fix(sentinel): distinguish confirmed_with_err from not_confirmed (closes #300)#301
Merged
Merged
Conversation
When verifySignature sees a confirmed tx whose program returned an error, it previously labelled it not_confirmed. tool-signing.ts then rejected the pending entry with verification_failed: not_confirmed, agent.ts wrapped that as cancelled_by_user, and the LLM told the user "tx cancelled". The tx had actually landed on-chain — the program just rejected it. Adds a confirmed_with_err variant to VerifyResult and a strict-mode branch in tool-signing.ts that rejects with program_error: <detail> and returns a 400 envelope explaining the program rejected the tx. The LLM now relays the actual on-chain error to the user instead of implying they cancelled. Closes #300
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
verify-signature.ts: addconfirmed_with_errvariant toVerifyResult.reasonand label the err-branch with it instead ofnot_confirmedtool-signing.ts: in strict mode, surfaceconfirmed_with_erras a 400 envelopetransaction was confirmed on-chain but the program returned an error: <detail>and reject the pending entry withprogram_error: <detail>so the agent layer relays the real error instead ofcancelled_by_userCloses #300. Filed alongside #299 (CF 504 follow-up, post-Frontier).
Why this matters
Discovered during
frontier_sip_18autonomous prod smoke test of PR #298. A real signed tx that confirmed on-chain withAnchorError 3012was reported to the user as "tx cancelled / verify_failed: not_confirmed" — wrong on both counts. Two layers of misleading copy in front of Frontier judges scoring 2026-05-27.Before:
After:
Blast radius
confirmed_with_errreason is additive — no existing consumer switches exhaustively onVerifyResult.reason, verified via grep forassertNeverusage in this codebasenot_confirmedconsumers (tool-signing.ts:74Retry-After path, the FE error rendering) compile unchangedtool-signing.tsstill handlesnot_confirmedandwallet_mismatchidentically to beforeTest plan
pnpm typecheckclean (root + sdk + app + agent)pnpm test -- --run(agent: 1648, app: 577, sdk: 96, root: 555 — total 2876 green)S1Phr5rmDfkZTyLXzH5qUHeiqZS3Uf517SQzRbU4kHBfrom a wallet without prior deposit. Expected behaviour: agent says the program rejected the tx and surfaces the AnchorError, NOT "tx cancelled".