fix: harden structured auth MCP errors against reviewer findings (#699)
Address PR #701 request-changes-class defects: 1. Fixed messages only — never embed HTTP bodies, Keychain, or exception text in tool results or daemon logs; sanitization fails closed. 2. Narrow Tool.run boundary wraps original success path; re-raises UrlElicitationRequiredError; install is idempotent. 3. No RuntimeError substring heuristics; only typed client failures are classified as auth/authz/network/config. 4. Central classify_http_status — every HTTP 403 is GiteaAuthzError. Regressions cover adversarial secrets, stdio survival, elicitation, parser RuntimeError, generic 403, repeated install, profiles, provenance. Closes #699
This commit is contained in:
+2
-5
@@ -1814,14 +1814,11 @@ def _auth(host: str) -> str:
|
||||
Missing credentials are a configuration failure, not a silent internal
|
||||
crash. Typed as :class:`gitea_auth.GiteaConfigError` so the tool-error
|
||||
boundary (#699) maps them to a structured isError result without EOF.
|
||||
The exception message is a fixed constant (no host/token material).
|
||||
"""
|
||||
header = get_auth_header(host)
|
||||
if header is None:
|
||||
raise GiteaConfigError(
|
||||
f"No credentials for {host}. "
|
||||
"Ensure you've logged in via HTTPS at least once.",
|
||||
reason_code="config_error",
|
||||
)
|
||||
raise GiteaConfigError(reason_code="config_error")
|
||||
return header
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user