Skip to content

Improve dependabot error message#2375

Open
aashah wants to merge 1 commit intomainfrom
aashah/better-errors
Open

Improve dependabot error message#2375
aashah wants to merge 1 commit intomainfrom
aashah/better-errors

Conversation

@aashah
Copy link
Copy Markdown
Member

@aashah aashah commented Apr 23, 2026

This pull request improves error handling for Dependabot alert API failures by providing more informative error messages when access is denied due to insufficient token permissions. It also updates and extends tests to verify these enhanced messages.

Why

When in environments where the github token is provided, like a codespace, the error message is a bit vague in helping the user understand why their tool call failed.

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • New tool added

Prompts tested (tool changes only)

n/a

Security / limits

  • No security or limits impact
  • Auth / permissions considered
  • Data exposure, filtering, or token/size limits considered

Tool renaming

  • I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
    • I have added the new tool aliases in deprecated_tool_aliases.go
  • I am not renaming tools as part of this PR

Note: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)

@aashah aashah marked this pull request as ready for review April 23, 2026 18:53
@aashah aashah requested a review from a team as a code owner April 23, 2026 18:53
Copilot AI review requested due to automatic review settings April 23, 2026 18:53
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the user-facing error message for Dependabot alert API failures by adding a permission/scope hint when requests are denied, and updates unit tests to validate the new messaging.

Changes:

  • Enhance Dependabot tool error messages by appending a token-permission hint for certain HTTP failures.
  • Update/extend Dependabot tool tests to assert the improved error output for forbidden/not-found scenarios.
Show a summary per file
File Description
pkg/github/dependabot.go Adds dependabotErrMsg helper to enrich Dependabot API error messages with token permission guidance.
pkg/github/dependabot_test.go Updates and extends tests to assert the new token-permission hint is present in error results.

Copilot's findings

  • Files reviewed: 2/2 changed files
  • Comments generated: 2

Comment thread pkg/github/dependabot_test.go
Comment thread pkg/github/dependabot.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aashah @SamMorrowDrums