fix: harden client JSON parsing and non-blocking campaign bootstrap

[bd73-com]

Summary

Hardens all client-side React Query hooks against non-JSON server responses (e.g., proxy HTML on 200) by wrapping every res.json() call with .catch(). Also moves the welcome campaign bootstrap out of registerRoutes() into server/index.ts as a non-blocking fire-and-forget with a 5-second timeout, preventing cold start delays. Switches the test environment from happy-dom to jsdom for Replit CI compatibility.

Changes

Client — JSON parse hardening

• use-auth.ts: Wrap response.json() with .catch(), expose isError and error from useQuery
• use-monitors.ts: Protect all 9 res.json() calls on success paths; add .catch(() => ({})) on error paths for useCreateMonitor, useUpdateMonitor, useCheckMonitorSilent, useUpdateMonitorSilent
• use-tags.ts: Protect 4 success-path res.json() calls; guard 3 error-path res.json() calls
• use-conditions.ts: Protect 2 success-path res.json() calls
• use-notification-channels.ts: Protect 4 success-path res.json() calls
• use-notification-preferences.ts: Protect 2 success-path res.json() calls
• use-slack.ts: Protect 2 success-path res.json() calls
• use-api-keys.ts: Protect 2 success-path res.json() calls
• use-campaigns.ts: Protect 1 success-path res.json() call in shared fetchJson helper

Server — startup sequencing

• server/routes.ts: Return { httpServer, campaignConfigsReady } instead of bare httpServer; remove campaign bootstrap from registerRoutes()
• server/index.ts: Campaign bootstrap moved here with Promise.race() and 5s timeout; errors logged to console and ErrorLogger; post-timeout outcomes logged instead of silently swallowed

Testing

• Switch all client test files from @vitest-environment happy-dom to @vitest-environment jsdom
• Externalize MSW in vitest config for Node resolution
• Remove happy-dom from devDependencies
• Add comprehensive tests for non-JSON response handling across all hooks

How to test

1. npm run check — TypeScript compiles cleanly
2. npm run test — All 2076 tests pass (83 test files)
3. npm run build — Production build succeeds
4. Deploy and verify: trigger a monitor check while a proxy returns HTML on 200 — the error should surface as "Unexpected response format from server" instead of an unhandled JSON parse error
5. Verify server startup: welcome campaign bootstrap should complete or timeout within 5s without blocking scheduler/Stripe initialization

Closes #323

https://claude.ai/code/session_011JYS1SQntCzLggHQTrVMHL

Summary by CodeRabbit

• Bug Fixes
  • Improved error messaging when authentication API responses are malformed, providing clearer feedback to users
  • Added error logging for background initialization processes to better capture and report failures instead of silently ignoring them

[coderabbitai]

Warning

Rate limit exceeded

@bd73-com has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 18 minutes and 9 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 18 minutes and 9 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 99f045e6-c417-4cbf-b250-33bd122ee7d6

📥 Commits

Reviewing files that changed from the base of the PR and between 6ca27a7 and 9ead740.

📒 Files selected for processing (3)

• client/src/hooks/use-auth.test.ts
• server/index.ts
• server/routes.ts

📝 Walkthrough

Walkthrough

Added .catch() error handling to useAuth's response.json() call to throw a descriptive error when the auth endpoint returns non-JSON content, included a test case validating this behavior, and enhanced server-side welcome campaign error logging to surface late failures instead of silently suppressing them.

Changes

Cohort / File(s)	Summary
useAuth JSON parsing error handling client/src/hooks/use-auth.ts, client/src/hooks/use-auth.test.ts	Added .catch() handler wrapping response.json() to throw "Unexpected response format from server" instead of propagating raw JSON parse errors. New test validates error state when auth endpoint returns 200 with non-JSON body.
Server bootstrap error logging server/index.ts	Changed welcome campaign bootstrap from silent error suppression (.catch(() => {})) to logging warnings (.catch((err) => console.warn(...))) to surface late-settling failures via console output.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• Bug: Success-path res.json() calls lack .catch() in remaining hook files #320: The primary reference pattern—both address hardening client hooks' response.json() with .catch() handlers to provide actionable error messages instead of raw JSON parse errors.

Possibly related PRs

• fix: handle non-JSON errors, expose auth error state, sequence startup #318: Modifies the same client/src/hooks/use-auth file and tests to handle non-JSON server responses and error states.
• fix: harden res.json() calls against non-JSON responses #322: Related hardening of client hook res.json() parsing by catching JSON parse errors and surfacing standardized "Unexpected response format from server" messages.
• test: complete hook test coverage (9/9 hooks, 112 tests) #311: Touches the same use-auth hook and test files, modifying error-handling behavior in the same function.

Suggested labels

fix

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	Changes to server/index.ts and the welcome campaign bootstrap error logging are outside the scope of issue #323, which specifically targets use-auth.ts JSON parsing protection.	Separate the server/index.ts error logging changes into a distinct PR or issue, or clarify in the PR description why campaign bootstrap changes are included in this fix.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: harden client JSON parsing and non-blocking campaign bootstrap' accurately summarizes the two main changes: JSON parse error protection and campaign bootstrap improvements.
Linked Issues check	✅ Passed	The code changes in use-auth.ts directly implement the required .catch() protection around response.json() to transform JSON parse errors into 'Unexpected response format from server' errors, fully addressing issue #323 requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/fix-bugs-GaF1b

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@client/src/hooks/use-auth.test.ts`:
- Around line 84-101: Update the "exposes isError when response body is not
valid JSON" test for useAuth to also assert the auth state after the parse
failure: after waiting for isLoading to be false, add explicit expectations that
result.current.user is undefined (or null per the hook's contract) and
result.current.isAuthenticated is false, in addition to the existing isError and
error.message checks; modify the test that uses server.use(HttpResponse(...))
and renderHook(() => useAuth()) to include these extra assertions so consumers
can safely branch on auth state after malformed JSON.

In `@server/index.ts`:
- Around line 243-246: The catch handler on campaignPromise currently logs
"failed after timeout" regardless of which promise settled; to fix, add a flag
(e.g., timeoutFired or timeoutWon) that is set when the timeout promise
resolves/wins the race, and only log the "[Bootstrap] Welcome campaign failed
after timeout:" message inside campaignPromise.catch if that flag is true
(otherwise either skip that message or log a different message). Update the code
paths that create the timeout promise (the Promise.race logic) to set
timeoutFired when the timeout resolves and reference that flag in the
campaignPromise.catch so the message reflects whether the timeout actually
fired.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 315ffcfa-d5bb-4a6b-8b0f-203721d2c2ee

📥 Commits

Reviewing files that changed from the base of the PR and between b67c564 and 6ca27a7.

📒 Files selected for processing (3)

• client/src/hooks/use-auth.test.ts
• client/src/hooks/use-auth.ts
• server/index.ts