Skip to content

feat(api): update API spec from langfuse/langfuse f73fd25#856

Closed
langfuse-bot wants to merge 1 commit into
mainfrom
api-spec-bot-f73fd25
Closed

feat(api): update API spec from langfuse/langfuse f73fd25#856
langfuse-bot wants to merge 1 commit into
mainfrom
api-spec-bot-f73fd25

Conversation

@langfuse-bot

@langfuse-bot langfuse-bot commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Greptile Summary

This is an auto-generated PR (via Fern from langfuse/langfuse f73fd25) that adds a DashboardWidgets resource to the unstable API namespace, exposing a single POST /api/public/unstable/dashboard-widgets endpoint for creating reusable dashboard widgets.

  • New DashboardWidgets client registered with lazy initialisation on the Unstable client, following the same pattern as evaluationRules and evaluators.
  • Nine new type definitions covering widget views, chart types, metric aggregations, filters, dimensions, sort order, chart config, and the create/response DTOs — all properly barrel-exported.
  • The error-handling switch in the new client contains duplicate case labels (400, 401, 403, 405), making the second block of LangfuseAPI.* error classes unreachable; this same issue exists in pre-existing generated clients and likely originates from the Fern generator.

Confidence Score: 4/5

Safe to merge with awareness: the new client works for the happy path and for 404/429/500 errors, but callers catching LangfuseAPI.Error, LangfuseAPI.UnauthorizedError, LangfuseAPI.AccessDeniedError, or LangfuseAPI.MethodNotAllowedError from this endpoint will never catch them — they'll receive the LangfuseAPI.unstable.* variants instead.

The duplicate case labels make four documented error types permanently unreachable. Because this is auto-generated code that mirrors a bug already present in the existing evaluationRules client, it is unlikely to be caught by callers relying on specific error-class checks. All other aspects — type definitions, barrel exports, lazy accessor registration, HTTP method/path, auth header construction — are correct and consistent with the rest of the codebase.

packages/core/src/api/api/resources/unstable/resources/dashboardWidgets/client/Client.ts — the error-handling switch block deserves a second look.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Caller
    participant Unstable as client.unstable
    participant DW as dashboardWidgets (lazy)
    participant HTTP as core.fetcher
    participant API as POST /api/public/unstable/dashboard-widgets

    Caller->>Unstable: .dashboardWidgets.create(request)
    Note over Unstable,DW: lazy-init DashboardWidgets on first access
    Unstable->>DW: create(request, opts)
    DW->>DW: __create() — build headers, auth
    DW->>HTTP: "fetch(POST, body=request)"
    HTTP->>API: POST /api/public/unstable/dashboard-widgets
    API-->>HTTP: 200 DashboardWidget
    HTTP-->>DW: _response.ok
    DW-->>Caller: DashboardWidget

    alt HTTP error
        API-->>HTTP: 4xx / 5xx
        HTTP-->>DW: _response.error (status-code)
        Note over DW: switch(statusCode)<br/>400/401/403/405 → unstable.* error<br/>(second block with same codes is dead)<br/>404 → LangfuseAPI.NotFoundError<br/>429/500 → unstable.* error
        DW-->>Caller: throw error
    end
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Caller
    participant Unstable as client.unstable
    participant DW as dashboardWidgets (lazy)
    participant HTTP as core.fetcher
    participant API as POST /api/public/unstable/dashboard-widgets

    Caller->>Unstable: .dashboardWidgets.create(request)
    Note over Unstable,DW: lazy-init DashboardWidgets on first access
    Unstable->>DW: create(request, opts)
    DW->>DW: __create() — build headers, auth
    DW->>HTTP: "fetch(POST, body=request)"
    HTTP->>API: POST /api/public/unstable/dashboard-widgets
    API-->>HTTP: 200 DashboardWidget
    HTTP-->>DW: _response.ok
    DW-->>Caller: DashboardWidget

    alt HTTP error
        API-->>HTTP: 4xx / 5xx
        HTTP-->>DW: _response.error (status-code)
        Note over DW: switch(statusCode)<br/>400/401/403/405 → unstable.* error<br/>(second block with same codes is dead)<br/>404 → LangfuseAPI.NotFoundError<br/>429/500 → unstable.* error
        DW-->>Caller: throw error
    end
Loading
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
packages/core/src/api/api/resources/unstable/resources/dashboardWidgets/client/Client.ts:196-215
**Dead code: duplicate `case` labels shadow second error block**

The `switch` on `_response.error.statusCode` declares `case 400`, `401`, `403`, and `405` twice. In JavaScript/TypeScript a `switch` executes the first matching arm and exits (each arm here ends with `throw`), so the second set of cases — throwing `LangfuseAPI.Error`, `LangfuseAPI.UnauthorizedError`, `LangfuseAPI.AccessDeniedError`, and `LangfuseAPI.MethodNotAllowedError` — can never be reached. Code that `catch`es those specific error classes will never fire on these status codes.

