CU-2458: Display server error messages for failed uploads

chrapkowski-sg · chrapkowski-sg · commit 6921eda7bf2a · 2026-02-20T20:43:08.000+01:00
diff --git a/cmd/src/code_intel_upload.go b/cmd/src/code_intel_upload.go
@@ -217,8 +217,23 @@ func (e errorWithHint) Error() string {
 //
 // This method returns the error that should be passed back up to the runner.
 func handleUploadError(accessToken string, err error) error {
-	if errors.Is(err, upload.ErrUnauthorized) {
-		err = attachHintsForAuthorizationError(accessToken, err)
+	if errors.Is(err, ErrUnauthorized) {
+		// Extract server detail message if the error was wrapped with one
+		// (e.g. "must provide github_token" from the upload endpoint).
+		serverMessage := serverMessageFromError(err)
+		if serverMessage != "" {
+			err = errorWithHint{
+				err:  errors.Newf("upload rejected by server: %s", serverMessage),
+				hint: "For more details, see https://docs.sourcegraph.com/cli/references/code-intel/upload.",
+			}
+		} else {
+			err = attachHintsForAuthorizationError(accessToken, err)
+		}
+	} else if strings.Contains(err.Error(), "unexpected status code: 403") {
+		err = errorWithHint{
+			err:  err,
+			hint: "For more details, see https://docs.sourcegraph.com/cli/references/code-intel/upload.",
+		}
 	}
 
 	if codeintelUploadFlags.ignoreUploadFailures {
@@ -230,6 +245,21 @@ func handleUploadError(accessToken string, err error) error {
 	return err
 }
 
+// serverMessageFromError extracts the detail string from a wrapped ErrUnauthorized.
+// Returns "" if the error is the bare sentinel (no server message).
+func serverMessageFromError(err error) string {
+	msg := err.Error()
+	sentinel := ErrUnauthorized.Error()
+	if msg == sentinel {
+		return ""
+	}
+	// errors.Wrap produces "detail: sentinel", so strip the suffix.
+	if strings.HasSuffix(msg, ": "+sentinel) {
+		return strings.TrimSuffix(msg, ": "+sentinel)
+	}
+	return ""
+}
+
 func attachHintsForAuthorizationError(accessToken string, originalError error) error {
 	var actionableHints []string
 
@@ -303,3 +333,5 @@ func mergeStringSlices(ss ...[]string) []string {
 
 	return combined
 }
+
+
diff --git a/cmd/src/code_intel_upload_vendored.go b/cmd/src/code_intel_upload_vendored.go
@@ -420,6 +420,10 @@ func performRequest(ctx context.Context, req *http.Request, httpClient upload.Cl
 func decodeUploadPayload(resp *http.Response, body []byte, target *int) (bool, error) {
 	if resp.StatusCode >= 300 {
 		if resp.StatusCode == http.StatusUnauthorized {
+			detail := string(bytes.TrimSpace(body))
+			if detail != "" && !bytes.HasPrefix(bytes.TrimSpace(body), []byte{'<'}) {
+				return false, errors.Wrap(ErrUnauthorized, detail)
+			}
 			return false, ErrUnauthorized
 		}
 
