fix(mcp): set isError on tool failures + surface request_id/retry/capabilities/ignored_fields, correct anon-stack TTL#44
Merged
Conversation
…abilities/ignored_fields, correct anon-stack TTL Live-cohort dogfood found error-contract + rendering gaps that hurt agent integration. Five fixes in one PR: FIX 1 (P1) — tool failures now set isError:true. Every API-side failure (402/404/409/503/501) was returned as a NORMAL successful CallToolResult whose text merely said "instanode.dev error (...)", so a host could not distinguish failure from success. Per the MCP spec a tool-execution failure is reported IN the result via isError:true. Added a shared errorResult(err) helper that wraps formatError and sets the flag; all ~29 tool catch blocks now return errorResult(err) instead of textResult(formatError(err)). SUCCESS results never set it. A 402/403 upgrade/permission gate IS a failure (the op did not happen) → isError:true, with the agent_action text preserved. FIX 2 (P1) — error text now includes request_id (always) + retry_after_seconds (when present). The raw envelope carried both for support correlation / backoff; formatError dropped them. ApiError now carries requestId + retryAfterSeconds, lifted off the envelope in a single shared apiErrorFromEnvelope() used by both request<T> and requestMultipart<T>. FIX 3 (P2) — get_capabilities now renders resource_count_limit + RPO/RTO (it already rendered backups), matching its tool description's promise. FIX 4 (P2) — corrected the anon-STACK TTL prose from 24h to 6h (the real value; api PR #214 anonymousStackTTL) across src + README. The anon RESOURCE TTL (db/cache/etc.) is correctly left at 24h. FIX 5 (P3) — provision responses now echo ignored_fields (api #283) via a shared appendIgnoredFields() on the 7 resource-provision tools, so an agent learns its hallucinated params were dropped. Tests: new test/error-contract-unit.test.ts drives isError through the real registered-tool dispatch path (handler), asserts request_id in rendered text, capabilities render, ignored_fields render, and a no-"24h"-stack-TTL prose assertion; client-unit covers the envelope helper's request_id/retry branches. 495/495 pass; client.js 100% line coverage. Added the new test to the CI test list + the coverage.yml lcov list for the 100%-patch diff-cover gate. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Live-cohort dogfood found error-contract + rendering gaps that hurt agent integration. Five fixes in one PR, branched fresh off
master(built on #43's deploy-id schema + dispatch-path test patterns).FIX 1 (P1) — tool failures never set
isErrorSymptom: every API-side failure (402/404/409/503/501) returned as a NORMAL successful
CallToolResultwhose text merely saidinstanode.dev error (…).grep isError src/= 0 hits. A host/agent could not distinguish failure from success.Enumeration:
grep -n "return textResult(formatError(err));" src/index.ts→ 29 sites (all tool catch blocks).Fix: shared
errorResult(err)helper (src/index.ts) wrapsformatErrorand setsisError: true. All 29 catch blocks nowreturn errorResult(err).textResult(text, isError=false)only sets the flag when asked, so SUCCESS results never carry it. A 402/403 upgrade/permission gate IS a failure (op did not happen) →isError:true, with theagent_actiontext preserved byformatError.Sites found / touched: 29 / 29.
Live verified: dispatch-path test asserts
result.isError === trueon a 404, a 402 tier-gate, and an auth-required failure;!== trueon success.FIX 2 (P1) — error text drops
request_idandretry_after_secondsSymptom:
grep request_id src/= 0; the raw envelope carriedrequest_id(support correlation) + sometimesretry_after_seconds(backoff).Fix:
ApiError(src/client.ts) now carriesrequestId+retryAfterSeconds, lifted off the envelope in a single sharedapiErrorFromEnvelope()used by BOTHrequest<T>andrequestMultipart<T>(no drift).formatError(src/index.ts) appendsRetry after: <n>s(when present) andRequest ID: <id>(always, last line), preserving the headline +agent_action+ upgrade/claim URLs.FIX 3 (P2) —
get_capabilitiesrendered less than its description promisedFix: the render loop (
src/index.tsget_capabilities) now emitsresource count: <svc n, …>(resource_count_limit) anddurability: RPO <n>m, RTO <n>m(rpo/rto). Backups were already rendered. Only fields present in the live/api/v1/capabilitiesresponse are rendered (verified against the live endpoint).FIX 4 (P2) — stale anon-stack TTL prose (24h → 6h)
Symptom:
create_stackdescription + README said anon stack TTL is "24h" (×4). Real value is 6h (api/internal/handlers/stack.goanonymousStackTTL = 6 * time.Hour, label"6h"; api PR #214).Fix: corrected every anon-STACK 24h → 6h in
src/index.ts(create_stack desc),src/client.ts(3 sites),README.md(2 sites). The anon RESOURCE TTL (db/cache/etc.) is correctly LEFT at 24h — only the STACK TTL is 6h.FIX 5 (P3) —
ignored_fieldsechoFix:
ProvisionResultBase.ignored_fields?: string[]+ a sharedappendIgnoredFields()wired into the 7 resource-provision tools, surfacing dropped unknown params (api #283) so an agent learns its hallucinated params had no effect. No-op on a clean request.Tests
test/error-contract-unit.test.ts: drivesisErrorthrough the REAL registered-tool dispatch (server._registeredTools[name].handler(args), the fix(deploy): validate deployment id as 8-hex app_id, not UUID #43 pattern — not a handler bypass); assertsrequest_idin rendered error text; capabilities render;ignored_fieldsrender; and a prose assertion that no source string pairsstackwith a24h TTLclaim.test/client-unit.test.ts: covers the envelope helper'srequest_id+retry_after_secondstruthy + defensive (malformed) branches.test/mock-api.ts: error envelope now stampsrequest_id(+ optionalretry_after_seconds), mirroring the real api.package.jsontest/test:nocovandcoverage.yml's lcov list (for the 100%-patch diff-cover gate).Local:
npm run buildclean;npm test→ 495 pass / 0 fail;client.js100% line coverage,index.jsonly uncovered = the pre-existingserver.connectlisten path.Follow-ups (flagged, NOT built) — 3 missing tools the dogfood noted
get_deploy_logs→GET /deploy/{id}/logs(build/runtime log retrieval through MCP).POST /stacks/{slug}/redeploywrapper (today MCP can create + get + update-env a stack but not redeploy it).GET /api/v1/resources/:id/credentials(pairs with the cliresource credsverb being added in parallel).🤖 Generated with Claude Code