fix(cli): emit structured JSON on auth failure when --json is set; enable --json on info#1248
Draft
DaveHanns wants to merge 1 commit into
Draft
fix(cli): emit structured JSON on auth failure when --json is set; enable --json on info#1248DaveHanns wants to merge 1 commit into
DaveHanns wants to merge 1 commit into
Conversation
…able --json on info
Automation callers that invoke apify commands with --json currently get a
broken pipeline when they hit an auth failure: instead of a JSON payload on
stdout, they get chalk-formatted "Error: You are not logged in..." prose on
stderr and a generic exit 1. Scripts that pipe `apify ... --json | jq` blow
up on the prose.
This change introduces an `AuthError` class thrown by `getLoggedClientOrThrow`,
and teaches the top-level catch in `runCLI` to:
- emit a structured envelope `{"error":{"type":"AuthError","message":...,"exitCode":...}}`
on stdout when the invocation opted into --json (via `enableJsonFlag` +
`--json` in argv), and
- exit with the AuthError's own exit code (currently `CommandExitCodes.MissingAuth`)
rather than the hard-coded 1, so callers can distinguish auth failures from
other errors.
Also enables `--json` on `apify info` so scripts can read the logged-in
username / userId in the same structured shape used by `apify actors info --json`.
The token itself is never included in --json output to avoid leaking secrets
into script logs.
Ref: F14. See also #1223 for the broader exit-code taxonomy discussion.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
apifycommands are invoked with--jsonand hit an auth failure, they currently emit unstructuredchalk-formatted prose to stderr and exit 1. Scripts that parse--jsonoutput see a broken pipeline. This PR teaches the top-level command handler to emit a machine-readable JSON envelope on stdout when--jsonwas opted into, and also enables--jsononapify infoso scripts can read identity info in the same shape asapify actors info --json.Draft — feedback welcome on the envelope shape (
{ error: { type, message, exitCode } }) and on whetherapify info --jsonshould include anything beyond{ username, userId }.What changes
AuthErrorclass (src/lib/errors/AuthError.ts) — carriestype: 'AuthError'and anexitCode(defaults toCommandExitCodes.MissingAuth). ExtendsErrorso existingcatch (err: Error)sites keep working.getLoggedClientOrThrownow throwsAuthErrorinstead of a bareError, preserving the existingprocess.exitCode = CommandExitCodes.MissingAuthbehavior.runCLItop-level catch (src/entrypoints/_shared.ts):AuthErrorand the invocation opted into structured output (enableJsonFlag+--jsonin argv), emit{"error":{"type":"AuthError","message":"...","exitCode":N}}on stdout and exit with the AuthError's exit code.--json.--jsoncheck scans the raw argv slice rather thaninstance.flags.json, because errors can be thrown before the flags object is fully populated.apify infogains--json(src/commands/info.ts) — emits{ username, userId }when set. The API token is deliberately not included in--jsonoutput to avoid leaking secrets into script logs; useapify secretsor the auth file directly if you need the raw token.Behavior of every other command is unchanged when
--jsonisn't set.Example
Before:
After (not logged in):
After (logged in):
Test plan
apify infowithout--jsonstill prints the human-readable "username: … / userId: …" output.apify info --jsonon a logged-in machine prints{ username, userId }and exits 0.apify info --jsonon a logged-out machine prints theAuthErrorenvelope on stdout (not stderr) and exits with the missing-auth code.apify actors info <actorId> --jsonon a logged-out machine also emits the JSON envelope (regression check — this exercises the shared code path).apify actors ls(no--json) on a logged-out machine still prints the existing prose message; no output shape change for non-JSON callers.pnpm run lintandtsc --noEmitpass.Notes
exitCodefield emitted in the envelope will automatically pick up any refinedMissingAuthcode once that lands.