fix: surface http errors correctly

[sxlijin]

integ-tests fail on canary right now in two places (0.206.0 is going out despite these, because these failures have been present since pre-0.205.0):

• aws invalid profile (TS tests in aws.test.ts) throws BamlValidationError on the invalid profile
• test_client_response_type in test_functions.py throws BamlValidationError on failure to parse the response type

I can't tell when this started happening; looking at the git history, it's hard to figure out what happened here.

#2383 is an attemptat fixing this: it boils down to that we have a lot of tech debt around error handling and it needs a lot of cleanup because I don't think any of us actually understand our error propagation logic. The central pivot point is that ExposedError is an attempt at creating a fan-in point for different types of errors - the runtime raises anyhow errors and then we try to translate that into ExposedError before handing it to the FFI layers - but either it isn't sufficiently comprehensive or there's another error type I'm missing.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
promptfiddle	Error			Aug 28, 2025 0:32am

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 84bcc06 in 1 minute and 32 seconds. Click for details.

• Reviewed 474 lines of code in 19 files
• Skipped 0 files when reviewing.
• Skipped posting 12 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. integ-tests/typescript/tests/providers/aws.test.ts:20

• Draft comment:
  The tests show mixed expectations for errors (e.g. expecting 'DispatchFailure' in one test and 'BamlClientHttpError' in another). Verify that error codes/names remain consistent across AWS error scenarios. Consider standardizing the error output so tests don’t become brittle when internal error strings change.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

2. integ-tests/typescript/tests/providers/aws.test.ts:25

• Draft comment:
  The test for invalid AWS profile expects a rejection with code 'GenericFailure'. Confirm that this error code is the intended output and that the error structure is stable, as other tests rely on 'BamlClientHttpError'.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

3. integ-tests/typescript/tests/providers/aws.test.ts:141

• Draft comment:
  The tests for dynamic client configuration and region resolution (using environment variables like AWS_REGION and AWS_DEFAULT_REGION) are good, but be sure to reset or isolate environment variable changes to avoid test interference.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

4. tools/build:62

• Draft comment:
  The build script uses 'cd "$1"' and then eval on constructed commands. Ensure that the input argument is properly validated to avoid any risk from unsanitized inputs. If this script is only used in a controlled CI environment this may be acceptable, but it’s worth commenting on the risks.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

5. integ-tests/typescript/tests/abort-handlers.test.ts:12

• Draft comment:
  The abort tests using AbortController look solid. Consider adding additional verification that no further messages are received after abort (e.g. by checking the stream stops receiving data) to further strengthen cancellation coverage.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

6. integ-tests/typescript/tests/prompt_renderer.test.ts:40

• Draft comment:
  The test for maintaining field order in JSON is precise but may be brittle if output formatting changes. Consider comparing object keys using deep equality rather than string matching if possible.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

7. integ-tests/baml_src/test-files/abort-handlers/abort-handlers.baml:52

• Draft comment:
  The abort-handlers BAML test file is clear. Ensure that the prompts used for failure cases (e.g. in FnFailRetryConstantDelay and FnFailRetryExponentialDelay) fully exercise cancellation paths in the client.
• Reason this comment was not posted:
  Confidence changes required: 40% <= threshold 50% None

8. integ-tests/typescript/tests/providers/aws.test.ts:310

• Draft comment:
  In the test 'should throw error when using temporary credentials without session token', verify that the client fails gracefully and does not leak sensitive information in error messages.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

9. integ-tests/typescript/tests/providers/aws.test.ts:371

• Draft comment:
  Tests using dynamic client registry cover a wide range of scenarios. It’s good to see tests for invalid region, non-existent model, and profile issues. Double-check that the error matching in rejects.toMatchObject() remains robust as internal error messages may change.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

10. engine/baml-runtime/src/types/response.rs:148

• Draft comment:
  Typo: The TODO comment contains "dont" which should be "don't" for proper grammar.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 40% <= threshold 50% The comment is pointing out a grammatical error in a TODO comment. While this is a minor issue, correcting typos can improve code readability and maintainability. However, it doesn't directly impact the functionality of the code.

11. integ-tests/typescript-esm/baml_client/inlinedbaml.ts:8

• Draft comment:
  Typo: In the comment "tests whether k1 doesnt incorrectly get matched with k11", consider changing "doesnt" to "doesn't".
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

12. integ-tests/typescript/tests/prompt_renderer.test.ts:40

• Draft comment:
  Consider revising the test description text "maintain field order" for improved clarity. Perhaps change it to "maintains field order" to align with standard grammar.
• Reason this comment was not posted:
  Comment was on unchanged code.

Workflow ID: wflow_HPVHHQyIgMpqyeqS

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[entelligence-ai-pr-reviews]

🔒 Entelligence AI Vulnerability Scanner

✅ No security vulnerabilities found!

Your code passed our comprehensive security analysis.

---

[entelligence-ai-pr-reviews]

Review Summary

🏷️ Draft Comments (3)

Skipped posting 3 draft comments that were valid but scored below your review threshold (>=10/15). Feel free to update them here.

engine/baml-runtime/src/cli/serve/error.rs (1)

95-97: FailedToConnect error is mapped to ClientError, but ClientError does not include the client name or status code, potentially losing critical context for HTTP error handling and making it impossible for clients to distinguish connection errors from other client errors.

