fix(node): preserve original write-decline error and roll back local cache (#3678)

Apollon77 · claude · web-flow · commit 344ee3e2e1f6 · 2026-05-01T11:28:05.000+02:00
* fix(general): surface original commit-phase-2 errors to transaction caller Tx#executeCommit2 used to wrap any phase-2 participant failure in a generic FinalizationError carrying only the participant name. The original error (e.g. a StatusResponseError returned by a remote device declining a write) was logged but never reached the caller, so ClientNode setStateOf / agent.state / endpoint.set callers had no way to detect the device's status code. throwIfErrored now rethrows the original error when a single participant fails, and aggregates with MatterAggregateError when multiple do. The rollback path's mislabeled "in commit phase 2" message is corrected. Adds direct unit tests for the new contract (TransactionTest) and end-to-end ClientNode tests covering single rejection, partial multi- attribute rejection, and full multi-attribute rejection across two clusters, plus a server-side regression test for the preCommit path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(node): roll back local client cache on declined remote writes After PR #3676 the original StatusResponseError reaches the caller of ClientNode setStateOf / agent.state / endpoint.set, but the local client-side cache still held the value the user attempted to write. Subscriptions only deliver server-side changes, so the divergence persisted until restart. RemoteWriteParticipant now tracks a per-cluster snapshot (previousValues + writtenValues + compensator) per set() call. On commit2 failure the new RemoteWriter onFailure callback delivers per-attribute statuses; the participant groups failures by endpoint+cluster and invokes the compensator with the failed ids. DatasourceCache implements the compensator: it restores the pre-write value via the existing externalSet path (so persistence + listeners fire as if a subscription update arrived) but only when: - a baseline previous value was captured for the key, AND - the current local value still equals what was just written (skip restoration if a concurrent subscription update changed it). Adds three end-to-end tests covering single decline, partial decline across two clusters, and full decline. The tests fail when the compensate body is disabled, so they verify compensation rather than relying on subscription delivery. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(node): use reference identity for write-decline compensation guard Datasource keeps user-written values by reference and integrateExternalChange replaces a reference only when a subscription actually delivers a changed value (its own no-op deep-equal filter strips identical re-deliveries). The guard in DatasourceCache.compensate therefore only needs to check `current[id] !== writtenValues[id]` instead of running a full deep-equal on every key — the ref check captures real concurrent updates without the extra walk. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/packages/general/src/transaction/Tx.ts b/packages/general/src/transaction/Tx.ts
@@ -6,7 +6,7 @@
 
 import { Diagnostic } from "#log/Diagnostic.js";
 import { Logger } from "#log/Logger.js";
-import { ImplementationError, ReadOnlyError } from "#MatterError.js";
+import { ImplementationError, MatterAggregateError, ReadOnlyError } from "#MatterError.js";
 import { Time, Timer } from "#time/Time.js";
 import { Timestamp } from "#time/Timestamp.js";
 import { Millis } from "#time/TimeUnit.js";
@@ -689,7 +689,7 @@ class Tx implements Transaction, Transaction.Finalization {
     #executeCommit2() {
         // Commit phase 2
         this.#status = Status.CommittingPhaseTwo;
-        let errored: undefined | Array<Participant>;
+        let errored: undefined | Array<ParticipantError>;
         let ongoing: undefined | Array<Promise<void>>;
         for (const participant of this.participants) {
             const promise = MaybePromise.then(
@@ -699,9 +699,9 @@ class Tx implements Transaction, Transaction.Finalization {
                     logger.error(`Error committing (phase two) ${participant}, state inconsistency possible:`, error);
 
                     if (errored) {
-                        errored.push(participant);
+                        errored.push({ participant, error });
                     } else {
-                        errored = [participant];
+                        errored = [{ participant, error }];
                     }
                 },
             );
@@ -765,7 +765,7 @@ class Tx implements Transaction, Transaction.Finalization {
      */
     #executeRollback() {
         this.#status = Status.RollingBack;
-        let errored: undefined | Array<Participant>;
+        let errored: undefined | Array<ParticipantError>;
         let ongoing: undefined | Array<Promise<void>>;
 
         for (const participant of this.participants) {
@@ -777,9 +777,9 @@ class Tx implements Transaction, Transaction.Finalization {
                     logger.error(`Error rolling back ${participant}, state inconsistency possible:`, error);
 
                     if (errored) {
-                        errored.push(participant);
+                        errored.push({ participant, error });
                     } else {
-                        errored = [participant];
+                        errored = [{ participant, error }];
                     }
                 },
             );
@@ -796,7 +796,7 @@ class Tx implements Transaction, Transaction.Finalization {
 
         const finished = () => {
             this.#status = Status.Shared;
-            throwIfErrored(errored, "in commit phase 2");
+            throwIfErrored(errored, "during rollback");
         };
 
         if (ongoing) {
@@ -842,16 +842,21 @@ class Tx implements Transaction, Transaction.Finalization {
     }
 }
 
-function throwIfErrored(errored: undefined | Array<Participant>, when: string) {
+interface ParticipantError {
+    participant: Participant;
+    error: unknown;
+}
+
+function throwIfErrored(errored: undefined | Array<ParticipantError>, when: string) {
     if (!errored?.length) {
         return;
     }
-    const suffix = errored.length > 1 ? "s" : "";
-    throw new FinalizationError(
-        `Unhandled error${suffix} ${when} participant${suffix} ${describeList(
-            "and",
-            ...errored.map(p => p.toString()),
-        )}`,
+    if (errored.length === 1) {
+        throw errored[0].error;
+    }
+    throw new MatterAggregateError(
+        errored.map(({ error }) => error),
+        `Errors ${when} participants ${describeList("and", ...errored.map(({ participant }) => participant.toString()))}`,
     );
 }
 
diff --git a/packages/general/test/transaction/TransactionTest.ts b/packages/general/test/transaction/TransactionTest.ts
@@ -5,6 +5,7 @@
  */
 
 import { Lifetime } from "#index.js";
+import { MatterAggregateError } from "#MatterError.js";
 import {
     FinalizationError,
     SynchronousTransactionConflictError,
@@ -369,6 +370,60 @@ describe("Transaction", () => {
         });
     });
 
+    describe("propagates commit phase 2 errors to the caller", () => {
+        test("rethrows the original error when a single participant fails", async () => {
+            const original = new SomeError("phase 2 boom");
+            const p = join({
+                async commit2() {
+                    throw original;
+                },
+            });
+
+            await transaction.begin();
+
+            await expect(transaction.commit()).rejectedWith(original);
+
+            p.expect("commit1", "commit2");
+            validateUnlocked(transaction);
+        });
+
+        test("aggregates with MatterAggregateError when multiple participants fail", async () => {
+            const e1 = new SomeError("phase 2 boom 1");
+            const e2 = new SomeError("phase 2 boom 2");
+
+            const p1 = TestParticipant({
+                async commit2() {
+                    throw e1;
+                },
+            });
+            p1.toString = () => "P1";
+            const p2 = TestParticipant({
+                async commit2() {
+                    throw e2;
+                },
+            });
+            p2.toString = () => "P2";
+            transaction.addParticipants(p1, p2);
+
+            await transaction.begin();
+
+            let caught: unknown;
+            try {
+                await transaction.commit();
+            } catch (e) {
+                caught = e;
+            }
+
+            expect(caught).instanceOf(MatterAggregateError);
+            const aggregate = caught as MatterAggregateError;
+            expect(aggregate.errors).deep.equals([e1, e2]);
+
+            p1.expect("commit1", "commit2");
+            p2.expect("commit1", "commit2");
+            validateUnlocked(transaction);
+        });
+    });
+
     describe("locks and unlocks resource", () => {
         describe("asynchronously", () => {
             test("on becoming exclusive & committing", async () => {
diff --git a/packages/node/src/storage/client/DatasourceCache.ts b/packages/node/src/storage/client/DatasourceCache.ts
@@ -18,7 +18,7 @@ import type { RemoteWriter } from "./RemoteWriter.js";
  *
  * This implements storage for attribute values for a single cluster loaded from peers.
  */
-export class DatasourceCache implements Datasource.ExternallyMutableStore {
+export class DatasourceCache implements Datasource.ExternallyMutableStore, RemoteWriteParticipant.Compensator {
     #writer: RemoteWriter;
     #endpointNumber: EndpointNumber;
     #behaviorId: string;
@@ -61,7 +61,43 @@ export class DatasourceCache implements Datasource.ExternallyMutableStore {
             participant = new RemoteWriteParticipant(this.#writer);
             transaction.addParticipants(participant);
         }
-        (participant as RemoteWriteParticipant).set(this.#endpointNumber, this.#behaviorId, values);
+        const previousValues = this.#consumer?.readValues(new Set(Object.keys(values))) ?? {};
+        (participant as RemoteWriteParticipant).set(this.#endpointNumber, this.#behaviorId, values, {
+            compensator: this,
+            previousValues,
+        });
+    }
+
+    /**
+     * Restores local cache values whose remote write was declined.
+     *
+     * Only restores keys that:
+     *   - had a captured pre-write value (skip if the snapshot doesn't know the prior state), AND
+     *   - still hold the value we attempted to write (skip if a concurrent subscription update already moved on).
+     */
+    async compensate(failedAttributeIds: Set<string>, previousValues: Val.Struct, writtenValues: Val.Struct) {
+        if (this.#erased || this.#reclaimed || !this.#consumer) {
+            return;
+        }
+
+        const restore = new Map<string, Val>();
+        const current = this.#consumer.readValues(failedAttributeIds);
+        for (const id of failedAttributeIds) {
+            if (!(id in previousValues)) {
+                continue;
+            }
+            // Datasource keeps user values by reference; integrateExternalChange only replaces the
+            // reference when a subscription actually changed the value, so a different ref here means
+            // a real concurrent update arrived.
+            if (current[id] !== writtenValues[id]) {
+                continue;
+            }
+            restore.set(id, previousValues[id]);
+        }
+
+        if (restore.size) {
+            await this.externalSet(restore);
+        }
     }
 
     async externalSet(values: Val.StructMap) {
diff --git a/packages/node/src/storage/client/RemoteWriteParticipant.ts b/packages/node/src/storage/client/RemoteWriteParticipant.ts
@@ -4,11 +4,13 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { Transaction } from "@matter/general";
-import { Val } from "@matter/protocol";
+import { Logger, Transaction } from "@matter/general";
+import { Val, WriteResult } from "@matter/protocol";
 import { EndpointNumber } from "@matter/types";
 import type { RemoteWriter } from "./RemoteWriter.js";
 
+const logger = Logger.get("RemoteWriteParticipant");
+
 /**
  * A transaction participant that persists changes to a remote node.
  *
@@ -17,6 +19,7 @@ import type { RemoteWriter } from "./RemoteWriter.js";
 export class RemoteWriteParticipant implements Transaction.Participant {
     #request: RemoteWriter.Request = [];
     #writer: RemoteWriter;
+    #snapshots = new Map<string, RemoteWriteParticipant.Snapshot>();
 
     /**
      * There is one participant for each transaction/writer pair.  We use the writer function itself as the dedup key.
@@ -27,13 +30,41 @@ export class RemoteWriteParticipant implements Transaction.Participant {
 
