Skip to content

fix(formatter): classify invalid credentials as auth errors #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
overtrue wants to merge 2 commits into
base: main
Choose a base branch
from
+41 −9
Draft

fix(formatter): classify invalid credentials as auth errors #96

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fe774a3
fix(formatter): classify invalid credentials as auth errors
overtrue Apr 8, 2026
60acfca
test(formatter): cover auth failure aliases
overtrue Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 41 additions & 9 deletions crates/cli/src/output/formatter.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,15 @@ fn infer_error_metadata(message: &str) -> (&'static str, bool, Option<String>) {
return ("not_found", false, Some(NOT_FOUND_SUGGESTION.to_string()));
}

if normalized.contains("access denied")
|| normalized.contains("unauthorized")
|| normalized.contains("forbidden")
|| normalized.contains("authentication")
|| normalized.contains("credentials")
{
return ("auth_error", false, Some(AUTH_SUGGESTION.to_string()));
}

if normalized.contains("invalid")
|| normalized.contains("cannot be empty")
|| normalized.contains("must be")
Expand All @@ -131,15 +140,6 @@ fn infer_error_metadata(message: &str) -> (&'static str, bool, Option<String>) {
return ("usage_error", false, Some(USAGE_SUGGESTION.to_string()));
}

if normalized.contains("access denied")
|| normalized.contains("unauthorized")
|| normalized.contains("forbidden")
|| normalized.contains("authentication")
|| normalized.contains("credentials")
{
return ("auth_error", false, Some(AUTH_SUGGESTION.to_string()));
}

if normalized.contains("already exists")
|| normalized.contains("conflict")
|| normalized.contains("precondition")
Expand Down Expand Up @@ -509,6 +509,38 @@ mod tests {
assert_eq!(details.suggestion.as_deref(), Some(USAGE_SUGGESTION));
}

#[test]
fn test_error_descriptor_from_message_prefers_auth_for_invalid_credentials() {
let descriptor = ErrorDescriptor::from_message("Invalid credentials for alias 'local'");
let json = descriptor.to_json_output();

let details = json.details.expect("details should be present");
assert_eq!(details.error_type, "auth_error");
assert!(!details.retryable);
assert_eq!(details.suggestion.as_deref(), Some(AUTH_SUGGESTION));
}

#[test]
fn test_error_descriptor_from_message_classifies_other_auth_failures() {
for message in [
"Unauthorized request for alias 'local'",
"Forbidden: bucket access denied",
"Authentication failed for alias 'local'",
] {
let descriptor = ErrorDescriptor::from_message(message);
let json = descriptor.to_json_output();
let details = json.details.expect("details should be present");

assert_eq!(details.error_type, "auth_error", "message: {message}");
assert!(!details.retryable, "message: {message}");
assert_eq!(
details.suggestion.as_deref(),
Some(AUTH_SUGGESTION),
"message: {message}"
);
}
}

#[test]
fn test_error_with_suggestion_overrides_default_hint() {
let descriptor = ErrorDescriptor::from_code(
Expand Down