惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
fix(msteams): bound service error bodies · openclaw/openclaw@a5eddb9
vincentkoc · 2026-05-28 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -22,6 +22,15 @@ function expectGraphUploadFetch(fetchFn: ReturnType<typeof vi.fn>, expectedUrl:

2222

expect(init?.headers?.["User-Agent"]).toMatch(/^teams\.ts\[apps\]\/.+ OpenClaw\/.+$/);

2323

}

2424
25+

function bodyOnlyErrorResponse(body: string, status = 500): Response {

26+

return {

27+

ok: false,

28+

status,

29+

headers: new Headers(),

30+

body: new Response(body).body,

31+

} as unknown as Response;

32+

}

33+
2534

describe("graph upload helpers", () => {

2635

const tokenProvider = {

2736

getAccessToken: vi.fn(async () => "graph-token"),

@@ -107,6 +116,31 @@ describe("graph upload helpers", () => {

107116

}),

108117

).rejects.toThrow("SharePoint upload response missing required fields");

109118

});

119+
120+

it("bounds upload error bodies without requiring response.text()", async () => {

121+

const fetchFn = vi.fn(async () =>

122+

bodyOnlyErrorResponse(`${"upload-denied ".repeat(4096)}tail-marker`, 413),

123+

);

124+
125+

let error: unknown;

126+

try {

127+

await uploadToSharePoint({

128+

buffer: Buffer.from("world"),

129+

filename: "large.txt",

130+

siteId: "site-123",

131+

tokenProvider,

132+

fetchFn: fetchFn as unknown as typeof fetch,

133+

});

134+

} catch (caught) {

135+

error = caught;

136+

}

137+
138+

expect(error).toBeInstanceOf(Error);

139+

const message = (error as Error).message;

140+

expect(message).toContain("SharePoint upload failed (413): upload-denied");

141+

expect(message).not.toContain("tail-marker");

142+

expect(message.length).toBeLessThan(700);

143+

});

110144

});

111145
112146

describe("resolveGraphChatId", () => {

Original file line numberDiff line numberDiff line change

@@ -10,6 +10,7 @@

1010

*/

1111
1212

import type { MSTeamsAccessTokenProvider } from "./attachments/types.js";

13+

import { createMSTeamsHttpError } from "./http-error.js";

1314

import { buildUserAgent } from "./user-agent.js";

1415
1516

const GRAPH_ROOT = "https://graph.microsoft.com/v1.0";

@@ -50,8 +51,7 @@ export async function uploadToOneDrive(params: {

5051

});

5152
5253

if (!res.ok) {

53-

const body = await res.text().catch(() => "");

54-

throw new Error(`OneDrive upload failed: ${res.status} ${res.statusText} - ${body}`);

54+

throw await createMSTeamsHttpError(res, "OneDrive upload failed");

5555

}

5656
5757

const data = (await res.json()) as {

@@ -103,8 +103,7 @@ async function createSharingLink(params: {

103103

});

104104
105105

if (!res.ok) {

106-

const body = await res.text().catch(() => "");

107-

throw new Error(`Create sharing link failed: ${res.status} ${res.statusText} - ${body}`);

106+

throw await createMSTeamsHttpError(res, "Create sharing link failed");

108107

}

109108
110109

const data = (await res.json()) as {

@@ -198,8 +197,7 @@ export async function uploadToSharePoint(params: {

198197

);

199198
200199

if (!res.ok) {

201-

const body = await res.text().catch(() => "");

202-

throw new Error(`SharePoint upload failed: ${res.status} ${res.statusText} - ${body}`);

200+

throw await createMSTeamsHttpError(res, "SharePoint upload failed");

203201

}

204202
205203

const data = (await res.json()) as {

@@ -259,8 +257,7 @@ export async function getDriveItemProperties(params: {

259257

);

260258
261259

if (!res.ok) {

262-

const body = await res.text().catch(() => "");

263-

throw new Error(`Get driveItem properties failed: ${res.status} ${res.statusText} - ${body}`);

260+

throw await createMSTeamsHttpError(res, "Get driveItem properties failed");

264261

}

265262
266263

const data = (await res.json()) as {

@@ -371,8 +368,7 @@ async function getChatMembers(params: {

371368

});

372369
373370

if (!res.ok) {

374-

const body = await res.text().catch(() => "");

375-

throw new Error(`Get chat members failed: ${res.status} ${res.statusText} - ${body}`);

371+

throw await createMSTeamsHttpError(res, "Get chat members failed");

376372

}

377373
378374

const data = (await res.json()) as {

@@ -436,10 +432,7 @@ async function createSharePointSharingLink(params: {

436432

);

437433
438434

if (!res.ok) {

439-

const respBody = await res.text().catch(() => "");

440-

throw new Error(

441-

`Create SharePoint sharing link failed: ${res.status} ${res.statusText} - ${respBody}`,

442-

);

435+

throw await createMSTeamsHttpError(res, "Create SharePoint sharing link failed");

443436

}

444437
445438

const data = (await res.json()) as {

Original file line numberDiff line numberDiff line change

@@ -5,6 +5,7 @@ import { GRAPH_ROOT } from "./attachments/shared.js";

55

const GRAPH_BETA = "https://graph.microsoft.com/beta";

66

const NULL_BODY_STATUSES = new Set([101, 204, 205, 304]);

77

import { createMSTeamsTokenProvider, loadMSTeamsSdkWithAuth } from "./sdk.js";

8+

import { createMSTeamsHttpError } from "./http-error.js";

89

import { readAccessToken } from "./token-response.js";

910

import { resolveDelegatedAccessToken, resolveMSTeamsCredentials } from "./token.js";

1011

import { buildUserAgent } from "./user-agent.js";

@@ -65,9 +66,9 @@ async function requestGraph(params: {

6566

});

6667

try {

6768

if (!response.ok) {

68-

const text = await response.text().catch(() => "");

69-

throw new Error(

70-

`${params.errorPrefix ?? "Graph"} ${params.path} failed (${response.status}): ${text || "unknown error"}`,

69+

throw await createMSTeamsHttpError(

70+

response,

71+

`${params.errorPrefix ?? "Graph"} ${params.path} failed`,

7172

);

7273

}

7374

const body = NULL_BODY_STATUSES.has(response.status) ? null : await response.arrayBuffer();

@@ -131,10 +132,7 @@ export async function fetchGraphAbsoluteUrl<T>(params: {

131132

});

132133

try {

133134

if (!response.ok) {

134-

const text = await response.text().catch(() => "");

135-

throw new Error(

136-

`Graph ${params.url} failed (${response.status}): ${text || "unknown error"}`,

137-

);

135+

throw await createMSTeamsHttpError(response, `Graph ${params.url} failed`);

138136

}

139137

return await readProviderJsonResponse<T>(response, `Graph ${params.url} failed`);

140138

} finally {

Original file line numberDiff line numberDiff line change

@@ -0,0 +1,36 @@

1+

import { describe, expect, it } from "vitest";

2+

import { createMSTeamsHttpError, readMSTeamsHttpErrorDetail } from "./http-error.js";

3+
4+

function bodyOnlyErrorResponse(body: string, status = 429): Response {

5+

return {

6+

ok: false,

7+

status,

8+

headers: new Headers(),

9+

body: new Response(body).body,

10+

} as unknown as Response;

11+

}

12+
13+

describe("msteams http errors", () => {

14+

it("creates bounded provider errors without relying on response.text()", async () => {

15+

const error = await createMSTeamsHttpError(

16+

bodyOnlyErrorResponse(`${"x".repeat(24 * 1024)}tail-marker`),

17+

"Teams request failed",

18+

);

19+
20+

expect(error.message).toContain("Teams request failed (429):");

21+

expect(error.message).not.toContain("tail-marker");

