This document captures the full debugging process of resolving authentication and onboarding failures in a multi-service web application.
The investigation involved tracing errors across frontend, backend, OAuth configuration, session handling, and proxy layers.
- Frontend (UI): SvelteKit – http://localhost:5173
- Execution Service (Auth/API): http://localhost:3001 (expected) / 3100 (actual)
- Akasa Server: http://localhost:3100
- Database: PostgreSQL (Docker)
- Authentication: Google OAuth (BetterAuth)
- Proxy Layer: UI routes forwarding
/api/*
git clone <repo>
cd claw-army
pnpm install
pnpm dev
- Application started but errors appeared during authentication.
docker exec -it claw-army-postgres-1 apt-get update
exec: "apt-get": executable file not found in $PATH
- Container is Alpine-based (no apt-get)
- Skipped manual installation
- Used existing container setup
pnpm --filter @claw/db migrate
[✓] migrations applied successfully!
WEBHOOK_URL_SECRET must be set
openssl rand -hex 32
Add to .env:
WEBHOOK_URL_SECRET=<generated_value>
Could not reach backend
- UI proxy pointing to wrong port:
- Expected: 3001
- Actual backend: 3100
EXECUTION_SERVICE_URL=http://localhost:3100
Error 400: redirect_uri_mismatch
- Missing PUBLIC_URL
- Incorrect env variable names
Add:
PUBLIC_URL=http://localhost:5173
Update auth config:
clientId = process.env.GOOGLE_CLIENT_ID || process.env.AUTH_GOOGLE_ID
clientSecret = process.env.GOOGLE_CLIENT_SECRET || process.env.AUTH_GOOGLE_SECRET
EADDRINUSE: address already in use 3001
lsof -ti:3001 | xargs -r kill -9
curl http://localhost:3001/health
curl http://localhost:3001/auth/get-session
{"status":"ok"}
null
- Backend running
- Session not being created
- Login success
- No cookies stored
- User not authenticated
- Proxy not forwarding
Set-Cookieheaders
- Extract raw headers
- Append cookies manually in response
Internal Server Error
- UI receives session
- Backend does not recognize session
- API failures breaking page
- Session structure mismatch
- API routes not resilient
- Missing host header in auth routes
- Fixed port configuration
- Standardized environment variables
- Added PUBLIC_URL
- Implemented cookie forwarding
- Improved session parsing logic
- Added error handling for APIs
- Fixed auth URL construction
curl -I http://localhost:5173/
curl -I http://localhost:3001/auth/get-session
curl -s http://localhost:5173/onboarding/__data.json
- OAuth works
- Cookies stored
- Onboarding loads successfully
- ✅ Authentication working
- ✅ Session persistence fixed
- ✅ Backend communication restored
- ✅ Onboarding flow operational
⚠️ Some features still incomplete (chat, integrations)
- Environment variables must be consistent across services
- OAuth depends heavily on correct redirect URLs
- Cookie forwarding is critical in proxy setups
- Microservice misconfigurations create cascading failures
- Debugging requires structured step-by-step validation
pnpm install
pnpm dev
pnpm --filter @claw/db migrate
openssl rand -hex 32
lsof -ti:3001 | xargs kill -9
curl http://localhost:3001/health
curl http://localhost:3001/auth/get-session
- Debugging distributed systems
- API & proxy troubleshooting
- Authentication flow analysis
- Session & cookie management
- Root cause analysis
- AI-assisted debugging workflow
Core authentication and onboarding issues successfully resolved