fix(connect): honest, actionable errors across the Atlas connection and graph-init flow#17
Merged
Merged
Conversation
…nd graph-init flow Graph init (openscience project init / initialize-atlas-graph skill) used to collapse every failure — no session, DNS failure, revoked key, no plan, backend 4xx/5xx — into one misleading message: 'Check openscience connect login and that your account has an active Atlas plan'. Meanwhile 'connect login' printed 'Already authenticated' and swallowed sync failures, so auth looked healthy while every request failed. - atlas-bridge: add initProjectDetailed() + classifyInitFailure(), which classify init failures as unauthenticated (no session / 401 / 403), unreachable (network, DNS, 5xx), plan (402 or plan-coded 4xx, matching the backend's plan_quota_exhausted / collaboration_gated envelopes), or backend (pass the backend's own message through). commit-new failures now carry status + body so the fallback path classifies too. POST /project/init returns the failure fields additively. - project init: fail fast with the connect-login hint when there is no managed session (no network call), print one actionable message per failure class naming the backend host, include error/status/message/host in --format=json output, and note the Atlas CLI when it is on PATH. - connect login/status/sync: name the backend host on 'Already authenticated' and 'Connected', and never swallow a failed service sync — distinguish 'backend rejected your saved key' from 'backend unreachable / plan inactive' instead of silent success. - initialize-atlas-graph skill: interpret the JSON error kinds so the agent relays the right fix instead of blaming login for a network problem. - tests: cover the classifier (401/402/plan-worded 4xx/5xx/pass-through) and the unauthenticated fast-fail of initProjectDetailed.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Aayam Bansal (aayambansal)
added a commit
that referenced
this pull request
Jul 7, 2026
…g-refresh correctness (#120) Four provider/transform correctness fixes from the backend audit: - max reasoning variant no longer starves text to 1 token. On a 32k-output Claude, the max thinking budget of cap-1 (31,999) left maxOutputTokens returning a single text token; keep it proportional (~3/4 of cap). Large caps still clamp at 31,999. (#17) - Gemini-3 effort variants are nested under thinkingConfig. @ai-sdk/google only reads providerOptions.google.thinkingConfig.*, so the old top-level keys were dropped and effort selection was silently ignored (always high). (#24) - Config-model merge falls back to the catalog model's interleaved shape like every other capability, so overriding one field (e.g. cost) no longer drops the interleaved-reasoning relocation. (#29) - ModelsDev.refresh() now invalidates provider state so a long-running session picks up the hourly-refreshed catalog instead of the first snapshot. (#25)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the misleading failure reported on Windows: the workspace's initialize-graph action failed with "Could not initialize the graph. Check
openscience connect loginand that your account has an active Atlas plan." whileopenscience connect loginsaid "Already authenticated". Auth state and graph init now tell one consistent, honest story.End-to-end flow (as mapped in this repo)
openscience connect login(src/cli/cmd/connect.ts) — if a session file exists (<data>/openscience-session.json), prints "Already authenticated" without any network call, then best-effort-syncs. Fresh login: browser loopback (POST /api/v1/auth/cli/browser/start|redeem) or pastedthk_key (validated viaGET /api/cli/balance).saveSessionalso seeds the bundled Atlas CLI config (~/.config/atlas-cli/config.json) with the same key + base URL.src/openscience/index.tssyncServices) —GET /api/cli/syncinjects managed provider env vars, persistssynced-env.json+openscience-synced.jsonunder the XDG config dir (loaded at startup bypreload-env.ts). BYOK keys the user set locally are kept: synced values never override values already present, so connecting Atlas on top of local keys stays coherent.initialize-atlas-graphskill → agent runsopenscience project init --format=json(src/cli/cmd/project.ts) →initProjectinsrc/server/routes/atlas-bridge.ts(same path as the web bridgePOST /api/thesis/project/init): pin file →GET /api/agent/projects?dedupe_key=→POST /api/agent/projects→ fallbackPOST /api/v1/nodes/commit-new.The bug:
