Skip to content

[codex] surface managed utility backend errors#941

Draft
artemgetmann wants to merge 1 commit into
mainfrom
codex/goplaces-managed-backend-fix
Draft

[codex] surface managed utility backend errors#941
artemgetmann wants to merge 1 commit into
mainfrom
codex/goplaces-managed-backend-fix

Conversation

@artemgetmann

@artemgetmann artemgetmann commented Jun 15, 2026

Copy link
Copy Markdown
Owner

Review Fast Path

  • User path fixed: GoPlaces managed backend failures now expose the sanitized upstream provider detail in local managed utility errors instead of only HTTP 502.
  • Proof: pnpm vitest run src/consumer/google-places-search.test.ts src/consumer/jarvis-backend-client.test.ts; cd services/jarvis-backend && . .venv/bin/activate && pytest tests/test_app.py.
  • Shared-state footgun removed: operators can see Google 403 PERMISSION_DENIED from the managed backend without reading Render/backend internals.
  • Still hurts: Render jarvis-backend Google Places key still fails provider-side with Google 403; this PR does not rotate or reconfigure Google Cloud credentials.

Why This Matters

  • Before: local GoPlaces managed mode collapsed backend provider failures to Jarvis managed utility failed with HTTP 502.
  • Root cause evidence from direct backend call:
    • POST https://jarvis-backend-klvq.onrender.com/v1/managed/utilities/google_places.search
    • returned backend 502 with sanitized body showing provider=google_places, upstream status=403, and Google PERMISSION_DENIED.
  • Render env metadata confirms GOOGLE_PLACES_API_KEY is present, but direct provider validation of the Render-held key returns Google 403.

Scope Boundary

  • Changed only src/consumer/jarvis-backend-client.ts and its test.
  • No prompt, system-prompt, skill ranking, <available_skills>, Telegram, media, or routing-policy changes.
  • No shared OpenClaw gateway restart/deploy.
  • No Render env update because no working backend-safe Google Places key was available locally.

Verification

Failing-before/provider evidence:

BASE_URL=$(jq -r '.jarvis.backend.baseUrl' "$HOME/Library/Application Support/OpenClaw/.openclaw/openclaw.json")
TOKEN=$(jq -r '.jarvis.backend.accessToken' "$HOME/Library/Application Support/OpenClaw/.openclaw/openclaw.json")
curl -sS --max-time 45 -w '\nHTTP_STATUS:%{http_code}\n' \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"input":{"query":"work-friendly restaurant near Rice Republic Canggu Bali","limit":3}}' \
  "$BASE_URL/v1/managed/utilities/google_places.search"

Observed:

{"detail":{"provider":"google_places","status":403,"payload":{"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}}}
HTTP_STATUS:502

Passing-after code proof:

pnpm vitest run src/consumer/google-places-search.test.ts src/consumer/jarvis-backend-client.test.ts

Observed: 2 files passed, 10 tests passed.

cd services/jarvis-backend
. .venv/bin/activate
pytest tests/test_app.py

Observed: 34 passed, 8 warnings.

AI Assistance

  • AI-assisted
  • Testing degree: targeted

fix(consumer): surface managed utility backend errors
60db859 
- what: include bounded sanitized backend error bodies when managed utility calls fail.
- why: GoPlaces provider failures must show Google PERMISSION_DENIED instead of collapsing to HTTP 502.
- risk: low; only non-2xx managed utility error messages change and backend redaction remains server-owned.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@artemgetmann