fix(observability): classify OpenHuman/Embedding backend 'Invalid token' 401 as SessionExpired (TAURI-RUST-4P0 + 4K5)#2786
Open
CodeGhost21 wants to merge 2 commits into
Conversation
… SessionExpired
The OpenHuman backend rejects an expired/revoked JWT with the envelope
`{"success":false,"error":"Invalid token"}` (vs. the explicit
`"Session expired. Please log in again."` body that the existing
classifier already catches). Same emit site
(`providers::ops::api_error` → `web_channel.run_chat_task`), same
wrapping, same expected user state — just a different body substring
chosen by the backend's JWT-validity branch.
Issue tinyhumansai#2286 deliberately stopped matching bare `"Invalid token"` as
session-expired because that string also surfaces from Discord /
OAuth provider rejections, which are actionable scoped errors that
must reach Sentry. We preserve that contract with a conjunctive
matcher: BOTH the OpenHuman-scoped `"OpenHuman API error (401"`
prefix AND the envelope-shaped `"\"error\":\"Invalid token\""` must
be present.
tinyhumansai#2286 cases still route to Sentry (verified by the existing
`does_not_classify_byo_key_provider_401_as_session_expired` test
staying green):
- `"Invalid token"` → None ✓
- `"got an invalid token here"` → None ✓
- `"OpenAI API error (401 Unauthorized): invalid_api_key"` → None ✓
- `"Anthropic API error (401 Unauthorized): ..."` → None ✓
Targets Sentry OPENHUMAN-TAURI-4P0 (issue 5332): low volume so far
(1 event) but the wire shape is durable — every OpenHuman user with
a stale JWT will hit this on the next agent turn, so quietly
demoting it to a `warn!` log keeps the noise from compounding.
Contributor
📝 WalkthroughWalkthroughAdds conjunctive matching and docs in ChangesOpenHuman 401 Invalid Token Classification
Sequence Diagram(s)(omitted — change is a targeted classifier update and tests; no multi-component sequential flow requires visualization) Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
graycyrus
reviewed
May 27, 2026
Contributor
graycyrus
left a comment
graycyrus
left a comment
There was a problem hiding this comment.
@CodeGhost21 hey! the code looks good to me — the conjunctive anchor approach is exactly right here. Requiring both the "OpenHuman API error (401" prefix and the envelope-shaped "\"error\":\"Invalid token\"" body together is the correct way to preserve the #2286 contract while catching this specific backend branch, and the two new test cases pin both the verbatim Sentry wire shape and the unwrapped emit shape cleanly.
CI still has a few checks pending (Windows E2E, core image build, Rust core coverage). Once those come back green I'll come back and approve this. Let me know if anything comes up in the meantime.
…sionExpired (TAURI-RUST-4K5)
TAURI-RUST-4K5 (~118 events, escalating on 0.56.0,
domain=embeddings operation=openai_embed status=401) carries the same
OpenHuman backend `{"success":false,"error":"Invalid token"}` envelope
as 4P0, but the embedding client at
`src/openhuman/embeddings/openai.rs:139` wraps it with the
`"Embedding API error"` prefix instead of `"OpenHuman API error"`. The
breadcrumb `[scheduler_gate] signed_out false -> true` immediately
preceding the 401 in the event payload confirms it's the same
session-expired cause, just emitted at the embedding layer.
The conjunctive `"OpenHuman API error (401"` anchor added in the
previous commit catches the chat-API path; this commit adds a parallel
`"Embedding API error (401"` anchor so the embedding path also routes
to SessionExpired. The envelope-shaped `"\"error\":\"Invalid token\""`
gate stays the same, so third-party BYO-key embedding 401s (OpenAI /
Voyage / Cohere rejecting the user's own API key) continue to escalate
as actionable misconfiguration — covered by the new
`does_not_classify_embedding_byo_key_401_as_session_expired`
polarity guard.
## Test plan
- [x] `cargo test classifies_embedding_api_invalid_token` — passes (new)
- [x] `cargo test does_not_classify_embedding_byo_key` — passes (new polarity guard)
- [x] `cargo test classifies_openhuman_invalid_token` — passes (4P0, unchanged)
- [x] `cargo test does_not_classify_byo_key_provider` — passes (tinyhumansai#2286 BYO-key contract preserved)
- [x] `cargo test core::observability` — 91 tests pass, 0 regressions
- [x] `cargo check --bin openhuman-core` — passes
- [x] `cargo fmt --check` — clean
CodeGhost21
changed the title
11 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extend
is_session_expired_messageinsrc/core/observability.rsto recognise the OpenHuman backend's{"success":false,"error":"Invalid token"}401 envelope as a session-expired condition (currently only the explicit"Session expired. Please log in again."body is recognised). Two emit-site wrapper shapes both route through the samereport_error_or_expectedfunnel and need to be covered:OpenHuman API error (401 …)run_chat_taskEmbedding API error (401 …)src/openhuman/embeddings/openai.rs:139Both surface the same upstream cause — backend rejecting the bearer JWT as invalid — typically right after a
[scheduler_gate] signed_out false -> truebreadcrumb (visible in the 4K5 event payload). UI already drives reauth via theSessionExpiredevent-domain path; this stops the noise leaking into Sentry as a code bug.Why two arms, not one
The matcher uses conjunctive anchors per arm —
"<emit-site prefix> (401"AND the envelope-shaped"\"error\":\"Invalid token\"". Anchoring on the emit-site prefix is what preserves the existing #2286 BYO-key contract:"OpenAI API error (401 Unauthorized): invalid_api_key"(user's own OpenAI key revoked) must NOT match — it's actionable misconfiguration."Embedding API error (401 Unauthorized): invalid_api_key"(user's own embedding-provider key revoked) must NOT match for the same reason — covered by the newdoes_not_classify_embedding_byo_key_401_as_session_expiredpolarity guard.A single broad "any 401 + invalid token" matcher would silence both — that's why each emit-site wrapper gets its own prefix-gated arm.
Tests added
classifies_openhuman_invalid_token_401_as_session_expired— verbatim 4P0 wire shape (wrapped + unwrapped variants).classifies_embedding_api_invalid_token_401_as_session_expired— verbatim 4K5 wire shape (direct + wrapped variants).does_not_classify_embedding_byo_key_401_as_session_expired— polarity guard pinning the BYO-key contract for the embedding path.does_not_classify_byo_key_provider_401_as_session_expiredcontinues to pass — SessionExpired clears the session for unrelated backend 401s #2286 contract for the chat path preserved.Test plan
cargo test classifies_embedding_api_invalid_token— passes (new)cargo test classifies_openhuman_invalid_token— passes (4P0)cargo test does_not_classify_embedding_byo_key— passes (new polarity guard)cargo test does_not_classify_byo_key_provider— passes (SessionExpired clears the session for unrelated backend 401s #2286 contract)cargo test core::observability— 91 tests pass, 0 regressionscargo check --bin openhuman-core— passescargo fmt --check— cleanRelated
"Invalid token"envelope), different Sentry fingerprint; the conjunctive-anchor matcher in this PR demotes both shortIds.Summary by CodeRabbit