Skip to content

fix(api): /auth/github + /auth/google/callback agent-actionable missing-field copy (BUG-API-184)#195

Merged
mastermanas805 merged 1 commit into
masterfrom
bug-api-184-github-missing-code
May 30, 2026
Merged

fix(api): /auth/github + /auth/google/callback agent-actionable missing-field copy (BUG-API-184)#195
mastermanas805 merged 1 commit into
masterfrom
bug-api-184-github-missing-code

Conversation

@mastermanas805

@mastermanas805 mastermanas805 commented May 30, 2026

Copy link
Copy Markdown
Member

Summary

  • POST /auth/github body `{}` returned `message: "code field is required"` — accurate but agent-unhelpful. An LLM hitting this 4xx needed to either know the GitHub OAuth code-exchange contract already or open /openapi.json to learn what to send.
  • Stamp the full request-body shape inline so the agent can retry without a second round-trip: `Request body is missing the required `code` field. POST `{"code": "<github_oauth_code>"}` ...`
  • Per rule 16 (enumerate ALL call sites), the same "code field is required" string lived on /auth/google/callback — mirrored the same upgrade there, plus the adjacent `missing_redirect_uri` message.
  • Error codes (`missing_code`, `missing_redirect_uri`) stay stable — agents branching on `.error` are unaffected.

Coverage block

```
Symptom: /auth/github POST nofields 400 message should list required fields (BUG-API-184)
Enumeration: rg -F 'code field is required' internal/ (2 sites pre-fix)
rg -F 'redirect_uri field is required' internal/ (1 site pre-fix)
rg -F 'missing_code' internal/handlers/ (2 emit sites in auth.go)
Sites found: 2 missing_code emits + 1 missing_redirect_uri emit
Sites touched: 3 (rule 16 compliant)
Coverage test: TestAuth_GitHub_MissingCodeAndBadBody asserts:
- .error == "missing_code" (back-compat)
- .message contains `\code\\` (the field name)
- .message contains `{"code":` (the body shape)
so a future regression to the bare message fails before merge.
Live verified: pending auto-deploy +
curl -s -X POST -H 'Content-Type: application/json' -d '{}' \
https://api.instanode.dev/auth/github | jq .message
```

Inbox reference

  • BUG-API-184 (P3 — /auth/github POST nofields 400 — message should list required fields)

Test plan

  • `go test ./internal/handlers/ -run TestAuth_GitHub` green
  • `go vet ./...` clean
  • Live verify: response message after auto-deploy contains the new body-shape hint
  • Live verify rule 14: `curl https://api.instanode.dev/healthz | jq -r .commit_id` matches merge SHA

🤖 Generated with Claude Code

@mastermanas805 mastermanas805 force-pushed the bug-api-184-github-missing-code branch 2 times, most recently from 7e621a1 to cbde2a3 Compare May 30, 2026 09:08
@mastermanas805 @claude
fix(api): /auth/github + /auth/google/callback agent-actionable missi…
0db81ac 
…ng-field copy (BUG-API-184)

POST /auth/github body `{}` used to return:
  error:   "missing_code"
  message: "code field is required"

Accurate, but agent-unhelpful. An LLM hitting this 4xx needed to either
know the GitHub OAuth code-exchange contract already or open
/openapi.json to learn what to send.

Stamp the full request-body shape in the message so the agent can retry
without a second round trip:
  "Request body is missing the required `code` field. POST
   `{\"code\": \"<github_oauth_code>\"}` after exchanging your OAuth
   authorization code at GitHub."

Per rule 16 (enumerate ALL call sites), the same `"code field is
required"` string lived on /auth/google/callback — mirrored the same
upgrade there, plus the adjacent `missing_redirect_uri` message.

Error codes (`missing_code`, `missing_redirect_uri`) stay stable so
agents branching on `.error` are unaffected.

Coverage block:
  Symptom:        /auth/github POST nofields 400 — message should list required fields
                  (BUG-API-184)
  Enumeration:    rg -F 'code field is required' internal/ (2 sites)
                  rg -F 'redirect_uri field is required' internal/ (1 site)
                  rg -F 'missing_code' internal/handlers/ (2 emit sites in auth.go)
  Sites found:    2 missing_code emits + 1 missing_redirect_uri emit
  Sites touched:  3
  Coverage test:  TestAuth_GitHub_MissingCodeAndBadBody asserts message contains
                  both ``code`` (the field name) and `{"code":` (the body shape).
                  Error code unchanged so back-compat tests stay green.
  Live verified:  pending auto-deploy +
                  curl -s -X POST -H 'Content-Type: application/json' -d '{}' \
                    https://api.instanode.dev/auth/github | jq .message

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@mastermanas805 mastermanas805 force-pushed the bug-api-184-github-missing-code branch from cbde2a3 to 0db81ac Compare May 30, 2026 09:26
@mastermanas805 mastermanas805 merged commit 64a8d07 into master May 30, 2026
14 checks passed
@mastermanas805 mastermanas805 deleted the bug-api-184-github-missing-code branch May 30, 2026 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mastermanas805