Skip to content

fix: return proper HTTP status codes for delete/undelete errors #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sergical wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix: return proper HTTP status codes for delete/undelete errors #35

sergical wants to merge 4 commits into from

Conversation

@sergical
Copy link

@sergical sergical commented Jan 25, 2026
edited
Loading

Problem

The clawdhub delete <slug> command returns confusing error messages. Two issues were found:

Issue 1: API returns 401 for all errors

The delete/undelete handlers catch ALL errors and return Unauthorized, masking real issues like Skill not found or Forbidden.

Issue 2: CLI timeout throws strings instead of Errors

When requests timeout, controller.abort('Timeout') passes a string. This causes pRetry to throw:

Non-error was thrown: "Timeout". You should only throw errors.

Reproduction

clawdhub delete some-skill --yes
# ✖ Non-error was thrown: "Timeout". You should only throw errors.
# or
# ✖ Unauthorized  (when server error is masked)

Fixes

1. API Error Handling (convex/httpApiV1.ts)

Updated error handling in 4 handlers to return appropriate HTTP status codes:

  • skillsDeleteRouterV1Handler
  • skillsPostRouterV1Handler (undelete)
  • soulsDeleteRouterV1Handler
  • soulsPostRouterV1Handler (undelete)

Before: All errors → 401 Unauthorized
After:

  • 401: Authentication failures
  • 403: Authorization failures (not owner/admin/moderator)
  • 404: Skill/soul/user not found
  • 400: Other errors with descriptive message

2. CLI Timeout Handling (packages/clawdhub/src/http.ts)

Fixed 3 occurrences of controller.abort('Timeout') to use proper Error objects:

  • apiRequest (line 57)
  • apiRequestForm (line 106)
  • downloadZip (line 141)

Before: controller.abort('Timeout') — throws string
After: controller.abort(new Error('Timeout')) — throws Error

Fixes #34

@sergical
fix: return proper HTTP status codes for delete/undelete errors
de2542e 
The delete and undelete handlers for skills and souls were catching all
errors and returning 401 Unauthorized, even for errors like:
- 'Skill not found' (should be 404)
- 'Forbidden' (should be 403)
- Other validation errors (should be 400)

This change updates the error handling to return appropriate status codes:
- 401 Unauthorized: authentication failures
- 403 Forbidden: authorization failures (not owner/admin/moderator)
- 404 Not Found: skill/soul/user not found
- 400 Bad Request: other errors with descriptive message

Fixes clawdbot#34
@vercel
Copy link
Contributor

vercel bot commented Jan 25, 2026

@sergical is attempting to deploy a commit to the Amantus Machina Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot]
vercel bot reviewed Jan 25, 2026
View reviewed changes
Copy link
Contributor

@vercel vercel bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional Suggestion:

The cliSkillDeleteHandler in httpApi.ts catches all errors and only distinguishes "Unauthorized", returning 400 for all other errors including "Forbidden" (should be 403) and "Skill not found"/"User not found" (should be 404).

Fix on Vercel

@sergical sergical mentioned this pull request Jan 25, 2026
Open
@sergical
fix(cli): use proper Error objects in abort timeouts
f1a5254 
When AbortController.abort() receives a string instead of an Error,
the string itself is thrown. pRetry then wraps it in a confusing
message: 'Non-error was thrown: Timeout'

Changed all 3 occurrences in http.ts:
- apiRequest (line 57)
- apiRequestForm (line 106)
- downloadZip (line 141)

Now timeouts will surface as proper Error objects with clear messages.
@zats
Copy link

zats commented Jan 26, 2026

you might wanna rebase on #37 - it fixed the timeout errors across for me (also appreciate a pair of eyes on it to confirm it looks reasonable 🙏)

@sergical
test: add e2e test for delete error handling
1ae0498 
Verifies that deleting a non-existent skill returns a proper 'not found'
error instead of a generic 'Unauthorized' message.
@sergical sergical force-pushed the fix/delete-error-handling branch from 5d95c44 to 1ae0498 Compare January 26, 2026 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CLI delete returns 'Unauthorized' for all errors (including 'Skill not found')

2 participants

@sergical @zats