fix(observability): classify DeepSeek 'Insufficient Balance' 402 as user-state (Sentry TAURI-RUST-4ZF)

[CodeGhost21]

Summary

Add "insufficient balance" to is_provider_config_rejection_message's PHRASES array (src/openhuman/inference/provider/config_rejection.rs). A user's custom BYO-key DeepSeek provider returns HTTP 402 {"error":{"message":"… Insufficient Balance …"}} when their DeepSeek account balance is exhausted. Pure user-billing state — the remediation is "top up the DeepSeek account", which Sentry has no way to act on.

Targets Sentry TAURI-RUST-4ZF (domain=llm_provider, operation=native_chat, status=402, provider=custom, model=ds/deepseek-v4-flash).

Why this belongs in the existing classifier

This is the same class as the OpenRouter S5 "requires more credits" 402 already in the list — third-party BYO-key provider reporting the user is out of credits. Different upstream, different wire token:

Sentry ID	Provider	Wire token	Status
S5 (existing)	OpenRouter	requires more credits	402
4ZF (this PR)	DeepSeek	Insufficient Balance	402

The OpenHuman backend's own balance gate is handled separately by is_budget_exhausted_message (different body shape), so there's no backend false-positive risk: "Insufficient Balance" is a DeepSeek-specific token our backend never emits. The matcher is case-insensitive (body.to_ascii_lowercase()), so capitalisation variants are covered.

Tests

• detects_insufficient_balance_402_family — verbatim TAURI-RUST-4ZF wire shape (truncated body from issue 5679) + a bare upstream envelope.
• Existing ignores_transient_and_server_and_unrelated stays green — its negative case "insufficient budget — add credits" does NOT match ("budget" ≠ "balance"), so the new phrase doesn't over-reach.

Related

PR #2796 (Sentry TAURI-RUST-35 family, "does not support tools") also appends to this PHRASES array, but at a different position (end of list vs. next to the S5 entry) — no merge conflict expected.

Test plan

• cargo test detects_insufficient_balance_402_family — passes
• cargo test config_rejection — 7 tests pass, 0 regressions
• cargo check --manifest-path Cargo.toml --bin openhuman-core — passes
• cargo fmt --check — clean

Note on push: the pre-push hook failed on pre-existing ESLint warnings in app/src/components/BootCheckGate/BootCheckGate.tsx and RotatingTetrahedronCanvas.tsx (react-hooks/set-state-in-effect) — frontend React files untouched by this Rust-only change. Pushed with --no-verify per the CLAUDE.md guidance for unrelated pre-existing breakage.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced error detection for DeepSeek API configuration issues to properly recognize insufficient balance errors, enabling improved error handling and providing clearer feedback when users encounter account balance-related problems.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 82e70dfa-e9b6-44e6-ac87-dfb3b102343d

📥 Commits

Reviewing files that changed from the base of the PR and between 3f2e2f2 and e589727.

📒 Files selected for processing (1)

• src/openhuman/inference/provider/config_rejection.rs

---

📝 Walkthrough

Walkthrough

This PR extends the provider configuration-rejection classifier to recognize DeepSeek custom BYO-key 402 failures where the upstream error message contains "Insufficient Balance". The changes include classifier logic updates, module documentation, and test coverage for two wire-shape variants.

Changes

DeepSeek Balance Exhaustion Classification

Layer / File(s)	Summary
Balance exhaustion detection and validation src/openhuman/inference/provider/config_rejection.rs	Module documentation adds the new 4ZF example phrase. The is_provider_config_rejection_message substring matcher adds "insufficient balance" with TAURI-RUST-4ZF context comments. A new test detects_insufficient_balance_402_family validates detection for both truncated custom API error and bare upstream envelope shapes containing this phrase.

Possibly related PRs

• tinyhumansai/openhuman#2309: Both PRs extend the is_provider_config_rejection_message substring matcher (and related tests) in src/openhuman/inference/provider/config_rejection.rs to classify additional Wave 4 provider-config rejection wire shapes.
• tinyhumansai/openhuman#2239: Both PRs extend the provider config-rejection detection by updating is_provider_config_rejection_message's substring phrase matching (and its unit tests), with the retrieved PR also wiring that classifier into observability/web/ops.

Suggested labels

working

Suggested reviewers

• graycyrus
• senamakel

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

---

🐰 A balance so low it cries,
DeepSeek now sees with deeper eyes,
"Insufficient" balance we detect,
Configuration checks—one more correct!
✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: classifying DeepSeek 'Insufficient Balance' 402 responses as user-state in the configuration rejection classifier.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}