docs: clarify diagnostic panic for nil UsedCodes in TOTPHandler

[github-actions]

Summary

Updates docs/handler/totp.md to accurately reflect the diagnostic panic behavior restored in #339.

What changed in code (#339)

TOTPHandler.isReplay and TOTPHandler.recordUsed now panic with an explicit, actionable message:

TOTPHandler misconfigured: UsedCodes is nil; call Validate() at server startup

rather than producing a silent nil pointer dereference. This matters in production deployments that use recover()-based middleware, which can swallow cryptic panics and make the root cause impossible to diagnose.

What this PR changes

• Updates the !!! warning "UsedCodes is required" admonition in docs/handler/totp.md to:
  • Quote the exact panic message developers will see
  • Explain why the diagnostic panic is intentional (recover()-based middleware context)
  • Preserve the guidance to always initialize UsedCodes and call Validate at startup

Checklist

• Documentation only — no code changes
• Accurately reflects current code behaviour after Remove redundant UsedCodes nil panic guards in TOTP replay helpers #339

Generated by Update Docs · ● 1.1M · ◷

Add this agentic workflows to your repo

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/update-docs.md@96b9d4c39aa22359c0b38265927eadb31dcf4e2a

Greptile Summary

This documentation-only PR updates the !!! warning admonition in docs/handler/totp.md to accurately reflect the explicit diagnostic panic introduced in #339 for nil UsedCodes.

• The quoted panic string (TOTPHandler misconfigured: UsedCodes is nil; call Validate() at server startup) matches handler/totp.go lines 77 and 85 verbatim.
• The explanation of why the panic is deliberate (recover-based middleware context) and the startup guidance are preserved correctly.

Confidence Score: 5/5

Documentation-only change; no executable code is modified.

The panic message quoted in the admonition matches the source exactly (handler/totp.go lines 77 and 85), the scope (Enroll and Verify) is correct, and the startup guidance is intact. Nothing in the change can affect runtime behavior.

No files require special attention.

Important Files Changed

Filename	Overview
docs/handler/totp.md	Warning admonition updated to quote the exact diagnostic panic message and explain why it's intentional; panic string matches handler/totp.go lines 77 and 85 verbatim.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Server startup] --> B[Initialize TOTPHandler\nwith UsedCodes set]
    B --> C[Call h.Validate]
    C -->|error| D[log.Fatal — misconfiguration\nsurfaces immediately]
    C -->|nil| E[Register routes]
    E --> F{Enroll or Verify\nrequest arrives}
    F --> G[isReplay / recordUsed\nchecks UsedCodes]
    G -->|UsedCodes == nil| H["panic: TOTPHandler misconfigured:\nUsedCodes is nil; call Validate()\nat server startup"]
    G -->|UsedCodes != nil| I[Normal handler flow]

Loading

_{Reviews (1): Last reviewed commit: "Merge branch 'main' into docs/update-tot..." | Re-trigger Greptile}

[Copilot]

Pull request overview

This PR updates the TOTPHandler documentation to accurately describe the intentional diagnostic panic that occurs when UsedCodes is nil at runtime (matching the current handler/totp.go behavior), including the exact panic message and the rationale for it in recover()-based deployments.

Changes:

• Updated the UsedCodes is required warning in docs/handler/totp.md to quote the exact panic message developers will see.
• Added explanation of why the diagnostic panic is intentional (clear root cause vs. nil deref under recovery middleware).
• Preserved existing guidance to initialize UsedCodes and call Validate() at server startup.

Show a summary per file

File	Description
docs/handler/totp.md	Clarifies nil UsedCodes behavior by documenting the exact diagnostic panic message and rationale.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 0