Fix TRY003: extract exception messages to variables and remove suppression

[Copilot]

Ruff rule TRY003 ("Avoid specifying long messages outside the exception class") was globally suppressed. This removes that suppression by fixing all ~48 violations across the codebase.

Approach

Each violation is fixed by extracting the message string into a local msg variable before the raise:

# Before
raise ValueError(f"No such reusable taskflow: {task.uses}")

# After
msg = f"No such reusable taskflow: {task.uses}"
raise ValueError(msg)

This satisfies TRY003 without requiring new exception subclasses or altering error messages.

Changes

• Source files (agent.py, available_tools.py, capi.py, cli.py, mcp_lifecycle.py, mcp_servers/codeql/client.py, mcp_servers/codeql/mcp_server.py, mcp_transport.py, mcp_utils.py, models.py, runner.py, session.py, shell_utils.py, template_utils.py): extract exception messages to msg variables
• mcp_servers/codeql/client.py: also fixes a pre-existing bug where an f-string was missing its f prefix ("Unsupported output format {fmt}" → f"Unsupported output format {fmt}")
• pyproject.toml: removes TRY003 from the global ignore list; adds a per-file ignore for the vendored third-party jsonrpyc package

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• unsupported.example.com
  • Triggering command: /usr/bin/python python -m pytest tests/ -x -q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Removes the repo-wide suppression of Ruff TRY003 by refactoring exception raises to assign messages to local variables before raising, plus a small related fix in the CodeQL client.

Changes:

• Extracts inline exception messages into local msg variables across the codebase to satisfy TRY003.
• Removes TRY003 from the global Ruff ignore list and adds a targeted per-file ignore for vendored jsonrpyc.
• Fixes a CodeQL client formatting bug for unsupported output formats (missing f prefix).

Show a summary per file

File	Description
src/seclab_taskflow_agent/template_utils.py	Refactors env var LookupError message into msg variable.
src/seclab_taskflow_agent/shell_utils.py	Refactors shell command failure RuntimeError message into msg.
src/seclab_taskflow_agent/session.py	Refactors missing session FileNotFoundError message into msg.
src/seclab_taskflow_agent/runner.py	Refactors multiple ValueError/APITimeoutError raises to use msg locals.
src/seclab_taskflow_agent/models.py	Refactors validation ValueError messages into msg.
src/seclab_taskflow_agent/mcp_utils.py	Refactors MCP transport/command errors to use msg.
src/seclab_taskflow_agent/mcp_transport.py	Refactors URL/timeout/thread-exit errors to use msg.
src/seclab_taskflow_agent/mcp_servers/codeql/mcp_server.py	Refactors CodeQL server RuntimeError messages to use msg.
src/seclab_taskflow_agent/mcp_servers/codeql/client.py	Refactors raises to use msg and fixes unsupported-format string interpolation.
src/seclab_taskflow_agent/mcp_lifecycle.py	Refactors unsupported transport ValueError to use msg.
src/seclab_taskflow_agent/cli.py	Refactors BadParameter message to use msg.
src/seclab_taskflow_agent/capi.py	Refactors missing-token RuntimeError message to use msg.
src/seclab_taskflow_agent/available_tools.py	Refactors multiple loader exceptions to use msg.
src/seclab_taskflow_agent/agent.py	Refactors token env var RuntimeError message to use msg.
pyproject.toml	Stops ignoring TRY003 globally; adds per-file ignore for vendored code.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 15/15 changed files
• Comments generated: 3

[Copilot]

_resolve_query_server() invokes the CodeQL CLI with excute --help, which looks like a typo for execute. As written, this will likely fail and cause the legacy-server check to incorrectly raise every time. Update the subcommand to execute (or use the existing execute spelling used elsewhere in this file).

Suggested change

	help_msg = shell_command_to_string(self.codeql_cli + ["excute", "--help"])
	help_msg = shell_command_to_string(self.codeql_cli + ["execute", "--help"])

[Copilot]

get_AI_token() falls back to COPILOT_TOKEN, but the raised error says only AI_API_TOKEN is not set. This is misleading for users who rely on COPILOT_TOKEN. Consider updating the message to indicate that neither AI_API_TOKEN nor COPILOT_TOKEN is set (or mention both accepted env vars).

Suggested change

	msg = "AI_API_TOKEN environment variable is not set."
	msg = "Neither AI_API_TOKEN nor COPILOT_TOKEN environment variable is set."

[Copilot]

This per-file ignore for jsonrpyc/* is likely redundant because the directory is already excluded via [tool.ruff].extend-exclude (src/seclab_taskflow_agent/mcp_servers/codeql/jsonrpyc/). Either remove this per-file ignore, or (if you want Ruff to lint these files for other rules) drop the extend-exclude and keep a targeted per-file ignore.

Suggested change

"src/seclab_taskflow_agent/mcp_servers/codeql/jsonrpyc/*" = ["TRY003"]