fix: return null for unknown stop reason in anthropic handler

[steebchen]

Problem

The default case in determineStopReason was returning "end_turn" for any unrecognized finishReason, including undefined — which occurs in mid-stream chunks where the model hasn't finished yet. This incorrectly signalled end-of-turn on partial responses.

Fix

Return null instead, matching the Anthropic API spec for unknown / not-yet-finished states.

Change

// before
default:
    return "end_turn";

// after
default:
    return null;

Summary by CodeRabbit

• Bug Fixes

  • Improved authentication error detection and alternate API key retry logic to handle credential failures more reliably, including errors that return non-standard HTTP status codes.
  • Enhanced error classification to recognize invalid API key errors across various response formats.

• Tests

  • Added comprehensive test coverage for new authentication error detection and key retry scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b900e2cd-db5d-4dc0-a4fc-6bf6f3dd616c

📥 Commits

Reviewing files that changed from the base of the PR and between 6b064a1 and 1772157.

📒 Files selected for processing (10)

• apps/gateway/src/chat/chat.ts
• apps/gateway/src/chat/tools/get-finish-reason-from-error.spec.ts
• apps/gateway/src/chat/tools/get-finish-reason-from-error.ts
• apps/gateway/src/chat/tools/retry-with-fallback.spec.ts
• apps/gateway/src/chat/tools/retry-with-fallback.ts
• apps/gateway/src/fallback.spec.ts
• apps/gateway/src/lib/api-key-health.spec.ts
• apps/gateway/src/lib/api-key-health.ts
• apps/gateway/src/lib/provider-auth-errors.ts
• apps/gateway/src/test-utils/mock-openai-server.ts

---

Walkthrough

This PR introduces credential-aware retry logic by adding hasInvalidProviderCredentialError() helper and shouldRetryAlternateKey() function to improve invalid API key detection across error classification, key health tracking, and alternate-key retry decisions. It updates retry logic in the chat handler and extends test coverage for credential-based failures.

Changes

Cohort / File(s)	Summary
New Helper Functions apps/gateway/src/lib/provider-auth-errors.ts, apps/gateway/src/chat/tools/retry-with-fallback.ts	Introduced hasInvalidProviderCredentialError() to detect invalid provider credentials via regex patterns, and shouldRetryAlternateKey() to gate alternate-key retries based on error type, status code, or credential errors.
Error Classification & Key Health apps/gateway/src/chat/tools/get-finish-reason-from-error.ts, apps/gateway/src/lib/api-key-health.ts	Updated getFinishReasonFromError() to classify 400 errors with invalid credentials as gateway_error; replaced substring-based credential detection with hasInvalidProviderCredentialError() in key health tracking.
Chat Retry Logic apps/gateway/src/chat/chat.ts	Refactored alternate-key retry decisions to use shouldRetryAlternateKey() instead of isRetryableErrorType(), now evaluating finish reason, status code, and error text for both HTTP and streaming errors.
Tests & Mocks apps/gateway/src/chat/tools/get-finish-reason-from-error.spec.ts, apps/gateway/src/chat/tools/retry-with-fallback.spec.ts, apps/gateway/src/lib/api-key-health.spec.ts, apps/gateway/src/fallback.spec.ts, apps/gateway/src/test-utils/mock-openai-server.ts	Added test coverage for invalid API key detection (400 with invalid_api_key payload), alternate-key retry decisions, and key health tracking; extended mock server to simulate credential errors via TRIGGER_FAIL_ONCE_INVALID_KEY.

Sequence Diagram

sequenceDiagram
    participant Client
    participant ChatHandler as Chat Handler<br/>(chat.ts)
    participant ErrorClass as Error Classification<br/>(get-finish-reason-from-error.ts)
    participant RetryLogic as Retry Decision<br/>(retry-with-fallback.ts)
    participant KeyHealth as Key Health Tracker<br/>(api-key-health.ts)
    participant CredChecker as Credential Checker<br/>(provider-auth-errors.ts)
    participant NextProvider as Alternate<br/>Provider

    Client->>ChatHandler: Request with API Key

    alt HTTP Error Response
        ChatHandler->>ErrorClass: Classify error (status, body)
        ErrorClass->>CredChecker: hasInvalidProviderCredentialError(errorText)?
        CredChecker-->>ErrorClass: true/false
        ErrorClass-->>ChatHandler: gateway_error or other
    else Streaming Error
        ChatHandler->>ErrorClass: Get finish reason (errorType, errorText)
        ErrorClass->>CredChecker: Check credential error
        CredChecker-->>ErrorClass: Result
        ErrorClass-->>ChatHandler: finish reason
    end

    ChatHandler->>RetryLogic: shouldRetryAlternateKey(finishReason, status, errorText)?
    RetryLogic->>CredChecker: Evaluate credential error condition
    CredChecker-->>RetryLogic: Matches invalid key pattern?
    RetryLogic-->>ChatHandler: true/false (retry alternate?)

    alt Should Retry Alternate Key
        ChatHandler->>KeyHealth: rememberFailedKey(currentKey, errorText)
        KeyHealth->>CredChecker: Check if permanent credential error
        CredChecker-->>KeyHealth: Result
        KeyHealth-->>ChatHandler: Mark key unhealthy/blacklisted
        ChatHandler->>NextProvider: Retry with alternate key
        NextProvider-->>Client: Response (success/failure)
    else Don't Retry
        ChatHandler->>Client: Return error response
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix(gateway): ignore non-exempt provider 4xx for uptime #1824: Modifies 4xx finish-reason classification and API-key health/retry logic, touching the same error classification and retry decision paths as this PR.
• fix: API key not found error handling #1534: Updates error-classification and API-key health/reporting codepaths with similar invalid API key detection and health-tracking changes.
• feat: add uptime-aware API key load balancing #1554: Refactors API key health logic in api-key-health.ts with related blacklisting and health metric updates.

