Skip to content

500 Error after Publish before #10

New issue
New issue
Open
Open
500 Error after Publish before#10
@quinnwai

Description

@quinnwai
quinnwai
opened on Jan 8, 2026

Describe the bug
When I run a forge publish and then within a few seconds with a forge output <UID>, I get a weird 500 error which would be confusing to users. After a couple more seconds, the forge output has something reasonable that is being sent. Tho the second call has a separate concerning thing that the ghToken is plaintext being sent back to the users

To Reproduce
Steps to reproduce the behavior:

  1. Find a repo forge publish
  2. Click on '....'
  3. forge output
  4. See error

Error

$forge output 8d7733d6-dbd2-49c8-8661-6c6f24093d6f
Using remote: calypr-dev
Error: failed to check authz, response body: &{500 Internal Server Error 500 HTTP/1.1 1 1 map[Access-Control-Allow-Headers:[DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Cookie,X-CSRF-Token] Access-Control-Allow-Methods:[GET, POST, OPTIONS, DELETE, PUT] Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[Content-Length,Content-Range] Connection:[keep-alive] Content-Length:[100] Content-Type:[text/plain; charset=utf-8] Date:[Thu, 08 Jan 2026 14:01:58 GMT] Server:[nginx/1.18.0 (Ubuntu)] Strict-Transport-Security:[max-age=63072000; includeSubdomains;] X-Content-Type-Options:[nosniff nosniff] X-Frame-Options:[SAMEORIGIN] X-Xss-Protection:[1; mode=block]] 0x1400210e0c0 100 [] false false map[] 0x140020f6000 0x140020c0780}

)$forge output 8d7733d6-dbd2-49c8-8661-6c6f24093d6f
Using remote: calypr-dev
Logs: INFO:root:{"APIEndpoint":"https://calypr-dev.ohsu.edu","bucketName":"cbds","ghCommitHash":"be50383f0087ea2fe1d1ed70d0c0907a81a5d69d","ghRepoUrl":"source.ohsu.edu/wongq/test-monorepo.git","ghToken":"......","ghUserName":"quinnwai","method":"put","profile":"calypr-dev","projectId":"......"}

Expected behavior
On the first immediate call, it would be helpfu lto diagnose where this 500 is coming from and provide a clearer message or no message at all if it's initializing
On the second call, I want more security. I would ideally like ACED ETL or otherwise to hide the ghToken from plaintext as that is weird for me as a user to have my key out like that and also to have it being transferred straight back to me.

Environment (please complete the following information):

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions