Open
Conversation
`get_infrastructure` and `get_metrics` hit the /internal API surface, which only accepts OAuth2 tokens. Service tokens get 404 (not 401) for the entire /internal surface, so a service-token user calling these tools sees a bare "Not found" error with no actionable signal — masking the real problem (needs `pscale auth login`). This commit: - Adds `authCannotAccessInternalApi()` and a standard message in `auth.ts` so any tool can detect and explain the service-token-on-/internal case - Wires the helper into `get_infrastructure` and `get_metrics` 404 handlers to return the OAuth-required message instead of a generic 404 - Updates the descriptions of both tools to document the OAuth requirement - Strengthens `get_infrastructure`'s description to be explicit that it does NOT return storage utilization, CPU/memory utilization, or query metrics (caller skill documentation downstream had been claiming it does) - Rewrites `.env.example` to document both auth methods and which tools need OAuth vs. work with service token No behavior change for OAuth-authenticated callers. Service-token callers of `get_infrastructure` / `get_metrics` now get a clear pointer to the fix instead of a misleading 404.
Member
|
We might be able to retire the get_infrastructure tool in favor of a v1 api that's better in most ways: #14 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why?
get_infrastructureandget_metricshit the/internalAPI surface, which only accepts OAuth2 tokens. Service tokens silently 404 against/internal(not 401), so service-token-only callers see a generic "Not found" error with no actionable signal — masking the real problem (the user needs to authenticate withpscale auth login).Separately, the
get_infrastructuretool description previously implied it returns more than it does. Downstream consumers built rubrics on the assumption that storage utilization and per-tablet compute usage were in the response, when in fact only topology and SKU information are returned.How?
A new
authCannotAccessInternalApi()helper inlib/auth.tslets/internaltools detect when a service token is being used and return a clear OAuth-required message instead of a bare 404. Tool descriptions forget_infrastructureandget_metricsnow document the OAuth requirement, andget_infrastructureis explicit about what it does not return..env.examplerewritten to document both auth modes.Generated with Claude Code