docs: add missing 404 status rows for BeginRegistration and ChangePassword

[github-actions]

What changed

Two recent code fixes (commit 6864a5dc) mapped auth.ErrNotFound to HTTP 404 in two handlers that previously only returned 500 for all store errors. The HTTP status code tables in the reference docs were not updated to reflect these new 404 paths.

docs/handler/passkeys.md — BeginRegistration

• Added BeginRegistration | 404 Not Found | User not found row
• Updated the 500 row condition to remove "Failed to fetch user" (a non-ErrNotFound fetch error is now the only remaining 500 path for that operation)

docs/handler/auth.md — ChangePassword

• Added ChangePassword | 404 Not Found | User not found row

docs/handler/auth.md — Logout session-tracking description

A separate fix (commit a0c3d033) changed Logout to emit a slog.WarnContext when DeleteSession returns an unexpected error, and to silently ignore ErrNotFound (session already expired or revoked). The HTTP response is always 200 OK, but operators monitoring logs should know when to expect this warning. Updated the bullet point in the "Session tracking and refresh token rotation" section.

Why these are important

Incorrect HTTP status tables lead developers to write overly broad error handlers (e.g., retrying on 404 instead of surfacing "user not found") and produce misleading observability dashboards. These gaps are documentation bugs equivalent to failing tests.

Testing

Documentation-only change; no code was modified. Verified against the implementation in handler/passkey.go and handler/auth.go.

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

Generated by Update Docs · ● 1.1M · ◷

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/update-docs.md@96b9d4c39aa22359c0b38265927eadb31dcf4e2a

Greptile Summary

This documentation-only PR adds missing HTTP 404 status rows for BeginRegistration and ChangePassword, and clarifies Logout session-deletion logging behaviour. All three changes have been verified against the corresponding implementation in handler/passkey.go and handler/auth.go and are accurate.

Confidence Score: 5/5

Documentation-only PR with all changes verified against the implementation — safe to merge.

No code changes; all three documentation updates accurately reflect the existing handler logic confirmed by direct code inspection.

No files require special attention.

Important Files Changed

Filename	Overview
docs/handler/auth.md	Adds accurate 404 row for ChangePassword and correctly documents the WarnContext/silent-ignore behaviour for Logout session deletion.
docs/handler/passkeys.md	Adds accurate 404 row for BeginRegistration and narrows the 500 description to only non-ErrNotFound fetch errors, matching the implementation.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[BeginRegistration] --> B{WebAuthn nil?}
    B -->|Yes| C[503 Service Unavailable]
    B -->|No| D{name empty or >100 chars?}
    D -->|Yes| E[400 Bad Request]
    D -->|No| F[FindByID]
    F -->|ErrNotFound| G[404 Not Found]
    F -->|Other error| H[500 Internal Server Error]
    F -->|OK| I[ListCredentialsByUser]
    I -->|Error| H
    I -->|OK| J[WebAuthn.BeginRegistration]
    J -->|Error| H
    J -->|OK| K[StoreChallenge]
    K -->|Error| H
    K -->|OK| L[200 OK]

    M[ChangePassword] --> N{Missing fields?}
    N -->|Yes| O[400 Bad Request]
    N -->|No| P[FindByID]
    P -->|ErrNotFound| Q[404 Not Found]
    P -->|Other error| R[500 Internal Server Error]
    P -->|OK| S{Wrong password?}
    S -->|Yes| T[401 Unauthorized]
    S -->|No| U[UpdatePassword]
    U -->|Error| R
    U -->|OK| V[200 OK]

    W[Logout] --> X[DeleteSession]
    X -->|ErrNotFound| Y[silently ignored → 200 OK]
    X -->|Other error| Z[slog.WarnContext → 200 OK]
    X -->|OK| AA[200 OK]

Loading

_{Reviews (2): Last reviewed commit: "docs: qualify ErrNotFound as auth.ErrNot..." | Re-trigger Greptile}

[Copilot]

Pull request overview

Updates handler reference documentation to reflect recently added 404 Not Found responses and to clarify Logout session-deletion logging behavior, keeping the published HTTP status tables aligned with current handler implementations.

Changes:

• Add a BeginRegistration | 404 Not Found | User not found row and refine the 500 condition wording in docs/handler/passkeys.md.
• Add a ChangePassword | 404 Not Found | User not found row in docs/handler/auth.md.
• Expand the Logout session-tracking description to mention ignoring ErrNotFound and logging unexpected deletion errors via slog while still returning HTTP 200.

Show a summary per file

File	Description
docs/handler/passkeys.md	Adds missing 404 row for BeginRegistration and updates 500-row condition text.
docs/handler/auth.md	Adds missing 404 row for ChangePassword and clarifies Logout session-deletion behavior in the session-tracking section.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 1