Skip to content

fix(deps): restore node-domexception for google auth [AI-assisted]#30026

Open
adamya-singh wants to merge 1 commit intoopenclaw:mainfrom
adamya-singh:fix/google-auth-node-domexception-regression
Open

fix(deps): restore node-domexception for google auth [AI-assisted]#30026
adamya-singh wants to merge 1 commit intoopenclaw:mainfrom
adamya-singh:fix/google-auth-node-domexception-regression

Conversation

@adamya-singh
Copy link

@adamya-singh adamya-singh commented Feb 28, 2026

Summary

  • AI-assisted PR: built with an AI coding agent; tested locally and I understand the change.
  • Problem: Fix npm global install deprecation warnings (#28318) replaced node-domexception with @nolyfill/ domexception, which broke the Google auth import path used by Vertex-backed embedded runs.
  • Why it matters: embedded runs could fail before OAuth token exchange with Cannot convert undefined or null to object, making Telegram/OpenClaw appear broken even though transport was healthy.
  • What changed: removed the alias/override, restored fetch-blob to node-domexception@1.0.0, and added an import-
    path regression test.
  • What did NOT change (scope boundary): no provider logic changes, no Telegram/channel changes, and no attempt to
    restore the warning-free dependency cleanup in this PR.

AI Assistance

  • AI-assisted
  • Testing level: targeted local testing
  • Prompts/session logs: available on request
  • I understand what the code does and verified the failure chain locally

AI Session Notes (sanitized)

  • Tooling: AI coding agent
  • Task: Investigate Telegram-visible embedded-run failures after bot token rotation
  • Root cause found: dependency override from Fix npm global install deprecation warnings #28318 replaced node-domexception with @nolyfill/domexception,
    breaking the google-auth-library -> gaxios -> node-fetch -> fetch-blob import path
  • Symptom: Cannot convert undefined or null to object before OAuth token exchange
  • Fix implemented:
    • removed the node-domexception alias/override
    • restored fetch-blob -> node-domexception@1.0.0
    • added regression coverage in src/infra/google-auth-import-regression.test.ts
  • Local verification:
    • gaxios data URL smoke passed
    • google-auth-library setup no longer crashed
    • pnpm vitest run src/infra/google-auth-import-regression.test.ts src/agents/pi-embedded-runner/google.test.ts

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

User-visible / Behavior Changes

Vertex-backed embedded runs no longer fail during Google auth setup due to the broken dependency substitution.

Security Impact (required)

  • New permissions/capabilities? (Yes/No) No
  • Secrets/tokens handling changed? (Yes/No) No
  • New/changed network calls? (Yes/No) No
  • Command/tool execution surface changed? (Yes/No) No
  • Data access scope changed? (Yes/No) No
  • If any Yes, explain risk + mitigation:

Repro + Verification

Environment

  • OS: Linux arm64
  • Runtime/container: local Node 24 / repo checkout
  • Model/provider: Google Vertex / embedded run path
  • Integration/channel (if any): Telegram affected in practice, but repro reduced to local auth stack
  • Relevant config (redacted): service-account-based Vertex config

Steps

  1. Trigger a Vertex-backed embedded run or directly call the Google auth stack.
  2. Observe Cannot convert undefined or null to object before OAuth token exchange.
  3. Apply this patch and rerun the same repro.

Expected

  • Google auth stack initializes cleanly and no loader crash occurs.

Actual

  • gaxios -> node-fetch -> fetch-blob -> node-domexception import path crashes before token exchange.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets trace-and-log-snippets.md
  • Screenshot/recording openclaw-PR-2-28-26
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios:
    • gaxios fetch dependencies load via a data: URL request
    • google-auth-library no longer crashes during setup
    • pnpm vitest run src/infra/google-auth-import-regression.test.ts src/agents/pi-embedded-runner/google.test.ts
  • Edge cases checked:
    • lockfile points fetch-blob back to node-domexception@1.0.0
  • What you did not verify:
    • full CI
    • live Google auth against production services in CI

Compatibility / Migration

  • Backward compatible? (Yes/No) Yes
  • Config/env changes? (Yes/No) No
  • Migration needed? (Yes/No) No
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert this commit or restore the prior package/lockfile state
  • Files/config to restore: package.json, pnpm-lock.yaml
  • Known bad symptoms reviewers should watch for: Cannot convert undefined or null to object during Google/Vertex
    auth setup

Risks and Mitigations

  • Risk: restores deprecated node-domexception@1.0.0, so the earlier warning-suppression goal is no longer met.
    • Mitigation: keep this PR narrowly scoped to runtime correctness and handle warning cleanup in a separate follow-
      up.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 28, 2026

Greptile Summary

This PR correctly reverts a problematic dependency substitution from PR #28318 that broke Google auth for Vertex-backed embedded runs. The fix removes the @nolyfill/domexception alias and restores node-domexception@1.0.0 as a transitive dependency through fetch-blob, resolving the "Cannot convert undefined or null to object" error that occurred during OAuth token exchange.

  • Removed node-domexception alias to @nolyfill/domexception from both dependencies and pnpm.overrides
  • Verified in lockfile that fetch-blob@3.2.0 now correctly depends on node-domexception@1.0.0
  • Added comprehensive regression test covering both gaxios and google-auth-library import paths
  • Trade-off acknowledged: restores deprecated package, but runtime correctness takes priority over deprecation warnings

Confidence Score: 4/5

  • This PR is safe to merge with minimal risk - it's a focused fix that restores working functionality
  • Score reflects a well-tested, correctly implemented fix with clear documentation. The only concern is restoring a deprecated dependency, but this is an acceptable trade-off for runtime correctness and is properly acknowledged in the PR description
  • No files require special attention

Last reviewed commit: 24b34b3

nikolasdehor
nikolasdehor approved these changes Feb 28, 2026
View reviewed changes
Copy link

@nikolasdehor nikolasdehor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good diagnosis. Runtime correctness takes priority over deprecation warnings. The regression test using spawnSync for import-path verification is solid. One note: the PR body has 'Closes #' with no issue number. LGTM.

@XC-Xinze
Copy link

XC-Xinze commented Mar 2, 2026

you save my life dude. that's really pain~!

@Frank683456 Frank683456 mentioned this pull request Mar 2, 2026
Open
@juanmosv juanmosv mentioned this pull request Mar 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nikolasdehor nikolasdehor nikolasdehor approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adamya-singh @XC-Xinze @nikolasdehor