Skip to content

[Amber] Fix: Refresh token MCP tool silently swallows auth failures and reports success#1049

Merged
jeremyeder merged 1 commit intomainfrom
amber/issue-1043-refresh-token-mcp-tool-silently-swallows-auth-fail
Mar 26, 2026
Merged

[Amber] Fix: Refresh token MCP tool silently swallows auth failures and reports success#1049
jeremyeder merged 1 commit intomainfrom
amber/issue-1043-refresh-token-mcp-tool-silently-swallows-auth-fail

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Mar 26, 2026

Automated Fix by Amber Agent

This PR addresses issue #1043 using the Amber background agent.

Changes Summary

  • Action Type: auto-fix
  • Commit: 4427e7b
  • Triggered by: Issue label/command

Pre-merge Checklist

  • All linters pass
  • All tests pass
  • Changes follow project conventions (CLAUDE.md)
  • No scope creep beyond issue description

Reviewer Notes

This PR was automatically generated. Please review:

  1. Code quality and adherence to standards
  2. Test coverage for changes
  3. No unintended side effects

🤖 Generated with Amber Background Agent

Closes #1043

@claude
fix(runner): propagate auth failures from refresh_credentials MCP tool
4427e7b 
`_fetch_credential` was swallowing 401/403 responses and returning an
empty dict, causing `populate_runtime_credentials` to always succeed and
the MCP tool to report "Credentials refreshed successfully" even when
the backend rejected authentication.

Now `_fetch_credential` raises `PermissionError` on 401/403 when all
token attempts are exhausted. `populate_runtime_credentials` collects
these and re-raises so the tool correctly returns `isError: True` with
the auth failure message.

Fixes #1043

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added amber-generated PR created by Amber background agent auto-fix labels Mar 26, 2026
@github-actions github-actions bot mentioned this pull request Mar 26, 2026
Closed
@ambient-code ambient-code bot added this to the Review Queue milestone Mar 26, 2026
@jeremyeder
Copy link
Copy Markdown
Contributor

jeremyeder commented Mar 26, 2026

lgtm

jeremyeder
jeremyeder approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jeremyeder jeremyeder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review: clean fix for issue #1043. The changes correctly propagate auth failures (401/403) as PermissionError instead of silently returning empty strings, surface the error message to the MCP tool response with isError=True, and aggregate auth failures across providers in populate_runtime_credentials. Tests are comprehensive. LGTM.

@jeremyeder jeremyeder merged commit 52bcd7e into main Mar 26, 2026
6 checks passed
@jeremyeder jeremyeder deleted the amber/issue-1043-refresh-token-mcp-tool-silently-swallows-auth-fail branch March 26, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeremyeder jeremyeder jeremyeder approved these changes

Assignees

No one assigned

Labels

amber-generated PR created by Amber background agent auto-fix

Projects

None yet

Milestone

Review Queue

Development

Successfully merging this pull request may close these issues.

Refresh token MCP tool silently swallows auth failures and reports success

1 participant

@jeremyeder