refactor: enhance TypeScript definitions

[wesleyschlenker]

• Added comprehensive JSDoc comments and TypeScript type definitions across various files, including axiosUtility.js, index.d.ts
• Updated method signatures to remove callback parameters, ensuring all API methods return Promises for consistency.
• Updated README to reflect changes in API usage, emphasizing the Promise-based approach.
• Renames listKudos to listKudoers to more accurately describe its return type

Summary by CodeRabbit

• New Features

  • New authenticated client creator (strava.client)
  • OAuth helper getRequestAccessURL()
  • Promise-based uploads with optional status polling

• Breaking Changes

  • Public APIs are Promise-only; callbacks removed
  • Several endpoint names/signatures updated (e.g., listKudos → listKudoers)
  • Major version bumped to 4.0.0

• Improvements

  • README revised to Promise-first usage, cursor pagination examples, and Promise-style error guidance
  • Added TypeScript typings and tsconfig; CI typecheck step
  • Enhanced HTTP, rate-limit, streaming, and upload handling

[coderabbitai]

Important

Review skipped

This PR was authored by the user configured for CodeRabbit reviews. By default, CodeRabbit skips reviewing PRs authored by this user. It's recommended to use a dedicated user account to post CodeRabbit review feedback.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

📝 Walkthrough

Walkthrough

Converts callback-style APIs to Promise-based, adds TypeScript config and CI typecheck step, introduces an authenticated client factory, refactors HTTP utilities/errors and httpClient (uploads, multipart, polling, pagination), enriches rate-limit state, and updates docs, types, and tests.

Changes

Cohort / File(s)	Summary
CI & Manifest \.github/workflows/on-pull-request.yml, package.json, tsconfig.json, scripts/generate-access-token.js	Adds PR "Typecheck" step, bumps version to 4.0.0, adds TypeScript/devDependencies and typecheck script, and introduces tsconfig.json. Minor formatting tweaks in a script.
Documentation README.md	Removes callback examples/deprecated Callback API, updates to Promise-only signatures and Axios-style error docs, renames some endpoints (e.g., listKudos → listKudoers) and revises pagination guidance.
Entry Point / Client index.js, index.d.ts	Adds strava.client(token, request) constructor-style factory that enforces instantiation, stores token, merges/prefixes User-Agent and Authorization, and expands exported client surface/types.
HTTP Utilities axiosUtility.js, lib/httpClient.js	Refactors httpRequest and HttpClient: stronger typings/typedefs, normalized StatusCodeError/RequestError with richer fields, full-response handling, cursor & offset pagination helpers, JSON parsing, header merging, multipart upload support, async fs usage, and rate-limit parsing/updating integration.
OAuth & Authenticator lib/oauth.js, lib/authenticator.js	Adds getRequestAccessURL, types for token flows, Promise-based token/refresh/deauthorize signatures, and an authenticator with file/env config loading, on-demand fetch, getters, and purge.
Core API Modules lib/activities.js, lib/athlete.js, lib/athletes.js, lib/clubs.js, lib/gear.js, lib/routes.js	Converts many endpoints from callback to Promise returns, adds JSDoc typedefs, validates required args, introduces list helper/cursor pagination where applicable, and adds new athlete list/update endpoints.
Segments & Streams lib/segments.js, lib/segmentEfforts.js, lib/streams.js	Migrates segment/effort/stream APIs to async/Promise forms, adds detailed typedefs and argument shapes, enforces id checks, and centralizes list/type helpers.
Uploads & Push Subscriptions lib/uploads.js, lib/pushSubscriptions.js, index.d.ts	Adds multipart uploads (uploads.post) with file path handling, optional statusCallback polling (_check), new upload typedefs, and converts pushSubscriptions.create/list/delete to credential-validated Promise-based methods.
Rate Limiting lib/rateLimiting.js	Refactors rate-limit into a richer RateLimitState with parse/update/clear APIs and read/exceeded helpers, exposing parsed/read limits and usages.
Tests test/activities.js, test/pushSubscriptions.js	Updates tests for API rename (listKudoers) and pushSubscriptions behavior; adds env setup/teardown and adjusts expectations for rejections.
Widespread Typing & JSDoc index.d.ts, axiosUtility.js, many lib/*	Extensive JSDoc/typedef additions and many API signatures converted to Promise-based returns; many new/updated exported types.

Sequence Diagram(s)

sequenceDiagram
    rect rgba(200,220,255,0.5)
    participant Caller as Consumer
    participant Client as Strava Client
    participant Http as HttpClient/httpRequest
    participant API as Strava API
    participant Rate as RateLimiting
    end
    Caller->>Client: call method (uses token)
    Client->>Http: build request (Authorization, User-Agent, options)
    Http->>API: perform HTTP request
    API-->>Http: return response (headers + body)
    Http->>Rate: updateRateLimits(response.headers)
    Http-->>Client: resolve Promise(parsed body)
    Client-->>Caller: return Promise result

Loading

sequenceDiagram
    rect rgba(220,255,220,0.5)
    participant Caller as Consumer
    participant Uploads as Uploads.post
    participant Http as HttpClient/httpRequest
    participant API as Strava API
    end
    Caller->>Uploads: post(file, data_type, statusCallback?)
    Uploads->>Http: POST multipart/form-data
    Http->>API: create upload
    API-->>Http: upload { id, status: processing }
    Http-->>Uploads: return upload object
    alt statusCallback provided
      loop polling
        Uploads->>Http: GET uploads/{id}
        Http->>API: fetch status
        API-->>Http: status update
        Http-->>Uploads: status result
      end
      Uploads-->>Caller: resolve final upload result
    else no polling
      Uploads-->>Caller: return initial upload object
    end

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Finish replacing real API calls with mocks in test suite #183 — overlaps adding athlete.listRoutes and related promise-style list helpers in lib/athlete.js.
• v3.0.1 #172 — overlaps refactors to axiosUtility.js/httpRequest and error typing.
• chore: drop sinon as devDep: all mocks are now through nock. #173 — touches the same workflow file .github/workflows/on-pull-request.yml (CI typecheck step).

