daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: use build(credentials=creds) instead of creds.authorize() for google-auth compatibility; add traceback logging

Browse Source
This commit is contained in:
daniel
2026-05-08 19:57:35 -05:00
parent 9b56aa83df
commit eddbd98153
7 changed files with 24 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
agentclaw/app/agent_claw_main/tools/google_workspace.py
View File

@@ -8,6 +8,7 @@ Credential secret: agent-claw/google-credentials/{actor_id.replace(':', '-')}
Contains: token, refresh_token, token_uri, client_id, client_secret, scopes Contains: token, refresh_token, token_uri, client_id, client_secret, scopes
""" """
import json import json
import traceback
import boto3 import boto3
import httplib2 import httplib2
from strands import tool from strands import tool
@@ -77,11 +78,10 @@ _current_actor_id: str = ''
def _svc(api: str, version: str, creds: Credentials): def _svc(api: str, version: str, creds: Credentials):
# Pass ONLY the authorized http (with timeout) — do NOT also pass credentials. # Standard google-auth pattern: pass credentials= directly to build().
# When both http= and credentials= are given, google-api-python-client creates a # google.oauth2.credentials.Credentials is natively supported by googleapiclient.
# new un-timed Http() from credentials for API calls, ignoring our timeout. # (creds.authorize() is oauth2client only — not available here)
http = creds.authorize(httplib2.Http(timeout=_HTTP_TIMEOUT)) return build(api, version, credentials=creds, cache_discovery=False)
return build(api, version, http=http, cache_discovery=False)
@tool @tool
@@ -98,6 +98,8 @@ def list_calendars() -> str:
for c in items for c in items
) )
except Exception as e: except Exception as e:
tb = traceback.format_exc()
print(f'[google] list_calendars error: {e}\n{tb}')
return f'Error listing calendars: {e}' return f'Error listing calendars: {e}'
@@ -145,6 +147,8 @@ def get_calendar_events(
lines.append(f'- "{e.get("summary", "No Title")}" (Starts: {start}, Ends: {end}) ID: {eid}') lines.append(f'- "{e.get("summary", "No Title")}" (Starts: {start}, Ends: {end}) ID: {eid}')
return f'Retrieved {len(events)} events from "{calendar_id}":\n' + '\n'.join(lines) return f'Retrieved {len(events)} events from "{calendar_id}":\n' + '\n'.join(lines)
except Exception as e: except Exception as e:
tb = traceback.format_exc()
print(f'[google] get_calendar_events error: {e}\n{tb}')
return f'Error fetching calendar events: {e}' return f'Error fetching calendar events: {e}'
@@ -177,6 +181,8 @@ def list_gmail_messages(max_results: int = 10, query: str = 'in:inbox') -> str:
out += f'\n(more results available)' out += f'\n(more results available)'
return out return out
except Exception as e: except Exception as e:
tb = traceback.format_exc()
print(f'[google] list_gmail_messages error: {e}\n{tb}')
return f'Error listing Gmail messages: {e}' return f'Error listing Gmail messages: {e}'

6
cdk/cdk.out/AgentClawStack.assets.json
View File

@@ -61,16 +61,16 @@
} }
} }
}, },
"7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0": { "91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec": {
"displayName": "AgentClawStack Template", "displayName": "AgentClawStack Template",
"source": { "source": {
"path": "AgentClawStack.template.json", "path": "AgentClawStack.template.json",
"packaging": "file" "packaging": "file"
}, },
"destinations": { "destinations": {
"495395224548-us-east-1-41667eab": { "495395224548-us-east-1-27a7d4e2": {
"bucketName": "cdk-hnb659fds-assets-495395224548-us-east-1", "bucketName": "cdk-hnb659fds-assets-495395224548-us-east-1",
"objectKey": "7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0.json", "objectKey": "91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec.json",
"region": "us-east-1", "region": "us-east-1",
"assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-file-publishing-role-495395224548-us-east-1" "assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-file-publishing-role-495395224548-us-east-1"
} }

