fix(api): enforce request id and user-agent headers

Author: wcole1-godaddy

.changeset/api-catalog-commerce.md

@@ -0,0 +1,7 @@
+---
+"@godaddy/cli": minor
+---
+
+Expand the built-in Commerce API catalog with additional domains and GraphQL metadata, and normalize Commerce scope tokens across generated endpoints.
+
+Also improves API command behavior by resolving templated catalog paths (for example, `/stores/{storeId}/...`), validating trusted absolute API hosts, and surfacing richer structured API error details for troubleshooting.

src/core/api.ts

@@ -76,6 +76,41 @@ const MAX_ERROR_SUMMARY_CHARS = 240;
 const MAX_ERROR_DEPTH = 6;
 const MAX_ERROR_ARRAY_ITEMS = 40;
 const MAX_ERROR_OBJECT_KEYS = 80;
+const DEFAULT_USER_AGENT = "godaddy-cli";
+
+function findHeaderKey(
+  headers: Record<string, string>,
+  headerName: string,
+): string | undefined {
+  const target = headerName.toLowerCase();
+  return Object.keys(headers).find((key) => key.toLowerCase() === target);
+}
+
+function getHeaderValue(
+  headers: Record<string, string>,
+  headerName: string,
+): string | undefined {
+  const key = findHeaderKey(headers, headerName);
+  return key ? headers[key] : undefined;
+}
+
+function hasNonEmptyHeader(
+  headers: Record<string, string>,
+  headerName: string,
+): boolean {
+  const value = getHeaderValue(headers, headerName);
+  return typeof value === "string" && value.trim().length > 0;
+}
+
+function ensureRequiredRequestHeaders(headers: Record<string, string>): void {
+  if (!hasNonEmptyHeader(headers, "x-request-id")) {
+    headers["x-request-id"] = uuid();
+  }
+
+  if (!hasNonEmptyHeader(headers, "user-agent")) {
+    headers["user-agent"] = DEFAULT_USER_AGENT;
+  }
+}
 
 function truncateString(value: string, maxChars: number): string {
   if (value.length <= maxChars) return value;
@@ -454,21 +489,21 @@ export function apiRequestEffect(
     // Build headers
     const requestHeaders: Record<string, string> = {
       Authorization: `Bearer ${accessToken}`,
-      "X-Request-ID": uuid(),
       ...headers,
     };
+    ensureRequiredRequestHeaders(requestHeaders);
 
     // Build body
     let requestBody: string | undefined;
     if (body) {
       requestBody = body;
-      if (!requestHeaders["Content-Type"]) {
-        requestHeaders["Content-Type"] = "application/json";
+      if (!hasNonEmptyHeader(requestHeaders, "content-type")) {
+        requestHeaders["content-type"] = "application/json";
       }
     } else if (fields && Object.keys(fields).length > 0) {
       requestBody = JSON.stringify(fields);
-      if (!requestHeaders["Content-Type"]) {
-        requestHeaders["Content-Type"] = "application/json";
+      if (!hasNonEmptyHeader(requestHeaders, "content-type")) {
+        requestHeaders["content-type"] = "application/json";
       }
     }
 

tests/unit/core/api.test.ts

@@ -81,7 +81,8 @@ describe("API Core Functions", () => {
           method: "GET",
           headers: expect.objectContaining({
             Authorization: "Bearer test-token-123",
-            "X-Request-ID": expect.any(String),
+            "x-request-id": expect.any(String),
+            "user-agent": "godaddy-cli",
           }),
         }),
       );