fix(email): one ungranted mailbox no longer aborts the whole multi-mailbox scan (#1739)#1753
Conversation
When one connected mailbox has its agent grant revoked, _triage_all_backends and _pre_scan_all_backends currently propagate the AuthRequiredError out of the loop, aborting the whole multi-mailbox scan. The two failing tests document the expected behavior: the granted mailbox results come back, and the ungranted provider appears in mailbox_errors with an actionable message instead of crashing. Resolves: #1739
… scan (#1739) Before: _triage_all_backends and _pre_scan_all_backends iterated all backends with no per-backend try/except. One ungranted backend's AuthRequiredError propagated out of the loop and turned the whole scan into a single error envelope — the granted mailboxes' already-computed results were discarded. After: each backend call is wrapped in try/except ConnectorsError. On a per-provider error the message is recorded in mailbox_errors and the loop continues. Granted mailboxes keep working; the ungranted provider appears in mailbox_errors with the actionable message from format_connector_error. Non-ConnectorsError exceptions still propagate — genuine bugs fail loudly. Also documents the design decision in config.py: the available set is intentionally connection-derived; grant enforcement is the connectors layer's job (get_access_token_sync raises AuthRequiredError eagerly).
Review — #1753
|
…ce per scan loop (#1739)
|
Thanks for the review. Addressed both 🟢 nits in c27e055:
The " |
kovtcharov-amd
left a comment
There was a problem hiding this comment.
Approving — the per-mailbox except ConnectorsError correctly isolates a revoked-grant failure to a single mailbox while letting genuine bugs (non-ConnectorsError) propagate, which matches the fail-loudly rule. AuthRequiredError subclasses ConnectorsError and the import is already on main, so the catch resolves cleanly. The connection-derived available-set decision is well documented, and the TDD tests cover triage, pre-scan, the calendar single-backend path, and the all-granted regression. Nicely scoped.
Review: fix(email) — one ungranted mailbox no longer aborts the whole scan (#1739)SummarySolid, well-scoped fix that does exactly what it says: a single revoked-grant mailbox no longer takes down the whole multi-mailbox triage/pre-scan. The change wraps each backend call in a typed Issues🟢 🟢 All-mailboxes-ungranted returns Strengths
VerdictApprove. No blocking issues. The two 🟢 points are about how clearly the skipped-mailbox notice reaches the end user — worth a glance at the system prompt, but not a merge blocker. (Note: I could not run the test suite in this sandbox — |
…1739) Per review of #1753: a scan where every connected mailbox errors returned ok:True with empty results (reads as 'empty inbox'). Now raises a ConnectorsError summarizing every mailbox failure, so the tool envelope is ok:False. Partial failure (>=1 mailbox succeeds) still returns results + mailbox_errors. Adds all-ungranted tests for triage and pre-scan.
|
Thanks — both 🟢 points addressed/considered:
|
Closes #1739
Why this matters
Before: if one connected mailbox lacked a per-agent grant, its eager auth error propagated out of the multi-mailbox scan loop and turned the entire triage/pre-scan into one error — discarding the granted mailbox's results too. After: the scan catches the typed connectors error per-provider, records a clean per-mailbox notice (
mailbox_errors), and keeps going, so the granted mailbox still triages.This also resolves #1707's open question with a documented decision: the available-mailbox/calendar set stays connection-derived on purpose — grants are enforced at the connection/token layer and the agent stays grant-unaware (no grant/scope logic added to the agent).
Test plan
python -m pytest tests/unit/agents/email/test_grant_revoked_clean_error.py -q— triage + pre-scan continue when one mailbox is ungranted; the connected-but-ungranted provider still appears in the available set; calendar yields a clean error; injected-fake/eval seam unaffected. Full email suite: 390 passed.Real-world capture
Note: the per-mailbox error text shown for a Microsoft grant gap is currently Google-centric — a separate, pre-existing defect in the connectors formatting layer, filed as #1751 (Milestone 40). It's out of scope here by design (this PR keeps the agent grant-unaware; message wording is owned by the connectors layer).