Skip to content

fix(server): match Hono wire format for authorize undefined and share errors#26474

Merged
kitlangton merged 2 commits into
devfrom
kit/httpapi-wire-format-parity
May 9, 2026
Merged

fix(server): match Hono wire format for authorize undefined and share errors#26474
kitlangton merged 2 commits into
devfrom
kit/httpapi-wire-format-parity

Conversation

@kitlangton
Copy link
Copy Markdown
Contributor

@kitlangton kitlangton commented May 9, 2026

Summary

Two small wire-format parity gaps surfaced in the post-merge audit:

  • `POST /provider/:providerID/authorize` when the service resolves with `undefined` — Hono returned JSON `null`; HTTP API was returning an empty 200 body (`.json()` parse fails). Restored `null` to match.
  • `POST/DELETE /session/:sessionID/share` errors — HTTP API blanket-mapped any failure from `SessionShare` to 400 BadRequest; Hono let unmatched failures propagate through `ErrorMiddleware` to a 500 with a structured `NamedError.Unknown` body. SessionShare can fail with storage/network errors that aren't client-induced, so 500 is the correct status. Map to `HttpApiError.InternalServerError` and update the endpoint schema to match.

Test plan

  • CI green (no new tests; behavior change is wire-format only)

@kitlangton
fix(server): match Hono wire format for authorize undefined and share…
d12aef8 
… errors

Two small parity gaps surfaced in the post-merge audit:

1. **Provider /authorize when result is undefined** — the legacy Hono
   handler serialized as JSON \`null\` (clients call \`.json()\` and get a
   parseable null). The HTTP API handler was returning an empty 200
   response (0 bytes), which throws on \`.json()\` parse. Restored Hono
   parity by emitting \`null\` JSON.

2. **Session share/unshare error mapping** — the HTTP API handler
   blanket-mapped any failure from SessionShare to a 400 BadRequest. The
   legacy Hono handler let errors propagate through ErrorMiddleware,
   which routed unmatched failures to a 500 with a structured
   NamedError.Unknown body. Storage and network failures from
   SessionShare are real possibilities and aren't client-induced, so the
   500 mapping is correct. Map to InternalServerError instead of
   BadRequest, and update the endpoint declarations to match.
@kitlangton kitlangton enabled auto-merge (squash) May 9, 2026 04:29
@kitlangton kitlangton disabled auto-merge May 9, 2026 04:29
@kitlangton kitlangton merged commit dbd48d4 into dev May 9, 2026
6 of 8 checks passed
@kitlangton kitlangton deleted the kit/httpapi-wire-format-parity branch May 9, 2026 04:30
kitlangton added a commit that referenced this pull request May 9, 2026
@kitlangton
research(test): expect null body from authorize() with no redirect
88d9b99 
PR #26474 changed the provider authorize handler to serialize an
undefined service result as JSON `null` instead of an empty body so
clients can `.json()` parse uniformly. Update the deletion branch's
test assertion to match.
@kitlangton kitlangton mentioned this pull request May 9, 2026
Merged
katosun2 pushed a commit to katosun2/opencode that referenced this pull request May 10, 2026
@kitlangton
fix(server): match Hono wire format for authorize undefined and share…
7737948 
… errors (anomalyco#26474)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kitlangton