Skip to content

Return machine-readable auth failure codes#2214

Open
davidahmann wants to merge 1 commit into
github:mainfrom
davidahmann:codex/issue-2213-auth-failure-codes
Open

Return machine-readable auth failure codes#2214
davidahmann wants to merge 1 commit into
github:mainfrom
davidahmann:codex/issue-2213-auth-failure-codes

Conversation

@davidahmann

Copy link
Copy Markdown

Summary

Return machine-readable code values for missing-token, invalid-token, and insufficient-scope failures in the HTTP middleware and GitHub API error wrappers.

Why

Fixes #2213. Callers currently have to infer auth failure classes from status codes and free-form strings, which makes permission-scoped handling less deterministic.

What changed

  • added a shared auth error writer that preserves the existing status codes and WWW-Authenticate challenges while returning JSON {error, code} bodies
  • classified middleware responses as missing_token, invalid_token, or insufficient_scope
  • propagated the same machine-readable classification into GitHubAPIError and GitHubRawAPIError
  • added middleware and error regression tests and documented the new codes

MCP impact

  • No tool or API changes

Prompts tested (tool changes only)

  • Not applicable

Security / limits

  • No security or limits impact
  • Auth / permissions considered
  • Data exposure, filtering, or token/size limits considered

Tool renaming

  • I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
    • I have added the new tool aliases in deprecated_tool_aliases.go
  • I am not renaming tools as part of this PR

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with go test ./pkg/http/middleware ./pkg/errors

Docs

  • Not needed
  • Updated (README / docs / examples)
@davidahmann davidahmann requested a review from a team as a code owner March 15, 2026 12:32
@davidahmann

davidahmann commented Mar 15, 2026

Copy link
Copy Markdown
Author

Validation on this branch:

  • go test ./pkg/http/middleware ./pkg/errors

CI state: statusCheckRollup is currently empty (no checks configured or not triggered yet).

Inspired by research context: CAISI publishes independent, reproducible AI agent governance research: https://caisi.dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant