fix: propagate 403 from multi-region fan-out instead of returning empty list (CLI-89)

[BYK]

Follow-up to PR #498

Addresses two missed review comments:

• Sentry Bot (CRITICAL): The enriched 403 error is silently caught in the multi-region fan-out
• Cursor Bugbot: filter(Boolean) removes blank line separator (already fixed in PR fix: enrich 403 on org listing with token scope guidance (CLI-89) #498's second commit)

Also fixes the low patch coverage (~35%) from PR #498 by adding 3 tests.

Problem

PR #498 added helpful token-scope guidance to 403 errors from listOrganizationsInRegion. But listOrganizationsUncached wraps the region calls in try { ... } catch { return []; }, silently swallowing the enriched error. On SaaS (multi-region), users with a token lacking org:read scope would get an empty org list instead of the guidance message.

Fix

Changed the multi-region fan-out from Promise.all + try/catch to Promise.allSettled with explicit error tracking:

• Transient failures (network, 5xx): still swallowed per-region — one region's outage shouldn't block others
• 403 errors: tracked; if all regions fail with 403, the enriched error is re-thrown so users see the scope guidance
• Partial success (some regions 403, others OK): returns available orgs from successful regions

Tests Added

Test	What it covers
enriches 403 error with token scope guidance	listOrganizationsInRegion adds org:read hint to 403 errors
propagates 403 error when all regions return 403	Fan-out re-throws enriched 403 when no region succeeds
returns partial results when some regions return 403	Fan-out returns orgs from healthy regions, swallows per-region 403

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• (telemetry) Track TTY vs non-TTY invocations via metric by betegon in #482
• Dynamic cache-backed shell completions with fuzzy matching by BYK in #465

Bug Fixes 🐛

• (help) Hide ASCII banner when stdout is not a TTY by betegon in #501
• (json) Flatten view command JSON output for --fields filtering by BYK in #495
• (polling) Throw TimeoutError instead of bare Error on timeout by BYK in #503
• (project) Fallback to org listing when bare slug matches an organization by betegon in #475

• Propagate 403 from multi-region fan-out instead of returning empty list (CLI-89) by BYK in #507

• Lowercase project slug in URL-parsed issue short IDs (CLI-C8 follow-up) by BYK in #506
• Handle EIO stream errors gracefully in bin.ts by BYK in #505
• Use fuzzyMatch for similar project suggestions and add tests (CLI-C0) by BYK in #504
• Use resolved org in numeric issue ID 404 hint (CLI-BT) by BYK in #502
• Include API endpoint in error messages for better diagnostics (CLI-BS) by BYK in #500
• Enrich 403 on org listing with token scope guidance (CLI-89) by BYK in #498
• Add 400 suggestions to org-all issue list path (CLI-BY) by BYK in #497
• Lowercase project slug in issue arg parsing (CLI-C8) by BYK in #496
• Enrich short ID 404 with org context and suggestions (CLI-A1) by BYK in #494
• Suggest similar projects when project not found in org (CLI-C0) by BYK in #493
• Event 404 hint should suggest different project, not repeat failing command by BYK in #492
• Enrich event 404 errors with retention and format suggestions (CLI-6F) by BYK in #491
• Add actionable suggestions for 400 Bad Request on issue list (CLI-BM, CLI-7B) by BYK in #489
• Detect issue short IDs passed to issue list (CLI-C3) by BYK in #488
• Add Glob.match() polyfill + improve auto-detect diagnostics (CLI-7T) by BYK in #487
• Add org-slug pre-check to dispatchOrgScopedList (CLI-9A) by BYK in #485

Internal Changes 🔧

• (issue) Skip getProject round-trip in project-search resolution by betegon in #473
• (resolve) Carry project data through resolution to eliminate redundant getProject calls by BYK in #486
• (telemetry) Convert is_tty metric to span tag by betegon in #499
• HTTP latency optimizations — diagnostics, cache warming, concurrency limits by BYK in #490
• Switch from @sentry/bun to @sentry/node-core/light (~170ms startup savings) by BYK in #474
• Regenerate skill files by github-actions[bot] in b7b240ec

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Codecov Results 📊

✅ 126 passed | Total: 126 | Pass Rate: 100% | Execution Time: 0ms

📊 Comparison with Base Branch

Metric	Change
Total Tests	—
Passed Tests	—
Failed Tests	—
Skipped Tests	—

✨ No test changes detected

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 1043 uncovered lines.
✅ Project coverage is 95.79%. Comparing base (base) to head (head).

Coverage diff

@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    95.72%    95.79%    +0.07%
==========================================
  Files          180       180         —
  Lines        24745     24758       +13
  Branches         0         0         —
==========================================
+ Hits         23687     23715       +28
- Misses        1058      1043       -15
- Partials         0         0         —

---

Generated by Codecov Action

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}