[ONB-2396] Detallar el error de IP allow list en la verificación de conectividad de fintoc doctor#55
Merged
vacodoceo merged 3 commits intoJun 26, 2026
Conversation
When an org restricts API access by IP, the API replies 401 with code allowed_cidr_blocks_does_not_contain_ip (or missing_allowed_cidr_block). These fell into the generic "Authentication failed: check your API key" path, which misled callers whose key was actually fine. Detect those codes in handleError and point users to the dashboard allow list instead. Export parseFintocError so doctor can reuse the parsing.
checkConnectivity swallowed every failure into "could not reach api.fintoc.com", so an IP-not-allow-listed org looked like a network outage even though the request reached the API. Classify the caught error: report the host as reachable but the IP as blocked (with a link to fix it), distinguish a rejected key, and keep the generic message only for real network failures.
The continuation lines (e.g. the "Run `fintoc login`" hint) were indented to column 20, but values sit at column 22 (status glyph + space + label), so they drifted left. The skipped checks were also printed as raw hints with a leading indent and a width-ambiguous skip glyph, breaking the column entirely. Route every line through row()/detail() helpers that pad to a single width, and render skipped checks via info() like the rest, so labels, values and follow-up lines share one column.
43ca76e to
acf071f
Compare
FranciscaOtero
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contexto
Al correr
fintoc doctor, la sección de Connectivity tiraba siempre el mismo error genérico (could not reach api.fintoc.com) aunque hubiera internet y la API key fuera correcta. El caso real era que la IP no estaba en la allow list de la organización, y costaba cacharlo. Los clientes que usan IP allow list y prueban la CLI iban a toparse con lo mismo.El
catchdecheckConnectivityaplastaba cualquier error en el mensaje genérico, pero la API en realidad responde un401 authentication_errorcon códigoallowed_cidr_blocks_does_not_contain_ip(omissing_allowed_cidr_block): la request sí llega a la API.Que hay de nuevo?
checkConnectivityclasifica el error: si es de IP allow list muestra que la API es alcanzable pero la IP no está permitida, con link al dashboardhandleErrorgana una rama para los códigos de IP allow list, así cualquier comando (no solodoctor) muestra un mensaje clarodoctor(labels, valores y líneas de detalle quedaban corridas a veces)Tests
Screenshot
Created with Claude Code
/fast-trackcommand