Integrate Effect lint cleanups

apps/cloud/src/api/autumn.ts

@@ -1,5 +1,5 @@
 import { env } from "cloudflare:workers";
-import { Effect } from "effect";
+import { Cause, Effect } from "effect";
 import {
   HttpRouter,
   HttpServerRequest,
@@ -30,13 +30,11 @@ const handler = Effect.gen(function* () {
   const session = yield* workos.authenticateRequest(webRequest);
 
   if (!session || !session.organizationId) {
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 401,
-        code: "unauthorized",
-        message: "Unauthorized",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 401,
+      code: "unauthorized",
+      message: "Unauthorized",
+    });
   }
 
   const url = new URL(webRequest.url);
@@ -74,20 +72,18 @@ const handler = Effect.gen(function* () {
 
   if (statusCode >= 400) {
     console.error("[autumn] upstream error:", statusCode, response);
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: statusCode,
-        code: "billing_request_failed",
-        message: "Billing request failed",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: statusCode,
+      code: "billing_request_failed",
+      message: "Billing request failed",
+    });
   }
 
   return HttpServerResponse.jsonUnsafe(response, { status: statusCode });
 }).pipe(
   Effect.catchCause((err) => {
     if (isServerError(err)) {
-      console.error("[autumn] request failed:", err instanceof Error ? err.stack : err);
+      console.error("[autumn] request failed:", Cause.pretty(err));
     }
     return Effect.succeed(toErrorServerResponse(err));
   }),

apps/cloud/src/api/error-response.ts

@@ -1,4 +1,4 @@
-import { Cause, Data, Effect, Result } from "effect";
+import { Cause, Data, Effect, Predicate, Result } from "effect";
 import {
   HttpServerRespondable,
   HttpServerResponse,
@@ -38,9 +38,12 @@ const unwrapCause = (error: unknown): unknown => {
   return error;
 };
 
+const isHttpResponseError = (error: unknown): error is HttpResponseError =>
+  Predicate.isTagged(error, "HttpResponseError");
+
 const toHttpResponseError = (error: unknown): HttpResponseError => {
   const unwrapped = unwrapCause(error);
-  return unwrapped instanceof HttpResponseError
+  return isHttpResponseError(unwrapped)
     ? unwrapped
     : new HttpResponseError({
         status: 500,
@@ -62,7 +65,7 @@ export const toErrorServerResponse = (error: unknown): HttpServerResponse.HttpSe
   if (mapped.status >= 500) {
     console.error(
       "[api] toErrorServerResponse error:",
-      Cause.isCause(error) ? Cause.pretty(error) : error instanceof Error ? error.stack : error,
+      Cause.isCause(error) ? Cause.pretty(error) : error,
     );
     captureCause(error);
   }

apps/cloud/src/api/slack.ts

@@ -1,5 +1,5 @@
 import { env } from "cloudflare:workers";
-import { Effect } from "effect";
+import { Cause, Effect } from "effect";
 import { HttpRouter, HttpServerRequest, HttpServerResponse } from "effect/unstable/http";
 
 import { SlackService } from "../services/slack";
@@ -31,20 +31,18 @@ const verifyTurnstile = (token: string, remoteIp: string | null) =>
       const json = (await res.json()) as { success: boolean; "error-codes"?: string[] };
       return { success: json.success, errorCodes: json["error-codes"] ?? [] };
     },
-    catch: (cause) => ({ success: false as const, fetchError: String(cause) }),
+    catch: (cause) => ({ success: false as const, fetchError: cause }),
   });
 
 const handler = Effect.gen(function* () {
   const request = yield* HttpServerRequest.HttpServerRequest;
 
   if (request.method !== "POST") {
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 405,
-        code: "method_not_allowed",
-        message: "Method not allowed",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 405,
+      code: "method_not_allowed",
+      message: "Method not allowed",
+    });
   }
 
   const body = (yield* Effect.mapError(
@@ -73,54 +71,46 @@ const handler = Effect.gen(function* () {
   const turnstileToken = typeof body.turnstileToken === "string" ? body.turnstileToken : "";
 
   if (!isValidEmail(email)) {
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 400,
-        code: "invalid_email",
-        message: "A valid email is required",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 400,
+      code: "invalid_email",
+      message: "A valid email is required",
+    });
   }
 
   if (!turnstileToken) {
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 400,
-        code: "captcha_required",
-        message: "Captcha verification is required.",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 400,
+      code: "captcha_required",
+      message: "Captcha verification is required.",
+    });
   }
 
   const remoteIp = request.headers["cf-connecting-ip"] ?? null;
   const verification = yield* verifyTurnstile(turnstileToken, remoteIp);
   if (!verification.success) {
     console.error("[slack] turnstile verification failed:", verification);
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 403,
-        code: "captcha_failed",
-        message: "Captcha verification failed. Please try again.",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 403,
+      code: "captcha_failed",
+      message: "Captcha verification failed. Please try again.",
+    });
   }
 
   // Global daily channel-creation cap — bounds the worst case if Turnstile is
   // bypassed somehow. Per-IP gating belongs at the edge (Cloudflare Rules);
   // this binding is a single shared bucket keyed at "global".
   const limit = yield* Effect.tryPromise({
     try: () => env.SLACK_INVITE_LIMITER.limit({ key: "global" }),
-    catch: (cause) => ({ success: false as const, fetchError: String(cause) }),
+    catch: (cause) => ({ success: false as const, fetchError: cause }),
   });
   if (!limit.success) {
     console.error("[slack] global rate limit hit");
-    return yield* Effect.fail(
-      new HttpResponseError({
-        status: 429,
-        code: "rate_limited",
-        message: "We're getting more contact requests than usual. Please try again later.",
-      }),
-    );
+    return yield* new HttpResponseError({
+      status: 429,
+      code: "rate_limited",
+      message: "We're getting more contact requests than usual. Please try again later.",
+    });
   }
 
   const slack = yield* SlackService;
@@ -144,7 +134,7 @@ const handler = Effect.gen(function* () {
 }).pipe(
   Effect.catchCause((err) => {
     if (isServerError(err)) {
-      console.error("[slack] request failed:", err instanceof Error ? err.stack : err);
+      console.error("[slack] request failed:", Cause.pretty(err));
     }
     return Effect.succeed(toErrorServerResponse(err));
   }),

apps/cloud/src/auth/handlers.node.test.ts

@@ -1,7 +1,7 @@
 import { HttpApiBuilder, HttpApi } from "effect/unstable/httpapi";
 import { HttpRouter, HttpServer } from "effect/unstable/http";
 import { describe, expect, it } from "@effect/vitest";
-import { Effect, Layer } from "effect";
+import { Data, Effect, Layer } from "effect";
 import type { Effect as EffectType } from "effect/Effect";
 
 import { CloudAuthPublicApi } from "./api";
@@ -31,15 +31,22 @@ const fakeUser: AuthenticateWithCodeResult["user"] = {
   metadata: {},
 };
 
+class UnstubbedWorkOSMethod extends Data.TaggedError("UnstubbedWorkOSMethod")<{
+  method: string;
+}> {}
+
 const makeAuthFetch = (workos: Partial<WorkOSAuth["Service"]>) => {
   const WorkOSTest = Layer.succeed(
     WorkOSAuth,
     new Proxy(workos as WorkOSAuth["Service"], {
       get: (target, prop) => {
         if (prop in target) return target[prop as keyof typeof target];
-        return () => {
-          throw new Error(`WorkOSAuth.${String(prop)} not stubbed`);
-        };
+        return () =>
+          Effect.fail(
+            new UnstubbedWorkOSMethod({
+              method: typeof prop === "string" ? prop : (prop.description ?? "symbol"),
+            }),
+          );
       },
     }),
   );

apps/cloud/src/auth/handlers.ts

@@ -270,7 +270,7 @@ export const CloudSessionAuthHandlers = HttpApiBuilder.group(
               },
             );
             deleteCookie("wos-session", { path: "/" });
-            return yield* Effect.fail(new WorkOSError());
+            return yield* new WorkOSError();
           }
 
           setCookie("wos-session", refreshed, COOKIE_OPTIONS);
@@ -341,7 +341,7 @@ export const CloudSessionAuthHandlers = HttpApiBuilder.group(
             yield* Effect.logWarning("acceptInvitation: invitation has no organizationId", {
               invitationId: payload.invitationId,
             });
-            return yield* Effect.fail(new WorkOSError());
+            return yield* new WorkOSError();
           }
 
           // Mirror the org locally so domain tables can FK against it.
@@ -369,7 +369,7 @@ export const CloudSessionAuthHandlers = HttpApiBuilder.group(
               },
             );
             deleteCookie("wos-session", { path: "/" });
-            return yield* Effect.fail(new WorkOSError());
+            return yield* new WorkOSError();
           }
 
           setCookie("wos-session", refreshed, COOKIE_OPTIONS);

apps/cloud/src/auth/workos.ts

@@ -3,11 +3,17 @@
 // ---------------------------------------------------------------------------
 
 import { env } from "cloudflare:workers";
-import { Context, Effect, Layer } from "effect";
+import { Context, Data, Effect, Layer } from "effect";
 import { GeneratePortalLinkIntent, WorkOS } from "@workos-inc/node/worker";
 import { WorkOSError, tryPromiseService, withServiceLogging } from "./errors";
 
 const COOKIE_NAME = "wos-session";
+const INVALID_COOKIE_PASSWORD_MESSAGE =
+  "WORKOS_COOKIE_PASSWORD must be at least 32 characters";
+
+class WorkOSAuthConfigurationError extends Data.TaggedError("WorkOSAuthConfigurationError")<{
+  readonly message: string;
+}> {}
 
 // ---------------------------------------------------------------------------
 // Service
@@ -19,7 +25,9 @@ const make = Effect.gen(function* () {
   const cookiePassword = env.WORKOS_COOKIE_PASSWORD;
 
   if (!cookiePassword || cookiePassword.length < 32) {
-    return yield* Effect.die(new Error("WORKOS_COOKIE_PASSWORD must be at least 32 characters"));
+    return yield* new WorkOSAuthConfigurationError({
+      message: INVALID_COOKIE_PASSWORD_MESSAGE,
+    });
   }
 
   const workos = new WorkOS({ apiKey, clientId });