fix(rpc): send x-account-id as HTTP header in RPC requests

[ryoppippi]

Summary

• Fixed RPC client to send x-account-id as an actual HTTP header, not just in the request body
• The StackOne API requires x-account-id as an HTTP header for authentication/authorisation
• Implemented branded types using Zod for type-safe header handling
• Added defu library for clean header merging
• Created utility function with comprehensive tests

Problem

When executing tools via the RPC endpoint (/actions/rpc), the API returned:

400 Bad Request: Missing x-account-id header or query parameter in request

The x-account-id was being sent in the request body's headers field:

{
  "action": "...",
  "headers": { "x-account-id": "..." },
  ...
}

But the API expects it as an actual HTTP header on the request.

Solution

Architecture Changes

1. Created src/schemas/headers.ts:

   • Defined STACKONE_HEADER_KEYS constant for known headers to forward
   • Created stackOneHeadersSchema with Zod branding for type safety
   • Exported StackOneHeaders branded type

2. Created src/utils/headers.ts:

   • Extracted normaliseHeaders() utility function
   • Converts mixed types (number, boolean, object) to strings
   • Added 10 comprehensive unit tests

3. Updated src/toolsets/base.ts:

   • Use defu for clean header merging
   • Parse headers through schema to get branded type
   • Ensures type safety throughout the flow

4. Updated src/rpc-client.ts:

   • Forward all StackOne-specific headers as HTTP headers
   • Iterate over STACKONE_HEADER_KEYS constant
   • Preserve headers in body for backwards compatibility

Key Features

• Type Safety: Zod branded types ensure headers are validated
• Extensible: Easy to add more headers to STACKONE_HEADER_KEYS
• Clean Code: Used defu for merging, extracted utility functions
• Well Tested: Added 10 new tests, all 306 tests pass

Test plan

• Added unit test should send x-account-id as HTTP header to verify the fix
• Added 10 unit tests for normaliseHeaders() utility function
• All existing tests pass (306 tests total, 27 test files)
• Updated MSW mock handler to capture and return both HTTP header and body header values for verification
• Lint passes with no errors

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/StackOneHQ/stackone-ai-node/@stackone/ai@202

commit: 8666db4

[Copilot]

Pull request overview

This PR fixes a critical bug where the RPC client was not sending x-account-id as an HTTP header, causing 400 Bad Request errors from the StackOne API.

• Extracts x-account-id from request headers and includes it as an HTTP header in the fetch request
• Maintains backwards compatibility by keeping x-account-id in the request body
• Adds test coverage to verify the header is properly sent at the HTTP level

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/rpc-client.ts	Extracts x-account-id from request headers and adds it to HTTP headers using type-safe conditional spreading
src/rpc-client.test.ts	Adds test case to verify x-account-id is sent both as HTTP header and in request body
mocks/handlers.ts	Updates MSW mock handler to capture and verify the x-account-id HTTP header

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cubic-dev-ai]

No issues found across 3 files