fix(errors): dedupe identical messages when traversing error .cause chain

[RomneyDa]

See before and after in these 2 messages:

Summary

• formatErrorMessage walked .cause and appended every level joined by |, so a wrapper that carried the same string as its cause produced doubled output.
• coerceToFailoverError (src/agents/failover-error.ts:524-563) does exactly that: it builds a FailoverError whose message is read from the wrapped error and sets cause: err. That made auth failures like No API key found for provider "openai-codex" … surface in the TUI as the same sentence twice, separated by |, inside the ⚠️ Agent failed before reply line.
• Now the formatter tracks already-emitted messages and skips repeats — leaving genuinely-different cause messages intact (still joined with |).

Behavior addressed: TUI control-UI failure path renders the error message once instead of duplicated. Underlying auth misconfiguration is unchanged.

Test plan

• node scripts/run-vitest.mjs src/infra/errors.test.ts (added a regression case covering the FailoverError-style wrap).

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR updates formatErrorMessage to skip repeated cause-chain messages and adds a regression case in src/infra/errors.test.ts.

Reproducibility: yes. from source inspection: current main appends every Error/string cause message, and coerceToFailoverError can wrap an error whose message equals its cause. I did not execute the focused regression test in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Summary: Focused, low-risk patch with regression coverage and no blocking findings; maintainer/CI verification is the remaining merge gate.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Not applicable: The contributor real-behavior proof gate does not apply to this maintainer-labeled MEMBER PR; the body includes a screenshot and focused test plan as supplemental context.

Risk before merge

• I did not execute node scripts/run-vitest.mjs src/infra/errors.test.ts in this read-only review, so merge should rely on CI or maintainer-side focused test proof.
• There is a package-local formatter copy in packages/memory-host-sdk/src/host/error-utils.ts that still has the old cause-chain behavior; it is outside the reported TUI path but worth maintainer awareness if identical formatter semantics are expected there.

Maintainer options:

1. Decide the mitigation before merge
   Land the focused formatter fix after maintainer review and focused CI/test confirmation, keeping distinct nested causes and final redaction intact.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No automated repair lane is needed: the PR has no concrete patch defect, and the protected maintainer label routes it to normal maintainer review and CI confirmation.

Security
Cleared: The diff only changes shared error-message formatting and a focused test; it adds no dependency, workflow, credential, or code-execution surface.

Review details

Best possible solution:

Land the focused formatter fix after maintainer review and focused CI/test confirmation, keeping distinct nested causes and final redaction intact.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main appends every Error/string cause message, and coerceToFailoverError can wrap an error whose message equals its cause. I did not execute the focused regression test in this read-only review.

Is this the best way to solve the issue?

Yes; fixing the shared formatter removes the duplicate at the presentation boundary while preserving distinct nested cause messages and the existing redaction step.

Label changes:

• add proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The contributor real-behavior proof gate does not apply to this maintainer-labeled MEMBER PR; the body includes a screenshot and focused test plan as supplemental context.

Label justifications:

• P3: The PR fixes a low-blast-radius user-facing error-message duplication without changing auth behavior, provider routing, dependencies, or runtime policy.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🌊 off-meta tidepool, patch quality is 🐚 platinum hermit, and Focused, low-risk patch with regression coverage and no blocking findings; maintainer/CI verification is the remaining merge gate.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: The contributor real-behavior proof gate does not apply to this maintainer-labeled MEMBER PR; the body includes a screenshot and focused test plan as supplemental context.
• proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The contributor real-behavior proof gate does not apply to this maintainer-labeled MEMBER PR; the body includes a screenshot and focused test plan as supplemental context.

What I checked:

• Current main appends every cause message: On current main, formatErrorMessage starts from the parent error message and appends every Error or string cause message without checking whether that text was already emitted. (src/infra/errors.ts:68, 0af55f971d00)
• Failover wrapper creates the duplicated shape: coerceToFailoverError builds a FailoverError from the wrapped error message and sets cause: err, so the formatter can render the same sentence twice for auth/provider failures. (src/agents/failover-error.ts:551, 0af55f971d00)
• PR patch preserves distinct nested causes: The provided PR diff adds a seenMessages set in formatErrorMessage and a regression test where a wrapper repeats the inner message while a deeper distinct root cause is still emitted. (src/infra/errors.ts:72, 075debd7a817)
• Formatter and failover provenance: git blame ties the current formatter and failover wrapper lines to commit 6db000630c84c93105eabfc74be3fb02bbc9efc1; older history also shows focused error-helper and failover-normalization work in c2e2b87f28f0fae2fa3b7395c66077be31ec74f7, d2bebfb2531932b2af08ad17624f0129c7600727, and 402c35b91ca72035490ae93b4257e10dfb622d34. (src/infra/errors.ts:68, 6db000630c84)
• Review state is protected maintainer-owned work: The GitHub context shows author association MEMBER and label maintainer, which means this PR should stay open for explicit maintainer handling even when the patch looks mergeable. (075debd7a817)

Likely related people:

• obviyus: Current blame for the formatter and failover-wrapper lines points to Ayaan Zaidi's feat(android): add v2 channels settings commit in this checkout. (role: recent area contributor; confidence: medium; commits: 6db000630c84; files: src/infra/errors.ts, src/infra/errors.test.ts, src/agents/failover-error.ts)
• steipete: History search shows Peter Steinberger added direct error-helper coverage, ACP error-kind classification, and earlier failover normalization on the same surfaces. (role: prior error/failover area contributor; confidence: medium; commits: 402c35b91ca7, c2e2b87f28f0, d2bebfb25319; files: src/agents/failover-error.ts, src/infra/errors.ts, src/infra/errors.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 0af55f971d00.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Sunspot Diff Drake

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: sparkles near resolved comments.
Image traits: location flaky test forest; accessory CI status badge; palette amber, ink, and glacier blue; mood patient; pose standing beside its cracked shell; shell frosted glass shell; lighting calm overcast light; background small green status lights.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Sunspot Diff Drake in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[altaywtf]

Merged via squash.

• Prepared head SHA: 46aa27fa12e8e161cddc3c8b901a5dd6851423ca
• Merge commit: 447a3643c69b9ed8cd6a80dd99ecc5299ea4e02a

Thanks @RomneyDa!