fix: make more robust

Author: btiernay

.github/workflows/link-check.yml

@@ -1,94 +1,92 @@
+# .github/workflows/link-check.yml
 name: Link Checker
 
 # Runs Lychee (link checker) on Markdown / MDX docs.
-# Lychee repo: https://github.com/lycheeverse/lychee
-# GitHub Action: https://github.com/lycheeverse/lychee-action
-# Config reference: https://github.com/lycheeverse/lychee#configuration
 #
 # What this workflow does:
-# - Triggers on pushes to main, pull requests, and manual workflow dispatch
-# - Scans all *.md and *.mdx files for broken links
-# - Uses .lycheeignore in the repo root to ignore known noisy URLs
-# - Accepts 302 redirects as valid (common for auth-required pages)
-# - Currently warns on failures to allow tuning before enforcing
-#
-# Manual trigger:
-# - Go to Actions tab → Select "Link Checker" → Click "Run workflow"
-# - Specify custom base URL (e.g., Mintlify preview deployment)
-#
-# To make blocking: Remove the final "Warn on failures" step
+# - Triggers on:
+#   - pushes to main
+#   - all pull requests
+#   - manual runs via "Run workflow"
+# - Scans auth4genai/*.md(x) for broken HTTPS links
+# - Respects .lycheeignore in the repo root
+# - Accepts 302 redirects and 429 rate limits as valid
+# - Currently warns on failures instead of failing CI
 
 on:
   push:
     branches:
-      - main
+    - main
   pull_request:
-  workflow_dispatch:
-    inputs:
-      base_url:
-        description: 'Base URL for resolving absolute paths (e.g., https://auth0.com or https://your-preview.mintlify.app)'
-        required: false
-        default: 'https://auth0.com'
-        type: string
+  workflow_dispatch: {}
 
 jobs:
   link-check:
-    name: Check external links
+    name: Check external links in auth4genai docs
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      # If your docs are generated (Next.js / Docusaurus / etc), you can build them here
-      # and point Lychee at the output instead. Examples in the action docs:
-      # https://github.com/lycheeverse/lychee-action#usage
-      # - name: Build docs
-      #   run: |
-      #     npm ci
-      #     npm run docs:build
+    # Fetch repository contents so Lychee can scan Markdown / MDX files
+    - name: Checkout repo
+      uses: actions/checkout@v4
 
-      # TODO: Re-enable main docs checking later
-      # - name: Check main docs links
-      #   id: lychee-main
-      #   uses: lycheeverse/lychee-action@v2
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #   with:
-      #     args: >
-      #       --verbose
-      #       --no-progress
-      #       --base-url ${{ inputs.base_url || 'https://auth0.com' }}
-      #       --accept 200..=299,302,429
-      #       --exclude-path '../LICENSE'
-      #       main/**/*.md
-      #       main/**/*.mdx
+    # Run Lychee on the Auth0 for AI Agents Mintlify content
+    #
+    # Notes on args:
+    # - --scheme https
+    #     Only check HTTPS links. Other schemes (mailto:, file:, etc) are skipped.
+    # - --accept 200..=299,302,429
+    #     Treat 2xx, 302, and 429 as success. 302 is common for docs redirects,
+    #     429 is rate limiting that we do not want to treat as "broken".
+    # - --exclude-path '.vale'
+    #     Skip the .vale directory used for prose linting.
+    # - auth4genai/**/*.md / .mdx
+    #     Scope to the Mintlify site for Auth0 for AI Agents.
+    #
+    # Internal routing, API-only endpoints, and other noisy URLs are
+    # filtered via .lycheeignore in the repo root.
+    - name: Run Lychee on auth4genai docs
+      id: lychee-auth4genai
+      uses: lycheeverse/lychee-action@v2
+      env:
+        # Used by Lychee for authenticated GitHub requests to reduce rate limiting.
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        args: >
+          --verbose
+          --no-progress
+          --scheme https
+          --accept 200..=299,302,429
+          --exclude-path '.vale'
+          auth4genai/**/*.md
+          auth4genai/**/*.mdx
 
-      - name: Check auth4genai docs links
-        id: lychee-auth4genai
-        uses: lycheeverse/lychee-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: >
-            --verbose
-            --no-progress
-            --base-url https://auth0.com/ai/docs
-            --remap 'https://auth0.com/(?!docs/|ai/) https://auth0.com/ai/docs/'
-            --accept 200..=299,302,429
-            --exclude-path '.vale'
-            auth4genai/**/*.md
-            auth4genai/**/*.mdx
-          # Auth4GenAI docs: Remap auth0.com/* paths to auth0.com/ai/docs/*
-          # (except paths already starting with /docs/ or /ai/)
-          # Accept 429 to handle rate limiting on auth0.com
+    # Optional: example of how you might later add main docs checking.
+    # Uncomment and adjust when you want to bring main/ back into scope.
+    #
+    # - name: Run Lychee on main docs
+    #   id: lychee-main
+    #   uses: lycheeverse/lychee-action@v2
+    #   env:
+    #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    #   with:
+    #     args: >
+    #       --verbose
+    #       --no-progress
+    #       --scheme https
+    #       --accept 200..=299,302,429
+    #       main/**/*.md
+    #       main/**/*.mdx
 
