fix(graphql): structured error handling for page query (NOT_FOUND/PERMISSION_DENIED/BAD_REQUEST) (#35044)

## Summary

This PR introduces **structured error handling** for the GraphQL page
query across the dotCMS SDKs and example apps. The core idea: errors
should carry a stable, machine-readable code that consumers can branch
on — not free-form strings that break the moment a backend message is
reworded.

## The core: error messages

Before this PR, the SDK detected error types by string-matching on
GraphQL error messages (`"not found"`, `"permission"`, etc.). That is
brittle — any backend rewording silently degrades every error into a
generic 404 — and it doesn't survive i18n.

The fix is end-to-end:

1. **Backend always emits `extensions.classification`.**
`PermissionDeniedGraphQLException` now overrides `getErrorType()` so
GraphQL serializes the classification reliably. `PageDataFetcher` logs
the original `HTMLPageAssetNotFoundException` before rethrowing, so
stack traces are preserved.
2. **A stable contract on the wire.** Every page-query error response
now carries an `extensions.code` value: `NOT_FOUND`,
`PERMISSION_DENIED`, `BAD_REQUEST`, etc.
3. **The client reads the code, not the message.** `page-api.ts` was
rewritten around four explicit branches (logged unstructured errors →
`BAD_REQUEST` when `data` is null → structured codes when `data.page` is
null → generic 404 fallback). Partial content failures (page loads but a
sub-query fails) no longer swallow the errors — they surface via
`response.errors[]`.
4. **Error objects are useful.** `DotErrorPage` exposes `status` and
`code`, the `PERMISSION_DENIED` message includes actionable guidance
about dotCMS permissions, and a new `logLevel: 'verbose'` config logs
status, code, URL, and variables for debugging without polluting
production logs.

| Scenario | Before | After |
|---|---|---|
| Page does not exist | `null`, always 404 | `NOT_FOUND` / 404 |
| No permission | String-match miss → 404 | `PERMISSION_DENIED` / 403 |
| Malformed GraphQL query | JS `TypeError` | `BAD_REQUEST` / 400 |
| Partial content failure | Silently swallowed | `errors[]` on a
successful page response |

---

## Backend (Java)

- `PageDataFetcher` logs the original `HTMLPageAssetNotFoundException`
before rethrowing as `ResourceNotFoundException`.
- `PermissionDeniedGraphQLException` implements `getErrorType()`
returning `DataFetchingException` so `extensions.classification` is
always serialized.

## SDK — `@dotcms/types` (v1.2.0)

- `DotGraphQLApiResponse.data` typed as `{ page: DotCMSGraphQLPage |
null } | null` — models all four real response shapes.
- `DotCMSGraphQLError.extensions` and `.classification` made optional;
`path?: string[]` added.
- `DotCMSPageResponse` gains `errors?: DotCMSGraphQLError[]`; the
singular `error` field is kept as a `@deprecated` alias (removal: August
2026).
- `DotErrorPage` constructor `status` / `code` params have safe defaults
(`500`, `'UNKNOWN'`) — non-breaking.

## SDK — `@dotcms/client` (v1.2.0)

- Error detection switched from message string-matching to
`extensions.code`.
- Four-branch error handling in `page-api.ts` (see core summary above).
- `normalizedUrl` extracted once and reused across all error messages,
logs, and `DotErrorPage` instances.
- New `logLevel: 'default' | 'verbose'` config on `DotCMSClientConfig`;
verbose mode also gates the "no page query" performance warning.
- Improved `PERMISSION_DENIED` message with actionable guidance.
- Test coverage expanded for `page-api`, `content-api`, `utils`, and
verbose logging.

---

## Examples

### `examples/nextjs`
- `getDotCMSPage` returns `{ error }` on failure — consumers check
`pageContent?.error` instead of try/catch.
- New `ErrorPage` component handles 403 (Access Denied) and defaults
unknown statuses to 500.
- New shared `ErrorLayout` component used by both `ErrorPage` and
`not-found.js`; styling matched to the 404 design.
- Return-home link uses semantic `<Link>` directly.
- `dotCMSClient` enables `logLevel: 'verbose'` automatically in
development.

### `examples/astro`
- `Error.astro` updated to render structured status/code from
`DotErrorPage`.
- `getPage.ts` returns structured errors instead of throwing.
- `[...slug].astro` branches on the structured error to render the right
status.
- `dotCMSClient` enables verbose logging in development.

### `examples/angular`
- New standalone `ErrorComponent` rendering status, code, and message.
- `page.ts` consumes the structured error from the SDK and forwards it
to the template.
- `app.config.ts` enables verbose logging in development.

### `examples/angular-ssr`
- Same `ErrorComponent` + `page.ts` updates as the Angular example,
wired through `server.ts` so SSR returns the correct HTTP status.

## ⚠️ Headless API contract change (release notes)

The GraphQL page query response shape changes for missing pages:

- **Before:** `{ data: { page: null } }` with no `errors` array.
- **After:** `{ data: { page: null }, errors: [{ extensions: { code:
'NOT_FOUND', status: 404 } }] }`.

