GetRepositoryFile tool masks GitLab API errors with generic KeyError message
Problem
The GetRepositoryFile tool in duo_workflow_service/tools/repository_files.py does not properly surface GitLab API errors. When the GitLab API returns an error response (e.g., {"message":"404 File Not Found"}), the tool masks this with a generic {"error": "'content'"} message instead.
Root Cause
In GetRepositoryFile._arun() at line 108:
content = base64.b64decode(json.loads(response)["content"]).decode("utf-8")When GitLab API returns an error response like {"message":"404 File Not Found"}, the code attempts to access the "content" key which doesn't exist in error responses. This raises a KeyError: 'content' that gets caught by the generic exception handler, resulting in {"error": "'content'"} instead of the actual API error.
Expected Behavior
When GitLab API returns:
{"message":"404 File Not Found"}The tool should surface this error message to the user, not mask it with a generic KeyError.
Current Behavior
API call: curl -X GET -H "Authorization: Bearer $GITLAB_API_PRIVATE_TOKEN" "https://gitlab.com/api/v4/projects/39903947/repository/files/.gitlab%2Fduo%2Fmr-review-instructions.yaml?ref=HEAD"
Returns: {"message":"404 File Not Found"}
But tool execution trace shows: {"error": "'content'"}
Proposed Solution
The code should check for error responses before attempting to access the "content" key:
try:
response_data = json.loads(response)
# Check if response contains an error message
if "message" in response_data and "content" not in response_data:
return json.dumps({"error": response_data["message"]})
if "content" not in response_data:
return json.dumps({"error": "Missing content in response"})
content = base64.b64decode(response_data["content"]).decode("utf-8")
return json.dumps({"content": content})
except Exception as e:
return json.dumps({"error": str(e)})Impact
This issue affects error visibility and debugging when files don't exist or there are permission issues, making it harder for users to understand what went wrong.