initProjectreturnedstring | nulland swallowed every error. No session, DNS failure, revoked key (401), no plan (402), and backend 4xx/5xx all collapsed tonull, and the CLI printed the one blanket "check login and plan" message. With the managed base defaulting to a dead host, the real failure was DNS — nothing to do with login or plan — whileconnect loginseparately reported healthy because it never touches the network when a session file exists and silently ignored the failed sync.What changed
atlas-bridge.ts— newinitProjectDetailed()+ exportedclassifyInitFailure(). Failures are classified as:unauthenticated— no session, or the backend answered 401/403 (key revoked);unreachable— network/DNS error or 5xx (the service couldn't be reached);plan— 402, or a plan-coded/worded 4xx (matches the backend'splan_quota_exhausted/collaboration_gatedenvelopes), with the backend message passed through;backend— any other answer, message passed through verbatim.commit-newerrors now carry status + body so the fallback path classifies too; a 404 from the newer projects endpoint defers to the proven commit-new fallback's failure.initProjectstays as a thin wrapper, andPOST /project/initreturns the failure fields additively (error,status,message,host) so the SPA keeps working unchanged.project init— fails fast with theconnect loginhint when there is no managed session (no network call). Text mode prints one actionable message per class, always naming the backend host; onunreachableit explicitly says "You are logged in — this is a network/service issue, not an auth issue." JSON mode includeserror/status/message/host. When the Atlas CLI is on PATH, a one-lineatlas doctorhint is added.connect login/status/sync— "Already authenticated" and "Connected" now name the backend host they refer to. A failed service sync is never silent anymore: it distinguishes "backend rejected your saved key — re-login" (session was cleared) from "could not sync from — unreachable or plan inactive; provider keys/config were not updated."initialize-atlas-graphskill — the agent now interprets the JSONerrorkind and relays the matching fix instead of blaming login/plan for a network problem.initProjectDetailedunauthenticated fast-fail and no-throw behavior.Depends on the endpoints fix
DEFAULT_MANAGED_API_BASEon this branch is still the old default host, which does not resolve; that default is being corrected in the separate endpoints/install PR and is intentionally not duplicated here. Until it lands, users on defaults now get the honest message — "Could not reach the Atlas backend at " with the dead host named, which points straight at the root cause — instead of being told to re-login or buy a plan. Once it lands, the same messages reference the correct host, andOPENSCIENCE_API_BASE/SYNSC_API_BASEoverrides flow through everywhere (they resolve viasrc/endpoints.ts).Backend follow-ups (app.syntheticsciences.ai — not fixable in this repo)
POST /api/agent/projectsandPOST /api/v1/nodes/commit-newshould answer 402 with theplan_quota_exhausted-style payload (code + user-readymessage). The client now passesdetail.messagethrough verbatim, so those messages are user-facing.GET /api/cli/sync402. The CLI can only say "unreachable or plan inactive" for a failed sync with an intact key; a machine-readable reason (mirroring the per-servicereasoncodes already in the sync payload) would letconnect login/statussay "no active plan" precisely.Verification
bun run typecheck— all 6 packages pass.bun run --cwd backend/cli test— 828 pass, 0 fail (includes the new atlas-bridge tests; the known-flaky snapshot unicode test did not trip on either of two full runs).XDG_*dirs + a fakethk_session +SYNSC_API_BASEpointed at a dead port or a local stub backend):{"project_id":null,"error":"unreachable","message":"Unable to connect...","host":"http://127.0.0.1:9"}; text mode says the backend at that host couldn't be reached and that this is not an auth issue;{"project_id":null,"error":"unauthenticated",...}/ "Not connected to Atlas. Runopenscience connect loginfirst." with no network call;plan_quota_exhausted→error:"plan"with the backend message and the Plan-tab pointer;openscience connect login...";unreachablewith status and host;error:"backend", HTTP 400);connect loginwith a saved session and a dead backend → "Already authenticated (backend: http://127.0.0.1:9)" followed by a loud warning that services could not be synced from that host, instead of silent success; with a 401-answering backend → "rejected your saved key" warning;connect statusnow printsBackend: <host>and warns when the session is untested against the backend.