Suggested labels

auto-merge

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title mentions 'anthropic handler' and 'stop reason', but the changeset focuses on retry logic for alternate keys, credential error detection, and key health tracking across multiple files—with no changes to anthropic handler code.	Update the title to reflect the actual changes: retry logic improvements, alternate-key fallback mechanism, and provider credential error detection.
Docstring Coverage	⚠️ Warning	Docstring coverage is 37.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/anthropic-stop-reason-null

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR expands the gateway’s handling of upstream provider credential failures by detecting invalid-provider-key error payloads (even when they come back as 400s), using that signal to (a) permanently blacklist bad keys in key health tracking and (b) retry the same provider with an alternate configured key.

Changes:

• Added hasInvalidProviderCredentialError() helper and used it to classify/handle invalid-key payloads consistently.
• Updated API key health tracking to permanently blacklist keys based on invalid-credential error text (not only 401/403).
• Updated retry logic to rotate to an alternate key on same-provider auth failures, and added test coverage + mock server triggers.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
apps/gateway/src/test-utils/mock-openai-server.ts	Adds a new fail-once invalid-key trigger to simulate 400 auth-like payloads for retry tests.
apps/gateway/src/lib/provider-auth-errors.ts	Introduces shared invalid-credential error-text detection helper.
apps/gateway/src/lib/api-key-health.ts	Uses new helper to permanently blacklist keys based on invalid credential payload text.
apps/gateway/src/lib/api-key-health.spec.ts	Adds coverage for permanent blacklisting on 400 invalid-key text.
apps/gateway/src/fallback.spec.ts	Resets key health between tests and adds scenarios validating same-provider key rotation for auth-like failures.
apps/gateway/src/chat/tools/retry-with-fallback.ts	Adds shouldRetryAlternateKey() to decide when to rotate keys within the same provider.
apps/gateway/src/chat/tools/retry-with-fallback.spec.ts	Adds unit tests for shouldRetryAlternateKey().
apps/gateway/src/chat/tools/get-finish-reason-from-error.ts	Classifies known invalid-credential payload text as gateway_error (even for 400s).
apps/gateway/src/chat/tools/get-finish-reason-from-error.spec.ts	Adds test asserting 400 invalid-key payload becomes gateway_error.
apps/gateway/src/chat/chat.ts	Switches same-provider retry decision to shouldRetryAlternateKey() to include auth/invalid-key cases.

Comments suppressed due to low confidence (1)

apps/gateway/src/chat/tools/get-finish-reason-from-error.ts:14

• The header comment for getFinishReasonFromError still describes auth classification only in terms of 401/403 status codes, but the implementation now also treats certain 400 responses (detected via hasInvalidProviderCredentialError(errorText)) as gateway_error. Consider updating the doc comment to reflect this additional classification rule so future readers don’t assume status-code-only behavior.

/**
 * Determines the appropriate finish reason based on HTTP status code and error message
 * 5xx status codes indicate upstream provider errors
 * 429 status codes indicate upstream rate limiting (treated as upstream error)
 * 404 status codes indicate model/endpoint not found at provider (treated as upstream error)
 * 401/403 status codes indicate authentication/authorization issues (gateway configuration errors)
 * Other 4xx status codes indicate client errors
 * Special client errors (like JSON format validation) are classified as client_error
 *
 * Note: Error classification is separate from health tracking. The health tracking system
 * (api-key-health.ts) independently handles 401/403 errors for uptime routing purposes
 * by permanently blacklisting keys with these status codes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

PR title/description describe changing Anthropic determineStopReason to return null for unknown finish reasons, but this PR's diff does not include any changes to apps/gateway/src/anthropic/anthropic.ts (where determineStopReason currently defaults to returning "end_turn"). Please either include the missing Anthropic handler change or update the PR title/description to reflect the actual changes (provider credential detection + alternate-key retry/health behavior).

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1772157b56

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve gateway_error in alternate-key retry metadata

Enabling shouldRetryAlternateKey for gateway_error causes auth failures (e.g., 401/403 or 400 invalid-key payloads) to enter the retry path, but those retry attempts are still recorded via getErrorType(statusCode) in chat.ts, which maps these statuses to upstream_error. In scenarios with multiple keys on the same provider, metadata.routing[].error_type will now misreport credential failures as transient upstream failures, which can mislead routing diagnostics and dashboard analysis.

Useful? React with 👍 / 👎.