fix(rpc): Use correct SDK endpoint for DID registration#33
Conversation
- Change endpoint from /v1/agents/{id}/dids to /v1/sdk/agents/{id}
- Change HTTP method from POST to PUT (update existing agent)
- Change auth header from Authorization: Bearer to X-Capiscio-Registry-Key
- Remove public_key from payload (not needed for DID update)
This aligns the core sidecar with the server's SDK API.
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull request overview
Fixes the SimpleGuard Init DID registration call to use the server’s SDK update-agent endpoint and API-key header so the connect/init flow can successfully register an agent DID.
Changes:
- Switch DID registration from
POST /v1/agents/{id}/didstoPUT /v1/sdk/agents/{id}. - Use
X-Capiscio-Registry-Keyheader instead ofAuthorization: Bearer. - Update request body to only include
{"did": "..."}.
internal/rpc/simpleguard_service.go
Outdated
| // Uses PUT /v1/sdk/agents/{id} to update the agent's DID. | ||
| func (s *SimpleGuardService) registerDIDWithServer(serverURL, apiKey, agentID, didKey string, publicKeyJWK []byte) error { | ||
| url := fmt.Sprintf("%s/v1/agents/%s/dids", serverURL, agentID) | ||
| url := fmt.Sprintf("%s/v1/sdk/agents/%s", serverURL, agentID) |
There was a problem hiding this comment.
serverURL is concatenated directly into the request URL; if callers provide a trailing slash (e.g. https://api.capisc.io/), this produces a double-slash path (//v1/...) which can trigger redirects or routing mismatches on some servers. Consider normalizing serverURL (trim trailing /) or building the URL with url.JoinPath.
| req, err := http.NewRequest(http.MethodPut, url, bytes.NewReader(body)) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to create request: %w", err) | ||
| } | ||
|
|
||
| req.Header.Set("Content-Type", "application/json") | ||
| req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", apiKey)) | ||
| req.Header.Set("X-Capiscio-Registry-Key", apiKey) |
There was a problem hiding this comment.
The DID registration flow changed (method/path/header/payload), but there’s no unit test coverage asserting the new PUT /v1/sdk/agents/{id} call and X-Capiscio-Registry-Key header. Add a test (likely via httptest.Server) that exercises Init (or registerDIDWithServer) and verifies the request method, path, header, and JSON body.
internal/rpc/simpleguard_service.go
Outdated
|
|
||
| // registerDIDWithServer registers DID with the CapiscIO server. | ||
| // Uses PUT /v1/sdk/agents/{id} to update the agent's DID. | ||
| func (s *SimpleGuardService) registerDIDWithServer(serverURL, apiKey, agentID, didKey string, publicKeyJWK []byte) error { |
There was a problem hiding this comment.
publicKeyJWK is still part of the registerDIDWithServer signature (and is passed from Init), but it’s no longer used in the payload. This makes the call site misleading and can become lint noise if unparam is enabled later. Remove the parameter and the extra argument at the call site (or, if the server still needs the key in some form, include it explicitly in the request body).
internal/rpc/simpleguard_service.go
Outdated
|
|
||
| // registerDIDWithServer registers DID with the CapiscIO server. | ||
| // Uses PUT /v1/sdk/agents/{id} to update the agent's DID. | ||
| func (s *SimpleGuardService) registerDIDWithServer(serverURL, apiKey, agentID, didKey string, publicKeyJWK []byte) error { |
There was a problem hiding this comment.
The publicKeyJWK parameter is no longer used in this function since the payload was updated to only include the DID. Consider removing this parameter from the function signature to avoid confusion and maintain a cleaner API.
- Remove unused publicKeyJWK parameter - Normalize serverURL to prevent double-slash issues - Use strings.TrimRight to handle trailing slashes
- Add tests for RPC registerDIDWithServer function - Update CLI registerDID to use new SDK endpoint - Update CLI tests for new endpoint pattern - Tests cover: successful registration, URL normalization, server errors, unauthorized responses
| var gotMethod, gotPath, gotAPIKey string | ||
|
|
||
| server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
| gotMethod = r.Method | ||
| gotPath = r.URL.Path | ||
| gotAPIKey = r.Header.Get("X-Capiscio-Registry-Key") | ||
| json.NewDecoder(r.Body).Decode(&received) | ||
| w.WriteHeader(http.StatusOK) |
There was a problem hiding this comment.
The test writes to shared variables (gotMethod/gotPath/gotAPIKey/received) from the httptest server handler goroutine and reads them back in the test goroutine without synchronization. This will trigger data races under go test -race. Prefer asserting inside the handler, or send the captured values back over a channel / protect with a mutex.
cmd/capiscio/init_test.go
Outdated
| func TestRegisterDID(t *testing.T) { | ||
| var received struct { | ||
| DID string `json:"did"` | ||
| PublicKey json.RawMessage `json:"public_key"` | ||
| DID string `json:"did"` | ||
| } |
There was a problem hiding this comment.
This test relies on the httptest handler mutating received (and then the main test goroutine asserting on it) without synchronization. Because handlers run in a separate goroutine, this is a data race under go test -race. Consider performing assertions inside the handler, or communicate the decoded body back via a channel/mutex.
cmd/capiscio/init.go
Outdated
| // Note: public key is no longer sent - server doesn't require it for SDK registration | ||
| _ = pub // Kept in signature for backward compatibility |
There was a problem hiding this comment.
registerDID no longer uses the pub argument, but it is still part of the (unexported) function signature and is manually discarded. Since this function is only used within this package/file, it would be clearer to remove the parameter and update the call sites instead of keeping an intentionally-unused argument.
| // Note: public key is no longer sent - server doesn't require it for SDK registration | |
| _ = pub // Kept in signature for backward compatibility | |
| // Note: public key is no longer sent - server doesn't require it for SDK registration. | |
| // The pub parameter is retained for backward compatibility and is currently unused. |
- Fix race conditions in tests using channels for thread-safe communication - Improve comment style for unused pub parameter per review suggestion - Tests now pass with -race flag
1 participant
Summary
Fixes the DID registration endpoint in the SimpleGuard Init RPC to align with the server's SDK API.
Changes
internal/rpc/simpleguard_service.goPOST /v1/agents/{id}/didsPUT /v1/sdk/agents/{id}Authorization: Bearer {key}X-Capiscio-Registry-Key: {key}{"did": "...", "public_key": "..."}{"did": "..."}Root Cause
The sidecar was calling a non-existent endpoint. The server's SDK routes use:
PUT /v1/sdk/agents/{id}for updating agent properties including DIDX-Capiscio-Registry-Keyheader for API key authenticationRelated PRs
Testing
This change enables the full Let's Encrypt-style
CapiscIO.connect()flow to work end-to-end with the live registry.