fix: pagination startAt offset, OAuth2 validation, raw @-body, batch verbose detection (#53-56) (#37)

## Summary
- **#53**: Validate OAuth2 required fields (`client_id`,
`client_secret`, `token_url`) during config resolution instead of
failing at runtime with confusing errors when `JR_AUTH_TYPE=oauth2` is
set via env var
- **#54**: Use JSON parsing instead of fragile string matching to detect
verbose log lines in batch results, preventing error messages containing
`"type":"request"` from being misclassified as verbose logs
- **#55**: Fix pagination `startAt` calculation to use
`firstPage.StartAt + len(allValues)` instead of just `len(allValues)`,
preventing duplicate page fetches when user specifies a non-zero
`--startAt`
- **#56**: Validate empty filename in `--body @` with a clear error
message instead of confusing "open : no such file or directory"

## Test plan
- [x] All 8 new tests pass (3 OAuth2 validation, 2 pagination, 1 batch
verbose, 1 raw @-body, 1 e2e OAuth2)
- [x] All 350+ existing tests still pass
- [x] Full e2e test suite passes (including binary build tests)

Author: sofq

cmd/batch.go

@@ -478,12 +478,15 @@ func buildBatchResult(index, exitCode int, stdoutBuf, stderrBuf *strings.Builder
 			if line == "" {
 				continue
 			}
-			// Quick heuristic: verbose logs contain "type":"request" or "type":"response"
-			if strings.Contains(line, `"type":"request"`) || strings.Contains(line, `"type":"response"`) {
-				fmt.Fprintln(os.Stderr, line)
-			} else {
-				errorLines = append(errorLines, line)
+			// Detect verbose logs by parsing JSON and checking the "type" field.
+			var parsed map[string]interface{}
+			if json.Unmarshal([]byte(line), &parsed) == nil {
+				if tp, ok := parsed["type"].(string); ok && (tp == "request" || tp == "response") {
+					fmt.Fprintln(os.Stderr, line)
+					continue
+				}
 			}
+			errorLines = append(errorLines, line)
 		}
 		stderrStr = strings.Join(errorLines, "\n")
 	}

cmd/bugfix_test.go

@@ -1723,7 +1723,14 @@ func TestResolveAcceptsValidAuthTypes(t *testing.T) {
 		Profiles: map[string]config.Profile{
 			"default": {
 				BaseURL: "https://example.com",
-				Auth:    config.AuthConfig{Type: "basic", Username: "u", Token: "t"},
+				Auth: config.AuthConfig{
+					Type:         "basic",
+					Username:     "u",
+					Token:        "t",
+					ClientID:     "cid",
+					ClientSecret: "csecret",
+					TokenURL:     "https://auth.example.com/token",
+				},
 			},
 		},
 		DefaultProfile: "default",
@@ -2070,3 +2077,161 @@ func TestOAuth2Failure_SingleError_ExitAuth(t *testing.T) {
 		t.Errorf("expected auth_error in stderr, got: %s", lines[0])
 	}
 }
+
+// --- Bug #53: OAuth2 auth type via env var should validate required fields ---
+
+func TestResolveOAuth2MissingFields(t *testing.T) {
+	dir := t.TempDir()
+	cfgPath := dir + "/config.json"
+	cfg := &config.Config{
+		Profiles: map[string]config.Profile{
+			"default": {
+				BaseURL: "https://example.com",
+				Auth:    config.AuthConfig{Type: "basic", Username: "u", Token: "t"},
+			},
+		},
+		DefaultProfile: "default",
+	}
+	if err := config.SaveTo(cfg, cfgPath); err != nil {
+		t.Fatalf("SaveTo: %v", err)
+	}
+
+	// Override auth type to oauth2 via flags (simulating env var or --auth-type).
+	flags := &config.FlagOverrides{AuthType: "oauth2"}
+	_, err := config.Resolve(cfgPath, "", flags)
+	if err == nil {
+		t.Fatal("expected error for oauth2 without required fields, got nil")
+	}
+	if !strings.Contains(err.Error(), "client_id") {
+		t.Errorf("error should mention client_id, got: %v", err)
+	}
+	if !strings.Contains(err.Error(), "client_secret") {
+		t.Errorf("error should mention client_secret, got: %v", err)
+	}
+	if !strings.Contains(err.Error(), "token_url") {
+		t.Errorf("error should mention token_url, got: %v", err)
+	}
+}
+
+func TestResolveOAuth2WithAllFieldsSucceeds(t *testing.T) {
+	dir := t.TempDir()
+	cfgPath := dir + "/config.json"
+	cfg := &config.Config{
+		Profiles: map[string]config.Profile{
+			"default": {
+				BaseURL: "https://example.com",
+				Auth: config.AuthConfig{
+					Type:         "oauth2",
+					ClientID:     "my-client",
+					ClientSecret: "my-secret",
+					TokenURL:     "https://auth.example.com/token",
+				},
+			},
+		},
+		DefaultProfile: "default",
+	}
+	if err := config.SaveTo(cfg, cfgPath); err != nil {
+		t.Fatalf("SaveTo: %v", err)
+	}
+
+	resolved, err := config.Resolve(cfgPath, "", nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if resolved.Auth.Type != "oauth2" {
+		t.Errorf("Auth.Type = %q, want oauth2", resolved.Auth.Type)
+	}
+	if resolved.Auth.ClientID != "my-client" {
+		t.Errorf("Auth.ClientID = %q, want my-client", resolved.Auth.ClientID)
+	}
+}
+
+func TestResolveOAuth2PartialFieldsMissing(t *testing.T) {
+	dir := t.TempDir()
+	cfgPath := dir + "/config.json"
+	cfg := &config.Config{
+		Profiles: map[string]config.Profile{
+			"default": {
+				BaseURL: "https://example.com",
+				Auth: config.AuthConfig{
+					Type:     "oauth2",
+					ClientID: "my-client",
+					// Missing client_secret and token_url.
+				},
+			},
+		},
+		DefaultProfile: "default",
+	}
+	if err := config.SaveTo(cfg, cfgPath); err != nil {
+		t.Fatalf("SaveTo: %v", err)
+	}
+
+	_, err := config.Resolve(cfgPath, "", nil)
+	if err == nil {
+		t.Fatal("expected error for oauth2 with missing client_secret and token_url")
+	}
+	if !strings.Contains(err.Error(), "client_secret") {
+		t.Errorf("error should mention client_secret, got: %v", err)
+	}
+	if !strings.Contains(err.Error(), "token_url") {
+		t.Errorf("error should mention token_url, got: %v", err)
+	}
+	// Should NOT mention client_id since it IS provided.
+	if strings.Contains(err.Error(), "client_id") {
+		t.Errorf("error should NOT mention client_id (it is provided), got: %v", err)
+	}
+}
+
+// --- Bug #54: Batch verbose log detection should use JSON parsing ---
+
+func TestBatchVerboseLogDetection_ErrorWithTypeField(t *testing.T) {
+	// Verify that an error message containing "type":"request" is NOT
+	// incorrectly forwarded as a verbose log line.
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusBadRequest)
+		// Error body that contains the text "type":"request" to try to trick
+		// the verbose log detection heuristic.
+		w.Write([]byte(`{"errorMessages":["invalid \"type\":\"request\" field"]}`))
+	}))
+	defer srv.Close()
+
+	var stdout, stderr bytes.Buffer
+	c := &client.Client{
+		BaseURL:    srv.URL,
+		Auth:       config.AuthConfig{Type: "basic", Username: "u", Token: "t"},
+		HTTPClient: &http.Client{},
+		Stdout:     &stdout,
+		Stderr:     &stderr,
+		Paginate:   true,
+		Verbose:    true,
+	}
+
+	ctx := client.NewContext(context.Background(), c)
+	cmd := &cobra.Command{Use: "test"}
+	cmd.SetContext(ctx)
+
+	allOps := generated.AllSchemaOps()
+	allOps = append(allOps, HandWrittenSchemaOps()...)
+	opMap := make(map[string]generated.SchemaOp, len(allOps))
+	for _, op := range allOps {
+		opMap[op.Resource+" "+op.Verb] = op
+	}
+
+	bop := BatchOp{
+		Command: "issue get",
+		Args:    map[string]string{"issueIdOrKey": "TEST-1"},
+	}
+	result := executeBatchOp(cmd, c, 0, bop, opMap)
+
+	if result.ExitCode == 0 {
+		t.Error("expected non-zero exit code for 400 error")
+	}
+	// The error result should contain the error, not have it swallowed by verbose detection.
+	if result.Error == nil {
+		t.Error("expected error in batch result, got nil")
+	}
+	errStr := string(result.Error)
+	if !strings.Contains(errStr, "errorMessages") && !strings.Contains(errStr, "validation_error") && !strings.Contains(errStr, "client_error") {
+		t.Errorf("error result should contain the API error, got: %s", errStr)
+	}
+}

cmd/raw.go

@@ -86,6 +86,14 @@ func runRaw(cmd *cobra.Command, args []string) error {
 		bodyReader = os.Stdin
 	case bodyFlag != "" && strings.HasPrefix(bodyFlag, "@"):
 		filename := bodyFlag[1:]
+		if filename == "" {
+			apiErr := &jrerrors.APIError{
+				ErrorType: "validation_error",
+				Message:   "--body @<filename> requires a filename after @",
+			}
+			apiErr.WriteJSON(os.Stderr)
+			return &errAlreadyWritten{code: jrerrors.ExitValidation}
+		}
 		f, err := os.Open(filename)
 		if err != nil {
 			apiErr := &jrerrors.APIError{

e2e_test.go

@@ -2771,3 +2771,70 @@ func TestE2E_Configure_ShortProfileFlag(t *testing.T) {
 		t.Errorf("expected 'staging' profile in config, got profiles: %v", profiles)
 	}
 }
+
+// --- Bug #56: raw --body @ (empty filename) should produce clear error ---
+
+func TestE2E_Raw_BodyAtEmptyFilename(t *testing.T) {
+	if testing.Short() {
+		t.Skip()
+	}
+	binary := buildBinary(t)
+	srv := mockJira(t)
+
+	_, stderr, exitCode := runJR(t, binary, srv, "raw", "POST", "/rest/api/3/echo", "--body", "@")
+
+	if exitCode != 4 {
+		t.Fatalf("expected exit code 4 (validation), got %d; stderr=%s", exitCode, stderr)
+	}
+
+	var errObj map[string]interface{}
+	if err := json.Unmarshal([]byte(stderr), &errObj); err != nil {
+		t.Fatalf("stderr not valid JSON: %s", stderr)
+	}
+	if errObj["error_type"] != "validation_error" {
+		t.Errorf("expected error_type=validation_error, got %v", errObj["error_type"])
+	}
+	msg, _ := errObj["message"].(string)
+	if !strings.Contains(msg, "filename") {
+		t.Errorf("error message should mention 'filename', got: %s", msg)
+	}
+}
+
+// --- Bug #53: OAuth2 without required fields should error at resolve time ---
+
+func TestE2E_OAuth2MissingFieldsError(t *testing.T) {
+	if testing.Short() {
+		t.Skip()
+	}
+	binary := buildBinary(t)
+	srv := mockJira(t)
+
+	// Run a command with oauth2 auth type but no oauth2 fields configured.
+	cmd := exec.Command(binary, "issue", "get", "--issueIdOrKey", "TEST-1")
+	cmd.Env = append(os.Environ(),
+		"JR_BASE_URL="+srv.URL,
+		"JR_AUTH_TYPE=oauth2",
+		"JR_CONFIG_PATH="+filepath.Join(t.TempDir(), "config.json"),
+	)
+
+	var outBuf, errBuf bytes.Buffer
+	cmd.Stdout = &outBuf
+	cmd.Stderr = &errBuf
+
+	err := cmd.Run()
+	if err == nil {
+		t.Fatal("expected non-zero exit for oauth2 without required fields")
+	}
+
+	var errObj map[string]interface{}
+	if jsonErr := json.Unmarshal(errBuf.Bytes(), &errObj); jsonErr != nil {
+		t.Fatalf("stderr not valid JSON: %s", errBuf.String())
+	}
+	if errObj["error_type"] != "config_error" {
+		t.Errorf("expected error_type=config_error, got %v", errObj["error_type"])
+	}
+	msg, _ := errObj["message"].(string)
+	if !strings.Contains(msg, "oauth2") || !strings.Contains(msg, "client_id") {
+		t.Errorf("error should mention oauth2 required fields, got: %s", msg)
+	}
+}

internal/client/client.go

@@ -365,8 +365,8 @@ func (c *Client) doStartAtPagination(ctx context.Context, method, path string, q
 	allValues := append([]json.RawMessage{}, firstPage.Values...)
 	lastPage := firstPage
 
-	for !c.isLastPage(lastPage, len(allValues)) && len(lastPage.Values) > 0 {
-		startAt := len(allValues)
+	for !c.isLastPage(lastPage, firstPage.StartAt+len(allValues)) && len(lastPage.Values) > 0 {
+		startAt := firstPage.StartAt + len(allValues)
 		q := url.Values{}
 		for k, v := range query {
 			q[k] = v