fix: map Gitea auth failures to structured MCP tool errors (Closes #699) #701
Open
jcwalker3
wants to merge 2 commits from
fix/issue-699-structured-auth-mcp-errors into master
pull from: fix/issue-699-structured-auth-mcp-errors
merge into: :master
:master
:fix/issue-709-decision-lock-cross-profile
:fix/issue-695-native-transport-quarantine
:fix/issue-698-report-validator-schema
:fix/issue-702-stale-binding-lease-recovery
:fix/issue-699-structured-auth-mcp-errors
:fix/issue-695-native-quarantine-v2
:fix/issue-693-review-decision-lock-recovery
:fix/issue-691-obsolete-reviewer-lease-cleanup
:feat/issue-687-reconciler-branch-delete
:fix/issue-683-workflow-guard-hardening
:chore/issue-681-preserve-review-session-wip
:feat/issue-604-anti-stomp-preflight
:feat/issue-606-sentry-observability
:fix/issue-671-block-stable-branch-push
:fix/issue-675-residual-preflight-remediation
:fix/issue-673-remediate-regressions-part2
:fix/issue-673-remediate-regressions
:feat/issue-603-lifecycle-labels
:fix/issue-627-set-issue-labels-pagination
:feat/issue-601-first-class-leases
:feat/issue-612-incident-bridge
:feat/issue-600-controller-allocator-api
:fix/issue-620-head-scoped-review-locks
:feat/issue-613-allocator-db-substrate
:docs/mcp-stable-control-runtime-policy
:feat/issue-609-prepared-review-verdict-resume
:feat/issue-610-live-remote-parity
:feat/issue-503-reviewer-active-worktree
:feat/issue-470-preflight-contract
:feat/issue-440-lock-recovery
:feat/issue-440-branch-recovery
:feat/issue-458-queue-fail-closed-copy
:feat/issue-400-early-duplicate-work-gate
:feat/issue-308-reconcile-inventory-pagination
:feat/issue-308-reconcile-pagination-proof
:docs/issue-261-agent-temp-artifact-cleanup
:feat/issue-262-map-commit-files
:fix/infra-stop-conflict-marker-false-positive
:feat/issue-139-role-aware-task-routing
:feat/issue-188-continuation-selection-wall
:feat/issue-189-continuation-mode-proofs
:feat/issue-232-refresh-wiki-proof-heads
:feat/issue-210-block-workspace-edits
:feat/issue-204-exact-issue-lock
:docs/issue-80-label-taxonomy
:docs/issue-79-safety-boundary-updates
2
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
6b675f5c83 |
fix: harden structured auth MCP errors against reviewer findings (#699)
Address PR #701 request-changes-class defects: 1. Fixed messages only — never embed HTTP bodies, Keychain, or exception text in tool results or daemon logs; sanitization fails closed. 2. Narrow Tool.run boundary wraps original success path; re-raises UrlElicitationRequiredError; install is idempotent. 3. No RuntimeError substring heuristics; only typed client failures are classified as auth/authz/network/config. 4. Central classify_http_status — every HTTP 403 is GiteaAuthzError. Regressions cover adversarial secrets, stdio survival, elicitation, parser RuntimeError, generic 403, repeated install, profiles, provenance. Closes #699 |
||
|
|
b4d0cb22e4 |
fix: map Gitea auth failures to structured MCP tool errors (Closes #699)
HTTP 401/scope-403/network failures become typed client errors with stable reason codes. The FastMCP Tool.run boundary returns CallToolResult isError payloads so stdio transport survives; daemon logs use sanitized reason codes only. Regression tests cover author/reconciler profiles, transport survival, and non-misclassification of unexpected exceptions. Cross-links: #685, #695, #697, #698, PR #696 (scopes not absorbed). |