Exclude RAI content-filter 400s from AI search error monitor (#61498)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: PickHub

src/search/lib/ai-search-constants.ts

@@ -2,3 +2,9 @@
 // payloads are almost always pasted docs pages or unrelated content
 // and either time out or return no-answer. See github/cse-copilot#1214.
 export const MAX_QUERY_LENGTH = 500
+
+// cse-copilot returns HTTP 400 with this code in `detail.code` when Azure's
+// Responsible AI input content filter rejects a query. These are expected,
+// user-triggered rejections, so they are tracked separately and kept out of
+// the AI search error-rate monitor. See github/cse-copilot#1214.
+export const RAI_CONTENT_FILTER_CODE = 'RAI_INPUT_CONTENT_POLICY_BREACH_ERROR'

src/search/lib/ai-search-proxy.ts

@@ -6,7 +6,7 @@ import { getHmacWithEpoch } from '@/search/lib/helpers/get-cse-copilot-auth'
 import { getCSECopilotSource } from '@/search/lib/helpers/cse-copilot-docs-versions'
 import type { ExtendedRequest } from '@/types'
 import { handleExternalSearchAnalytics } from '@/search/lib/helpers/external-search-analytics'
-import { MAX_QUERY_LENGTH } from '@/search/lib/ai-search-constants'
+import { MAX_QUERY_LENGTH, RAI_CONTENT_FILTER_CODE } from '@/search/lib/ai-search-constants'
 
 const logger = createLogger(import.meta.url)
 
@@ -15,6 +15,27 @@ const logger = createLogger(import.meta.url)
 // established, but the connect + first-byte must complete within this window.
 const AI_SEARCH_TIMEOUT_MS = 9_000
 
+type ContentFilterCandidate = {
+  status: number
+  headers: { get: (name: string) => string | null }
+  json: () => Promise<unknown>
+}
+
+const isContentFilterRejection = async (response: ContentFilterCandidate): Promise<boolean> => {
+  if (response.status !== 400) {
+    return false
+  }
+  if (!response.headers.get('content-type')?.includes('application/json')) {
+    return false
+  }
+  try {
+    const body = (await response.json()) as { detail?: { code?: string } }
+    return body?.detail?.code === RAI_CONTENT_FILTER_CODE
+  } catch {
+    return false
+  }
+}
+
 export const aiSearchProxy = async (req: ExtendedRequest, res: Response) => {
   const { query, version } = req.body ?? {}
 
@@ -100,8 +121,13 @@ export const aiSearchProxy = async (req: ExtendedRequest, res: Response) => {
 
     if (!response.ok) {
       const errorMessage = `Upstream server responded with status code ${response.status}`
-      logger.error(errorMessage, { statusCode: response.status })
-      statsd.increment('ai-search.stream_response_error', 1, diagnosticTags)
+      if (await isContentFilterRejection(response)) {
+        logger.info(errorMessage, { statusCode: response.status })
+        statsd.increment('ai-search.content_filtered', 1, diagnosticTags)
+      } else {
+        logger.error(errorMessage, { statusCode: response.status })
+        statsd.increment('ai-search.stream_response_error', 1, diagnosticTags)
+      }
       res.status(response.status).json({
         errors: [{ message: errorMessage }],
         upstreamStatus: response.status,

