From 67f565376c416abdcc92ddf76bbd38e1e13d61c1 Mon Sep 17 00:00:00 2001 From: Anders Huss <5502349+andhus@users.noreply.github.com> Date: Mon, 25 May 2026 14:37:58 +0200 Subject: [PATCH] Surface API detail on 403 in environment CLI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 403 branch hardcoded "Admin role or higher is required to modify {resource}.", which is wrong for non-role 403s — most notably the workspace env-count cap, which returns detail "Workspace can have at most N environments". Users saw a misleading "you're not admin" message even when they were admin. Match the 409 branch and just surface the API's detail. Co-Authored-By: Claude Opus 4.7 (1M context) --- lib/stardag/src/stardag/_cli/environment.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/stardag/src/stardag/_cli/environment.py b/lib/stardag/src/stardag/_cli/environment.py index 391c1678..e3f47096 100644 --- a/lib/stardag/src/stardag/_cli/environment.py +++ b/lib/stardag/src/stardag/_cli/environment.py @@ -75,10 +75,11 @@ def _handle_api_error(response: httpx.Response, resource: str = "resource") -> N err=True, ) elif response.status_code == 403: - typer.echo( - f"Error: Permission denied. Admin role or higher is required to modify {resource}.", - err=True, - ) + try: + detail = response.json().get("detail", "Permission denied") + except ValueError: + detail = "Permission denied" + typer.echo(f"Error: {detail}", err=True) elif response.status_code == 404: typer.echo(f"Error: {resource.capitalize()} not found.", err=True) elif response.status_code == 409: