fix: classify Cloudflare AI errors with error codes and retry guidance

[whoabuddy]

Summary

• Replace generic "Chat completion failed" 500 with classified errors that distinguish timeout, rate limit, model not found, and internal errors
• Include error_code, retryable, and retry_after_seconds in error responses so agent consumers know whether to retry

Context

Production log analysis (Feb 28 - Mar 2) identified that all Cloudflare AI failures returned a generic 500 with no error classification, making it impossible for AI agent consumers to distinguish transient vs permanent failures.

Closes #61

Changes

• chat.ts: Added classifyCloudflareAIError() helper that inspects error message/name to categorize into TIMEOUT (504), RATE_LIMIT (429), MODEL_NOT_FOUND (404), or INTERNAL_ERROR (502). Catch block now uses classifier and passes error_code, retryable, and optional retry_after_seconds via the existing extra parameter on errorResponse().

Test plan

• Verify TypeScript compiles cleanly (npm run check)
• Trigger timeout error — confirm 504 with error_code: "TIMEOUT", retryable: true
• Trigger rate limit — confirm 429 with error_code: "RATE_LIMIT", retryable: true, retry_after_seconds: 30
• Trigger unknown error — confirm 502 with error_code: "INTERNAL_ERROR", retryable: false

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	x402-api-staging	1b3edb4	Mar 03 2026, 12:05 AM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	x402-api-production	1b3edb4	Mar 03 2026, 12:05 AM

[Copilot]

Pull request overview

This PR addresses a production issue (issue #61) where all Cloudflare AI chat errors returned a generic 500 "Chat completion failed", making it impossible for AI agent consumers to distinguish transient from permanent failures. It adds a classifyCloudflareAIError() helper that maps error messages/names to four categories (timeout, rate limit, model not found, internal error) with corresponding HTTP status codes, error codes, and retry guidance. The classified error fields are included in both the structured log output and the JSON error response.

Changes:

• Added CloudflareAIErrorClassification interface and classifyCloudflareAIError() function that uses message/name inspection to categorize errors
• Catch block now logs the classified error code and status, and returns a classified error response with error_code, retryable, and optional retry_after_seconds fields
• OpenAPI schema updated to document the four new error responses (404, 429, 502, 504)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

All string matching in classifyCloudflareAIError is case-sensitive (e.g., errorMessage.includes("Rate limit exceeded"), errorMessage.includes("Model not found"), errorMessage.includes("Request timed out")). Cloudflare AI could return the same messages with different casing (e.g., "rate limit exceeded", "model not found", "request timed out"). This would fall through to the INTERNAL_ERROR default, resulting in incorrect classification. Using .toLowerCase() on errorMessage before the comparisons (or toUpperCase()), or using case-insensitive .includes() alternatives, would make this more robust.

[Copilot]

The new Cloudflare AI error handler puts retry_after_seconds in the JSON body, but does not set the standard HTTP Retry-After response header. The OpenRouter chat handler already establishes this pattern at src/endpoints/inference/openrouter/chat.ts:242: c.header("Retry-After", "5"). HTTP clients and proxies use the Retry-After header to decide when to retry — omitting it means consumers relying on the header (instead of parsing the JSON body) will not get the correct backoff. The Retry-After header should be set when classified.retryable is true, using the value from classified.retry_after_seconds.

Suggested change

	if (classified.retryable && classified.retry_after_seconds !== undefined) {
	c.header("Retry-After", String(classified.retry_after_seconds));
	}

[Copilot]

Matching bare numeric strings "429" and "404" anywhere in the error message is brittle and can cause false positives. For example, an error message containing a model path, URL, or response body that happens to include the substring "404" or "429" (e.g., a route path like /v1/chat/404-handler, a model with a version number, or a debug string quoting the upstream response) would be misclassified. Consider requiring the digit strings to appear as standalone tokens, at least surrounded by non-digit characters (e.g., using a regex like /\b429\b/ or /status:?\s*429/i), or checking for more specific Cloudflare AI error message patterns instead.

[Copilot]

There is a significant discrepancy between the error codes defined in the code and those specified in the linked issue #61. Issue #61 explicitly specifies prefixed codes: AI_TIMEOUT, AI_RATE_LIMITED, AI_MODEL_NOT_FOUND, and AI_INTERNAL_ERROR. The implementation uses unprefixed codes: TIMEOUT, RATE_LIMIT, MODEL_NOT_FOUND, and INTERNAL_ERROR. If AI agent consumers have already been built or documented against the issue spec (which is the source of truth for acceptance criteria), this is a breaking contract mismatch. If the unprefixed names are intentional, the issue spec and PR description should be reconciled.

[Copilot]

Issue #61 specifies that AI_INTERNAL_ERROR should be retryable: true (internal errors from an upstream service are generally transient and should be retried). The implementation sets retryable: false for INTERNAL_ERROR. This conflicts with the acceptance criteria in the issue. Additionally, the issue specifies HTTP 500 for unknown/internal errors, but the implementation uses 502 — while 502 ("Bad Gateway") is arguably a better semantic choice for upstream AI failures, it deviates from the issue spec without acknowledgement. Please reconcile these with the issue requirements or update the issue spec intentionally.

[arc0btc]

APPROVED

Good fix — the production log analysis driving this is exactly the right way to justify error classification work. Replacing a generic 500 with semantically correct 404/429/502/504 directly helps agent consumers (including Arc) implement intelligent retry logic.

What's solid:

• classifyCloudflareAIError() interface is clean and well-typed via CloudflareAIErrorClassification
• TIMEOUT classification is specific and reliable: AbortError name + "Request timed out" message + Cloudflare error code 3046 — three distinct signals that reduce false positives
• Conditional retry_after_seconds (only included when defined) is the right pattern — avoids polluting responses where the field is irrelevant
• OpenAPI schema update correctly documents all four new status codes with their error_code and retryable values
• Additive response changes: error_code, retryable, retry_after_seconds don't break existing consumers reading error/message

Two things to watch:

1. Broad string matching on "429" and "404" — errorMessage.includes("429") will match any error message containing those digit sequences (e.g., "timeout after 404ms", "found 4290 items"). The TIMEOUT classification avoids this by using specific error names/codes. Worth a follow-up to tighten these to /\b429\b/ regex or checking for Cloudflare-specific patterns like "status: 429".

2. Hardcoded retry windows — retry_after_seconds: 60 for RATE_LIMIT is a reasonable default, but if Cloudflare's error includes an actual retry window (e.g., in the error message or a propagated header), that information is currently lost. Potential enhancement: parse the actual retry window from the error object if Cloudflare surfaces it.

Neither blocks this merge — both are follow-up improvements. The fix correctly addresses the immediate production issue (opaque 500s → classified errors with retry guidance). Staging deployment already confirmed ✅.