fix(den-mcp): capture allowlisted provider evidence on tool-error results#2757
Merged
Conversation
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When an external MCP provider returns HTTP 200 with a tool result marked
isError: true(exactly how ServiceNow's MCP tools fail), Den classifies it viaExternalMcpDiagnosticTracker.providerToolError(), which only readresult.structuredContent.{providerStatus, category, requestId}. Real providers put the error in text content with nostructuredContent, so classification always fell to the genericMCP_PROVIDER_TOOL_ERRORand the provider's actual error (a 403 ACL denial, a Redis cluster failure,SyntaxError: Empty JSON string) was discarded — absent from the diagnostic, absent from server logs, invisible to support.This came directly out of an enterprise ServiceNow debugging session where the useful provider evidence was only ever visible through a direct (non-Cloud) connection, making the Cloud path undiagnosable.
What changed
providerToolError()now extracts bounded, allowlisted evidence fromisErrortool results:providerStatus(400–599): fromstructuredContent, from top-level JSON fields (status/statusCode/httpStatus) in parsed text content, or from an explicit leading pattern (HTTP 403,403 Forbidden). Mid-sentence numbers (e.g. "we found 403 records") never classify.providerCode: identifier-shapedcode/errorJSON fields (max 64 chars, safe charset).providerRequestId: existing structuredContent path plusrequestId/request_id/transactionId/transaction_idJSON fields (samesafeNativeTokenvalidation).payloadBytes: UTF-8 size of the serialized content array.MCP_PROVIDER_HTTP_403/PROVIDER_AUTHORIZATION/provider_admin(same classification as the structured path); 429 → throttled; everything else staysMCP_PROVIDER_TOOL_ERROR.external_mcp_provider_tool_evidencekeyed by the diagnosticreferenceId— retrievable by operators, never included in any model-visible field.Provider evidence: provider status 403, code insufficient_acl.externalMcpDiagnosticOutputSchema(src/mcp/agent.ts) andexternalMcpDiagnosticSchema(src/routes/org/mcp-connections.ts) gain optionalproviderStatus,providerCode,payloadBytes.Security boundaries
Testing
pnpm --filter @openwork-ee/den-api exec bun test test/external-mcp-diagnostics.test.ts— 57 pass, 0 fail (new coverage: ServiceNow-style JSON 403 with requestId, Redis-style plain text, mid-sentence 403 negative case, empty content, evidence-log capture; existing structuredContent tests unchanged).pnpm --filter @openwork-ee/den-api exec bun test test/external-capabilities-search-divergence.test.ts— 17 pass, 0 fail.pnpm --filter @openwork-ee/den-api exec tsc -p . --noEmit— clean.No video/fraimz attached: this is a Den API behavior change with no UI surface, covered by unit tests above. Reviewer repro: point an external MCP connection at a server whose tool returns
{ isError: true, content: [{ type: "text", text: '{"status":403,"error":"insufficient_acl","requestId":"TXN-1"}' }] }, call it viaexecute_capability, and observe (1) the diagnostic carryingMCP_PROVIDER_HTTP_403,providerStatus: 403,providerCode,providerRequestId,payloadBytes, and (2) theexternal_mcp_provider_tool_evidencelog line with the sanitized excerpt and matchingreferenceId.Notes