← Back to PRs

#8175: fix: suppress raw API errors for non-owners

by Rakshi2609 open 2026-02-03 17:40 View on GitHub →
stale
This PR resolves Issue #8091 by implementing an error-masking layer in runAgentTurnWithFallback to prevent technical API leaks. The logic now uses a regex-based filter to detect raw HTTP errors and service overloads, cross-referencing the sender's identity against the authorized ownerNumbers list; while bot owners still receive full diagnostic logs and raw error messages for debugging, external contacts are served a sanitized, user-friendly "service unavailable" notification. This effectively improves the project's security posture by hiding internal request IDs and system details while significantly enhancing the user experience for non-technical contacts. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR changes `runAgentTurnWithFallback` to mask certain upstream/raw API error messages for non-owner senders. It adds a heuristic regex check for HTTP/API overload style errors and, when the sender is not in `followupRun.run.ownerNumbers`, replaces the previous diagnostic fallback text (which included the raw error and a logs hint) with a generic service-unavailable message. The rest of the diff is whitespace/indentation changes in streaming callbacks without behavioral impact. <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge; it is a localized change in error messaging with low blast radius. - The change only affects the fallback text returned when the embedded agent throws before replying, and only for errors that match a heuristic API-error regex. Main risk is misclassification/normalization causing owners to be treated as non-owners or masking too broadly, but it should not break core execution flow. - src/auto-reply/reply/agent-runner-execution.ts (new masking logic around sender/owner matching) <!-- greptile_other_comments_section --> <sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->

Most Similar PRs