Headless consumers that detected 404 via `response.data?.page === null`
should migrate to `errors[0]?.extensions?.code === 'NOT_FOUND'`. The SDK
already handles this; only direct GraphQL consumers are affected.

The deprecated singular `DotCMSPageResponse.error` field is preserved as
an alias for backward compatibility and will be removed in **August
2026**.

## Test plan

- [ ] `nx test sdk-client --testPathPattern=page-api`
- [ ] Request a missing page — `error.code === 'NOT_FOUND'`,
`error.status === 404`
- [ ] Request a restricted page — `error.code === 'PERMISSION_DENIED'`,
`error.status === 403`
- [ ] Send a malformed GraphQL query — `error.code === 'BAD_REQUEST'`,
`error.status === 400`
- [ ] Request a valid page — no errors, page data returned
- [ ] Request a valid page with a failing content query — page loads,
`response.errors` populated
- [ ] Smoke each example app (nextjs, astro, angular, angular-ssr) on a
missing page and a restricted page

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: fmontes

core-web/libs/sdk/angular/src/lib/providers/dotcms-client/dotcms-client.provider.ts

@@ -75,6 +75,7 @@ export function provideDotCMSClient(options: DotCMSAngularProviderConfig): Envir
                     dotcmsUrl: options.dotcmsUrl,
                     authToken: options.authToken,
                     siteId: options.siteId,
+                    logLevel: options.logLevel,
                     httpClient: httpClient
                 });
 

core-web/libs/sdk/client/README.md

@@ -699,24 +699,29 @@ createDotCMSClient(config: DotCMSClientConfig): DotCMSClient
 
 #### Parameters
 
-| Option           | Type              | Required | Description                                                   |
-| ---------------- | ----------------- | -------- | ------------------------------------------------------------- |
-| `dotcmsUrl`      | string            | ✅       | Your dotCMS instance URL                                      |
-| `authToken`      | string            | ✅       | Authentication token                                          |
-| `siteId`         | string            | ❌       | Site identifier (falls back to default site if not specified) |
-| `requestOptions` | DotRequestOptions | ❌       | Additional request options                                    |
-| `httpClient`     | DotHttpClient     | ❌       | Custom HTTP client implementation                             |
+| Option           | Type                       | Required | Description                                                   |
+| ---------------- | -------------------------- | -------- | ------------------------------------------------------------- |
+| `dotcmsUrl`      | string                     | ✅       | Your dotCMS instance URL                                      |
+| `authToken`      | string                     | ✅       | Authentication token                                          |
+| `siteId`         | string                     | ❌       | Site identifier (falls back to default site if not specified) |
+| `requestOptions` | DotRequestOptions          | ❌       | Additional request options                                    |
+| `httpClient`     | DotHttpClient              | ❌       | Custom HTTP client implementation                             |
+| `logLevel`       | `'default'` \| `'verbose'` | ❌       | Controls log verbosity. `'verbose'` adds status, code, and variables to error logs. Defaults to `'default'` |
 
 #### Example
 ```typescript
 const client = createDotCMSClient({
     dotcmsUrl: 'https://your-dotcms-instance.com',
     authToken: 'your-auth-token',
     siteId: 'your-site-id',
-    httpClient: customHttpClient // Optional: provide custom HTTP client
+    httpClient: customHttpClient, // Optional: provide custom HTTP client
+    logLevel: 'verbose'           // Optional: enable detailed error logs
 });
 ```
 
+> [!TIP]
+> Enable `logLevel: 'verbose'` during development to see HTTP status codes, error codes, and request variables in error logs. In verbose mode, error logs also include a hint to access the full GraphQL query via `error.graphql.query`. Keep it at `'default'` (or omit it) in production to avoid noisy logs.
+
 ### HTTP Client Configuration
 
 The SDK now supports custom HTTP client implementations for advanced use cases. By default, it uses the built-in `FetchHttpClient` based on the native Fetch API.

core-web/libs/sdk/client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dotcms/client",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Official JavaScript library for interacting with DotCMS REST APIs.",
   "repository": {
     "type": "git",

