From 8f91b87fe04d36db134f687a1583c8f3c1273613 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 11 Feb 2026 10:44:36 +0000
Subject: [PATCH] fix: stop retrying on 4xx errors in _retry_request

Previously, `_retry_request` would retry on any `httpx.HTTPError`, including 4xx client errors (e.g., 400 Bad Request, 401 Unauthorized). This is inefficient and can lead to API spamming or bans.

This change modifies `_retry_request` to:
- Check if the exception is an `httpx.HTTPStatusError`.
- If the status code is 4xx (and not 429 Too Many Requests), raise the exception immediately instead of retrying.
- Log the response content (sanitized) for debugging before raising.

This improves security by preventing potential DoS-like behavior against the API and failing fast on invalid inputs or auth failures.

Co-authored-by: abhimehro <84992105+abhimehro@users.noreply.github.com>
---
 main.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/main.py b/main.py
index 4b76614..e7e0dbf 100644
--- a/main.py
+++ b/main.py
@@ -600,6 +600,14 @@ def _retry_request(request_func, max_retries=MAX_RETRIES, delay=RETRY_DELAY):
             response.raise_for_status()
             return response
         except (httpx.HTTPError, httpx.TimeoutException) as e:
+            # Security: Don't retry on client errors (4xx) unless it's rate limiting (429)
+            if isinstance(e, httpx.HTTPStatusError):
+                status = e.response.status_code
+                if 400 <= status < 500 and status != 429:
+                    if hasattr(e, "response") and e.response is not None:
+                        log.debug(f"Response content: {sanitize_for_log(e.response.text)}")
+                    raise
+
             if attempt == max_retries - 1:
                 if hasattr(e, "response") and e.response is not None:
                     log.debug(f"Response content: {sanitize_for_log(e.response.text)}")