src/search/tests/ai-search-proxy.ts

@@ -0,0 +1,148 @@
+import { describe, test, expect, vi, beforeEach } from 'vitest'
+
+import statsd from '@/observability/lib/statsd'
+import { fetchStream } from '@/frame/lib/fetch-utils'
+import { aiSearchProxy } from '@/search/lib/ai-search-proxy'
+import { RAI_CONTENT_FILTER_CODE } from '@/search/lib/ai-search-constants'
+import type { ExtendedRequest } from '@/types'
+
+vi.mock('@/observability/lib/statsd', () => ({
+  default: { increment: vi.fn(), gauge: vi.fn() },
+}))
+
+vi.mock('@/frame/lib/fetch-utils', () => ({
+  fetchStream: vi.fn(),
+}))
+
+vi.mock('@/search/lib/helpers/get-cse-copilot-auth', () => ({
+  getHmacWithEpoch: () => 'test-auth',
+}))
+
+vi.mock('@/search/lib/helpers/cse-copilot-docs-versions', () => ({
+  getCSECopilotSource: () => 'docs',
+}))
+
+vi.mock('@/search/lib/helpers/external-search-analytics', () => ({
+  handleExternalSearchAnalytics: async () => null,
+}))
+
+const incrementedMetrics = () =>
+  (statsd.increment as ReturnType<typeof vi.fn>).mock.calls.map((call) => call[0])
+
+function buildResponse() {
+  const res = {
+    statusCode: 0,
+    body: null as unknown,
+    status(code: number) {
+      this.statusCode = code
+      return this
+    },
+    json(payload: unknown) {
+      this.body = payload
+      return this
+    },
+    setHeader: vi.fn(),
+    flushHeaders: vi.fn(),
+    write: vi.fn(),
+    end: vi.fn(),
+    headersSent: false,
+  }
+  return res
+}
+
+function buildRequest(): ExtendedRequest {
+  return {
+    body: { query: 'a disallowed query', version: 'dotcom' },
+    language: 'en',
+  } as unknown as ExtendedRequest
+}
+
+function mockUpstream(
+  status: number,
+  jsonBody: unknown | (() => never),
+  contentType = 'application/json',
+) {
+  const json = vi.fn(async () => {
+    if (typeof jsonBody === 'function') {
+      return (jsonBody as () => never)()
+    }
+    return jsonBody
+  })
+  ;(fetchStream as ReturnType<typeof vi.fn>).mockResolvedValue({
+    ok: status < 400,
+    status,
+    headers: {
+      get: (name: string) => (name.toLowerCase() === 'content-type' ? contentType : null),
+    },
+    json,
+  })
+  return json
+}
+
+describe('aiSearchProxy upstream 400 handling', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  test('RAI content filter 400 increments content_filtered, not stream_response_error', async () => {
+    mockUpstream(400, {
+      code: 400,
+      message: 'Responsible AI input content policy breach',
+      detail: { code: RAI_CONTENT_FILTER_CODE },
+    })
+    const res = buildResponse()
+
+    await aiSearchProxy(buildRequest(), res as never)
+
+    const metrics = incrementedMetrics()
+    expect(metrics).toContain('ai-search.content_filtered')
+    expect(metrics).not.toContain('ai-search.stream_response_error')
+    expect(metrics).toContain('ai-search.call')
+    expect(res.statusCode).toBe(400)
+  })
+
+  test('non-RAI 400 increments stream_response_error', async () => {
+    mockUpstream(400, { code: 400, message: 'some other bad request' })
+    const res = buildResponse()
+
+    await aiSearchProxy(buildRequest(), res as never)
+
+    const metrics = incrementedMetrics()
+    expect(metrics).toContain('ai-search.stream_response_error')
+    expect(metrics).not.toContain('ai-search.content_filtered')
+    expect(res.statusCode).toBe(400)
+  })
+
+  test('malformed 400 body increments stream_response_error', async () => {
+    mockUpstream(400, () => {
+      throw new Error('invalid json')
+    })
+    const res = buildResponse()
+
+    await aiSearchProxy(buildRequest(), res as never)
+
+    const metrics = incrementedMetrics()
+    expect(metrics).toContain('ai-search.stream_response_error')
+    expect(metrics).not.toContain('ai-search.content_filtered')
+    expect(res.statusCode).toBe(400)
+  })
+
+  test('non-JSON 400 body increments stream_response_error without parsing', async () => {
+    const json = mockUpstream(
+      400,
+      () => {
+        throw new Error('should not be parsed')
+      },
+      'text/html',
+    )
+    const res = buildResponse()
+
+    await aiSearchProxy(buildRequest(), res as never)
+
+    const metrics = incrementedMetrics()
+    expect(json).not.toHaveBeenCalled()
+    expect(metrics).toContain('ai-search.stream_response_error')
+    expect(metrics).not.toContain('ai-search.content_filtered')
+    expect(res.statusCode).toBe(400)
+  })
+})