Note: `case 404` (line 216) is unique and *is* reachable since 404 appears only in the second block. The same duplicate-case pattern appears in the pre-existing `evaluationRules/client/Client.ts` and likely originates from the Fern generator — worth a fix upstream in the API spec or generator config.

Reviews (1): Last reviewed commit: "feat(api): update API spec from langfuse..." | Re-trigger Greptile

Greptile also left 1 inline comment on this PR.

@langfuse-bot langfuse-bot requested a review from nimarb July 3, 2026 14:22
@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
langfuse-js Ready Ready Preview Jul 3, 2026 2:23pm

Request Review

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

@claude review

Comment on lines +196 to +215
case 400:
throw new LangfuseAPI.Error(
_response.error.body as unknown,
_response.rawResponse,
);
case 401:
throw new LangfuseAPI.UnauthorizedError(
_response.error.body as unknown,
_response.rawResponse,
);
case 403:
throw new LangfuseAPI.AccessDeniedError(
_response.error.body as unknown,
_response.rawResponse,
);
case 405:
throw new LangfuseAPI.MethodNotAllowedError(
_response.error.body as unknown,
_response.rawResponse,
);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Dead code: duplicate case labels shadow second error block

The switch on _response.error.statusCode declares case 400, 401, 403, and 405 twice. In JavaScript/TypeScript a switch executes the first matching arm and exits (each arm here ends with throw), so the second set of cases — throwing LangfuseAPI.Error, LangfuseAPI.UnauthorizedError, LangfuseAPI.AccessDeniedError, and LangfuseAPI.MethodNotAllowedError — can never be reached. Code that catches those specific error classes will never fire on these status codes.

Note: case 404 (line 216) is unique and is reachable since 404 appears only in the second block. The same duplicate-case pattern appears in the pre-existing evaluationRules/client/Client.ts and likely originates from the Fern generator — worth a fix upstream in the API spec or generator config.

Prompt To Fix With AI
This is a comment left during a code review.
Path: packages/core/src/api/api/resources/unstable/resources/dashboardWidgets/client/Client.ts
Line: 196-215

Comment:
**Dead code: duplicate `case` labels shadow second error block**

The `switch` on `_response.error.statusCode` declares `case 400`, `401`, `403`, and `405` twice. In JavaScript/TypeScript a `switch` executes the first matching arm and exits (each arm here ends with `throw`), so the second set of cases — throwing `LangfuseAPI.Error`, `LangfuseAPI.UnauthorizedError`, `LangfuseAPI.AccessDeniedError`, and `LangfuseAPI.MethodNotAllowedError` — can never be reached. Code that `catch`es those specific error classes will never fire on these status codes.

Note: `case 404` (line 216) is unique and *is* reachable since 404 appears only in the second block. The same duplicate-case pattern appears in the pre-existing `evaluationRules/client/Client.ts` and likely originates from the Fern generator — worth a fix upstream in the API spec or generator config.

How can I resolve this? If you propose a fix, please make it concise.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — auto-generated Fern API spec update adding the unstable dashboardWidgets resource.

Extended reasoning...

Overview

This PR is a fully auto-generated Fern SDK update from the langfuse/langfuse API spec. It adds a new dashboardWidgets resource under the unstable namespace with a single create endpoint (POST /api/public/unstable/dashboard-widgets) plus associated request/response types and enums (chart type, view, aggregation, sort order, etc.). The changes hook the new client into the existing Unstable class via the same lazy-getter pattern used for evaluationRules and evaluators, and re-export the new types from the resources barrel.

Security risks

None. This is generated client code that constructs an authenticated POST against the customer's configured Langfuse endpoint using the existing basic-auth supplier and header-merging helpers shared with the other unstable resources. No secrets, crypto, permission logic, or user-input parsing is introduced.

Level of scrutiny

Very low — every file is marked auto-generated by Fern and mirrors the existing sibling resources (evaluationRules/evaluators) byte-for-byte in structure. The one oddity is duplicate case 400/401/403/405 labels in the error switch, but the same pattern already exists in evaluationRules/client/Client.ts (lines 246/291, 433/463, etc.), so this is a Fern codegen quirk in the upstream generator rather than a regression introduced here.

Other factors

No bugs were flagged by the bug hunting system. The endpoint sits under /unstable/ and the SDK explicitly documents that the surface may evolve. Nothing here touches ingestion, tracing, auth, or any production-critical path in the SDK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant