fix(microsoft-foundry): replace unsafe non-null assertion in subscription lookup

[oliviareid-svg]

Summary

• auth.ts uses subs.find((sub) => sub.id === selectedId)! with a non-null assertion
• If the selected subscription ID doesn't match (edge case: subscription deleted between list and select), this crashes with TypeError: Cannot read properties of undefined (reading 'tenantId')
• Fix: replace ! assertion with explicit null check and descriptive error

Test plan

• Verify Azure subscription selection flow still works
• Verify missing subscription produces clear error message

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

Replaces the unsafe non-null assertion on subs.find(...) in extensions/microsoft-foundry/auth.ts with an explicit null check and a descriptive Error, covering the edge case where a subscription is deleted between listing and selection. The fix is minimal, correct, and the TypeScript type narrowing after the guard works as expected.

Confidence Score: 5/5

Safe to merge — the fix is a focused, correct defensive guard with no functional regressions.

The change is a one-line safety improvement: the non-null assertion is replaced by an explicit null check with a descriptive error. TypeScript narrows the type correctly after the guard, the existing subs[0]! on line 87 remains valid (guarded by subs.length === 1), and there are no P0 or P1 findings. All remaining considerations are P2 or lower.

No files require special attention.

Vulnerabilities

No security concerns identified.

_{Reviews (1): Last reviewed commit: "fix(microsoft-foundry): replace unsafe n..." | Re-trigger Greptile}

[clawsweeper]

Codex review: needs real behavior proof before merge.

Summary
The PR adds a Microsoft Foundry Entra ID subscription guard, a regression test for stale selected IDs, and an Unreleased changelog entry.

Reproducibility: yes. Source inspection gives a high-confidence path: with multiple enabled subscriptions, a custom or mocked prompter returning an id outside the list makes current main assign undefined and then read tenantId.

Real behavior proof
Needs real behavior proof before merge: The PR currently has tests/build/check validation and a mock regression test, but no after-fix evidence from a real OpenClaw setup; the exact-head proof check fails. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, ask a maintainer to comment @clawsweeper re-review.

Next step before merge
The remaining blocker is contributor or maintainer-provided real behavior proof, which automation cannot supply for an external PR; the small changelog placement issue can be handled during normal review.

Security
Cleared: The diff only changes provider-local error handling, a mock regression test, and the changelog; it does not alter dependencies, CI, permissions, secrets, package metadata, or command execution.

Review findings

• [P3] Move the fix entry under Fixes — CHANGELOG.md:9

Review details

Best possible solution:

Land the provider-local guard with the regression test, classify the changelog bullet under Unreleased ### Fixes, and require either real behavior proof from a redacted setup or an explicit maintainer proof override before merge.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection gives a high-confidence path: with multiple enabled subscriptions, a custom or mocked prompter returning an id outside the list makes current main assign undefined and then read tenantId.

Is this the best way to solve the issue?

Yes for the code fix. The explicit guard is the narrowest maintainable provider-local fix and is safer than falling back to another Azure subscription; the changelog placement and real behavior proof still need cleanup.

Full review comments:

• [P3] Move the fix entry under Fixes — CHANGELOG.md:9
  This PR is a user-facing provider auth fix, but the added changelog line is placed under ### Changes while the active ### Fixes section exists. Move it to ### Fixes so the release notes classify the fix correctly.
  Confidence: 0.82

Overall correctness: patch is correct
Overall confidence: 0.86

What I checked:

• Current main has the unchecked dereference: entraIdAuthMethod.run still assigns selectedSub = subs.find((sub) => sub.id === selectedId)! and immediately reads selectedSub.tenantId, so a stale or custom selected id can become an undefined dereference. (extensions/microsoft-foundry/auth.ts:101, 7468e071ddc3)
• PR patch adds the provider-local guard: The PR head replaces the non-null assertion with a match variable, throws Selected subscription not found: ${selectedId} when absent, and only then assigns selectedSub. (extensions/microsoft-foundry/auth.ts:101, 208c1082edca)
• PR patch adds focused mock regression coverage: The new test mocks multiple enabled Azure subscriptions and makes the prompter return missing-subscription, then expects the descriptive error instead of the old TypeError path. (extensions/microsoft-foundry/index.test.ts:274, 208c1082edca)
• Changelog entry is under Changes: The branch adds the Microsoft Foundry auth fix bullet under active ### Changes, while the active ### Fixes section exists later in the same Unreleased block. (CHANGELOG.md:9, 208c1082edca)
• Real behavior proof gate fails: The exact-head Real behavior proof check reports that external PRs need a PR-body Real behavior proof section with after-fix evidence from a real setup; tests, mocks, lint, typechecks, and CI are supplemental only. (.github:7, 208c1082edca)
• Maintainer comment reports test and build validation only: BradGroux reports adding the changelog attribution and regression coverage, then running the focused Microsoft Foundry test, pnpm build, and pnpm check; this is useful validation but not after-fix real behavior proof. (208c1082edca)

Likely related people:

• haxudev: Auth-path provenance points to the merged Microsoft Foundry provider PR, which introduced Entra ID subscription and resource discovery in this plugin. (role: introduced behavior; confidence: high; commits: a16dd967da51; files: extensions/microsoft-foundry/auth.ts, extensions/microsoft-foundry/onboard.ts, extensions/microsoft-foundry/provider.ts)
• BradGroux: BradGroux force-pushed the prepared head, added the changelog/test follow-up according to the maintainer comment, and is the committer on the current PR head. (role: recent PR maintainer; confidence: medium; commits: 208c1082edca; files: CHANGELOG.md, extensions/microsoft-foundry/auth.ts, extensions/microsoft-foundry/index.test.ts)

Remaining risk / open question:

• No after-fix real OpenClaw/Azure behavior proof is present in the PR body, and the exact-head proof check fails.
• Exact-head CI also has unrelated-looking auto-reply/core failures outside the touched Microsoft Foundry files, so merge readiness still needs normal maintainer check or rerun.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7468e071ddc3.

[BradGroux]

Maintainer pass update:

• Rebased/prepared this on current origin/main.
• Added the required changelog attribution for #62742.
• Added focused regression coverage for the unexpected selected subscription id path.
• Verification passed:
  • pnpm vitest run extensions/microsoft-foundry/index.test.ts (27 tests)
  • pnpm build
  • pnpm check
• After main moved again, rebased once more and re-ran the focused Microsoft Foundry test (27 tests) before pushing.

Prepared head pushed: 208c1082edcaf035cb5db7231a63bb12c975c61a. Fresh CI should run from there.