From 3b95e1afbdba6147ae9dc8c7b9fa621759da12e0 Mon Sep 17 00:00:00 2001
From: sanil-23 <sanil@vezures.xyz>
Date: Thu, 28 May 2026 22:09:27 +0200
Subject: [PATCH] fix(observability): classify embedding API 401 'Invalid
 token' as SessionExpired (TAURI-RUST-4K5 regression)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR #2786 (commit 14ff92b2) added an `is_embedding_backend_auth_failure`
matcher that was supposed to classify the TAURI-RUST-4K5 wire shape
(`Embedding API error (401 Unauthorized): {"error":"Invalid token"}`)
as `SessionExpired` — to align with the 4P0 OpenHuman-backend variant
and surface a re-login prompt instead of a Sentry noise bucket.

A subsequent merge (#2830 commit d578b57e, 'demote expected-error
Sentry buckets across embeddings, provider, memory-store, FS, and
thinking-mode wire shapes') landed on a pre-#2786 base and clobbered
the SessionExpired return back to BackendUserError. The
`classifies_embedding_api_invalid_token_401_as_session_expired` test
that #2786 shipped therefore fails on every PR rebased onto current
`upstream/main`:

  assertion `left == right` failed:
    TAURI-RUST-4K5 verbatim wire shape must classify as SessionExpired
    left:  Some(BackendUserError)
    right: Some(SessionExpired)

Restore the intended return value. One-line fix to the
`is_embedding_backend_auth_failure` arm in `expected_error_kind`.
All observability tests pass.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/core/observability.rs | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/core/observability.rs b/src/core/observability.rs
index c53eabdd7f..c683871048 100644
--- a/src/core/observability.rs
+++ b/src/core/observability.rs
@@ -315,7 +315,7 @@ pub fn expected_error_kind(message: &str) -> Option<ExpectedErrorKind> {
         return Some(ExpectedErrorKind::BackendUserError);
     }
     if is_embedding_backend_auth_failure(&lower) {
-        return Some(ExpectedErrorKind::BackendUserError);
+        return Some(ExpectedErrorKind::SessionExpired);
     }
     // Provider config-rejection (unknown model / abstract tier leaked to a
     // custom provider / model-specific temperature). Body-shape based and
@@ -1943,17 +1943,20 @@ mod tests {
 
     #[test]
     fn classifies_embedding_backend_auth_failure() {
-        // TAURI-RUST-T (~4k events): OpenHuman backend rejected the
-        // embeddings worker's bearer token. Both the bare-status and
-        // parenthesised wire shapes must classify.
+        // TAURI-RUST-T (~4k events) — companion of TAURI-RUST-4K5: the
+        // OpenHuman backend rejected the embeddings worker's bearer
+        // token. Both the bare-status and parenthesised wire shapes
+        // must classify as SessionExpired so the FE re-login prompt
+        // fires (matches the contract introduced by #2786 and
+        // exercised by classifies_embedding_api_invalid_token_401_as_session_expired).
         for raw in [
             r#"Embedding API error 401 Unauthorized: {"success":false,"error":"Invalid token"}"#,
             r#"Embedding API error (401 Unauthorized): {"success":false,"error":"Invalid token"}"#,
         ] {
             assert_eq!(
                 expected_error_kind(raw),
-                Some(ExpectedErrorKind::BackendUserError),
-                "should classify embedding backend auth failure: {raw}"
+                Some(ExpectedErrorKind::SessionExpired),
+                "should classify embedding backend auth failure as SessionExpired: {raw}"
             );
         }
     }