docs(handler): document exact password validation error message strings

[github-actions]

Summary

Following the perf(handler) change in #172 that promoted the password error strings to explicit named package-level vars (errPasswordTooShort, errPasswordTooLong), this PR surfaces those exact strings in the handler documentation.

Changes

• docs/handler/auth.md — Expands the "Password constraints" note to include the exact JSON error bodies a client receives for too-short (< 8 bytes) and too-long (> 72 bytes) passwords, and combines the bcrypt cost inline.
• docs/handler/password-reset.md — Same addition for the ResetPassword endpoint.

Before / After

Before:

Password constraints: 8–72 bytes. Bcrypt cost 12.
```

**After:**
```
Password constraints: 8–72 bytes (bcrypt cost 12). A password shorter than 8 bytes returns
`{"error": "password must be at least 8 bytes"}`; a password longer than 72 bytes returns
`{"error": "password must be at most 72 bytes"}`.

Why

API clients (and their localisation layers) need to know the exact error string to match or replace. Now that the strings are named constants in the source, documenting them closes the gap between code and reference docs.

Generated by Update Docs · ● 1M · ◷

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/update-docs.md@96b9d4c39aa22359c0b38265927eadb31dcf4e2a

Greptile Summary

This PR updates two documentation files to surface the exact JSON error bodies returned for out-of-range passwords, referencing the named package-level error vars introduced in #172. The documented strings ("password must be at least 8 bytes" / "password must be at most 72 bytes") and the {"error": "..."} JSON shape match the source code in handler/helpers.go exactly.

Confidence Score: 5/5

Documentation-only change; verified error strings and JSON shape match source exactly — safe to merge.

No code changes; the two documented error strings and {"error": "..."} envelope were cross-checked against handler/helpers.go and are correct.

No files require special attention.

Important Files Changed

Filename	Overview
docs/handler/auth.md	Adds exact JSON error bodies for too-short and too-long passwords; bcrypt cost moved inline — all values verified correct against source.
docs/handler/password-reset.md	Adds same password error body documentation for the ResetPassword endpoint; strings match handler/helpers.go.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Client sends password] --> B{len less than 8 bytes?}
    B -- Yes --> C[HTTP 400 - password must be at least 8 bytes]
    B -- No --> D{len greater than 72 bytes?}
    D -- Yes --> E[HTTP 400 - password must be at most 72 bytes]
    D -- No --> F[Password accepted - bcrypt cost 12]

Loading

_{Reviews (1): Last reviewed commit: "docs(handler): document exact password v..." | Re-trigger Greptile}

[Copilot]

Pull request overview

Updates the handler documentation to include the exact password-length validation error strings returned by the HTTP handlers, aligning the reference docs with the current server behavior.

Changes:

• Document the exact JSON {"error": "..."} bodies returned for passwords shorter than 8 bytes and longer than 72 bytes.
• Expand the “Password constraints” notes in AuthHandler and PasswordResetHandler docs (including bcrypt cost inline for AuthHandler).

Show a summary per file

File	Description
docs/handler/auth.md	Adds the exact too-short/too-long password error strings (and keeps bcrypt cost in the constraints note).
docs/handler/password-reset.md	Adds the exact too-short/too-long password error strings for the ResetPassword flow.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 0