core-web/libs/sdk/client/src/lib/client/content/content-api.spec.ts

@@ -0,0 +1,193 @@
+/// <reference types="jest" />
+
+import {
+    DotCMSClientConfig,
+    DotErrorContent,
+    DotHttpError,
+    DotRequestOptions
+} from '@dotcms/types';
+
+import { CollectionBuilder } from './builders/collection/collection';
+import { RawQueryBuilder } from './builders/raw-query/raw-query.builder';
+import { Content } from './content-api';
+
+import { FetchHttpClient } from '../adapters/fetch-http-client';
+
+jest.mock('../adapters/fetch-http-client');
+
+describe('Content', () => {
+    const mockRequest = jest.fn();
+    const MockedFetchHttpClient = FetchHttpClient as jest.MockedClass<typeof FetchHttpClient>;
+
+    const config: DotCMSClientConfig = {
+        dotcmsUrl: 'http://localhost:8080',
+        authToken: 'test-token',
+        siteId: 'test-site'
+    };
+
+    const requestOptions: DotRequestOptions = {
+        cache: 'no-cache'
+    };
+
+    const mockResponseData = {
+        entity: {
+            jsonObjectView: { contentlets: [{ title: 'Post 1' }, { title: 'Post 2' }] },
+            resultsSize: 2
+        }
+    };
+
+    beforeEach(() => {
+        mockRequest.mockReset();
+        MockedFetchHttpClient.mockImplementation(
+            () => ({ request: mockRequest }) as Partial<FetchHttpClient> as FetchHttpClient
+        );
+        mockRequest.mockResolvedValue(mockResponseData);
+    });
+
+    describe('getCollection()', () => {
+        it('returns a CollectionBuilder', () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            expect(content.getCollection('Blog')).toBeInstanceOf(CollectionBuilder);
+        });
+
+        it('executes an HTTP request when awaited', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.getCollection('Blog');
+            expect(mockRequest).toHaveBeenCalledTimes(1);
+        });
+
+        it('sends the content type in the query body', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.getCollection('Blog');
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.query).toContain('+contentType:Blog');
+        });
+
+        it('returns mapped contentlets from the response', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            const result = await content.getCollection('Blog');
+            expect(result.contentlets).toEqual([{ title: 'Post 1' }, { title: 'Post 2' }]);
+        });
+
+        it('returns total from resultsSize', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            const result = await content.getCollection('Blog');
+            expect(result.total).toBe(2);
+        });
+
+        it('applies limit() and page() on the builder', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.getCollection('Blog').limit(5).page(3);
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.limit).toBe(5);
+            expect(body.offset).toBe(10);
+        });
+
+        it('applies sortBy() on the builder', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.getCollection('Blog').sortBy([{ field: 'title', order: 'asc' }]);
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.sort).toBe('title asc');
+        });
+
+        it('throws DotErrorContent when the HTTP request fails', async () => {
+            const httpError = new DotHttpError({
+                status: 500,
+                statusText: 'Internal Server Error',
+                message: 'Server error',
+                data: {}
+            });
+            mockRequest.mockRejectedValue(httpError);
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await expect(content.getCollection('Blog')).rejects.toBeInstanceOf(DotErrorContent);
+        });
+
+        it('DotErrorContent carries the original query on 404', async () => {
+            const httpError = new DotHttpError({
+                status: 404,
+                statusText: 'Not Found',
+                message: 'Content not found',
+                data: {}
+            });
+            mockRequest.mockRejectedValue(httpError);
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+
+            try {
+                await content.getCollection('Blog');
+            } catch (e: unknown) {
+                expect(e).toBeInstanceOf(DotErrorContent);
+                if (e instanceof DotErrorContent) {
+                    expect(e.query).toContain('+contentType:Blog');
+                }
+            }
+        });
+
+        it('passes siteId from config into the query', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.getCollection('Blog');
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.query).toContain(`+conhost:${config.siteId}`);
+        });
+
+        it('each getCollection() call produces an independent builder', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            const b1 = content.getCollection('Blog').limit(5);
+            const b2 = content.getCollection('News').limit(20);
+            await b1;
+            await b2;
+            const body1 = JSON.parse(mockRequest.mock.calls[0][1].body);
+            const body2 = JSON.parse(mockRequest.mock.calls[1][1].body);
+            expect(body1.query).toContain('+contentType:Blog');
+            expect(body1.limit).toBe(5);
+            expect(body2.query).toContain('+contentType:News');
+            expect(body2.limit).toBe(20);
+        });
+    });
+
+    describe('query()', () => {
+        it('returns a RawQueryBuilder', () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            expect(content.query('+contentType:Blog')).toBeInstanceOf(RawQueryBuilder);
+        });
+
+        it('executes an HTTP request when awaited', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.query('+contentType:Blog');
+            expect(mockRequest).toHaveBeenCalledTimes(1);
+        });
+
+        it('sends the raw query as-is without adding implicit constraints', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.query('+contentType:Blog +languageId:1');
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.query).toBe('+contentType:Blog +languageId:1');
+        });
+
+        it('returns mapped contentlets from the response', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            const result = await content.query('+contentType:Blog');
+            expect(result.contentlets).toEqual([{ title: 'Post 1' }, { title: 'Post 2' }]);
+        });
+
+        it('throws DotErrorContent when the HTTP request fails', async () => {
+            const httpError = new DotHttpError({
+                status: 403,
+                statusText: 'Forbidden',
+                message: 'Access denied',
+                data: {}
+            });
+            mockRequest.mockRejectedValue(httpError);
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await expect(content.query('+contentType:Blog')).rejects.toBeInstanceOf(
+                DotErrorContent
+            );
+        });
+
+        it('does NOT inject siteId into a raw query', async () => {
+            const content = new Content(config, requestOptions, new FetchHttpClient());
+            await content.query('+contentType:Blog');
+            const body = JSON.parse(mockRequest.mock.calls[0][1].body);
+            expect(body.query).not.toContain('conhost');
+        });
+    });
+});