Suggested reviewers

• markstos

Poem

🐰
Promises hop in, callbacks depart,
Headers and types stitched like fine art.
Files upload and polls softly drum,
Rate limits tracked — the rabbit says "yum!"
Happy code, carrot-sized and smart. 🥕

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 75.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'refactor: enhance TypeScript definitions' clearly summarizes the main change—comprehensive TypeScript type enhancements across the codebase.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 9

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

README.md (1)

313-313: ⚠️ Potential issue | 🟡 Minor

The error handling example uses an internal path that npm consumers cannot access.

require('./axiosUtility') refers to a library-internal file. When installing via npm, consumers cannot import from internal paths. The README should either:

• Export StatusCodeError and RequestError from the main entry point (index.js) and update the example to use the public API, or
• Clarify that consumers must import directly from the internal file, or
• Show how consumers should catch and identify these errors using the thrown error's name property or instanceof checks without relying on importing the classes.

lib/httpClient.js (1)

373-402: ⚠️ Potential issue | 🟠 Major

Missing body-extraction path for FullResponse with a body property.

The request handler contract allows returning FullResponse | string | object. When a request handler returns a FullResponse with a truthy body property, the current code skips lines 382–386 and falls through to line 402, returning the entire wrapper object (including headers) instead of extracting and parsing the body. Route modules expect the resolved value to be the API payload, not the { headers, body } wrapper.

Suggested fix: extract and parse `body` from FullResponse

     // if the client auto-parsed JSON, response is already an object:
     if (typeof response === 'object' && response !== null && !(/** `@type` {FullResponse} */ (response).body)) {
       return response
     }

+    // If the response is a FullResponse with a body, extract and parse the body
+    if (typeof response === 'object' && response !== null && /** `@type` {FullResponse} */ (response).body) {
+      const body = /** `@type` {FullResponse} */ (response).body
+      if (typeof body === 'string') {
+        if (options.responseType === 'text') {
+          return body
+        }
+        if (options.responseType === 'json' || options.responseType === 'formdata') {
+          return /** `@type` {object} */ (JSONbig.parse(body))
+        }
+        return body
+      }
+      return body
+    }
+
     if (typeof response === 'string') {

index.d.ts (3)

32-35: ⚠️ Potential issue | 🟠 Major

CreatePushSubscriptionRouteArgs requires client_id and client_secret, but the implementation injects them from the authenticator.

In lib/pushSubscriptions.js (lines 67-70), client_id and client_secret are populated from authenticator.getClientId()/authenticator.getClientSecret(), not from the caller's args. Extending ApplicationBaseArgs forces callers to provide credentials they don't need to pass.

Proposed fix

-export interface CreatePushSubscriptionRouteArgs extends ApplicationBaseArgs {
+export interface CreatePushSubscriptionRouteArgs {
   callback_url: string;
   verify_token: string;
 }

---

19-26: ⚠️ Potential issue | 🟡 Minor

Date type used for fields that arrive as JSON strings.

ListPushSubscriptionResponse.created_at/updated_at (lines 24-25), SummaryAthlete.created_at/updated_at (lines 437-438), and DetailedActivity.start_date/start_date_local (lines 673-674) are typed as Date, but the Strava API returns ISO 8601 strings and JSON.parse does not auto-hydrate them into Date objects. These should be string to match runtime behavior.

Also applies to: 437-438, 673-674

---

907-926: ⚠️ Potential issue | 🟠 Major

Strava.client() return type is incorrect — should not be void.

The JSDoc comment states "Call with new strava.client(token, request)", and the implementation (lines 38-66 of index.js) confirms this is a constructor function that mutates this with properties like access_token, athlete, athletes, activities, etc. When invoked with new, the constructor implicitly returns the configured instance, not void. The type signature should reflect this by using TypeScript's constructor signature syntax (e.g., new (token: string, request?: RequestHandler): <StravaInstance>) rather than declaring a method that returns void.

🤖 Fix all issues with AI agents

In `@index.d.ts`:
- Around line 162-180: The SummarySegment interface currently marks
athlete_pr_effort and athlete_segment_stats as required but they can be absent
for summary segments; update the SummarySegment definition to make
athlete_pr_effort and athlete_segment_stats optional (i.e., add ? to those
property names) so their types SummaryPRSegmentEffort and SummarySegmentEffort
reflect that they may be undefined when the authenticated athlete has no
efforts.
- Around line 354-382: The current StreamSet and StreamsRoutes types are
incorrect: StreamSet models all streams as required and StreamsRoutes methods
return Promise<StreamSet[]>, but the API returns an array of individual stream
objects. Replace the StreamSet usage by defining a union type (e.g., Stream =
TimeStream | DistanceStream | LatLngStream | AltitudeStream |
SmoothVelocityStream | HeartrateStream | CadenceStream | PowerStream |
TemperatureStream | MovingStream | SmoothGradeStream) and update
StreamsRoutes.activity/route/effort/segment to return Promise<Stream[]>;
alternatively, if you intend to keep StreamSet, make all properties optional on
StreamSet and update the return types accordingly (but prefer the union
approach).

In `@lib/athlete.js`:
- Around line 56-59: The JSDoc cast is applied to the already-awaited value in
athlete.prototype.get (and similarly at the other return sites around lines 105
and 119); update each return to either cast the promise before awaiting (e.g.,
apply /** `@type` {Promise<SummaryAthlete>} */ to this.client.getEndpoint(...) and
then await it) or change the JSDoc to the unwrapped type and cast the resolved
value (e.g., /** `@type` {SummaryAthlete} */ after await); apply the same
consistent fix to the other methods that currently do the post-await Promise<T>
cast.

In `@lib/clubs.js`:
- Around line 23-33: The synchronous throw in clubs.prototype.get (and the
helper _listHelper used by listMembers, listActivities, listAdmins) causes
uncaught exceptions when callers expect a Promise; change these to consistently
return rejected Promises instead of throwing synchronously by either marking
clubs.prototype.get and _listHelper as async (so thrown errors become rejected
promises) or replacing the throw statements with return Promise.reject(new
Error(...)); ensure every code path in get, _listHelper, listMembers,
listActivities, and listAdmins returns a Promise so callers can safely use
.catch().

