rasterstate/fj
rasterstate/fj
3
0
Fork 0
Code Issues 15 Pull requests Releases 5 Activity Actions

4xx errors leak the raw /api/v1 URL and every failure exits 1, so scripts cannot branch on failure kind #123

New issue
Closed
opened 2026-06-11 00:47:52 +00:00 by stephen · 2 comments
stephen commented 2026-06-11 00:47:52 +00:00
Owner
Copy link

Observation

fj's failure reporting is inconsistent in two ways that hurt scripted use: 4xx errors leak the internal /api/v1/... URL into the user-facing message, and every command failure exits with the same code 1, so a script cannot tell "not found" from "auth expired" from "network down" without parsing English.

The error path forks on exactly one status. ensure_success (src/client/mod.rs:558-579) gives 401 a friendly, actionable hint and leaves every other non-2xx as a raw dump:

if status == StatusCode::UNAUTHORIZED {
    Err(anyhow::Error::new(err)
        .context("authentication failed (HTTP 401). Token may be invalid or revoked"))
} else {
    Err(anyhow::Error::new(err))   // ApiError Display = "HTTP {status} from {url}: {message}"
}

ApiError's Display (src/client/error.rs:6-13) is HTTP {status} from {url}: {message}, where url is the raw REST endpoint. So a missing repo surfaces the API plumbing:

$ fj repo view rasterstate/zzz-nonexistent-repo-xyz ; echo "EXIT=$?"
error: HTTP 404 Not Found from https://rasterhub.com/api/v1/repos/rasterstate/zzz-nonexistent-repo-xyz: The target couldn't be found.
EXIT=1

A user typed rasterstate/zzz...; the error answers with https://rasterhub.com/api/v1/repos/.... The /api/v1/ path is an implementation detail the CLI otherwise hides, and it reads as "fj broke" rather than "that repo does not exist."

The exit code is uniform. main.rs maps any Err from cli::run to ExitCode::from(1) (src/main.rs:54-62); clap usage errors use clap's own code (src/main.rs:90). There is no distinct code for not-found (404), forbidden (403), auth (401), rate-limit (429), or transport failure. They are all 1.

Why it matters

Two different audiences, same root cause:

  • Humans get a leaky, alarming message for the most common mistake (a typo'd repo/issue/PR). gh says could not resolve to a Repository with the name 'x/y'; fj says HTTP 404 Not Found from https://.../api/v1/.... The 401 branch proves the maintainers already value a friendly hint over a raw dump; 404/403/429 just never got the same treatment, so the quality is inconsistent across status codes.

  • Scripts/agents cannot branch on failure kind. A common agent pattern is "view the PR; if it doesn't exist yet, create it." With a single exit code that becomes "run the command, capture stderr, and string-match 404/couldn't be found," which is brittle across locales and server message wording. Distinct exit codes (e.g. not-found vs auth vs transient) let a script write if ! fj pr view 7 >/dev/null 2>&1; then ... and, better, distinguish "PR 7 absent" from "token expired, stop and re-auth" from "429, back off and retry." Today all three look identical.

These compound: the leaky message is also the only signal a script has, so the inconsistency in messages and the absence of exit codes are the same gap seen from two sides.

Possible directions (sketches)

  • (sketch) Give 403/404/429 the same .context(...) treatment 401 already gets in ensure_success (src/client/mod.rs:573): a short human sentence ("not found: /", "forbidden: token lacks scope / no access", "rate limited, retry after N s"), keeping the raw ApiError (with the URL) as the caused by: source line that main.rs:56-60 already prints, so --debug-level detail survives without leading with /api/v1/.
  • (sketch) Map error classes to stable exit codes in run_cli (src/main.rs:54-62): downcast the anyhow::Error to ApiError and return, say, 3 for not-found, 4 for auth/forbidden, 5 for rate-limit/transient, keeping 1 as the generic fallback. Document them once so scripts can rely on them (this is the gh-style "exit non-zero with a meaningful code" contract).
  • (sketch) When the failing request is a user-addressable resource, prefer echoing what the user typed (owner/name, #number) over the resolved URL in the headline message.
## Observation `fj`'s failure reporting is inconsistent in two ways that hurt scripted use: 4xx errors leak the internal `/api/v1/...` URL into the user-facing message, and every command failure exits with the same code `1`, so a script cannot tell "not found" from "auth expired" from "network down" without parsing English. The error path forks on exactly one status. `ensure_success` (`src/client/mod.rs:558-579`) gives `401` a friendly, actionable hint and leaves every other non-2xx as a raw dump: ```rust if status == StatusCode::UNAUTHORIZED { Err(anyhow::Error::new(err) .context("authentication failed (HTTP 401). Token may be invalid or revoked")) } else { Err(anyhow::Error::new(err)) // ApiError Display = "HTTP {status} from {url}: {message}" } ``` `ApiError`'s `Display` (`src/client/error.rs:6-13`) is `HTTP {status} from {url}: {message}`, where `url` is the raw REST endpoint. So a missing repo surfaces the API plumbing: ``` $ fj repo view rasterstate/zzz-nonexistent-repo-xyz ; echo "EXIT=$?" error: HTTP 404 Not Found from https://rasterhub.com/api/v1/repos/rasterstate/zzz-nonexistent-repo-xyz: The target couldn't be found. EXIT=1 ``` A user typed `rasterstate/zzz...`; the error answers with `https://rasterhub.com/api/v1/repos/...`. The `/api/v1/` path is an implementation detail the CLI otherwise hides, and it reads as "fj broke" rather than "that repo does not exist." The exit code is uniform. `main.rs` maps *any* `Err` from `cli::run` to `ExitCode::from(1)` (`src/main.rs:54-62`); clap usage errors use clap's own code (`src/main.rs:90`). There is no distinct code for not-found (404), forbidden (403), auth (401), rate-limit (429), or transport failure. They are all `1`. ## Why it matters Two different audiences, same root cause: - **Humans** get a leaky, alarming message for the most common mistake (a typo'd repo/issue/PR). `gh` says `could not resolve to a Repository with the name 'x/y'`; `fj` says `HTTP 404 Not Found from https://.../api/v1/...`. The 401 branch proves the maintainers already value a friendly hint over a raw dump; 404/403/429 just never got the same treatment, so the quality is inconsistent across status codes. - **Scripts/agents** cannot branch on failure kind. A common agent pattern is "view the PR; if it doesn't exist yet, create it." With a single exit code that becomes "run the command, capture stderr, and string-match `404`/`couldn't be found`," which is brittle across locales and server message wording. Distinct exit codes (e.g. not-found vs auth vs transient) let a script write `if ! fj pr view 7 >/dev/null 2>&1; then ...` and, better, distinguish "PR 7 absent" from "token expired, stop and re-auth" from "429, back off and retry." Today all three look identical. These compound: the leaky message is also the only signal a script has, so the inconsistency in messages and the absence of exit codes are the same gap seen from two sides. ## Possible directions (sketches) - *(sketch)* Give 403/404/429 the same `.context(...)` treatment 401 already gets in `ensure_success` (`src/client/mod.rs:573`): a short human sentence ("not found: <owner>/<name>", "forbidden: token lacks scope / no access", "rate limited, retry after N s"), keeping the raw `ApiError` (with the URL) as the `caused by:` source line that `main.rs:56-60` already prints, so `--debug`-level detail survives without leading with `/api/v1/`. - *(sketch)* Map error classes to stable exit codes in `run_cli` (`src/main.rs:54-62`): downcast the `anyhow::Error` to `ApiError` and return, say, `3` for not-found, `4` for auth/forbidden, `5` for rate-limit/transient, keeping `1` as the generic fallback. Document them once so scripts can rely on them (this is the gh-style "exit non-zero with a meaningful code" contract). - *(sketch)* When the failing request is a user-addressable resource, prefer echoing what the *user* typed (`owner/name`, `#number`) over the resolved URL in the headline message.
stephen commented 2026-06-11 00:58:37 +00:00
Author
Owner
Copy link

Converted to backlog item rasterstate/fj#134 (p1, size M).

