@almightygpt/core 0.9.1 → 0.9.2

package/src/auth/validator.ts

@@ -13,26 +13,41 @@
  *   - Google:    tiny generateContent call against gemini-2.5-flash
  *
  * Cost is fractions of a cent per call. Latency is ~1-3 seconds.
- * Failure surfaces the provider's exact error message so the user
- * can fix it.
+ *
+ * **Error handling (per Codex v0.8 P2 #6):** failure responses are
+ * parsed into a short user-safe message + status code. We never
+ * return the raw provider body to the user — those bodies can include
+ * request IDs, billing/account state, org/project details, quota
+ * metadata, or other account information that's too noisy for CLI
+ * logs. The raw body is available via the `rawBody` field for callers
+ * that explicitly want it (e.g. debug mode).
+ *
+ * **Default models (per Codex v0.8 P2 #5):** sourced from
+ * `adapters/defaults.ts` — the single source of truth — so the
+ * validator can't drift from the adapters.
  */
 
 import type { ProviderId } from "./types.js";
+import { DEFAULT_MODELS } from "../adapters/defaults.js";
 
 export interface ValidationResult {
   ok: boolean;
   /** Provider-reported model used (e.g. "gpt-4o-2024-08-06"). */
   model?: string;
-  /** Provider's error message verbatim if ok === false. */
+  /** Short user-safe message — never includes raw provider body. */
   error?: string;
+  /** HTTP status code from the provider, if applicable. */
+  statusCode?: number;
+  /** Latency in ms — useful for `auth status --validate` JSON output. */
+  latencyMs?: number;
+  /**
+   * Raw provider response body. Present iff a request was made and
+   * returned non-OK. Callers should NOT surface this to users without
+   * explicit debug intent; it may contain account metadata.
+   */
+  rawBody?: string;
 }
 
-const DEFAULT_VALIDATION_MODELS: Record<ProviderId, string> = {
-  openai: "gpt-4o",
-  anthropic: "claude-sonnet-4-6",
-  google: "gemini-2.5-flash",
-};
-
 const VALIDATION_TIMEOUT_MS = 15_000;
 
 /**
@@ -44,25 +59,33 @@ export async function validateKey(
   provider: ProviderId,
   key: string,
 ): Promise<ValidationResult> {
+  const start = Date.now();
   try {
+    let result: ValidationResult;
     switch (provider) {
       case "openai":
-        return await validateOpenAI(key);
+        result = await validateOpenAI(key);
+        break;
       case "anthropic":
-        return await validateAnthropic(key);
+        result = await validateAnthropic(key);
+        break;
       case "google":
-        return await validateGoogle(key);
+        result = await validateGoogle(key);
+        break;
     }
+    result.latencyMs = Date.now() - start;
+    return result;
   } catch (err) {
     return {
       ok: false,
-      error: err instanceof Error ? err.message : String(err),
+      error: friendlyNetworkError(err),
+      latencyMs: Date.now() - start,
     };
   }
 }
 
 async function validateOpenAI(key: string): Promise<ValidationResult> {
-  const model = DEFAULT_VALIDATION_MODELS.openai;
+  const model = DEFAULT_MODELS.openai;
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
   try {
@@ -80,7 +103,13 @@ async function validateOpenAI(key: string): Promise<ValidationResult> {
       signal: controller.signal,
     });
     if (!res.ok) {
-      return { ok: false, error: await res.text().catch(() => res.statusText) };
+      const rawBody = await res.text().catch(() => "");
+      return {
+        ok: false,
+        statusCode: res.status,
+        error: normalizeOpenAIError(res.status, rawBody),
+        rawBody,
+      };
     }
     const data = (await res.json()) as { model?: string };
     return { ok: true, model: data.model ?? model };
@@ -90,7 +119,7 @@ async function validateOpenAI(key: string): Promise<ValidationResult> {
 }
 
 async function validateAnthropic(key: string): Promise<ValidationResult> {
-  const model = DEFAULT_VALIDATION_MODELS.anthropic;
+  const model = DEFAULT_MODELS.anthropic;
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
   try {
@@ -109,7 +138,13 @@ async function validateAnthropic(key: string): Promise<ValidationResult> {
       signal: controller.signal,
     });
     if (!res.ok) {
-      return { ok: false, error: await res.text().catch(() => res.statusText) };
+      const rawBody = await res.text().catch(() => "");
+      return {
+        ok: false,
+        statusCode: res.status,
+        error: normalizeAnthropicError(res.status, rawBody),
+        rawBody,
+      };
     }
     const data = (await res.json()) as { model?: string };
     return { ok: true, model: data.model ?? model };
@@ -119,16 +154,12 @@ async function validateAnthropic(key: string): Promise<ValidationResult> {
 }
 