In `@lib/pushSubscriptions.js`:
- Around line 50-53: pushSubscriptions.prototype.create (and similarly
pushSubscriptions.prototype.delete) currently throws synchronously when required
args are missing; change this to return Promise.reject(new Error(...)) so
validation failures are delivered as rejected Promises consistent with
segments.js and callers using .catch/await will receive a promise rejection.
Locate the argument checks in pushSubscriptions.prototype.create and
pushSubscriptions.prototype.delete and replace the synchronous throw statements
with returns of Promise.reject(new Error('required args missing: callback_url
and verify_token are required')) (or the appropriate error message used in
segments.js) so behavior matches the rest of the module.

In `@lib/segmentEfforts.js`:
- Around line 23-25: Update the stale inline comment above the args.id
validation in the module (the comment currently reads "// require segment id")
to accurately reflect the check and error message by changing it to something
like "// require segment effort id" so it matches the thrown Error in the block
that validates args.id.

In `@lib/uploads.js`:
- Around line 67-73: The current falsy check in the loop over _allowedFormProps
uses if (argsRecord[key]) which drops valid numeric 0 values (notably for
trainer and commute); change the condition to explicitly test for presence such
as if (argsRecord[key] != null) or if (argsRecord[key] !== undefined) so that 0
is preserved when copying into args.formData, keeping the rest of the loop and
variables (argsRecord, _allowedFormProps, args.formData) unchanged.

In `@README.md`:
- Line 227: Fix the typo in the README where the description for
strava.oauth.getToken(code) reads "Used to token exchange" — update the phrase
to "Used for token exchange" so the entry for the symbol
strava.oauth.getToken(code) reads correctly.
- Line 284: The phrase "comma separated" in the README usage description for
strava.segments.explore(args) should be hyphenated as "comma-separated"; update
the README entry that documents strava.segments.explore(args) so the compound
adjective reads `"Expects arg `bounds` as a comma-separated string..."` (modify
the text around the function reference `strava.segments.explore(args)`
accordingly).

🧹 Nitpick comments (12)

tsconfig.json (2)

13-17: outDir and sourceMap are redundant when noEmit is true.

Since noEmit: true prevents any output, outDir: "dist" and sourceMap: true have no effect. Consider removing them to reduce config noise.

Proposed cleanup

     // Emit
     "declaration": false,
     "declarationMap": false,
     "noEmit": true,
-    "outDir": "dist",
 
     // JavaScript Support
     "allowJs": true,
     "checkJs": true,
 
     // Language and Environment
     "target": "es2022",
-    "sourceMap": true,

---

27-28: skipLibCheck: false will type-check all .d.ts files in node_modules.

This is thorough but can noticeably slow down type-checking, especially as dependencies grow. If typecheck times become a concern, flipping this to true is the standard recommendation.

lib/athletes.js (1)

24-41: _listHelper is now constrained to only 'stats' — consider simplifying.

The listType parameter is typed as the literal 'stats', making the indirection through _listHelper unnecessary. If no other sub-resources will use this helper, inlining the logic into stats() would be simpler. If future expansion is planned (e.g., 'koms'), consider broadening the type.

Also, getPaginationQS is called for the stats endpoint, which typically returns a single object rather than a paginated list — this is pre-existing behavior but worth noting.

lib/authenticator.js (1)

89-147: Repeated fetchConfig() calls on every getter invocation when value is undefined.

Each getter (e.g., getToken, getClientId) calls fetchConfig() every time the value is falsy, which re-reads the config file and environment variables. If the credential is legitimately absent, this I/O cost recurs on every call. A simple configLoaded flag would avoid redundant reads.

Sketch of a configLoaded guard

+var configLoaded = false
+
 var fetchConfig = function (config) {
   if (config) {
     if (config.access_token) token = config.access_token
     if (config.client_id) clientId = config.client_id
     if (config.client_secret) clientSecret = config.client_secret
     if (config.redirect_uri) redirectUri = config.redirect_uri
   } else {
     readConfigFile()
     readEnvironmentVars()
   }
+  configLoaded = true
 }

Then in each getter, replace if (!token) with if (!configLoaded):

   getToken: function () {
-    if (!token) {
+    if (!configLoaded) {
       fetchConfig()
     }
     // ...

And in purge:

   purge: function () {
     token = undefined
     clientId = undefined
     clientSecret = undefined
     redirectUri = undefined
+    configLoaded = false
   }

lib/rateLimiting.js (2)

157-182: updateRateLimits clears all state when headers are missing — verify this is intentional.

When parseRateLimits returns null (e.g. a response lacking one of the four required headers), updateRateLimits calls this.clear(), which resets all counters to zero. This means a single response without complete rate-limit headers erases the previously known limit/usage state.

If the intent is to be conservative (assume unknown = safe), this is fine. But if a consumer is tracking cumulative rate state and an intermediary error response omits headers, silently clearing could mask that the rate limit was already nearly exceeded.

Consider returning null without clearing state, or at least documenting the clearing behavior:

Possible alternative: preserve state on missing headers

   } else {
-    this.clear()
+    // Headers missing/invalid — preserve existing state
   }

---

46-46: Minor inconsistency: rl alias vs this across methods.

exceeded / fractionReached / readExceeded / readFractionReached read state via the module-level rl alias, while updateRateLimits and clear mutate state via this. This works because rl === RateLimit, but mixing the two patterns can confuse future maintainers. Consider standardizing on one approach.

Also applies to: 53-63, 158-159

lib/httpClient.js (1)

243-271: postUpload: solid upload implementation with one typedef nit.

The validation, stream creation, and header merging look correct. Minor note: the typedef for file is string|Buffer, but fs.createReadStream treats a Buffer as a file path (not file contents). Consider clarifying in the JSDoc that file is a file path.

Suggested JSDoc clarification

- * `@property` {string|Buffer} [file]
+ * `@property` {string} file - File path to upload (e.g., 'data/your_file.gpx')

index.js (1)

29-66: Constructor lacks new-call guard

strava.client is intended to be called with new (as the JSDoc states), but nothing prevents it from being called as a plain function. Without new, this refers to the caller's context (or undefined in strict mode), silently corrupting state instead of throwing.

Consider adding a guard or converting to a class:

🛡️ Proposed guard

 strava.client = function (token, request = httpRequest) {
+  if (!(this instanceof strava.client)) {
+    return new strava.client(token, request)
+  }
   this.access_token = token

lib/oauth.js (1)

75-89: json: true is a no-op with the axios-based httpRequest

The json: true property (Lines 79, 101, 125) is a leftover from the request-promise API. The axios wrapper in axiosUtility.js already defaults responseType to 'json' and doesn't read a json property. It's also absent from the HttpRequestOptions typedef. Consider removing it to avoid confusion.

♻️ Cleanup in all three methods

 // In getToken (line 79):
     method: 'POST',
     url: 'https://www.strava.com/oauth/token',
-    json: true,
     qs: {

 // In deauthorize (line 101):
     url: 'https://www.strava.com/oauth/deauthorize',
     method: 'POST',
-    json: true,
     simple: false,

 // In refreshToken (line 125):
     url: 'https://www.strava.com/oauth/token',
     method: 'POST',
-    json: true,
     simple: true,

axiosUtility.js (1)

94-129: options.maxRedirects || 5 treats explicit 0 as falsy

Line 108: if a caller explicitly passes maxRedirects: 0, the || operator falls through to 5. Consider using nullish coalescing (??) instead if you want to allow 0.

This is pre-existing behavior, so feel free to defer.

♻️ Suggested fix

-      maxRedirects: options.maxRedirects || 5,
+      maxRedirects: options.maxRedirects ?? 5,

lib/uploads.js (1)

99-120: Unbounded recursive polling could exhaust the stack on a stuck upload

_check recursively calls itself every second until the upload is done. If the Strava API never transitions out of the "processing" state (e.g., a hung upload), this will recurse indefinitely. Consider adding a max-retry limit or converting to an iterative loop.

This appears to be pre-existing behavior, so feel free to defer.

lib/pushSubscriptions.js (1)

86-98: list() silently succeeds with empty credentials if authenticator is not configured.

Lines 90-91 fall back to '' when getClientSecret()/getClientId() return null. This means a misconfigured client will send an API request with empty credentials and get an opaque Strava error instead of a clear local error. This is a pre-existing pattern applied consistently across all three methods, so it's not a blocker, but worth noting for future improvement.

[markstos]

Thanks, go ahead and address the Code Rabbit feedback and also bump the major version in package.json. You might as well bump axios in this branch as well. (see #186)

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@index.d.ts`:
- Around line 46-48: The declared type for the "file" field currently allows
Buffer but the runtime in httpClient.js (postUpload) uses
fsPromises.readFile(args.file) and path.basename(args.file), which require a
file path string; update the declaration for the "file" property in index.d.ts
to be string only (remove Buffer) so it matches the implementation and avoids
passing Buffers to path.basename/readFile; ensure references to "file" in
related interfaces/types are updated to the string type.
- Around line 838-844: The AthleteRoutes.listActivities signature currently
returns Promise<DetailedActivity[]] but the Strava list endpoint returns
lightweight activity objects; add a new SummaryActivity interface (containing
only the fields returned by GET /athlete/activities such as id, name, distance,
moving_time, elapsed_time, total_elevation_gain, type, start_date,
start_date_local, utc_offset, external_id, upload_id, athlete, map,
average_speed/average_cadence/average_heartrate if present, and any other
list-only fields) and change the AthleteRoutes.listActivities return type to
Promise<SummaryActivity[]>; ensure you do not copy the DetailedActivity-only
required properties (segment_efforts, splits_metric, splits_standard, laps,
best_efforts) into SummaryActivity and keep DetailedActivity unchanged for
endpoints that need full details.

In `@lib/activities.js`:
- Around line 136-171: listKudoers currently delegates to _listHelper which only
builds cursor-style QS (getCursorPaginationQS) and drops page/per_page; fix by
making listKudoers build a page-based query string with
this.client.getPaginationQS when args contains page or per_page, append it to
'activities/<id>/kudos' and call this.client.getEndpoint(endpoint, args)
directly (avoid _listHelper), or alternatively update _listHelper to detect
page/per_page and choose between getPaginationQS and getCursorPaginationQS
before calling this.client.getEndpoint so kudoers pagination is preserved.

🧹 Nitpick comments (2)

index.d.ts (1)

718-724: Several DetailedActivity array fields should be optional.

splits_metric, splits_standard, laps, and best_efforts are currently required, but they may not be present for all activity types (e.g., best_efforts only appears on runs, splits only on distance-based activities). Marking them optional would prevent runtime mismatches.

Suggested fix

-  splits_metric: Split[];
-  splits_standard: Split[];
-  laps: Lap[];
-  best_efforts: DetailedSegmentEffort[];
+  splits_metric?: Split[];
+  splits_standard?: Split[];
+  laps?: Lap[];
+  best_efforts?: DetailedSegmentEffort[];

lib/routes.js (1)

47-51: _requireRouteId now accepts numeric IDs — previous issue resolved.

The validation was relaxed from typeof args.id !== 'string' to typeof args.id === 'undefined', matching the pattern in other modules and correctly accepting numeric route IDs.

One minor nit: the JSDoc on Line 45 still says "When args.id is missing or not a string" but the check now only validates presence, not type.

JSDoc fix

- * `@throws` {Error} When args.id is missing or not a string
+ * `@throws` {Error} When args.id is missing

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@index.d.ts`:
- Around line 610-629: The Lap interface's average_cadence property must be made
optional because some activities omit cadence; update the Lap interface (symbol:
Lap) in index.d.ts to make average_cadence optional (e.g., change it from
required number to an optional number type) so callers handle absent cadence
safely and TypeScript reflects the API shape.
- Around line 670-681: The DetailedActivity interface currently requires several
fields that are not always present; update the interface so that photos,
segment_efforts, splits_metric, splits_standard, and best_efforts are optional
(e.g., add ? or allow undefined/null) to reflect non-running and manual
activities; locate the DetailedActivity declaration and change the properties
photos, segment_efforts, splits_metric, splits_standard, and best_efforts to
optional types (or permit null/undefined) so consumers won’t get type errors
when those fields are missing.
- Around line 795-840: The SummaryActivity interface currently requires
elev_high, elev_low, device_name, and upload_id_str but the API can omit them;
update the SummaryActivity declaration to mark those four properties as optional
using the ? modifier (i.e., elev_high?: number, elev_low?: number, device_name?:
string, upload_id_str?: string) so consumers won’t get type errors when the
fields are missing; locate and change these properties inside the
SummaryActivity interface.
- Around line 74-86: The SegmentListStarredArgs interface incorrectly exposes
non-supported query params for GET /segments/starred; update
SegmentListStarredArgs (extending BaseArgs) to only include page?: number and
per_page?: number, removing athlete_id, gender, age_group, weight_class,
following, club_id, date_range, start_date_local, and end_date_local; if those
removed fields are needed for a leaderboard-type endpoint, create a new
interface (e.g., SegmentLeaderboardArgs) containing those specific fields
instead of adding them to SegmentListStarredArgs.

