HYPERFLEET-993 - feat: add typed error response models

[Mischulee]

Summary

Introduces dedicated typed error response models for standard HTTP error codes and adds UnauthorizedResponse (401) to all API endpoints.

• Ticket: HYPERFLEET-993

Test Plan

• npm run build passes
• Schema regenerated
• All error responses include application/problem+json body schema in generated schemas/core/openapi.yaml
• spectral lint passes
• hyperfleet-api-spec-template builds successfully against api-spec 1.0.20

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 19946963-1049-4eeb-9e24-79a0db39aa1e

📥 Commits

Reviewing files that changed from the base of the PR and between 52e6be8 and 8fa6e3e.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (12)

• .spectral.yaml
• CHANGELOG.md
• core/services/force-delete-internal.tsp
• core/services/resources-internal.tsp
• core/services/statuses-internal.tsp
• main.tsp
• package.json
• schemas/core/openapi.yaml
• shared/models/common/example_errors.tsp
• shared/models/common/model.tsp
• shared/services/clusters.tsp
• shared/services/nodepools.tsp

✅ Files skipped from review due to trivial changes (4)

• main.tsp
• package.json
• CHANGELOG.md
• .spectral.yaml

🚧 Files skipped from review as they are similar to previous changes (7)

• core/services/force-delete-internal.tsp
• shared/models/common/example_errors.tsp
• shared/services/clusters.tsp
• core/services/statuses-internal.tsp
• shared/services/nodepools.tsp
• shared/models/common/model.tsp
• core/services/resources-internal.tsp

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • API error responses now follow RFC 9457 standard format with structured problem details.
  • Added explicit 401 Unauthorized response handling to authentication-protected endpoints.
  • Pagination query parameters now enforced with minimum values for validation.

• Bug Fixes

  • Removed incorrect 409 Conflict responses from status update endpoints.

• Documentation

  • Enhanced error response documentation across resource, cluster, and nodepool endpoints.

Walkthrough

This PR standardizes RFC 9457 problem+json error payloads: adds per-status response models (400/401/403/404/409), extracts example error constants, moves error models into the HyperFleet namespace, enforces @minValue(1) on pagination params, and propagates explicit 401/ProblemDetails responses across OpenAPI path docs and TypeSpec service return unions. It also bumps service/package versions to 1.0.20, updates CHANGELOG compare links, and adjusts a Spectral override.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: introducing typed error response models, which is the core focus of this PR across multiple files.
Description check	✅ Passed	The description is directly related to the changeset, explaining the introduction of typed error response models and 401 UnauthorizedResponse additions with a comprehensive test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	PR modifies TypeSpec/YAML API spec files. Only 1 Go file (schemas/schemas.go) changed—contains no log statements or secrets.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@schemas/core/openapi.yaml`:
- Around line 2144-2194: The OpenAPI spec includes an unused component
ForbiddenResponse causing Spectral failures; either remove the ForbiddenResponse
schema (and its example) from components/schemas or add explicit 403 responses
that reference it for the operations that should advertise permission-denied
behavior; locate the ForbiddenResponse definition in schemas/core/openapi.yaml
and either delete that object or add response objects with $ref to
'`#/components/schemas/ForbiddenResponse`' on the relevant paths/operations to
ensure the component is actually referenced.

In `@shared/models/common/model.tsp`:
- Around line 114-119: The ForbiddenResponse model is emitted but never
referenced; either remove or stop generating it, or reference it from
authenticated operations that should return 403. To fix, locate the
ForbiddenResponse model (model ForbiddenResponse) and either delete it from
shared/models/common/model.tsp (and any generator inclusion) or add a 403
response reference to the relevant operation definitions (e.g., attach
ForbiddenResponse as the 403 response in the operations that require
authentication/authorization) so the model is actually consumed by the API
surface.
- Around line 61-133: The Error model mixes transport metadata with the problem
body; remove transport-only decorators from Error (or rename it to
ProblemDetails) so it contains only problem fields and move the `@example`
annotations onto that body model, then replace the current response models
(BadRequestResponse, UnauthorizedResponse, ForbiddenResponse, NotFoundResponse,
ConflictResponse) with thin wrappers that declare `@statusCode` (and any `@header`)
and contain a single payload property typed to the body model (e.g., body:
ProblemDetails) instead of using the spread (...Error); adjust references
accordingly so examples reflect only the JSON problem body and transport
metadata lives on the response wrappers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e0cd2900-eb01-41cc-a9e8-f07693556934

📥 Commits

Reviewing files that changed from the base of the PR and between cc6a1a9 and df8858f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (11)

• CHANGELOG.md
• core/services/force-delete-internal.tsp
• core/services/resources-internal.tsp
• core/services/statuses-internal.tsp
• main.tsp
• package.json
• schemas/core/openapi.yaml
• shared/models/common/example_errors.tsp
• shared/models/common/model.tsp
• shared/services/clusters.tsp
• shared/services/nodepools.tsp

[rafabene]

Tip

nit — non-blocking suggestion

Category: Pattern

The six status upsert endpoints (createOrUpdateStatus for cluster, nodepool, and resource statuses) previously declared | ConflictResponse (409) in their return unions. This PR removes 409 from all of them — which the JIRA ticket explicitly permits ("or the ConflictResponse usage is removed if intentionally absent").

However, the CHANGELOG doesn't mention this removal. Since it changes the documented API contract, a line under ### Fixed or ### Changed noting it would help consumers who rely on the spec for error handling:

- `ConflictResponse` (409) removed from status create/update endpoints (upsert semantics — conflict is not applicable)

Also, | Error (default error response) was added to these same endpoints — a good fix, as it was previously missing.

[Mischulee]

Added both fixes to changelog, thanks for pointing it.

[rafabene]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [rafabene]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment