Stats
Actions
Tags
From pepe-operator-craft
When integrating with services that use OAuth callbacks, handle the failure modes that aren't in the happy-path docs — state mismatch, expired authorization codes, network interruption mid-callback — and persist enough state to recover. Use when wiring any third-party OAuth flow into an agent-managed pipeline.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pepe-operator-craft:oauth-callback-resilienceThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Principle:** When you spin up a temporary local web server to receive an OAuth callback, it must survive being hit by random crawlers, probes, and redirects without dying.
Principle: When you spin up a temporary local web server to receive an OAuth callback, it must survive being hit by random crawlers, probes, and redirects without dying.
OAuth flows commonly work like this:
localhost:<port>http://localhost:<port>/callback?code=...The fragile spot is step 2-3: between starting the server and the user clicking approve, the server is publicly reachable (kind of — at least for the duration). Things that can hit it:
If your server crashes, closes early, or 500's on these probes, the actual callback never lands and the user gets stuck.
process.exit() or close on the first request. Wait for the request that actually contains a valid code parameter and the matching state value.// ❌ DON'T DO THIS
const server = http.createServer((req, res) => {
const code = url.parse(req.url).query.code
exchange(code).then(...)
res.end('done')
server.close() // first request closes the server
})
// ✅ DO THIS
const server = http.createServer((req, res) => {
const parsed = url.parse(req.url, true)
if (!parsed.query.code || parsed.query.state !== expectedState) {
res.writeHead(400)
res.end('Not the callback. Try again.')
return // don't close
}
exchange(parsed.query.code).then(...)
res.end('Success! You can close this tab.')
server.close() // close only after the real callback
})
Built X (Twitter) integration on 2026-05-05. Initial naive callback server crashed when a probe hit it before the user clicked approve, killing the entire OAuth flow. Pattern fixed in integrations/x/lib/oauth.js.
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub helmut-hoffer-von-ankershoffen/helmguild-plugins --plugin pepe-operator-craft