refactor(server): standardize tool error handling and status code mapping#2402
refactor(server): standardize tool error handling and status code mapping#2402duwenxin99 merged 15 commits intomainfrom
Conversation
Summary of ChangesHello @duwenxin99, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly refactors the server's error handling logic, particularly for tool invocation and authentication-related issues. By introducing a new error hierarchy, the changes aim to standardize how errors are categorized and how corresponding HTTP status codes are determined and returned to clients. This improves the clarity and consistency of error responses across the server. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors error handling to use a standardized, typed-error approach, which is a great improvement over string-based error checks. However, the implementation has introduced several critical and high-severity bugs. Specifically, there's an incorrect usage of errors.Is that will break authentication error checks, and multiple places where authorization checks are bypassed because of missing return statements. Additionally, error handling logic for tool.Invoke is incomplete, failing to handle errors that are not of the new custom ToolboxError type. These issues need to be addressed to ensure the server behaves correctly.
|
Might want to merge this into a branch first instead of main if the tests will fail before refactoring other parts of Toolbox? Seems like the err branch is merging into main, and once that is merged, this PR will be updated to merge into main. |
@Yuan325 I'm going to merge this refactor PR into this branch first: #2403 |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request refactors and standardizes error handling across the server by introducing custom error types (AgentError, ClientServerError), aiming for improved maintainability and correctness. However, a critical security concern has been identified: the refactoring introduces a consistent pattern of exposing detailed internal error messages to the client for internal server errors (HTTP 500). This information exposure could be exploited by attackers to gain insights into the application's internal workings. Additionally, there are a few minor issues related to error message formatting and a potentially unhandled error.
duwenxin99
added
the
release candidate
- Use a generic `util.ProcessGcpError` for GCP tools - Use a generic `util.ProcessGeneralError` for all other tools. Error categorization in Invoke(): - Query errors default to AgentError. - Missing/malformed parameters are AgentError. - config, ctx, logger, source fetching errors are ClientServerError.
3 participants
util.ErrUnauthorizedwith the new Toolbox error type.