-      # For now this only warns so it does not block merges while you tune ignores.
-      # Once the noise is under control, delete this step so Lychee failures break CI.
-      - name: Warn on failures instead of failing CI
-        if: steps.lychee-auth4genai.outputs.exit_code != 0
-        run: |
-          echo "Lychee found broken links."
-          echo "Auth4GenAI docs exit code: ${{ steps.lychee-auth4genai.outputs.exit_code }}"
-          echo "Check the Lychee step logs above for details."
-          exit 0
+    # For now, only warn on failures so you can tune .lycheeignore and fix
+    # obvious issues without blocking merges.
+    #
+    # Once you are happy with the signal/noise ratio, delete this step so that
+    # Lychee's non-zero exit code will fail the job.
+    - name: Warn on failures instead of failing CI
+      if: steps.lychee-auth4genai.outputs.exit_code != 0
+      run: |
+        echo "Lychee found broken links in auth4genai docs."
+        echo "Auth4GenAI docs exit code: ${{ steps.lychee-auth4genai.outputs.exit_code }}"
+        echo "Check the Lychee step logs above for details."
+        exit 0

.lycheeignore

@@ -1,56 +1,100 @@
+# .lycheeignore
+
 # Global ignores for Lychee link checker
 # Docs: https://github.com/lycheeverse/lychee#ignoring-links
-
-# All npmjs links (these often 403 or block bots, which is noisy in CI)
+#
+# Philosophy:
+# - Only ignore URLs that are inherently uncheckable (require auth, localhost, API-only)
+#   or consistently noisy (bot blocking, weird 4xx).
+# - Do NOT blanket-ignore normal public docs sites so we can still catch real regressions.
+
+#
+# Mintlify internal routes and static assets (root-relative paths)
+# These only become real URLs after Mintlify builds the site.
+# Examples:
+#   /intro/user-authentication
+#   /how-tos/check-google-calendar-availability
+#   /img/intro/universal_login.png
+#
+^/
+
+#
+# Third-party sites that aggressively block or rate-limit bots
+#
+
+# All npmjs links (often 403 / bot-blocking)
 ^https?://(www\.)?npmjs\.com/.*
 
-# Auth0 Dashboard and Manage (require authentication, rate limited)
+# LinkedIn (often 999 / 403 to automated clients)
+^https?://(www\.)?linkedin\.com/
+
+# Cloudflare support (bot-blocking)
+^https://support\.cloudflare\.com/
+
+#
+# Auth0 properties that require authentication or are internal
+#
+
+# Auth0 Dashboard and Manage (requires interactive login)
 ^https://manage\.auth0\.com/
 
-# Auth0 Support site (returns 302, requires auth for some pages)
+# Auth0 Support (some pages gated / 302 to login)
 ^https://support\.auth0\.com/
 
-# Auth0 Community forum (rate limited, returns 404 for old posts)
+# Auth0 Community (older posts can 404; rate-limited)
 ^https://community\.auth0\.com/
 
-# LinkedIn (often returns 999 or 403 to automated checkers)
-^https?://(www\.)?linkedin\.com/
-
-# Atlassian/Confluence internal wiki (requires authentication)
-^https://oktawiki\.atlassian\.net/
+# Test/example URLs in component demos
+^https://auth0\.com/bar
 
-# Cloudflare support (blocks bots with 403)
-^https://support\.cloudflare\.com/
+#
+# Internal / company-only resources
+#
 
-# GitHub (rate limits aggressively without token)
-# Note: If you have GITHUB_TOKEN set, you can remove this exclusion
-^https://github\.com/
-^https://www\.github\.com/
+# Internal Oktawiki (requires Okta auth)
+^https://oktawiki\.atlassian\.net/
 
 # FGA Dashboard (requires authentication)
 ^https://dashboard\.fga\.dev/
 
-# OpenAI Platform (requires authentication, blocks bots)
+#
+# API-only / non-browsable endpoints
+#
+
+# OpenAI Platform (requires login / bot protection)
 ^https://platform\.openai\.com/
 
-# Google Cloud Console (requires authentication)
+# Google Cloud Console & APIs dashboard (requires login)
 ^https://console\.cloud\.google\.com/
 ^https://console\.developers\.google\.com/
 
-# Microsoft Graph API endpoints (not browsable URLs)
+# Microsoft Graph API endpoints (not meant for direct browser navigation)
 ^https://graph\.microsoft\.com/
 
-# Snapchat auth endpoints (not browsable URLs)
+# Snapchat auth endpoints (API-only)
 ^https://auth\.snapchat\.com/
 
-# Test/example URLs in component demos
-^https://auth0\.com/bar
+#
+# GitHub noise control
+#
+# With GITHUB_TOKEN set in the workflow, GitHub links are usually fine.
+# If they ever become noisy, uncomment these to silence them.
+# ^https://github\.com/
+# ^https://www\.github\.com/
 
-# Invalid/malformed URLs in docs
-^https://sdk\.vercel\./
-^http://next\.js/
+#
+# Local dev and fake example hosts
+#
 
-# Local dev and example hosts from docs (don't check when not running)
+# Localhost variants – never valid in CI
 ^http://localhost(:\d+)?/
 ^https?://localhost(:\d+)?/
+
+# Example API host used in docs
 ^http://acme-api/
+
+#
+# Known broken URLs that should be fixed in the docs (do NOT ignore)
+# These are listed here as reminders only. They are intentionally
+# commented out so Lychee still fails on them until content is fixed.
+#

auth4genai/README.md

@@ -80,83 +80,18 @@ We use [Vale](https://vale.sh/) to keep terminology and brand usage consistent a
 
 We use [Lychee](https://lychee.cli.rs/) to check for broken links in the documentation.
 
-### Automated Checks
+Lychee runs in CI on pull requests and on pushes to `main`. It checks external HTTPS links only and uses `.lycheeignore` to exclude URLs that require authentication, block automated traffic, or represent API endpoints. Internal Mintlify routes (for example `/intro/...`, `/mcp/...`, `/img/...`) are not checked by Lychee because the Mintlify CLI already validates routing during `mint dev`.
 
-The link checker runs automatically on:
-- **Pull requests** - Checks all links against production (`https://auth0.com`)
-- **Pushes to main** - Validates links in production documentation
-
-### Manual Checks
-
-You can manually trigger the link checker workflow with a custom base URL:
-
-1. Go to **Actions** tab in GitHub
-2. Select **"Link Checker"** workflow
-3. Click **"Run workflow"**
-4. Enter your base URL:
-   - Production: `https://auth0.com` (default)
-   - Mintlify preview: `https://your-branch-name.mintlify.app`
-
-### Local Link Checking
-
-To check links locally while developing:
-
-#### Installation
-
-```bash
-# macOS
-brew install lychee
-
-# Linux (various options)
-# See https://lychee.cli.rs/#installation for other platforms
-```
-
-#### Check MCP Documentation Locally
-
-From the `auth4genai/` directory with `mint dev` running:
+Local usage of Lychee is optional. If you want to test external links manually, you can run:
 
 ```bash
-BASE_URL="http://localhost:3001"
-lychee -q --format detailed \
-  --base-url "$BASE_URL" \
-  --exclude "^${BASE_URL}/" \
-  --exclude "^http://localhost:" \
-  --exclude "^https://auth0\.com/bar$" \
-  --exclude "^https://sdk\.vercel\./" \
-  --exclude "^http://next\.js/" \
-  --exclude "^https://graph\.microsoft\.com/" \
-  --exclude "^https://auth\.snapchat\.com/" \
-  --exclude "^https://www\.npmjs\.com/" \
-  --include "^${BASE_URL}/mcp/" \
-  --accept 200..=299,302 \
-  --timeout 5 \
-  **/*.md **/*.mdx
+lychee --scheme https --format detailed --base-url https://auth0.com auth4genai/**/*.mdx auth4genai/**/*.md
 ```
 
-**What this does:**
-- Checks all MCP documentation links (`/mcp/*`) against your local dev server
-- Excludes other localhost paths (not running locally)
-- Accepts 302 redirects as valid (common for auth-required pages)
-- Shows only errors in detailed format
-
-**Adjust the port** if your `mint dev` is running on a different port (default is 3000, but may vary).
-
-#### Check All Documentation Against Production
-
-From the `auth4genai/` directory:
+To validate against a Mintlify preview deployment, substitute the base URL:
 
 ```bash
-lychee -q --format detailed --base-url https://auth0.com **/*.md **/*.mdx
+lychee --scheme https --format detailed --base-url https://your-branch-name.mintlify.app auth4genai/**/*.mdx auth4genai/**/*.md
 ```
 
-This checks all links against production, useful for validating external links without running a local server.
-
-### Ignoring Links
-
-The `.lycheeignore` file (in repository root) contains patterns for links that should be excluded from checking:
-- Authentication-required URLs (dashboards, management consoles)
-- Rate-limited services
-- Local development URLs
-- Known bot-blocking sites
-
-Edit `.lycheeignore` to add new exclusion patterns as needed.
+All ignore rules for uncheckable URLs live in `.lycheeignore` in the repository root. If a link is consistently uncheckable, add a pattern there rather than passing flags on the command line.

auth4genai/how-tos/analyze-strava-activities.mdx

@@ -4,7 +4,7 @@ description: Learn how to use Auth0 for AI Agents SDKs to analyze Strava activit
 mode: "wide"
 ---
 
-Use the [Vercel AI SDK](https://sdk.vercel./introduction), OpenAI GPT-4, and the Auth0 Next.js SDK to analyze user fitness activity from Strava.
+Use the [Vercel AI SDK](https://ai-sdk.dev/docs/introduction), OpenAI GPT-4, and the Auth0 Next.js SDK to analyze user fitness activity from Strava.
 
 <Card title="Prerequisites">
 Before using this example, make sure you: