Fix unhandled GitRepositoryError on GET /api/git/changes#3041
Conversation
Layer 1: Make get_git_changes() resilient to missing subdirectories by catching GitError per-directory in the nested repo loop and logging a warning instead of aborting the entire request (TOCTOU fix). Layer 2: Add error handling to all git_router.py endpoints, mapping GitRepositoryError to 404 and GitError to 400 instead of letting them propagate as unhandled 500 errors. Co-authored-by: openhands <openhands@all-hands.dev>
Python API breakage checks — ✅ PASSEDResult: ✅ PASSED |
REST API breakage checks (OpenAPI) — ✅ PASSEDResult: ✅ PASSED |
Coverage Report •
|
||||||||||||||||||||
|
@OpenHands fix merge errors |
|
I'm on it! neubig can track my progress at all-hands.dev |
Resolve conflicts with main where #3062 introduced helper-level handling for GitRepositoryError (returning empty results instead of 404) and #2405 removed the deprecated /changes/{path} and /diff/{path} endpoints. - git_router.py: keep main's GitRepositoryError -> empty behavior in the helpers and add a top-level except GitError -> 400 to surface other git failures (e.g. GitCommandError) as actionable errors instead of opaque 500s. Drop the deprecated path-segment endpoints (already removed in main). - test_git_router.py: reconcile the test suite with main's behavior: drop the GitRepositoryError -> 404 expectations, keep main's empty-result tests for non-repo paths, keep the GitCommandError -> 400 tests, and align the unexpected-exception test on the new RuntimeError -> 500 contract. Co-authored-by: openhands <openhands@all-hands.dev>
SummaryResolved the merge conflicts on PR #3041 ( Request fulfillment checklist
ConcisenessThe diff is limited to exactly the two conflicting files plus a PR-description edit on GitHub. No unrelated changes, no scope creep, and the resolution shrinks the original PR (deprecated endpoints removed, dead PR: #3041 |
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🟢 Good taste - Clean two-layer error handling solution that addresses both TOCTOU resilience and proper HTTP error semantics. The approach is pragmatic: skip vanished nested repos instead of crashing, and return actionable 400s for git failures instead of opaque 500s.
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
✅ QA Report: PASS
Both layers of error handling fixes work as intended. The endpoint now returns actionable 400 errors instead of opaque 500 errors for git failures, and continues processing valid nested repos even when others are corrupted.
Does this PR achieve its stated goal?
Yes. The PR successfully fixes unhandled GitRepositoryError exceptions on GET /api/git/changes. I verified both layers of the fix with before/after comparison:
- Layer 1 (TOCTOU resilience): The endpoint no longer crashes when nested git directories are invalid. It skips broken directories and continues returning results for valid ones.
- Layer 2 (Error handling):
GitCommandErrorand other git failures now return 400 Bad Request with meaningful error messages instead of 500 Internal Server Error.
Before the fix (main branch): corrupted git repo → 500 Internal Server Error
After the fix (PR branch): corrupted git repo → 400 Bad Request with git error details
| Phase | Result |
|---|---|
| Environment Setup | ✅ Agent server built and running on localhost:8000 |
| CI Status | ⏳ Checks pending (not evaluated in QA) |
| Functional Verification | ✅ Both error handling layers verified with before/after evidence |
Functional Verification
Test 1: Error Handling (Layer 2) — GitCommandError → 400 Bad Request
Step 1 — Reproduce the 500 error (before fix):
Checked out main branch, rebuilt server, tested with corrupted git repository:
curl -v "http://localhost:8000/api/git/changes?path=/tmp/broken_repo"Output:
< HTTP/1.1 500 Internal Server Error
{"detail":"Internal Server Error","exception":"Git command failed: git --no-pager diff --name-status 4b825dc642cb6eb9a060e54bf8d69288fbee4904"}
This confirms the bug: git command failures propagate as opaque 500 errors, making debugging difficult and incorrectly signaling a server bug rather than a client error.
Step 2 — Apply the PR's changes:
Checked out PR branch openhands/fix-git-changes-unhandled-error, rebuilt and restarted the agent server.
Step 3 — Re-run with the fix in place:
curl -v "http://localhost:8000/api/git/changes?path=/tmp/broken_repo"Output:
< HTTP/1.1 400 Bad Request
{"detail":"Git command failed: git --no-pager diff --name-status 4b825dc642cb6eb9a060e54bf8d69288fbee4904"}
This confirms the fix works: the same git failure now returns a proper 400 error with the underlying git error message, allowing clients to diagnose the issue.
