Summary
The auth-no-alternative diagnostic fires incorrectly when pages fail to fetch due to a network error (e.g., DNS failure), rather than an actual authentication gate.
Steps to reproduce
Run afdocs check against a URL whose domain does not resolve (DNS NXDOMAIN or clientHold):
afdocs check https://example-domain-not-resolving.com --format json --score
What happens
auth-gate-detection fails with "error": "fetch failed" and "status": null. The page is classified as "accessible" despite the fetch error. auth-alternative-access then sees gatedPages: 0, accessiblePages: 0 and fires the auth-no-alternative diagnostic:
"Your documentation requires authentication, and no alternative access paths were detected."
The no-viable-path critical diagnostic also fires correctly.
What should happen
auth-no-alternative should not fire when accessiblePages: 0 is caused entirely by fetch/network errors rather than detected auth gates. If auth-gate-detection failed exclusively due to fetch errors (not auth responses), auth-alternative-access should be skipped and auth-no-alternative suppressed.
The no-viable-path diagnostic already correctly captures the unreachability case — auth-no-alternative piling on is misleading and implies an auth problem that does not exist.
Relevant output
{
"id": "auth-gate-detection",
"status": "fail",
"message": "Could not fetch any pages to check authentication; 1 failed to fetch",
"details": {
"pageResults": [{
"url": "https://...",
"classification": "accessible",
"status": null,
"error": "fetch failed"
}]
}
}{
"id": "auth-alternative-access",
"status": "fail",
"message": "No alternative access paths detected for 0 auth-gated pages.",
"details": {
"gatedPages": 0,
"accessiblePages": 0,
"testedPages": 1
}
}Proposed fix
In auth-alternative-access: if all page failures in auth-gate-detection were fetch errors (not HTTP auth responses), skip the check and do not emit auth-no-alternative.
Summary
The
auth-no-alternativediagnostic fires incorrectly when pages fail to fetch due to a network error (e.g., DNS failure), rather than an actual authentication gate.Steps to reproduce
Run
afdocs checkagainst a URL whose domain does not resolve (DNS NXDOMAIN or clientHold):What happens
auth-gate-detectionfails with"error": "fetch failed"and"status": null. The page is classified as"accessible"despite the fetch error.auth-alternative-accessthen seesgatedPages: 0, accessiblePages: 0and fires theauth-no-alternativediagnostic:The
no-viable-pathcritical diagnostic also fires correctly.What should happen
auth-no-alternativeshould not fire whenaccessiblePages: 0is caused entirely by fetch/network errors rather than detected auth gates. Ifauth-gate-detectionfailed exclusively due to fetch errors (not auth responses),auth-alternative-accessshould be skipped andauth-no-alternativesuppressed.The
no-viable-pathdiagnostic already correctly captures the unreachability case —auth-no-alternativepiling on is misleading and implies an auth problem that does not exist.Relevant output
{ "id": "auth-gate-detection", "status": "fail", "message": "Could not fetch any pages to check authentication; 1 failed to fetch", "details": { "pageResults": [{ "url": "https://...", "classification": "accessible", "status": null, "error": "fetch failed" }] } }{ "id": "auth-alternative-access", "status": "fail", "message": "No alternative access paths detected for 0 auth-gated pages.", "details": { "gatedPages": 0, "accessiblePages": 0, "testedPages": 1 } }Proposed fix
In
auth-alternative-access: if all page failures inauth-gate-detectionwere fetch errors (not HTTP auth responses), skip the check and do not emitauth-no-alternative.