Skip to content

Fix TAP WebSocket connection failing with bad handshake when TAP_ADMIN_PASSWORD is set#37

Closed
Kzoeps wants to merge 97 commits intohypercerts-org:mainfrom
GainForest:fix/tap-auth-issue
Closed

Fix TAP WebSocket connection failing with bad handshake when TAP_ADMIN_PASSWORD is set#37
Kzoeps wants to merge 97 commits intohypercerts-org:mainfrom
GainForest:fix/tap-auth-issue

Conversation

@Kzoeps
Copy link
Copy Markdown

@Kzoeps Kzoeps commented Apr 6, 2026

The TAP sidecar's /channel WebSocket endpoint requires HTTP Basic Auth when a password is configured. The consumer was dialing with no headers, causing a 401 that gorilla/websocket surfaces as "websocket: bad handshake", preventing Hyperindex from receiving any events.
Changes:

  • Add Password string field to ConsumerConfig in internal/tap/consumer.go
  • Build an Authorization: Basic header in runOnce() when a password is set, matching the pattern already used by AdminClient for HTTP requests
  • Wire cfg.TapAdminPassword into ConsumerConfig.Password in startTap() in cmd/hypergoat/main.go
    No behaviour change when TAP_ADMIN_PASSWORD is empty.

@daviddao
beads: plan hyperindex-49s — GraphQL filtering, sorting & query compl…
e47bd25 
…eteness epic
@daviddao
feat: add composite DB index for keyset pagination performance (hyper…
6b2c6ad 
…index-49s.7)
@daviddao
Add did and rkey fields to typed record GraphQL types (hyperindex-49s.5)
c18791b
@daviddao
Add max page size limit and ClampPageSize helper (hyperindex-49s.6)
bbfdf23
@daviddao
feat: scaffold shared filter input types (hyperindex-49s.1)
f3de82e
@daviddao
Add per-collection sort enum and sortBy/sortDirection arguments (hype…
2140d47 
…rindex-49s.8)
@daviddao
Generate per-collection WhereInput types in schema builder (hyperinde…
6050b63 
…x-49s.3)
@daviddao
Add LIKE-based cross-collection search query (hyperindex-49s.13)
264d333
@daviddao
Add FieldFilter struct and filtered query to RecordsRepository (hyper…
8d786ca 
…index-49s.2)
@daviddao
Wire WHERE filters from GraphQL args into resolvers and repository (h…
110e36d 
…yperindex-49s.4)
@daviddao
feat: populate totalCount on public connections opt-in (hyperindex-49…
140f601 
…s.11)
@daviddao
Add sorted query method tests to RecordsRepository (hyperindex-49s.9)
8986495
@daviddao
Wire sorting into resolvers and generalize cursor encoding (hyperinde…
7d5f062 
…x-49s.10)
@daviddao
feat: add backward pagination support (last/before) (hyperindex-49s.12)
a4a38bc
@daviddao
Add integration tests for filter/sort/search end-to-end (hyperindex-4…
c179d86 
…9s.14)
@daviddao
beads: all 14 tasks complete for hyperindex-49s, mark for integration…
d9e9512 
… review
@daviddao
docs: update README with filtering, sorting, search, pagination examples
5bf2b53
@daviddao
docs: update API docs with filtering, sorting, search reference
26976b4
@daviddao
beads: plan hyperindex-q00 — bug fixes from code review (11 tasks)
aaebb0b
@daviddao
fix: remove DefaultValue from records query first arg to fix backward…
09fd2a3 
… pagination (hyperindex-q00.2)
@daviddao
Add search query timeout and concurrency control (hyperindex-q00.4)
0af843c
@daviddao
Fix cursor pipe delimiter collision with JSON encoding (hyperindex-q0…
6c2350d 
…0.1)
@daviddao
Fix search minimum length to use rune count and increase to 3 (hyperi…
99b68c3 
…ndex-q00.9)
@daviddao
Add MaxINListSize limit to prevent SQLite parameter overflow (hyperin…
ff5e7f5 
…dex-q00.3)
@daviddao
Skip lexicon properties that collide with reserved field names (hyper…
d60d85d 
…index-q00.7)
@daviddao
fix: escape LIKE wildcards in contains/startsWith filter operators (h…
c9d2dc3 
…yperindex-q00.5)
@daviddao
fix: expand DID filter to support eq and in operators (hyperindex-q00.6)
b149838 
- Add DIDFilterInput GraphQL type with only eq and in fields (no contains/startsWith/neq)
- Replace StringFilterInput with DIDFilterInput for the did field in WhereInput
- Introduce DIDFilter struct in repositories to carry eq and in conditions
- Update extractFilters to populate DIDFilter.EQ and DIDFilter.IN from GraphQL args
- Add buildDIDFilterClause helper to generate SQL WHERE conditions for DIDFilter
- Update all repository methods to accept DIDFilter instead of plain string
- Add tests for DIDFilterInput fields, extractFilters DID handling, and DID in filtering
@daviddao
Add MaxFilterConditions cap to prevent filter abuse (hyperindex-q00.10)
fff01bd
@daviddao
test: add unit tests for ClampPageSize, sortFieldValueForRecord, empt…
56a3c6f 
…yConnection (hyperindex-q00.11)
@daviddao
beads: close hyperindex-q00 — all 11 bug fixes complete
afad71a
daviddao and others added 27 commits February 18, 2026 17:52
@daviddao
redesign Header with glass-panel, hypercerts logo, Hyperindex brandin…
78649fb 
…g, theme toggle (hyperindex-0nk.5)
@daviddao
feat: update lexicons and backfill pages for dark mode (hyperindex-0n…
dffe0f3 
…k.10)
@daviddao
feat: update Dashboard page and sub-components for dark mode (hyperin…
4b86216 
…dex-0nk.8)
@daviddao
feat: update settings and onboarding pages for dark mode (hyperindex-…
6033c8f 
…0nk.11)
@daviddao
docs page: update branding, font-syne, dark mode CSS vars (hyperindex…
0198d61 
…-0nk.9)
@daviddao
beads: mark hyperindex-0nk for integration review — all 13 tasks closed
7ccd9a4
@daviddao
feat: add client Dockerfile + standalone output for Railway deployment
c4ecd14
@daviddao
fix: use dynamic backend URL for GraphiQL links and API docs
1ca7f43 
- Replace hardcoded hypergoat-app-production URL with NEXT_PUBLIC_API_URL env var
- Point GraphiQL links directly to backend (Next.js rewrite can't proxy HTML)
- Remove broken /graphiql rewrite from next.config.ts
@daviddao
fix: GraphiQL redirect route and Dockerfile build arg for NEXT_PUBLIC…
981a312 
…_API_URL