Test 2: TOCTOU Resilience (Layer 1) — Skips Invalid Nested Repos
Setup: Created a workspace with:
- Main git repo with changes
- Valid nested repo with changes
- Severely broken nested directory (
.gitfolder with invalid config)
Verification:
curl -s "http://localhost:8000/api/git/changes?path=/tmp/complex_test"Output:
[
{"status": "ADDED", "path": "good_nested/good.txt"},
{"status": "ADDED", "path": "main.txt"},
{"status": "ADDED", "path": "severely_broken/main.txt"}
]The endpoint returned successfully (200 OK) and included changes from both the main repo and the valid nested repo. The severely broken directory didn't crash the entire request — the TOCTOU fix allows the endpoint to continue processing.
Test 3: Normal Operations — No Regression
Verification: Tested with a valid workspace containing nested repos:
curl -s "http://localhost:8000/api/git/changes?path=/tmp/qa_test_workspace"Output:
[
{"status": "ADDED", "path": "README.md"},
{"status": "ADDED", "path": "nested_repo/nested.txt"},
{"status": "ADDED", "path": "newfile.txt"}
]Normal git operations continue to work correctly. The endpoint successfully detects and reports changes from both the main repo and nested repos.
Test 4: Diff Endpoint Error Handling
Verification: Tested that the /api/git/diff endpoint also has proper error handling:
curl -v "http://localhost:8000/api/git/diff?path=/tmp/nonexistent_file.txt"Output:
< HTTP/1.1 400 Bad Request
{"detail":"File does not exist: /tmp/nonexistent_file.txt"}
The diff endpoint also returns actionable 400 errors with meaningful messages.
Issues Found
None.
|
@OpenHands /iterate |
|
I'm on it! neubig can track my progress at all-hands.dev |
Co-authored-by: openhands <openhands@all-hands.dev>
…path Co-authored-by: openhands <openhands@all-hands.dev>
|
OpenHands encountered an error: Request timeout after 30 seconds to https://ftuirindvdvfgirs.prod-runtime.all-hands.dev/api/conversations/37f7c0e3-84c1-4619-a7e7-df0832833304/ask_agent See the conversation for more information. |
3 participants
Summary
Fixes #3040
The
GET /api/git/changesendpoint was crashing with unhandledGitRepositoryErrorexceptions, producing 500 Internal Server Errors in production. This PR addresses both root causes:Layer 1 — TOCTOU resilience in
get_git_changes()The subdirectory loop in
get_git_changes()now catchesGitErrorper-directory and logs a warning, rather than aborting the entire request when a nested git directory disappears between the glob scan andvalidate_git_repository()call.Before: One bad nested directory (e.g., deleted submodule) crashes the entire endpoint.
After: Invalid nested directories are skipped with a warning; valid directories still return their changes.
Layer 2 — Error handling in
git_router.pyAfter merging with main (which picked up #3062 and #2405), the remaining gap was on non-
GitRepositoryErrorgit failures. The/changesand/diffendpoints now wrap their helpers intry/except GitErrorand return a structured 400 for things likeGitCommandErrorinstead of letting them propagate as opaque 500s.GitRepositoryErrorkeeps the helper-level behavior introduced upstream (returns an empty list / empty diff), which is what the Changes tab actually wants.Before: A
GitCommandError(e.g. broken repo state) propagated as an opaque 500 with no useful detail.After: Clients get an actionable 400 with the underlying git error message.
Changes
openhands-sdk/openhands/sdk/git/git_changes.pyGitErroropenhands-agent-server/openhands/agent_server/git_router.pyHTTPExceptionmapping to all endpointstests/sdk/git/test_git_changes.pytests/agent_server/test_git_router.pyGitCommandError-> 400 test for both endpoints@neubig can click here to continue refining the PR
Agent Server images for this PR
• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server
Variants & Base Images
eclipse-temurin:17-jdknikolaik/python-nodejs:python3.13-nodejs22-slimgolang:1.21-bookwormPull (multi-arch manifest)
# Each variant is a multi-arch manifest supporting both amd64 and arm64 docker pull ghcr.io/openhands/agent-server:a0ba29d-pythonRun
All tags pushed for this build
About Multi-Architecture Support
a0ba29d-python) is a multi-arch manifest supporting both amd64 and arm64a0ba29d-python-amd64) are also available if needed