fix: block revoked-tag agent calls + friendly empty logs state (TC-034, TC-035)

[AbirAbbas]

Summary

Fixes two QA findings from PR #330 review:

• TC-034 (Critical/Security): The direct execute API path (prepareExecution in execute.go) did not check lifecycle_status before dispatching agent calls. Agents with revoked tags (pending_approval status) were still callable via this path, despite being correctly blocked on the reasoner and DID resolution paths. Added a lifecycle_status == pending_approval check that returns 503 Service Unavailable with agent_pending_approval error, consistent with ExecuteReasonerHandler and ExecuteSkillHandler.

• TC-035 (Low/UX): The Process Logs panel (NodeProcessLogsPanel) showed raw API error text ("node has no base_url", "404") when a newly registered agent had never executed a workflow. These expected empty-state errors now fall through to the existing friendly empty state message ("No log lines yet...") instead of rendering a destructive error alert.

Test plan

• Go control plane builds cleanly (go build ./...)
• TypeScript compiles cleanly (tsc --noEmit)
• Existing handler tests pass (go test ./internal/handlers/)
• NodeProcessLogsPanel.coverage.test.tsx passes
• Manual: revoke tags on an agent, call via /api/v1/agents/{id}/execute → expect 503
• Manual: register new agent with no workflows, open Process Logs panel → expect friendly empty state

🤖 Generated with Claude Code

[github-actions]

📊 Coverage gate

Thresholds from .coverage-gate.toml: per-surface ≥ 86%, aggregate ≥ 88%, max per-surface regression ≤ 1.0 pp, max aggregate regression ≤ 0.50 pp.

Surface	Current	Baseline	Δ
control-plane	87.30%	87.30%	→ +0.00 pp	🟡
sdk-go	90.70%	90.70%	→ +0.00 pp	🟢
sdk-python	93.63%	93.63%	↑ +0.00 pp	🟢
sdk-typescript	92.56%	92.56%	→ +0.00 pp	🟢
web-ui	90.02%	90.01%	↑ +0.01 pp	🟢
aggregate	89.02%	89.01%	↑ +0.01 pp	🟡

✅ Gate passed

No surface regressed past the allowed threshold and the aggregate stayed above the floor.

[github-actions]

📐 Patch coverage gate

Threshold: 80% on lines this PR touches vs origin/main (from .coverage-gate.toml:thresholds.min_patch).

Surface	Touched lines	Patch coverage	Status
control-plane	21	100.00%	✅
sdk-go	0	—	➖ no changes
sdk-python	0	—	➖ no changes
sdk-typescript	0	—	➖ no changes
web-ui	29	100.00%	✅

✅ Patch gate passed

Every surface whose lines were touched by this PR has patch coverage at or above the threshold.

[santoshkumarradha]

Follow-up — sibling bypass filed as #374

During the deep review of this PR I flagged a pre-existing sibling bypass at the serverless re-registration path: RegisterServerlessAgentHandler (control-plane/internal/handlers/nodes.go:1410-1445) unconditionally sets LifecycleStatus: AgentStatusReady and calls storageProvider.RegisterAgent directly, bypassing the admin-revocation preservation logic used by the standard registration path at nodes.go:540-556.

Impact: an admin-revoked serverless agent (lifecycle pending_approval, ApprovedTags cleared) can clear its own revocation by calling POST /api/v1/nodes/register-serverless again. This PR closes the call-time gap (TC-034) — #374 is needed to close the registration-time gap so the revocation mechanism can't be trivially reset.

Same threat surface as TC-034, same severity classification. Tracking separately to keep this PR focused on TC-034 / TC-035. Fix PR to follow shortly and will be linked here.

cc @AbirAbbas

[santoshkumarradha]

Fix for #374 opened as #375 — independent PR against main, doesn't block this one. cc @AbirAbbas

[santoshkumarradha]

Deep review completed. Verified TC-034 and TC-035 fixes with independent cross-cutting audit.

Fixes validated:

• execute.go:1045 pending_approval guard placed before any execution-record creation, webhook registration, or target-type resolution — no early side-effects for blocked calls.
• selectVersionedAgent (execute.go:~1555) already filters out pending_approval in both the healthy path and the fallback path — no version-rotation bypass.
• status_manager.go correctly refuses to transition pending_approval agents back to online via heartbeat/health-check alone.
• Re-registration path in nodes.go:915-990 correctly preserves admin-revoked pending_approval on re-register.

Additional fixes applied during review (follow-up commits on this branch):

1. Response-shape contract (blocker caught by review): the original fix returned {"error": "<human text>", "error_category": "agent_error"}, breaking the stable contract used by reasoners.go / skills.go / permission middleware, which return {"error": "agent_pending_approval", "message": "..."}. Any client pattern-matching on error == "agent_pending_approval" would silently regress on /execute. Fixed by adding an optional errorCode field to executionPreconditionError and promoting it to the top-level error field in writeExecutionError when set. Backward-compatible for other precondition errors.

2. Patch coverage gap (0% on execute.go:1045-1051): added a direct prepareExecution test asserting the error object (status, category, code, message), the wire-level JSON contract via writeExecutionError, and that no execution record is persisted before the guard fires. Also updated TestExecuteHandler_PendingApprovalAgent to assert the new contract.

3. Brittle regex in Process Logs panel (the original TC-035 fix used /no base_url|404/i on e.message): replaced with a typed NodeLogsError class in services/api.ts carrying .status and .code (parsed from the response body's stable error field). NodeProcessLogsPanel now branches on e instanceof NodeLogsError && (status === 404 || code === "agent_unreachable") — robust to backend phrasing changes and matches the actual backend contract at control-plane/internal/handlers/ui/node_logs.go:49. Dev-mode console.debug preserved so devtools still surface swallowed empty states. Added two panel coverage tests (404 empty state, agent_unreachable empty state) and fixed the existing NodeProcessLogsPanel.test.tsx mock to export NodeLogsError so its instanceof check works.

Adjacent concerns flagged during review but explicitly OUT OF SCOPE for this PR (should be separate follow-ups):

• RegisterServerlessAgentHandler stamps newNode.LifecycleStatus = ready directly and calls RegisterAgent without going through the pending_approval preservation logic. A revoked serverless agent may be able to re-register out of pending_approval. This is a separate security gap, not introduced or addressed by this PR.
• asyncExecutionJob.process() has no re-check before invoking — currently safe because prepareExecution runs synchronously before enqueue, but worth a defensive re-check if the queue ever persists across server restarts.

All CI checks green. LGTM ✓