- Add /graphiql server-side redirect route (reads HYPERINDEX_URL at runtime)
- Add ARG NEXT_PUBLIC_API_URL to Dockerfile so docs page gets correct URL at build time
- Revert dashboard/header GraphiQL links to /graphiql (handled by redirect route)
@daviddao
beads: plan hyperindex-a10 — make dashboard public
4035050
@daviddao
Make statistics, activityBuckets, recentActivity public (hyperindex-a10)
9e8acfc
@daviddao
docs: add deploy-railway skill for frontend/backend deployment
f2748e4 
Documents the exact railway up commands, env vars, custom domains,
and common troubleshooting for deploying both services.
@daviddao
beads: plan hyperindex-2rz — batch lexicon registration
d96ad45
@daviddao
feat: support batch lexicon registration via comma/newline-separated …
6275449 
…NSIDs (hyperindex-2rz)
@daviddao
beads: plan hyperindex-vz7 — fix NonNull GraphQL violations for requi…
4241da8 
…red fields with missing data
@daviddao
Add ZeroValueForType and RequiredProperties to lexicon package (hyper…
7fc19ad 
…index-vz7.1)
@daviddao
Add coerceRequiredFields to schema builder and wire into resolvers (h…
fb5c723 
…yperindex-vz7.2)
@daviddao
test: add integration tests for null coercion of required fields (hyp…
ae64fae 
…erindex-vz7.3)
@daviddao
beads: mark hyperindex-vz7 for integration review — all children closed
c15ebb9
@daviddao
beads: close hyperindex-vz7 — NonNull coercion complete
e30e889
@daviddao
beads: spec review follow-ups hyperindex-5ar, bn7, 3gm
68e95da
@daviddao
test: add TestCoerceRequiredFields_SingleRecordResolver for ByUri pat…
18c6350 
…h (hyperindex-3gm)
@daviddao
Remove unused format parameter from ZeroValueForType (hyperindex-bn7)
e706083
@daviddao
Merge pull request hypercerts-org#35 from hypercerts-org/tap-feature
659483d 
feat: Replace Jetstream+Backfill with Tap sidecar
@daviddao
fix: resolve 7 golangci-lint v2 issues blocking PR hypercerts-org#34
be7492a 
- errorlint: use errors.Is(err, context.Canceled) instead of == comparison
- gocritic: use http.NoBody instead of nil for GET request bodies
- ineffassign: remove unused nextPlaceholder assignments after last DID filter
- revive: add nolint:revive to types package declarations (consistent with existing files)
@daviddao
Merge pull request #1 from GainForest/filter-feature
3097549 
Merging tap & filter features into main branch
@Kzoeps
fix: send Basic Auth header on TAP WebSocket handshake
e751a47 
The TAP /channel WebSocket endpoint requires Basic Auth when
TAP_ADMIN_PASSWORD is set. The consumer was sending no Authorization
header, causing a 401 which gorilla/websocket surfaces as 'bad handshake'.

Wire cfg.TapAdminPassword into ConsumerConfig.Password and build the
Authorization header in runOnce() before dialing, matching the pattern
already used by AdminClient for HTTP requests.
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 6, 2026

@Kzoeps is attempting to deploy a commit to the Hypercerts Foundation Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 6, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ad7ba44c-3814-42aa-b62a-ee8239d9d866

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Kzoeps Kzoeps closed this Apr 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kzoeps @daviddao