mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-07-15 19:06:18 +08:00
82d9171985
Runtime testing (PR #2986 validation, finding GS-002) showed the approve-after-revoke refusal — the PR's own deliberate behavior delta — surfacing as "ERROR Approval handler threw" with a stack trace, and the requester being told the apply "failed". Enforcement was correct; the telemetry dressed an expected guard refusal as a runtime failure. The a2a route's deny now throws a typed GuardDenyError (guard leaf), and applyA2aMessageGate catches exactly that: the requester is notified "Message approved, but not delivered — no longer authorized: <reason>" and the host logs a warning. Anything else still propagates to the response handler's crash path. Covers all three replay refusals the same way: destination revoked while pending, mismatched grant, already-consumed grant. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>