🧹 Nitpick comments (1)

index.d.ts (1)

267-366: Consider a generic base to reduce repetition across 11 stream interfaces.

All stream interfaces share the same shape (original_size, resolution, series_type) and differ only in the type literal and data element type. A generic base would cut ~100 lines of duplication.

Example

interface BaseStream<T extends string, D> {
  type: T;
  original_size: number;
  resolution: "low" | "medium" | "high";
  series_type: "distance" | "time";
  data: D[];
}

export type TimeStream = BaseStream<"time", number>;
export type DistanceStream = BaseStream<"distance", number>;
export type LatLngStream = BaseStream<"latlng", LatLng>;
export type AltitudeStream = BaseStream<"altitude", number>;
export type SmoothVelocityStream = BaseStream<"velocity_smooth", number>;
export type HeartrateStream = BaseStream<"heartrate", number>;
export type CadenceStream = BaseStream<"cadence", number>;
export type PowerStream = BaseStream<"watts", number>;
export type TemperatureStream = BaseStream<"temp", number>;
export type MovingStream = BaseStream<"moving", boolean>;
export type SmoothGradeStream = BaseStream<"grade_smooth", number>;

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@index.d.ts`:
- Around line 393-413: DetailedClub currently uses the wrong enum for sport
types (it references SportType), so change DetailedClub.sport_type to the
club-specific union used by SummaryClub (i.e., the string union "cycling" |
"running" | "triathlon" | "other") or extract that union into a shared type
(e.g., ClubSportType) and use it in both SummaryClub and DetailedClub; update
the type reference for DetailedClub.sport_type to the shared ClubSportType (or
the explicit union) and ensure any imports/exports are adjusted accordingly.
- Around line 732-748: The ActivityKudoersArgs type and related uses incorrectly
define cursor-based fields; change ActivityKudoersArgs to use page?: number and
per_page?: number and update the ActivitiesRoutes.listKudoers signature to
accept this corrected type, then update the implementation in
activities.prototype._listHelper (for the kudoers path) to use page-based
pagination (swap the call to HttpClient.prototype.getCursorPaginationQS for the
page-based query-string helper or build QS with page/per_page) so the GET
/activities/{id}/kudos request sends page and per_page parameters recognized by
the Strava API.

In `@lib/activities.js`:
- Around line 160-171: The listKudoers call is using cursor-style params but the
Strava kudoers endpoint expects page/per_page; update the ActivityKudoersArgs
type to use page and per_page (instead of page_size/after_cursor) and ensure
listKudoers passes those fields through to activities.prototype._listHelper (or,
alternatively, add explicit mapping in listKudoers from page/per_page -> the
cursor QS expected by getCursorPaginationQS). Refer to ActivityKudoersArgs, the
listKudoers callsite, and activities.prototype._listHelper when making the
change so the correct page-based params reach the API.

In `@README.md`:
- Around line 158-173: Documentation incorrectly claims "cursor-based pagination
only"; update the README to clarify that cursor-based pagination applies only to
certain list endpoints and that many endpoints still use page-based pagination.
Change the paragraph under "Pagination" to say cursor-based pagination is
supported for specific endpoints (e.g., listComments, listKudoers) while other
endpoints continue to accept page/per_page; explicitly list or link to the
endpoints/types that remain page-based (reference SegmentListStarredArgs,
SegmentEffortsArgs, ClubsRoutesListArgs, AthleteListArgs) so readers know which
APIs use page-based params, and keep the example for cursor usage separate and
labeled as a cursor-specific example.

[wesleyschlenker]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

lib/httpClient.js (1)

363-432: ⚠️ Potential issue | 🔴 Critical

Rate limiting on successful responses depends on the fix in axiosUtility.js.

_requestHelper sets resolveWithFullResponse = true (line 370) and expects the response to be a { headers, body } object (lines 381-399) for rate-limit updates. As flagged in the axiosUtility.js review, httpRequest currently ignores this flag and returns only response.data. Until that's fixed, rateLimiting.updateRateLimits() will never fire on success—only on error paths (line 425-427).

The response shape handling logic itself (lines 386-419) is well-structured and handles all the expected cases correctly once the upstream fix is in place.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/httpClient.js` around lines 363 - 432, The success-path rate-limit update
is never called because _requestHelper (HttpClient.prototype._requestHelper)
sets options.resolveWithFullResponse = true and expects a FullResponse shape ({
headers, body }), but the upstream httpRequest implementation in axiosUtility.js
currently returns only response.data; fix httpRequest to respect
options.resolveWithFullResponse (or similarly named flag) so it returns the full
response object (including headers) when set, allowing
rateLimiting.updateRateLimits(...) inside _requestHelper to receive headers on
successful calls; verify that resolveWithFullResponse (and any equivalent
option) is propagated through the axios wrapper and that the returned object
contains headers and body fields as expected.

index.js (1)

22-27: ⚠️ Potential issue | 🔴 Critical

axiosInstance.create() does not exist and will throw a runtime error — remove the unused assignment or switch to axios.create().

axiosInstance is the result of axios.create() from axiosUtility.js. The create() method is only available on the top-level axios export, not on instances. Calling axiosInstance.create() will throw TypeError: axiosInstance.create is not a function when the module loads.

Additionally, strava.defaultRequest is never referenced elsewhere and is not exported, making this dead code.

Either remove the assignment entirely, or replace axiosInstance.create() with axios.create() if this configuration is needed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@index.js` around lines 22 - 27, The code assigns strava.defaultRequest =
axiosInstance.create(...), but axiosInstance (from axiosUtility.js) is an axios
instance and has no create() method, and strava.defaultRequest is unused; either
remove the entire assignment to eliminate dead code, or if you need a separate
configured axios instance replace axiosInstance.create(...) with axios.create({
baseURL: 'https://www.strava.com/api/v3/', headers: { 'User-Agent':
'node-strava-v3 v' + version } }) and keep the name strava.defaultRequest;
ensure you do not rely on axiosInstance.create anywhere else and remove the
unused export/variable if you choose deletion.

lib/gear.js (1)

20-30: ⚠️ Potential issue | 🟠 Major

Synchronous throw in non-async function breaks .catch() chaining.

gear.prototype.get is not async, so the throw on line 25 raises synchronously. A caller writing strava.gear.get({}).catch(handler) will get an uncaught exception. This is the same issue that was already fixed in lib/clubs.js, lib/routes.js, lib/segments.js, and lib/activities.js by marking methods async.

Proposed fix

-gear.prototype.get = function (args) {
+gear.prototype.get = async function (args) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/gear.js` around lines 20 - 30, The sync throw in gear.prototype.get
causes uncaught exceptions for callers expecting a Promise; make the method
async (change "gear.prototype.get = function (args) {" to "gear.prototype.get =
async function (args) {" or equivalent) so any thrown Error becomes a rejected
Promise and .catch() works, keep the existing return call to
this.client.getEndpoint(...) and preserve the DetailedGear Promise type
annotation.

🤖 Fix all issues with AI agents

Verify each finding against the current code and only fix it if needed.


In `@axiosUtility.js`:
- Around line 133-134: The updateDefaultHeaders function is merging headers into
axiosInstance.defaults.headers at the wrong level; instead of assigning directly
to the structured headers object, merge provided headers into
axiosInstance.defaults.headers.common so method-specific keys
(get/post/put/etc.) remain intact. Update the logic in updateDefaultHeaders to
Object.assign or spread into axiosInstance.defaults.headers.common (using
axiosInstance.defaults.headers.common as the target) so provided headers like
Authorization are applied idiomatically to all request methods.
- Around line 94-126: httpRequest currently always returns response.data which
drops response.headers so callers like _requestHelper that set
resolveWithFullResponse never receive headers for rate-limit updates; modify
httpRequest (the function using axiosInstance) to check
options.resolveWithFullResponse (or similar truthy flag) and, on success, return
{ headers: response.headers, body: response.data } when that flag is true,
otherwise continue returning response.data; keep existing error handling
(StatusCodeError / RequestError) unchanged so failures behave as before.

In `@index.d.ts`:
- Around line 656-667: The DetailedActivity interface currently declares laps as
required (laps: Lap[]) while other collection fields like splits_metric,
splits_standard, and best_efforts are optional; change laps to be optional
(e.g., laps?: Lap[]) so the type matches cases where the Strava API omits laps
(such as manual activities) and keeps consistency with the other optional fields
in DetailedActivity.

In `@index.js`:
- Around line 22-27: The code assigns strava.defaultRequest =
axiosInstance.create(...), but axiosInstance (from axiosUtility.js) is an axios
instance and has no create() method, and strava.defaultRequest is unused; either
remove the entire assignment to eliminate dead code, or if you need a separate
configured axios instance replace axiosInstance.create(...) with axios.create({
baseURL: 'https://www.strava.com/api/v3/', headers: { 'User-Agent':
'node-strava-v3 v' + version } }) and keep the name strava.defaultRequest;
ensure you do not rely on axiosInstance.create anywhere else and remove the
unused export/variable if you choose deletion.

In `@lib/athletes.js`:
- Around line 20-26: The synchronous throw in athletes.prototype.stats prevents
callers from catching errors via .catch; update the function to return a
rejected Promise instead of throwing (or make it async). Specifically, modify
athletes.prototype.stats so that when args.id is undefined it returns
Promise.reject(new Error('args must include an athlete id')) (or mark the
function async and throw inside) while keeping the existing endpoint
construction using this.client.getPaginationQS and the final return of
this.client.getEndpoint(endpoint, args).

In `@lib/gear.js`:
- Around line 20-30: The sync throw in gear.prototype.get causes uncaught
exceptions for callers expecting a Promise; make the method async (change
"gear.prototype.get = function (args) {" to "gear.prototype.get = async function
(args) {" or equivalent) so any thrown Error becomes a rejected Promise and
.catch() works, keep the existing return call to this.client.getEndpoint(...)
and preserve the DetailedGear Promise type annotation.

In `@lib/httpClient.js`:
- Around line 305-321: The getCursorPaginationQS function uses an explicit
undefined/null check for page_size but a truthy check for after_cursor, causing
inconsistency and excluding valid empty-string cursors; update
HttpClient.prototype.getCursorPaginationQS to set after_cursor the same way as
page_size (e.g., compute after_cursor = typeof args.after_cursor !== 'undefined'
? args.after_cursor : null and then use if (after_cursor !== null) {
qa.after_cursor = after_cursor }) so both parameters are handled consistently
(refer to function name getCursorPaginationQS and local variables page_size,
after_cursor, qa).
- Around line 363-432: The success-path rate-limit update is never called
because _requestHelper (HttpClient.prototype._requestHelper) sets
options.resolveWithFullResponse = true and expects a FullResponse shape ({
headers, body }), but the upstream httpRequest implementation in axiosUtility.js
currently returns only response.data; fix httpRequest to respect
options.resolveWithFullResponse (or similarly named flag) so it returns the full
response object (including headers) when set, allowing
rateLimiting.updateRateLimits(...) inside _requestHelper to receive headers on
successful calls; verify that resolveWithFullResponse (and any equivalent
option) is propagated through the axios wrapper and that the returned object
contains headers and body fields as expected.

In `@lib/oauth.js`:
- Around line 75-88: The oauth.getToken implementation is sending sensitive
credentials (client_secret, client_id, grant_type, code) via the options.qs
(query string); change the HTTP options to put these parameters into the POST
body instead of qs by replacing options.qs with options.data (or body) and
ensure the request Content-Type is set appropriately so httpRequest/axiosUtility
sends a form-encoded or JSON body as Strava expects; apply the same change to
the refreshToken function so refresh_token and client_secret are moved from qs
into the POST body when calling httpRequest.

