From a6cd7421c4ebc68399a75c55dd3d789951a8fb8c Mon Sep 17 00:00:00 2001 From: Kishore Kumar Date: Fri, 3 Jul 2026 13:47:01 +0530 Subject: [PATCH 1/2] docs(m109-003): drop dead UZ-AUTH-009/010 rows from error-codes reference Both codes were superseded by UZ-AUTH-022 and have no producer in the agentsfleetd error registry, contradicting this page's own generation note (line 29). Only these two producerless live-looking rows are removed. Intentionally kept: UZ-AUTH-021 (struck-through historical row, per commit f64e20c "keep retired UZ-AUTH-021 visible") and the UZ-SLK-021 gap-note prose. Co-Authored-By: Claude Opus 4.8 (1M context) --- api-reference/error-codes.mdx | 2 -- 1 file changed, 2 deletions(-) diff --git a/api-reference/error-codes.mdx b/api-reference/error-codes.mdx index 8c22b7a..0db2bf2 100644 --- a/api-reference/error-codes.mdx +++ b/api-reference/error-codes.mdx @@ -62,8 +62,6 @@ Every code on this page is one `agentsfleetd` can actually emit — the list is | `UZ-AUTH-004` | 503 | Authentication service unavailable | OIDC provider unreachable | | `UZ-AUTH-005` | 404 | Session not found | Auth session ID not found or already expired | | `UZ-AUTH-006` | 401 | Session expired | Auth session timed out before completion | -| `UZ-AUTH-009` | 403 | Insufficient role | Token role is too low for this endpoint | -| `UZ-AUTH-010` | 403 | Unsupported role | Token contains an unrecognized role claim | | `UZ-AUTH-022` | 403 | Insufficient scope | Token lacks the required `resource:action` scope for this endpoint. The `detail` field names the required scope (e.g. `Requires scope fleet:admin`). | ## CLI login From c176c4123782e2b8e3ecf7fa9dc6e4e0257a48e5 Mon Sep 17 00:00:00 2001 From: Kishore Kumar Date: Fri, 3 Jul 2026 15:52:06 +0530 Subject: [PATCH 2/2] =?UTF-8?q?docs(m109-003):=20changelog=20=E2=80=94=20e?= =?UTF-8?q?rror-reference=20cleanup=20+=20UZ-PROVIDER-003=20hint=20fix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Records the two user-facing corrections in this workstream: the removed dead UZ-AUTH-009/010 rows and the corrected UZ-PROVIDER-003 credential hint (api_key optional for an openai-compatible endpoint). Co-Authored-By: Claude Opus 4.8 (1M context) --- changelog.mdx | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/changelog.mdx b/changelog.mdx index aee513f..36d452c 100644 --- a/changelog.mdx +++ b/changelog.mdx @@ -30,6 +30,17 @@ export const STAGE_SELF_MANAGED_M66 = "$0.0001"; - **Approval enforcement** — an approved or denied grant is honored by the fleet's lease path even when the Redis mirror of that decision fails to write. The durable database row is consulted as a fallback, so enforcement can no longer diverge from the approval audit trail. + + ## Error reference matches the server, and provider-credential guidance is accurate + + The error-code reference no longer lists codes the server cannot emit, and the `UZ-PROVIDER-003` hint now describes what a self-managed credential actually requires. + + ## Fixes + + - **`UZ-PROVIDER-003` hint** — now states that `provider` and `model` are required and `api_key` is required only for a named provider (optional for an `openai-compatible` endpoint), matching the credential validator. A client following the old wording would send an unnecessary `api_key`, or misread an unrelated failure as a missing key. + - **Error-code reference** — removed the `UZ-AUTH-009` and `UZ-AUTH-010` rows, which have no producer in the server registry (both superseded by `UZ-AUTH-022`). The retired `UZ-AUTH-021` stays as a struck-through historical entry. + + ## Add a workspace template from the dashboard