diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte index 2c843fbe..f3b56b88 100644 --- a/src/routes/idaa/(idaa)/+layout.svelte +++ b/src/routes/idaa/(idaa)/+layout.svelte @@ -299,15 +299,26 @@ $effect(() => { * Network error / AbortError → wait 3s, retry once */ async function verify_novi_uuid(uuid: string, is_retry: boolean = false) { + // WHY: Check presence of novi_idaa_api_key to detect whether this site has IDAA + // configured. The key itself is no longer used for auth (the Aether server holds it), + // but its absence means either (a) this is not the IDAA site / dev domain, or (b) + // site_cfg_json hasn't finished loading yet. In both cases: skip and wait for the + // next Effect 2 trigger. This also guards the 'ghost' account_id state (domain-not-found + // fallback gives site_cfg_json = {}) — prevents a spurious API call with a bad account_id. + const site_cfg = $ae_loc.site_cfg_json || {}; + if (!site_cfg.novi_idaa_api_key) { + console.warn('IDAA Layout: Novi not configured for this site (or site_cfg_json still loading) — skipping verification.'); + verify_in_flight = false; + return; + } + const account_id = $ae_loc.account_id; const api_key = $ae_api.api_secret_key; const api_url = $ae_api.base_url; - if (!account_id || !api_key || !api_url) { - // Aether config not yet available (SWR race on startup — site_cfg_json loads async). - // Do not clear $idaa_loc: that would destroy a valid cached session and cause a - // re-auth loop on the next Effect 2 run. Access is denied naturally when - // $idaa_loc starts with novi_verified=false (its default). + if (!account_id || account_id === 'ghost' || !api_key || !api_url) { + // Aether config not yet available. Do not clear $idaa_loc: that would destroy a + // valid cached session and cause a re-auth loop on the next Effect 2 run. console.warn('IDAA Layout: Aether API config not yet available — skipping verification (will retry when config loads).'); verify_in_flight = false; return;