Converted to backlog item rasterstate/fj#134 (p1, size M).
stephen commented 2026-06-15 15:00:17 +00:00
Author
Owner
Copy link

Resolved. The core fix (hide the /api/v1 URL behind the caused-by source for 4xx, plus stable exit codes 3/4/5) landed in #142. #163 extends it to the two remaining client-error classes that still led with the raw URL: 409 (conflict) and 422 (validation), surfacing the server's own message in the headline. Closing as fixed by #142 and #163.

Resolved. The core fix (hide the /api/v1 URL behind the caused-by source for 4xx, plus stable exit codes 3/4/5) landed in #142. #163 extends it to the two remaining client-error classes that still led with the raw URL: 409 (conflict) and 422 (validation), surfacing the server's own message in the headline. Closing as fixed by #142 and #163.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
wip/claude-1/rasterstate-fj
feat/166-lock-unlock
wip/codex-4/rasterstate-fj
feat/168-rerun-failed
feat/169-repo-collaborator
feat/172-create-template
feat/164-pr-merge-auto
wip/claude-2/rasterstate-fj
feat/170-list-filters
feat/171-color-control
feat/165-pr-create-fill
feat/165-pr-create-fill-codex
wip/claude-3/rasterstate-fj
wip/codex-2/rasterstate-fj
fix/123-extend-friendly-errors-409-422
fix/159-merge-reason
wip/claude-4/rasterstate-fj
fix/158-issue-add-assignee-endpoint
fix/147b-keychain-noentry-fallback
feat/147-file-token-store
feat/133-release-scripting
feat/139-workflow-run-handle
feat/140-body-file
fix/pr-comment-test-green
wip/codex-3/rasterstate-fj
feat/137-org-secrets-vars
feat/132-tag-branch-refs
feat/138-run-list-filters
feat/131-pr-comment-edit
feat/134-error-ux-exit-codes
feat/136-api-body-input
feat/135-run-exit-status
feat/113-pr-list-filters
fix/111-list-paginate
fix/112-json-readonly
feat/114-pr-labels
fix/115-version-pipe
fix/91-runlog-auth-error
feat/98-issue-edit-labels
fix/96-keychain-fallback
feat/97-issue-create-labels
fix/99-readme-json-global
fix/alias-quoted-args
fix/remote-scp-colon-owner
harden/hostname-validation
fix/json-path-numeric-object-keys
fix/debug-body-preview-utf8-panic
wip/codex-1/rasterstate-fj
readme-drop-github
feat/stack-review-enriched
feat/stack-sync
feat/stack-new-real
feat/work-context-enriched
feat/agent-review-impl
feat/agent-explain-impl
feat/agent-provider
feat/stack-review
feat/stack-new
feat/work-continue
feat/work-resume-session
feat/work-context-impl
feat/work-stack-agent-commands
adopt-fjord-actions
ci/coverage-strict-gate
refactor/coverage-region-exclude
refactor/converge-json-path
refactor/split-client-resolve
test/api-coverage-round4
test/api-coverage-round3
test/cov-ignore-drift-guard
test/e2e-smoke-coverage
test/command-tree-guard
refactor/split-workflow-artifacts
chore/coverage-intent-config
test/api-label-milestone-hook
test/output-and-repo-core
refactor/split-issue-comments
refactor/split-repo-social
refactor/split-pr-module
test/api-wiremock
test/backfill-pure-helpers
cleanup/hoist-truncate-human-size
feat/run-download-and-workflow-list
feat/parity-followups
feat/actions-logs-and-gh-parity
sso-pat-guidance
test/observability-smoke
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
backlog
Accepted but not scheduled

  
blocked
Blocked or stalled waiting on external progress

  
converted
Converted into tracked work

  
opportunity
Potential product or business opportunity

  
p1
Priority 1

  
p2
Priority 2

  
p3
Priority 3

  
parked
Paused intentionally until later

No labels
backlog
blocked
converted
opportunity
p1
p2
p3
parked
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rasterstate/fj#123
No description provided.