feat(proxy): add error_type zod enum to all LLM proxy error responses

[kilo-code-bot]

Summary

Adds a proxyErrorTypeSchema zod enum and an error_type property to every error HTTP response in llm-proxy-helpers.ts. This gives clients a machine-readable, stable error classifier they can switch on instead of parsing free-text error/message strings.

The enum covers all 15 error paths:
invalid_path, invalid_request, temporarily_unavailable, upgrade_required, usage_limit_exceeded, data_collection_required, api_kind_not_supported, stealth_model_error, byok_error, context_length_exceeded, model_not_allowed, forbidden_free_model, model_not_found, feature_exclusive_model, unsupported_field.

Each literal is typed with satisfies ProxyErrorType so the compiler catches any mismatch with the enum.

Verification

• Ran tsc --noEmit against apps/web — no type errors in the changed file
• Ran pnpm format — no formatting issues
• Pre-commit hooks (lint, typecheck, format) passed on push

Visual Changes

N/A

Reviewer Notes

• The error field is left unchanged so existing clients are unaffected; error_type is purely additive.
• usageLimitExceededResponse has a nested error object (consumed by the extension); error_type is placed at the top level alongside it.

[kilo-code-bot]

Code Review Summary

Status: 4 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	4
SUGGESTION	0

Fix these issues in Kilo Cloud

Issue Details (click to expand)

No new diff-line issues in the incremental changes. The remaining warning-level gaps are unchanged pass-through/auth paths that still return some proxy errors without error_type.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File	Line	Issue
apps/web/src/app/api/openrouter/[...path]/route.ts	645	When makeErrorReadable() does not rewrite an upstream 4xx/5xx, the route still returns wrapInSafeNextResponse(response), so many provider error bodies pass through without error_type.
apps/web/src/app/api/openrouter/embeddings/route.ts	306	Upstream embedding failures are still forwarded with wrapInSafeNextResponse(response), which means clients can still receive proxy errors without error_type.
apps/web/src/app/api/fim/completions/route.ts	90	The route still returns authFailedResponse from getUserFromAuth() unchanged, so unauthenticated or forbidden FIM requests keep the generic { success: false, error } payload without error_type.
apps/web/src/app/api/fim/completions/route.ts	279	Non-local FIM provider errors are still returned via wrapInSafeNextResponse(proxyRes), so upstream 4xx/5xx responses are not normalized to include error_type.

Files Reviewed (5 files)

• apps/web/src/lib/proxy-error-types.ts - 0 issues
• apps/web/src/lib/llm-proxy-helpers.ts - 0 issues in diff
• apps/web/src/app/api/openrouter/[...path]/route.ts - 1 issue outside diff
• apps/web/src/app/api/openrouter/embeddings/route.ts - 1 issue outside diff
• apps/web/src/app/api/fim/completions/route.ts - 2 issues outside diff

---

_{Reviewed by gpt-5.4-2026-03-05 · 764,953 tokens}