v0.1.0 (#17)

2026-04-16 19:24:25 +00:00
parent 172413e91e
commit 605ad666a0
239 changed files with 19966 additions and 3454 deletions
--- a/internal/api/middleware.go
+++ b/internal/api/middleware.go
@ -14,7 +14,7 @@ import (
 	"connectrpc.com/connect"
 	"github.com/jackc/pgx/v5/pgtype"

-	"git.omukk.dev/wrenn/wrenn/internal/id"
+	"git.omukk.dev/wrenn/wrenn/pkg/id"
 )

 type errorResponse struct {
@ -50,8 +50,12 @@ func agentErrToHTTP(err error) (int, string, string) {
 		return http.StatusNotFound, "not_found", err.Error()
 	case connect.CodeInvalidArgument:
 		return http.StatusBadRequest, "invalid_request", err.Error()
-	case connect.CodeFailedPrecondition:
+	case connect.CodeFailedPrecondition, connect.CodeAlreadyExists:
 		return http.StatusConflict, "conflict", err.Error()
+	case connect.CodePermissionDenied:
+		return http.StatusForbidden, "forbidden", err.Error()
+	case connect.CodeUnimplemented:
+		return http.StatusNotImplemented, "agent_error", err.Error()
 	default:
 		return http.StatusBadGateway, "agent_error", err.Error()
 	}
@ -90,21 +94,25 @@ func serviceErrToHTTP(err error) (int, string, string) {
 	}

 	// Map well-known service error patterns.
+	// Return generic messages for most cases to avoid leaking internal details.
 	switch {
 	case strings.Contains(msg, "not found"):
-		return http.StatusNotFound, "not_found", msg
-	case strings.Contains(msg, "not running"), strings.Contains(msg, "not paused"):
-		return http.StatusConflict, "invalid_state", msg
+		return http.StatusNotFound, "not_found", "resource not found"
+	case strings.Contains(msg, "not running"):
+		return http.StatusConflict, "invalid_state", "resource is not running"
+	case strings.Contains(msg, "not paused"):
+		return http.StatusConflict, "invalid_state", "resource is not paused"
 	case strings.Contains(msg, "conflict:"):
-		return http.StatusConflict, "conflict", msg
+		return http.StatusConflict, "conflict", strings.TrimPrefix(msg, "conflict: ")
 	case strings.Contains(msg, "forbidden"):
-		return http.StatusForbidden, "forbidden", msg
+		return http.StatusForbidden, "forbidden", "forbidden"
 	case strings.Contains(msg, "invalid or expired"):
-		return http.StatusUnauthorized, "unauthorized", msg
+		return http.StatusUnauthorized, "unauthorized", "invalid or expired credentials"
 	case strings.Contains(msg, "invalid"):
-		return http.StatusBadRequest, "invalid_request", msg
+		return http.StatusBadRequest, "invalid_request", "invalid request"
 	default:
-		return http.StatusInternalServerError, "internal_error", msg
+		slog.Error("unhandled service error", "error", err)
+		return http.StatusInternalServerError, "internal_error", "an internal error occurred"
 	}
 }