fix(link-legacy-key): validate response with Zod and add fetch timeout#2
Merged
Conversation
matmilbury
force-pushed
the
fix/link-legacy-key-review-fixes
branch
from
cbe245b to
49ed3f9
Compare
Replace `as LinkResult` cast on the mcp-gateway response with Zod schema parsing to catch malformed responses at runtime instead of silently proceeding with wrong data. Add AbortSignal.timeout(10s) to the fetch call to prevent the login command from hanging indefinitely if mcp-gateway accepts TCP but never responds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
matmilbury
force-pushed
the
fix/link-legacy-key-review-fixes
branch
from
49ed3f9 to
ee8dd24
Compare
Contributor
Author
Code reviewFound 1 issue:
eterna-cli/src/auth/link-legacy-key.ts Lines 29 to 42 in ee8dd24 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
Replace .parse() with .safeParse() so validation failures follow the existing warn-and-return pattern instead of throwing an uncaught ZodError that propagates to login.ts and reports 'Authentication failed' despite a successful OAuth login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses two issues from code review of #1:
as LinkResultcast with Zod schema parsing —res.json()returns external data from mcp-gateway. Casting withasbypasses runtime validation; if the response shape drifts, the code silently takes the wrong branch. Now usesLinkResultSchema.parse()which throws a clear error on malformed responses.AbortSignal.timeout(10s)to the fetch call — Without a timeout, a misbehaving mcp-gateway (accepts TCP, never responds) hangseterna loginindefinitely. The 10s timeout ensures the CLI falls through to the existing warning path.Also adds
zodas a production dependency and createssrc/auth/validation.tsfor the schema (per CLAUDE.md: "Define schemas invalidation.ts").Test plan
eterna loginwithETERNA_MCP_KEYset — verify link succeeds and prints "Legacy account linked"eterna loginwithETERNA_MCP_KEYset against a non-JSON-returning endpoint — verify Zod parse error is caught gracefullyeterna loginwithETERNA_MCP_URLpointing to a blackhole (accepts TCP, never responds) — verify timeout after ~10s with warning messagenpm run typecheckpassesnpm run buildpasses🤖 Generated with Claude Code