Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
39 lines
1.1 KiB
Markdown
39 lines
1.1 KiB
Markdown
---
|
|
issue: 128
|
|
title: "Scanner: POST /intents returns 200 instead of 201 for new resource creation"
|
|
severity: low
|
|
domain: Scanner
|
|
labels: [scanner, api-contract]
|
|
status: open
|
|
created: 2026-05-30
|
|
source: Full Codebase Audit 2026-05-30
|
|
---
|
|
|
|
# Scanner: POST /intents returns 200 instead of 201 for new resource creation
|
|
|
|
**Severity:** low
|
|
**Domain:** Scanner
|
|
**Labels:** scanner, api-contract
|
|
|
|
## Description
|
|
|
|
`scanner/api.go:234` returns HTTP 200 for both new intent creation and idempotent replays. REST convention is 201 for new resource creation and 200 for idempotent replays. Clients that check status codes to distinguish creation from replay cannot do so currently.
|
|
|
|
## Options
|
|
|
|
1. Return 201 on new creation, 200 on idempotent replay.
|
|
2. Always 201.
|
|
3. Add a header/body flag indicating replay vs new.
|
|
|
|
## Recommendation
|
|
|
|
Return 201 for new resources and 200 for idempotent replays. Could affect clients keyed on status codes.
|
|
|
|
## Affected Files
|
|
|
|
- `scanner/api.go:234`
|
|
|
|
## References
|
|
|
|
- [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-63
|