In `@lib/routes.js`:
- Around line 41-51: The JSDoc for _requireRouteId is stale: it claims it throws
when args.id is "missing or not a string" but the implementation only checks for
undefined; either update the implementation to also validate type (e.g., ensure
typeof args.id === 'string') or change the JSDoc to only state it throws when
the id is missing; locate the _requireRouteId function and pick one fix (prefer
updating the JSDoc to remove "or not a string" if stricter validation was
intentionally removed) and make the text and `@throws` description consistent with
the actual behavior.

In `@lib/segmentEfforts.js`:
- Around line 20-30: The method segmentEfforts.prototype.get currently throws
synchronously when args.id is missing; change its declaration to an async
function (e.g., segmentEfforts.prototype.get = async function (args) { ... }) so
that thrown errors produce a rejected Promise callers can .catch, keep the same
validation for args.id and then return the call to
this.client.getEndpoint(endpoint, args) (preserve the existing JSDoc cast).

In `@lib/uploads.js`:
- Around line 143-156: uploads.prototype._uploadIsDone currently treats any
status other than the exact string 'Your activity is still being processed.' as
complete; update this to explicitly recognize terminal success statuses (e.g.,
'Your activity is ready.') and explicit error conditions by checking args.error
or known error status strings so transient errors are not marked as done; modify
_uploadIsDone to return false while args.error exists or status is a
non-terminal/processing value and return true only for explicit terminal success
statuses, using the function name uploads.prototype._uploadIsDone and the
properties args.status and args.error to locate the logic to change.

In `@test/pushSubscriptions.js`:
- Around line 7-16: The tests in pushSubscriptions.js leave the singleton
authenticator's configLoaded cache populated between tests; update the afterEach
block to purge that cache by calling authenticator.purge() (or delegate to the
existing testHelper.cleanupAuth() used elsewhere) so each test suite gets a
fresh auth state; locate the afterEach in pushSubscriptions.js and add the call
alongside the existing env cleanup and nock.cleanAll() to ensure isolation.

In `@tsconfig.json`:
- Around line 13-25: The tsconfig currently sets "noEmit": true while also
specifying "outDir": "dist" and "sourceMap": true which are redundant; remove
the "outDir" property and either remove "sourceMap" or set it to false in the
tsconfig so that the compiler settings are not misleading (update the JSON keys
around "noEmit", "outDir", and "sourceMap" accordingly).

🧹 Nitpick comments (6)

🤖 Fix all nitpicks with AI agents

Verify each finding against the current code and only fix it if needed.


In `@index.d.ts`:
- Around line 656-667: The DetailedActivity interface currently declares laps as
required (laps: Lap[]) while other collection fields like splits_metric,
splits_standard, and best_efforts are optional; change laps to be optional
(e.g., laps?: Lap[]) so the type matches cases where the Strava API omits laps
(such as manual activities) and keeps consistency with the other optional fields
in DetailedActivity.

In `@lib/httpClient.js`:
- Around line 305-321: The getCursorPaginationQS function uses an explicit
undefined/null check for page_size but a truthy check for after_cursor, causing
inconsistency and excluding valid empty-string cursors; update
HttpClient.prototype.getCursorPaginationQS to set after_cursor the same way as
page_size (e.g., compute after_cursor = typeof args.after_cursor !== 'undefined'
? args.after_cursor : null and then use if (after_cursor !== null) {
qa.after_cursor = after_cursor }) so both parameters are handled consistently
(refer to function name getCursorPaginationQS and local variables page_size,
after_cursor, qa).

In `@lib/oauth.js`:
- Around line 75-88: The oauth.getToken implementation is sending sensitive
credentials (client_secret, client_id, grant_type, code) via the options.qs
(query string); change the HTTP options to put these parameters into the POST
body instead of qs by replacing options.qs with options.data (or body) and
ensure the request Content-Type is set appropriately so httpRequest/axiosUtility
sends a form-encoded or JSON body as Strava expects; apply the same change to
the refreshToken function so refresh_token and client_secret are moved from qs
into the POST body when calling httpRequest.

In `@lib/uploads.js`:
- Around line 143-156: uploads.prototype._uploadIsDone currently treats any
status other than the exact string 'Your activity is still being processed.' as
complete; update this to explicitly recognize terminal success statuses (e.g.,
'Your activity is ready.') and explicit error conditions by checking args.error
or known error status strings so transient errors are not marked as done; modify
_uploadIsDone to return false while args.error exists or status is a
non-terminal/processing value and return true only for explicit terminal success
statuses, using the function name uploads.prototype._uploadIsDone and the
properties args.status and args.error to locate the logic to change.

In `@test/pushSubscriptions.js`:
- Around line 7-16: The tests in pushSubscriptions.js leave the singleton
authenticator's configLoaded cache populated between tests; update the afterEach
block to purge that cache by calling authenticator.purge() (or delegate to the
existing testHelper.cleanupAuth() used elsewhere) so each test suite gets a
fresh auth state; locate the afterEach in pushSubscriptions.js and add the call
alongside the existing env cleanup and nock.cleanAll() to ensure isolation.

In `@tsconfig.json`:
- Around line 13-25: The tsconfig currently sets "noEmit": true while also
specifying "outDir": "dist" and "sourceMap": true which are redundant; remove
the "outDir" property and either remove "sourceMap" or set it to false in the
tsconfig so that the compiler settings are not misleading (update the JSON keys
around "noEmit", "outDir", and "sourceMap" accordingly).

lib/oauth.js (1)

75-88: Credentials sent as query parameters via qs.

client_secret is sent as a query parameter (via the qs option which maps to URL params in axiosUtility). While this appears to be the existing behavior and Strava accepts it, sending secrets in query strings is generally discouraged as they can appear in server logs and proxy caches. Consider moving these to the request body in a future iteration.

