Skip to main content

Morphee Backend API Error Catalog

Generated: 2026-02-13 Total Files: 12 Total Errors: 75

This catalog documents all HTTPException error messages in the backend API for potential user-facing error message improvements.


Summary by Status Code

Status CodeCountDescription
40035Bad Request — validation or business logic errors
4014Unauthorized — authentication failures
4031Forbidden — permission denied
40429Not Found — resource does not exist
4091Conflict — duplicate resource
5002Internal Server Error — unexpected failures
5011Not Implemented — feature not configured
5021Bad Gateway — upstream service error

Errors by Category

Authentication & Authorization (backend/api/auth.py)

12 errors — signup, signin, tokens, profile, consent

LineFunctionStatusMessageNotes
80signup400str(e)Generic exception from auth service
104signin401str(e)Invalid credentials
130refresh401No refresh token providedMissing refresh token
143(middleware)401str(e)Token validation failure
194get_profile404str(e)User profile not found
207update_profile400str(e)Profile update validation
221change_password400str(e)Password change failure
241delete_account400Must send confirmation: "DELETE" to proceedConfirmation mismatch
251delete_account400str(e)Account deletion failure
294(consent)400str(e)Consent operation error
332grant_consent400str(e)Grant consent failure
346withdraw_consent400str(e)Withdraw consent failure

Recommendations:

  • Replace str(e) with friendly messages like "Invalid email or password", "Email already registered", etc.
  • Add specific error codes for different auth failures

Chat & Conversations (backend/api/chat.py)

12 errors — conversations, messages, regeneration, approvals

LineFunctionStatusMessageNotes
359update_conversation404Conversation not found✅ User-friendly
375get_conversation_messages404Conversation not found✅ User-friendly
391update_message404Message not found✅ User-friendly
406pin_message400Unable to pin message (not found or limit reached)✅ Good context
421unpin_message404Message not found✅ User-friendly
448regenerate_response404Conversation not found✅ User-friendly
455regenerate_response400Not enough messages to regenerate✅ User-friendly
459regenerate_response400Last message is not an assistant message✅ User-friendly
469regenerate_response400No user message found to regenerate from✅ User-friendly
596delete_conversation404Conversation not found✅ User-friendly
618decide_approval404Approval request not found or expired✅ User-friendly
641handle_component_event400Local events are handled client-sideInternal error

Recommendations:

  • Chat errors are already well-structured!
  • Consider adding error codes for client-side filtering

Groups (backend/api/groups.py)

6 errors — group CRUD operations

LineFunctionStatusMessageNotes
29create_group400User is already in a group✅ User-friendly
35create_group400User record not foundInternal error
43create_group400str(e)Generic database error
59get_my_group404Group not found✅ User-friendly
85update_my_group400str(e)Generic update error
102delete_my_group404Group not found or could not be deleted✅ Good context

Recommendations:

  • Replace str(e) with specific messages (validation, name taken, etc.)

Members & Invites (backend/api/members.py)

9 errors — invitations, roles, member management

LineFunctionStatusMessageNotes
45create_invite400str(e)Invite creation errors
65cancel_invite403Only group parents can cancel invites✅ Permission error
72cancel_invite404Invite not found or already processed✅ User-friendly
86accept_invite400User record not foundInternal error
93accept_invite400str(e)Accept errors
106decline_invite400str(e)Decline errors
132update_member_role400str(e)Role update errors
146remove_member404Member not found✅ User-friendly
152remove_member400str(e)Removal errors

Recommendations:

  • Map str(e) to specific cases: "Email already invited", "Invite expired", "Cannot remove yourself", etc.

Spaces (backend/api/spaces.py)

4 errors — space CRUD operations

LineFunctionStatusMessageNotes
32create_space400str(e)Space creation errors
64get_space404Space not found✅ User-friendly
82update_space400str(e)Space update errors
100delete_space404Space not found✅ User-friendly

Recommendations:

  • Add specific validation messages for name conflicts, parent space errors

Tasks (backend/api/tasks.py)

3 errors — task CRUD operations

LineFunctionStatusMessageNotes
45get_task404Task not found✅ User-friendly
81update_task400str(e)State transition errors
131delete_task404Task not found✅ User-friendly

Recommendations:

  • Map task state machine errors to messages like "Cannot pause completed task"

Skills (backend/api/skills.py)

10 errors — skill definitions, validation, CRUD

LineFunctionStatusMessageNotes
56get_skill404Skill not found✅ User-friendly
71create_skill400Invalid definition: {e}⚠️ Exposes exception
81create_skill400Validation errors: {'; '.join(errors)}✅ Detailed validation
97create_skill409Skill '{body.name}' already exists✅ User-friendly
121update_skill404Skill not found✅ User-friendly
134update_skill400Invalid definition: {e}⚠️ Exposes exception
143update_skill400Validation errors: {'; '.join(errors)}✅ Detailed validation
148update_skill500Failed to update skill⚠️ Generic 500
180delete_skill404Skill not found✅ User-friendly
195delete_skill500Failed to delete skill⚠️ Generic 500

