleEnvironmentEvent({
@@ -1453,6 +1454,7 @@ const handleOperationError = (operation: PendingOperation, error: any) => {
       } else if (accErrorResult.updatedAccount) {
         accountsMap.set(entityName, accErrorResult.updatedAccount);
       }
+
       if (accErrorResult.eventType === "creationError") {
         eventHelper.account.publish.creationError(originalData);
       } else if (accErrorResult.eventType === "updateError") {