♻️ Send credentials in the POST body instead of query params

   const options = {
     method: 'POST',
     url: 'https://www.strava.com/oauth/token',
-    qs: {
+    body: {
       code: authorizationCode,
       client_secret: authenticator.getClientSecret(),
       client_id: authenticator.getClientId(),
       grant_type: 'authorization_code'
     }
   }

The same change should be applied to refreshToken as well.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/oauth.js` around lines 75 - 88, The oauth.getToken implementation is
sending sensitive credentials (client_secret, client_id, grant_type, code) via
the options.qs (query string); change the HTTP options to put these parameters
into the POST body instead of qs by replacing options.qs with options.data (or
body) and ensure the request Content-Type is set appropriately so
httpRequest/axiosUtility sends a form-encoded or JSON body as Strava expects;
apply the same change to the refreshToken function so refresh_token and
client_secret are moved from qs into the POST body when calling httpRequest.

tsconfig.json (1)

13-25: outDir and sourceMap are redundant when noEmit: true is set.

Since noEmit: true prevents any output, outDir: "dist" and sourceMap: true have no effect. They're harmless but add noise.

🧹 Proposed cleanup

     // Emit
     "declaration": false,
     "declarationMap": false,
     "noEmit": true,
-    "outDir": "dist",

     // JavaScript Support
     "allowJs": true,
     "checkJs": true,

     // Language and Environment
     "target": "es2022",
-    "sourceMap": true,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tsconfig.json` around lines 13 - 25, The tsconfig currently sets "noEmit":
true while also specifying "outDir": "dist" and "sourceMap": true which are
redundant; remove the "outDir" property and either remove "sourceMap" or set it
to false in the tsconfig so that the compiler settings are not misleading
(update the JSON keys around "noEmit", "outDir", and "sourceMap" accordingly).

lib/httpClient.js (1)

305-321: Same inconsistency pattern in getCursorPaginationQS.

page_size uses an explicit null check (line 314, includes 0) while after_cursor uses a truthy check (line 316, excludes empty string ""). For a cursor string, the truthy check is likely fine in practice, but the pattern is inconsistent with page_size.

Consistency fix

-  if (after_cursor) { qa.after_cursor = after_cursor }
+  if (after_cursor !== null) { qa.after_cursor = after_cursor }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/httpClient.js` around lines 305 - 321, The getCursorPaginationQS function
uses an explicit undefined/null check for page_size but a truthy check for
after_cursor, causing inconsistency and excluding valid empty-string cursors;
update HttpClient.prototype.getCursorPaginationQS to set after_cursor the same
way as page_size (e.g., compute after_cursor = typeof args.after_cursor !==
'undefined' ? args.after_cursor : null and then use if (after_cursor !== null) {
qa.after_cursor = after_cursor }) so both parameters are handled consistently
(refer to function name getCursorPaginationQS and local variables page_size,
after_cursor, qa).

index.d.ts (1)

656-667: laps is still required while all other conditional fields are optional.

Most fields in DetailedActivity were correctly made optional per previous feedback. However, laps on Line 665 remains required. The Strava API may omit laps for certain activity types (e.g., manual activities). Consider making it optional for safety, consistent with the treatment of splits_metric, splits_standard, and best_efforts.

Suggested change

-  laps: Lap[];
+  laps?: Lap[];

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@index.d.ts` around lines 656 - 667, The DetailedActivity interface currently
declares laps as required (laps: Lap[]) while other collection fields like
splits_metric, splits_standard, and best_efforts are optional; change laps to be
optional (e.g., laps?: Lap[]) so the type matches cases where the Strava API
omits laps (such as manual activities) and keeps consistency with the other
optional fields in DetailedActivity.

test/pushSubscriptions.js (1)

7-16: Consider calling authenticator.purge() in afterEach for test isolation.

The authenticator is a singleton with a configLoaded cache. Without purging in afterEach, cached credentials persist across test suites. Other test files (e.g., test/activities.js) use testHelper.cleanupAuth() which calls purge(). Missing this here could cause test-order-dependent failures if a later suite expects fresh config loading.

Suggested fix

+const strava = require('../')
+
 describe('pushSubscriptions_test', function () {
   beforeEach(function () {
     process.env.STRAVA_CLIENT_ID = 'test-client-id'
     process.env.STRAVA_CLIENT_SECRET = 'test-client-secret'
   })
 
   afterEach(function () {
     delete process.env.STRAVA_CLIENT_ID
     delete process.env.STRAVA_CLIENT_SECRET
     nock.cleanAll()
+    // Reset authenticator cache so credentials don't leak to other suites
+    strava.config({})  // or require('../lib/authenticator').purge()
   })

Note: strava is already imported on Line 4. You could directly import the authenticator or use whichever cleanup mechanism testHelper.cleanupAuth() uses.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/pushSubscriptions.js` around lines 7 - 16, The tests in
pushSubscriptions.js leave the singleton authenticator's configLoaded cache
populated between tests; update the afterEach block to purge that cache by
calling authenticator.purge() (or delegate to the existing
testHelper.cleanupAuth() used elsewhere) so each test suite gets a fresh auth
state; locate the afterEach in pushSubscriptions.js and add the call alongside
the existing env cleanup and nock.cleanAll() to ensure isolation.

lib/uploads.js (1)

143-156: _uploadIsDone relies on an exact status string — fragile but functional.

The completion check matches only 'Your activity is still being processed.' as "not done" and treats everything else (including errors) as done. This means a transient error response from the API would also be treated as "done." Consider also checking for error states explicitly.

Possible improvement

 uploads.prototype._uploadIsDone = function (args) {
-  var isDone = false
-
-  switch (args.status) {
-    case 'Your activity is still being processed.':
-      isDone = false
-      break
-
-    default:
-      isDone = true
-  }
-
-  return isDone
+  return args.status !== 'Your activity is still being processed.'
 }

If you want to distinguish transient errors from completion, you could also check args.error or match against known terminal statuses like 'Your activity is ready.'.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/uploads.js` around lines 143 - 156, uploads.prototype._uploadIsDone
currently treats any status other than the exact string 'Your activity is still
being processed.' as complete; update this to explicitly recognize terminal
success statuses (e.g., 'Your activity is ready.') and explicit error conditions
by checking args.error or known error status strings so transient errors are not
marked as done; modify _uploadIsDone to return false while args.error exists or
status is a non-terminal/processing value and return true only for explicit
terminal success statuses, using the function name
uploads.prototype._uploadIsDone and the properties args.status and args.error to
locate the logic to change.

[wesleyschlenker]

@markstos this should be ready again, although, code rabbit wanted alot done. Sorry for the lengthy review.