 async function validateGoogle(key: string): Promise<ValidationResult> {
-  const model = DEFAULT_VALIDATION_MODELS.google;
+  const model = DEFAULT_MODELS.google;
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
   try {
-    // Use x-goog-api-key header rather than ?key= URL parameter. URLs
-    // leak into proxy logs, HTTP tooling, crash diagnostics. The header
-    // path is supported by all v1beta endpoints. Codex's v0.8 security
-    // review flagged the URL-key approach as a P1.
-    const url =
-      `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent`;
+    // x-goog-api-key header (per v0.9.1 fix) — never the URL query.
+    const url = `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent`;
     const res = await fetch(url, {
       method: "POST",
       headers: {
@@ -142,10 +173,103 @@ async function validateGoogle(key: string): Promise<ValidationResult> {
       signal: controller.signal,
     });
     if (!res.ok) {
-      return { ok: false, error: await res.text().catch(() => res.statusText) };
+      const rawBody = await res.text().catch(() => "");
+      return {
+        ok: false,
+        statusCode: res.status,
+        error: normalizeGoogleError(res.status, rawBody, key),
+        rawBody,
+      };
     }
     return { ok: true, model };
   } finally {
     clearTimeout(timer);
   }
 }
+
+// ─── Error normalization (Codex v0.8 P2 #6) ──────────────────────────
+//
+// Parse known provider JSON error shapes into short, user-safe messages.
+// Never echo the raw key back even by accident (defense in depth: we
+// also redact anything that looks like the submitted key).
+
+function normalizeOpenAIError(status: number, rawBody: string): string {
+  // OpenAI shape: { "error": { "message": "...", "type": "...", "code": "..." } }
+  try {
+    const parsed = JSON.parse(rawBody) as {
+      error?: { message?: string; type?: string; code?: string };
+    };
+    const msg = parsed.error?.message;
+    if (msg) return `[${status}] OpenAI: ${truncate(msg, 200)}`;
+  } catch {
+    /* fall through */
+  }
+  return statusOnlyMessage("OpenAI", status);
+}
+
+function normalizeAnthropicError(status: number, rawBody: string): string {
+  // Anthropic shape: { "type": "error", "error": { "type": "...", "message": "..." } }
+  try {
+    const parsed = JSON.parse(rawBody) as {
+      error?: { type?: string; message?: string };
+    };
+    const msg = parsed.error?.message;
+    if (msg) return `[${status}] Anthropic: ${truncate(msg, 200)}`;
+  } catch {
+    /* fall through */
+  }
+  return statusOnlyMessage("Anthropic", status);
+}
+
+function normalizeGoogleError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
+  // Google shape: { "error": { "code": N, "message": "...", "status": "..." } }
+  try {
+    const parsed = JSON.parse(rawBody) as {
+      error?: { code?: number; message?: string; status?: string };
+    };
+    let msg = parsed.error?.message ?? "";
+    // Belt-and-braces redaction: Google sometimes echoes the key in
+    // error messages (e.g. "API key not valid. Pass a valid API key.")
+    // — we don't ship the actual key value if it ever ends up here.
+    if (submittedKey && msg.includes(submittedKey)) {
+      msg = msg.replace(submittedKey, "<redacted-key>");
+    }
+    if (msg) return `[${status}] Google: ${truncate(msg, 200)}`;
+  } catch {
+    /* fall through */
+  }
+  return statusOnlyMessage("Google", status);
+}
+
+function statusOnlyMessage(provider: string, status: number): string {
+  if (status === 401 || status === 403) {
+    return `[${status}] ${provider} rejected the key (unauthorized).`;
+  }
+  if (status === 429) {
+    return `[${status}] ${provider} rate-limited or quota exceeded.`;
+  }
+  if (status >= 500) {
+    return `[${status}] ${provider} returned a server error; try again.`;
+  }
+  return `[${status}] ${provider} returned an unrecognized error.`;
+}
+
+function truncate(s: string, n: number): string {
+  return s.length <= n ? s : s.slice(0, n - 1) + "…";
+}
+
+function friendlyNetworkError(err: unknown): string {
+  const msg = err instanceof Error ? err.message : String(err);
+  if (msg.includes("abort")) {
+    return "Validation timed out (network or provider too slow).";
+  }
+  if (msg.includes("ENOTFOUND") || msg.includes("ECONNREFUSED")) {
+    return "Could not reach the provider (network issue).";
+  }
+  // Generic — but never include random stack data; just the message.
+  return `Network error: ${truncate(msg, 200)}`;
+}

package/src/index.ts

@@ -13,7 +13,7 @@
  *   - budget/     ✅ task #14 BudgetTracker + BudgetExceededError
  */
 
-export const VERSION = "0.9.1";
+export const VERSION = "0.9.2";
 
 // MCP server (v0.9.0+) — exposes AlmightyGPT's review surface as MCP tools.
 export { startMcpServer } from "./mcp/server.js";