4
cdk/cdk.out/AgentClawStack.metadata.json
View File

@@ -572,7 +572,7 @@
{ {
"type": "aws:cdk:creationStack", "type": "aws:cdk:creationStack",
"data": [ "data": [
"...SecretBase.grantRead in aws-cdk-lib...", "...environmentFromArn.grantRead in aws-cdk-lib...",
"new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:199:29)", "new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:199:29)",
"<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)", "<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)",
"...node internals, ts-node, ts-node, ts-node..." "...node internals, ts-node, ts-node, ts-node..."
@@ -715,7 +715,7 @@
{ {
"type": "aws:cdk:creationStack", "type": "aws:cdk:creationStack",
"data": [ "data": [
"...SecretBase.grantRead in aws-cdk-lib...", "...environmentFromArn.grantRead in aws-cdk-lib...",
"new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:251:29)", "new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:251:29)",
"<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)", "<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)",
"...node internals, ts-node, ts-node, ts-node..." "...node internals, ts-node, ts-node, ts-node..."

52
cdk/cdk.out/AgentClawStack.template.json
View File

@@ -941,18 +941,7 @@
"secretsmanager:DescribeSecret" "secretsmanager:DescribeSecret"
], ],
"Effect": "Allow", "Effect": "Allow",
"Resource": { "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
]
]
}
}, },
{ {
"Action": "secretsmanager:GetSecretValue", "Action": "secretsmanager:GetSecretValue",
@@ -1012,18 +1001,7 @@
"secretsmanager:DescribeSecret" "secretsmanager:DescribeSecret"
], ],
"Effect": "Allow", "Effect": "Allow",
"Resource": { "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
]
]
}
}, },
{ {
"Action": "secretsmanager:GetSecretValue", "Action": "secretsmanager:GetSecretValue",
@@ -1088,18 +1066,7 @@
"secretsmanager:DescribeSecret" "secretsmanager:DescribeSecret"
], ],
"Effect": "Allow", "Effect": "Allow",
"Resource": { "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
]
]
}
}, },
{ {
"Action": [ "Action": [
@@ -1186,18 +1153,7 @@
}, },
"Environment": { "Environment": {
"Variables": { "Variables": {
"GOOGLE_OAUTH_CLIENT_SECRET_ARN": { "GOOGLE_OAUTH_CLIENT_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl",
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client"
]
]
},
"USERS_TABLE_NAME": { "USERS_TABLE_NAME": {
"Ref": "UsersTable9725E9C8" "Ref": "UsersTable9725E9C8"
}, },

2
cdk/cdk.out/manifest.json
View File

@@ -18,7 +18,7 @@
"validateOnSynth": false, "validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-deploy-role-495395224548-us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-deploy-role-495395224548-us-east-1",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-cfn-exec-role-495395224548-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-cfn-exec-role-495395224548-us-east-1",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-495395224548-us-east-1/7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0.json", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-495395224548-us-east-1/91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec.json",
"requiresBootstrapStackVersion": 6, "requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [ "additionalDependencies": [

2
cdk/cdk.out/tree.json
View File

File diff suppressed because one or more lines are too long

4
cdk/lib/agent-claw-stack.ts
View File

@@ -188,8 +188,8 @@ export class AgentClawStack extends cdk.Stack {
// and fed back as context param runtime1Arn. // and fed back as context param runtime1Arn.
// ── Google Workspace MCP ────────────────────────────────────────────── // ── Google Workspace MCP ──────────────────────────────────────────────
const googleOAuthClientSecret = secretsmanager.Secret.fromSecretNameV2( const googleOAuthClientSecret = secretsmanager.Secret.fromSecretCompleteArn(
this, 'GoogleOAuthClient', 'agent-claw/google-oauth-client' this, 'GoogleOAuthClient', 'arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl'
); );
// workspace-mcp Lambda execution role (import existing — created during initial setup) // workspace-mcp Lambda execution role (import existing — created during initial setup)