22+

expect(error.message.length).toBeLessThan(700);

23+

expect((error as { statusCode?: number }).statusCode).toBe(429);

24+

});

25+
26+

it("returns a bounded response detail for non-throwing callers", async () => {

27+

const detail = await readMSTeamsHttpErrorDetail(

28+

bodyOnlyErrorResponse(`${"denied ".repeat(4096)}tail-marker`, 403),

29+

"HTTP 403",

30+

);

31+
32+

expect(detail).toContain("denied");

33+

expect(detail).not.toContain("tail-marker");

34+

expect(detail.length).toBeLessThan(700);

35+

});

36+

});

Original file line numberDiff line numberDiff line change

@@ -0,0 +1,19 @@

1+

import {

2+

createProviderHttpError,

3+

extractProviderErrorDetail,

4+

} from "openclaw/plugin-sdk/provider-http";

5+
6+

export async function createMSTeamsHttpError(

7+

response: Response,

8+

label: string,

9+

options?: { statusPrefix?: string },

10+

): Promise<Error> {

11+

return await createProviderHttpError(response, label, options);

12+

}

13+
14+

export async function readMSTeamsHttpErrorDetail(

15+

response: Response,

16+

fallback: string,

17+

): Promise<string> {

18+

return (await extractProviderErrorDetail(response).catch(() => undefined)) ?? fallback;

19+

}

Original file line numberDiff line numberDiff line change

@@ -127,13 +127,12 @@ function createFakeFetch(handlers: Array<(url: string, init?: unknown) => unknow

127127

status: number;

128128

body: unknown;

129129

};

130-

return {

131-

ok: response.ok,

130+

const responseBody = response.body;

131+

const isTextBody = typeof responseBody === "string";

132+

return new Response(isTextBody ? responseBody : JSON.stringify(responseBody ?? ""), {

132133

status: response.status,

133-

json: async () => response.body,

134-

text: async () =>

135-

typeof response.body === "string" ? response.body : JSON.stringify(response.body ?? ""),

136-

};

134+

headers: { "content-type": isTextBody ? "text/plain" : "application/json" },

135+

});

137136

};

138137

return { fetchImpl, calls };

139138

}

Original file line numberDiff line numberDiff line change

@@ -7,6 +7,7 @@ import {

77

buildMSTeamsTokenEndpoint,

88

type MSTeamsDelegatedTokens,

99

} from "./oauth.shared.js";

10+

import { createMSTeamsHttpError } from "./http-error.js";

1011
1112

/** Five-minute buffer subtracted from token expiry to avoid edge-case clock drift. */

1213

const EXPIRY_BUFFER_MS = 5 * 60 * 1000;

@@ -63,8 +64,7 @@ async function fetchMSTeamsTokens(params: {

6364
6465

try {

6566

if (!response.ok) {

66-

const errorText = await response.text();

67-

throw new Error(`MSTeams ${params.failureLabel} failed (${response.status}): ${errorText}`);

67+

throw await createMSTeamsHttpError(response, `MSTeams ${params.failureLabel} failed`);

6868

}

6969

return await readProviderJsonResponse<MSTeamsTokenResponse>(

7070

response,

Original file line numberDiff line numberDiff line change

@@ -10,6 +10,7 @@ import {

1010

tryNormalizeBotFrameworkServiceUrl,

1111

} from "./bot-framework-service-url.js";

1212

import { formatUnknownError } from "./errors.js";

13+

import { createMSTeamsHttpError } from "./http-error.js";

1314

import type { MSTeamsAdapter } from "./messenger.js";

1415

import type { MSTeamsCredentials, MSTeamsFederatedCredentials } from "./token.js";

1516

import { buildUserAgent } from "./user-agent.js";

@@ -491,9 +492,8 @@ async function updateActivityViaRest(params: {

491492
492493

try {

493494

if (!response.ok) {

494-

const body = await response.text().catch(() => "");

495-

throw Object.assign(new Error(`updateActivity failed: HTTP ${response.status} ${body}`), {

496-

statusCode: response.status,

495+

throw await createMSTeamsHttpError(response, "updateActivity failed", {

496+

statusPrefix: "HTTP ",

497497

});

498498

}

499499

@@ -538,9 +538,8 @@ async function deleteActivityViaRest(params: {

538538
539539

try {

540540

if (!response.ok) {

541-

const body = await response.text().catch(() => "");

542-

throw Object.assign(new Error(`deleteActivity failed: HTTP ${response.status} ${body}`), {

543-

statusCode: response.status,

541+

throw await createMSTeamsHttpError(response, "deleteActivity failed", {

542+

statusPrefix: "HTTP ",

544543

});

545544

}

546545

} finally {

Original file line numberDiff line numberDiff line change

@@ -25,6 +25,7 @@

2525

*/

2626
2727

import type { MSTeamsAccessTokenProvider } from "./attachments/types.js";

28+

import { readMSTeamsHttpErrorDetail } from "./http-error.js";

2829

import type { MSTeamsSsoTokenStore } from "./sso-token-store.js";

2930

import { buildUserAgent } from "./user-agent.js";

3031

@@ -49,17 +50,8 @@ type BotFrameworkUserTokenResponse = {

4950
5051

export type MSTeamsSsoFetch = (

5152

input: string,

52-

init?: {

53-

method?: string;

54-

headers?: Record<string, string>;

55-

body?: string;

56-

},

57-

) => Promise<{

58-

ok: boolean;

59-

status: number;

60-

json(): Promise<unknown>;

61-

text(): Promise<string>;

62-

}>;

53+

init?: RequestInit,

54+

) => Promise<Response>;

6355
6456

export type MSTeamsSsoDeps = {

6557

tokenProvider: MSTeamsAccessTokenProvider;

@@ -162,8 +154,8 @@ async function callUserTokenService(

162154

body: params.body === undefined ? undefined : JSON.stringify(params.body),

163155

});

164156

if (!response.ok) {

165-

const text = await response.text().catch(() => "");

166-

return { error: text || `HTTP ${response.status}`, status: response.status };

157+

const error = await readMSTeamsHttpErrorDetail(response, `HTTP ${response.status}`);

158+

return { error, status: response.status };

167159

}

168160

let parsed: unknown;

169161

try {

Original file line numberDiff line numberDiff line change

@@ -39,6 +39,45 @@ describe("provider error utils", () => {

3939

expect(extractProviderRequestId(response)).toBe("fallback_req");

4040

});

4141
42+

it("preserves OAuth error descriptions as actionable details", async () => {

43+

const response = new Response(

44+

JSON.stringify({

45+

error: "invalid_request",

46+

error_description: "AADSTS7000215: Invalid client secret provided.",

47+

}),

48+

{ status: 400 },

49+

);

50+
51+

await expect(assertOkOrThrowProviderError(response, "OAuth token exchange failed")).rejects

52+

.toThrow(

53+

"OAuth token exchange failed (400): AADSTS7000215: Invalid client secret provided. [code=invalid_request]",

54+

);

55+

});

56+
57+

it("keeps HTTP status metadata when error body reads fail", async () => {

58+

const response = {

59+

ok: false,

60+

status: 503,

61+

headers: new Headers(),

62+

body: {

63+

getReader: () => ({

64+

read: async () => {

65+

throw new Error("broken response stream");

66+

},

67+

cancel: async () => undefined,

68+

}),

69+

},

70+

} as unknown as Response;

71+
72+

await expect(assertOkOrThrowProviderError(response, "Provider API error")).rejects

73+

.toMatchObject({

74+

name: "ProviderHttpError",

75+

status: 503,

76+

statusCode: 503,

77+

message: "Provider API error (503)",

78+

} satisfies Partial<ProviderHttpError>);

79+

});

80+
4281

it("attaches structured provider error metadata", async () => {

4382

const response = new Response(

4483

JSON.stringify({