Recommendations:

  • Sanitize {e} to avoid exposing internal errors
  • Add error codes for specific validation failures
  • Investigate 500 errors — should be 400s with specific messages

Interfaces (backend/api/interfaces.py)

9 errors — interface configs, actions

LineFunctionStatusMessageNotes
83get_interface_config404Interface not found: {interface_name}✅ User-friendly
89get_interface_config404No config found for {interface_name}✅ User-friendly
114save_interface_config404Interface not found: {interface_name}✅ User-friendly
117save_interface_config400Interface {interface_name} is not configurable✅ User-friendly
157delete_interface_config404Interface not found: {interface_name}✅ User-friendly
168delete_interface_config404No config found for {interface_name}✅ User-friendly
185get_interface404Interface not found: {interface_name}✅ User-friendly
215execute_action404Interface not found: {action_execution.interface_name}✅ User-friendly
228execute_action404Action not found: {action_execution.action_name}✅ User-friendly

Recommendations:

  • Interfaces have excellent error messages!

OAuth (backend/api/oauth.py)

3 errors — Google OAuth configuration, redirect URIs

LineFunctionStatusMessageNotes
68google_authorize501Google OAuth not configured✅ Configuration error
80google_authorize400Redirect URI domain not allowed✅ Security error
85google_authorize400Invalid redirect URI scheme: {parsed.scheme}✅ Validation error

Recommendations:

  • OAuth errors are well-structured!

SSO (backend/api/sso.py)

5 errors — SSO provider discovery, authorization, callbacks

LineFunctionStatusMessageNotes
84list_providers502Failed to query auth provider settings⚠️ Upstream error
97sso_authorize400Unsupported provider: {provider}✅ User-friendly
109sso_authorize400Invalid redirect URI scheme: {parsed.scheme}✅ Validation error
119sso_authorize400Invalid redirect URI: hostname not allowed✅ Security error
149sso_callback401Invalid SSO token✅ Auth error

Recommendations:

  • Consider retry logic for 502 errors
  • Add more context to "Invalid SSO token" (expired, malformed, etc.)

Notifications (backend/api/notifications.py)

1 error — notification operations

LineFunctionStatusMessageNotes
53mark_read404Notification not found✅ User-friendly

Onboarding (backend/api/onboarding.py)

1 error — onboarding flow validation

LineFunctionStatusMessageNotes
146onboarding_chat400User already has a group. Onboarding is not needed.✅ User-friendly

Action Items for Phase 3e.4 (Engagement & Polish)

High Priority (User-Facing)

  1. Replace str(e) in auth.py (12 instances)

    • Map Supabase auth errors to friendly messages
    • Examples: "Email already registered", "Invalid email or password", "Password must be at least 8 characters"
  2. Replace str(e) in groups/members/spaces (10 instances)

    • Validation errors: "Group name required", "Name must be unique"
    • Business logic: "Cannot invite yourself", "Email already invited"
  3. Sanitize skill validation errors (2 instances)

    • Don't expose raw exception text in Invalid definition: {e}
    • Parse and translate to user-friendly messages

Medium Priority (Developer Experience)

  1. Add error codes

    • Pattern: {"error": "CONVERSATION_NOT_FOUND", "message": "...", "code": "E404_CONV"}
    • Enables client-side error handling and i18n
  2. Investigate 500 errors in skills.py (2 instances)

    • Should be 400s with specific messages
    • Add better exception handling

Low Priority (Monitoring)

  1. Add structured logging for all HTTPExceptions
    • Log error code, user_id, group_id for debugging
    • Don't log PII in error messages

Pattern Analysis

✅ Good Patterns (Keep)

  • Specific, contextual messages: "Conversation not found", "Only group parents can cancel invites"
  • Validation details: f"Validation errors: {'; '.join(errors)}"
  • Dynamic context: f"Interface not found: {interface_name}"

⚠️ Anti-Patterns (Fix)

  • Generic str(e): Exposes internal errors, not user-friendly (35 instances)
  • 500 for business logic: Use 400 with specific message instead
  • Missing context: "Failed to update" → "Failed to update: name already exists"

Error Message Template

# Good
raise HTTPException(
status_code=400,
detail="Space name must be unique within the group"
)

# Bad
raise HTTPException(status_code=400, detail=str(e))

With Error Codes (Future)

raise HTTPException(
status_code=400,
detail={
"error": "DUPLICATE_SPACE_NAME",
"message": "A space with this name already exists in your group",
"field": "name"
}
)

Next Steps:

  1. Create backend/errors.py with error message constants
  2. Map exception types to user-friendly messages
  3. Update all str(e) instances
  4. Add error codes for client-side handling
  5. Document error codes in docs/api.md