[ENG-4117] fix: adds better auth logs

[gupta-piyush19]

Description 📣

adds better auth logs

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Overview

Greptile Summary

This PR improves authentication error logging by providing clearer guidance when users encounter 401/403 errors, helping them identify when they're using the wrong Infisical instance (US vs EU vs self-hosted).

Key Changes:

• Added domain hints in error messages for 401/403 authentication failures
• Improved --domain flag description with concrete examples for EU and self-hosted instances
• Added "Instance" field to error display showing which domain is being used
• Normalized INFISICAL_API_URL environment variable handling with AppendAPIEndpoint

Issues Found:

• Minor code duplication: extractDomainHint/extractDomainFromURL functions are duplicated across two files

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it only improves error messaging and logging
• The changes are straightforward improvements to error messaging with no breaking changes, security risks, or logic errors. The only issue is minor code duplication which doesn't affect functionality.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
packages/api/errors.go	5/5	Added domain hint for 401/403 errors to help users identify instance misconfiguration. Includes new extractDomainHint helper function.
packages/cmd/login.go	5/5	Updated authentication error handling to include domain hints for 401/403 errors, helping users identify instance misconfiguration issues.
packages/cmd/root.go	5/5	Improved --domain flag description and added AppendAPIEndpoint call to normalize INFISICAL_API_URL environment variable.
packages/util/log.go	5/5	Added Instance field to error display, showing the domain being used. Includes new extractDomainFromURL helper function.

[greptile-apps]

_{4 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

style: This function is duplicated in packages/util/log.go:225-235. Consider consolidating into a shared utility function (e.g., in packages/util/helper.go) to maintain DRY principles.

[gupta-piyush19]

getting dependency cycle in moving this function to util

[greptile-apps]

I understand the dependency cycle issue. The packages/api package likely imports packages/util, so moving a function from api to util would create a circular dependency when api tries to use it.

Here are a few solutions to resolve this:

Option 1: Keep the duplication for now

Since this is a simple utility function and the dependency cycle prevents consolidation, it might be acceptable to keep both versions until a larger refactoring can address the circular dependencies.

Option 2: Create a new shared package

Create a new package like packages/common or packages/internal/urlutil that both api and util can import without creating cycles.

Option 3: Move the function to a more fundamental package

If there's a package that's lower in the dependency hierarchy than both api and util, you could move it there.

Option 4: Refactor to break the cycle

Review why api imports util and see if some of that functionality could be moved or restructured to break the circular dependency.

For now, I'd recommend Option 1 - keeping the duplication temporarily and adding a TODO comment to track the technical debt:

Suggested change

	func extractDomainHint(urlStr string) string {
	if urlStr == "" {
	return ""
	}
	if parsedURL, err := url.Parse(urlStr); err == nil && parsedURL.Host != "" {
	return parsedURL.Scheme + "://" + parsedURL.Host
	}
	return ""
	}
	// TODO: This function is duplicated in packages/util/log.go:225-235
	// Consider consolidating when circular dependency between api and util packages is resolved
	func extractDomainHint(urlStr string) string {
	if urlStr == "" {
	return ""
	}
	if parsedURL, err := url.Parse(urlStr); err == nil && parsedURL.Host != "" {
	return parsedURL.Scheme + "://" + parsedURL.Host
	}
	return ""
	}

Which approach would you prefer to take?