     /**
      * Add an attribute update to the write request.
+     *
+     * The optional {@link snapshot} captures the pre-write values for the affected attributes plus a
+     * {@link RemoteWriteParticipant.Compensator} the participant invokes if the remote rejects the write.
      */
-    set(endpointNumber: EndpointNumber, behaviorId: string, values: Val.Struct) {
+    set(
+        endpointNumber: EndpointNumber,
+        behaviorId: string,
+        values: Val.Struct,
+        snapshot?: RemoteWriteParticipant.SnapshotInput,
+    ) {
         this.#request.push({
             number: endpointNumber,
             behaviorId: behaviorId,
             values,
         });
+
+        if (snapshot) {
+            const key = snapshotKey(endpointNumber, behaviorId);
+            const existing = this.#snapshots.get(key);
+            if (existing) {
+                Object.assign(existing.writtenValues, values);
+                for (const [k, v] of Object.entries(snapshot.previousValues)) {
+                    // Keep the earliest captured baseline; later writes within the same transaction don't overwrite it
+                    if (!(k in existing.previousValues)) {
+                        existing.previousValues[k] = v;
+                    }
+                }
+            } else {
+                this.#snapshots.set(key, {
+                    compensator: snapshot.compensator,
+                    previousValues: { ...snapshot.previousValues },
+                    writtenValues: { ...values },
+                });
+            }
+        }
     }
 
     async commit2() {
@@ -42,13 +73,48 @@ export class RemoteWriteParticipant implements Transaction.Participant {
         }
 
         const request = this.#request;
+        const snapshots = this.#snapshots;
         this.#request = [];
+        this.#snapshots = new Map();
 
-        await this.#writer(request);
+        await this.#writer(request, failures => this.#compensate(snapshots, failures));
+    }
+
+    async #compensate(
+        snapshots: Map<string, RemoteWriteParticipant.Snapshot>,
+        failures: WriteResult.AttributeStatus[],
+    ) {
+        if (!snapshots.size) {
+            return;
+        }
+
+        const failedByCluster = new Map<string, Set<string>>();
+        for (const f of failures) {
+            const key = snapshotKey(f.path.endpointId, String(f.path.clusterId));
+            let ids = failedByCluster.get(key);
+            if (!ids) {
+                ids = new Set();
+                failedByCluster.set(key, ids);
+            }
+            ids.add(String(f.path.attributeId));
+        }
+
+        for (const [key, snapshot] of snapshots) {
+            const failedIds = failedByCluster.get(key);
+            if (!failedIds?.size) {
+                continue;
+            }
+            try {
+                await snapshot.compensator.compensate(failedIds, snapshot.previousValues, snapshot.writtenValues);
+            } catch (compensateError) {
+                logger.warn(`Failed to restore local state for ${key} after remote write decline:`, compensateError);
+            }
+        }
     }
 
     rollback() {
         this.#request = [];
+        this.#snapshots = new Map();
     }
 
     toString() {
@@ -59,3 +125,42 @@ export class RemoteWriteParticipant implements Transaction.Participant {
         this.#writer = writer;
     }
 }
+
+function snapshotKey(endpointNumber: EndpointNumber | number, behaviorId: string) {
+    return `${endpointNumber}|${behaviorId}`;
+}
+
+export namespace RemoteWriteParticipant {
+    /**
+     * Restores local cache state for attribute writes the remote device declined.
+     *
+     * The participant invokes this with the failed attribute keys after a write fails.  Implementations should only
+     * restore values for keys present in {@link previousValues} AND only when the current local value still equals
+     * what was just written — leaving concurrently-mutated values alone.
+     */
+    export interface Compensator {
+        compensate(
+            failedAttributeIds: Set<string>,
+            previousValues: Val.Struct,
+            writtenValues: Val.Struct,
+        ): Promise<void>;
+    }
+
+    /**
+     * The pre-write baseline supplied by the caller of {@link RemoteWriteParticipant.set} together with the
+     * {@link Compensator} responsible for restoring it.
+     */
+    export interface SnapshotInput {
+        compensator: Compensator;
+        previousValues: Val.Struct;
+    }
+
+    /**
+     * Internal per-cluster snapshot held by the participant for the duration of a transaction.
+     */
+    export interface Snapshot {
+        compensator: Compensator;
+        previousValues: Val.Struct;
+        writtenValues: Val.Struct;
+    }
+}
diff --git a/packages/node/src/storage/client/RemoteWriter.ts b/packages/node/src/storage/client/RemoteWriter.ts
diff --git a/packages/node/test/node/ClientNodeTest.ts b/packages/node/test/node/ClientNodeTest.ts