📊 Impact Scores:

• Production Impact: 2/5
• Fix Specificity: 4/5
• Urgency Impact: 2/5
• Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):

In engine/baml-runtime/src/cli/serve/error.rs, lines 95-97, the mapping for `ErrorCode::FailedToConnect` currently returns `Self::ClientError`, which does not include the client name or status code. This loses important context for HTTP error handling and prevents clients from distinguishing connection errors from other client errors. Change this mapping to return `Self::ClientHttpError` with an appropriate client name (e.g., "llm_provider") and a status code of 502 (BAD_GATEWAY).

---

engine/baml-runtime/src/types/response.rs (1)

148-159: format_err may incorrectly return a ClientHttpError with FailedToConnect status for any error whose string contains 'connecterror', even if the error is unrelated to connection failures.

📊 Impact Scores:

• Production Impact: 3/5
• Fix Specificity: 2/5
• Urgency Impact: 2/5
• Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):

In engine/baml-runtime/src/types/response.rs, lines 148-159, the code currently checks if the error string contains 'connecterror' to determine if it should return a ClientHttpError with FailedToConnect status. This can misclassify unrelated errors. Update the logic to only return FailedToConnect if the error's source actually contains 'connecterror', not just the error string itself. Replace the string matching with a check on err.source().

---

engine/language_client_python/src/errors.rs (1)

134-146: FailedToConnect error is now mapped to BamlClientHttpError, but the error message may not distinguish it from other HTTP errors, potentially obscuring connection-specific failures for downstream Python code.

📊 Impact Scores:

• Production Impact: 2/5
• Fix Specificity: 5/5
• Urgency Impact: 2/5
• Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):

In engine/language_client_python/src/errors.rs, lines 134-146, the match arm for ErrorCode::FailedToConnect is grouped with other HTTP errors and does not provide a distinct error message for connection failures. Please separate ErrorCode::FailedToConnect into its own match arm and update the error message to clearly indicate a connection failure (e.g., prefix with 'Failed to connect:'). This will help downstream Python code distinguish connection errors from other HTTP errors.

---

🔍 Comments beyond diff scope (2)

engine/baml-runtime/src/internal/llm_client/mod.rs (1)

248-269: ErrorCode::FailedToConnect is not handled in ErrorCode::from_status or from_u16, so connection errors mapped to this variant may not be correctly reconstructed from status codes, leading to incorrect error reporting.
Category: correctness

---

engine/baml-runtime/src/internal/llm_client/primitive/request.rs (1)

290-292: ErrorCode::FailedToConnect is only set for connection errors in request build/execute, but not when reading the response body fails, causing inconsistent error reporting for connection failures during body consumption.
Category: correctness

---

[entelligence-ai-pr-reviews]

correctness: SdkError::TimeoutError(_) and SdkError::Other(2) are mapped to ErrorCode::Other(2) instead of a more specific error, which may cause connection errors to be misclassified and not surfaced as HTTP errors.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In engine/baml-runtime/src/internal/llm_client/primitive/aws/aws_client.rs, lines 1249-1250, update the error mapping so that both `SdkError::TimeoutError(_)` and `SdkError::DispatchFailure(_)` are mapped to `ErrorCode::FailedToConnect` instead of `ErrorCode::Other(2)`. This ensures connection errors are surfaced as HTTP errors. Change:
SdkError::TimeoutError(_) => ErrorCode::Other(2),
SdkError::DispatchFailure(_) => ErrorCode::FailedToConnect,
to:
SdkError::TimeoutError(_) => ErrorCode::FailedToConnect,
SdkError::DispatchFailure(_) => ErrorCode::FailedToConnect,

📝 Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	SdkError::TimeoutError(_) => ErrorCode::Other(2),
	SdkError::DispatchFailure(_) => ErrorCode::Other(2),
	SdkError::DispatchFailure(_) => ErrorCode::FailedToConnect,
	SdkError::TimeoutError(_) => ErrorCode::FailedToConnect,
	SdkError::DispatchFailure(_) => ErrorCode::FailedToConnect,

[entelligence-ai-pr-reviews]

correctness: to_media_message for BamlMediaType::Pdf with BamlMediaContent::Url inserts a nested map with both file and file_url, which does not match OpenAI's expected schema and may cause request failures.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In engine/baml-runtime/src/internal/llm_client/primitive/openai/openai_client.rs, lines 724-733, the `to_media_message` function for `BamlMediaType::Pdf` with `BamlMediaContent::Url` inserts a map with both `type` and `file_url` under the `file` key, which does not match OpenAI's expected schema and may cause request failures. Please update this block so that only `{ "file_url": url_content.url }` is inserted under the `file` key, not a nested map with `type`.

📝 Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	match &media.content {
	BamlMediaContent::Url(url_content) => {
	// For URLs, we need to resolve them to base64 first
	anyhow::bail!(
	"BAML internal error (openai): Pdf URL are not supported by OpenAI use base64."
	content.insert(
	payload_key.into(),
	json!({
	"type": "input_file",
	"file_url": url_content.url
	}),
	);
	match &media.content {
	BamlMediaContent::Url(url_content) => {
	content.insert(
	payload_key.into(),
	json!({
	"file_url": url_content.url
	}),
	);
	}