fix: clarify provider quota errors

[hxy91819]

Summary

• Surface actionable guidance when a provider returns HTTP 429 with only a generic runtime message before the agent replies.
• Classify Volcengine Ark Coding Plan InvalidSubscription responses as billing/subscription failures, including long JSON payloads.
• Keep explicit rate-limit errors on the existing rate-limit path.

Official Docs / Live Shape

Volcengine's official Ark error-code page lists HTTP 400 InvalidSubscription as a Coding Plan subscription failure: https://www.volcengine.com/docs/82379/1282849

A temporary live Volcengine key reproduced that shape as HTTP 400 InvalidSubscription; no secret, account id, or request id is included here.

Real behavior proof

Behavior addressed: provider quota/billing failures that previously collapsed into generic Something went wrong user copy now surface billing/quota guidance.

Real environment tested: local OpenClaw worktree plus one live Volcengine Ark request using a temporary key supplied for this verification.

Exact steps or command run after this patch:

node scripts/run-vitest.mjs src/agents/embedded-agent-helpers/failover-matches.test.ts
node scripts/run-vitest.mjs src/agents/embedded-agent-helpers.formatassistanterrortext.test.ts
node scripts/run-vitest.mjs src/auto-reply/reply/provider-request-error-classifier.test.ts
env -u OPENCLAW_PROFILE -u OPENCLAW_CONFIG_PROFILE node scripts/run-vitest.mjs src/auto-reply/reply/agent-runner-execution.test.ts
git diff --check
.agents/skills/autoreview/scripts/autoreview --mode local

Evidence after fix:

• failover-matches.test.ts: 21 tests passed.
• embedded-agent-helpers.formatassistanterrortext.test.ts: 80 tests passed.
• provider-request-error-classifier.test.ts: 8 tests passed.
• agent-runner-execution.test.ts: 185 tests passed.
• git diff --check: passed.
• Autoreview: clean, no accepted/actionable findings.

Observed result after fix: HTTP 400 Volcengine InvalidSubscription maps to billing guidance, and structured HTTP 429 generic provider failures map to quota/rate-limit/billing guidance instead of generic runner failure text.

What was not tested: a successful Volcengine completion after purchasing/renewing Coding Plan; that would validate provider subscription success, but is not required to prove this failure-classification fix.

Agent Transcript

Redacted Codex session summary

• The user reported that provider billing or quota failures could be hidden behind generic Something went wrong copy, making the failure hard to diagnose.
• The investigation first checked existing formatter and lifecycle handling for provider auth, rate-limit, and billing failures.
• The user clarified that the reported case came from the Volcengine Seed channel.
• A one-time live verification with a temporary key showed Volcengine returned HTTP 400 InvalidSubscription, not the originally suspected HTTP 429 shape.
• Official Volcengine Ark documentation confirmed that InvalidSubscription means the Coding Plan subscription is missing or expired.
• The fix added billing classification for the Volcengine InvalidSubscription shape, including long payload handling.
• The fix also kept the generic HTTP 429 improvement narrow: it only applies when there is explicit HTTP 429 evidence plus generic provider runtime copy.
• Regression coverage was added at matcher, formatter, provider-request classifier, and auto-reply entry layers.
• Focused tests passed, git diff --check passed, and autoreview reported no actionable findings.
• A successful Volcengine completion after recharging was intentionally not required, because this PR fixes failure classification rather than provider subscription success.

[clawsweeper]

Codex review: passed. Reviewed June 8, 2026, 7:12 AM ET / 11:12 UTC.

Summary
The branch adds provider error classification for generic HTTP 429 runtime failures and Volcengine InvalidSubscription billing errors, plus focused regression tests and SIGTERM test stabilization.

PR surface: Source +62, Tests +137. Total +199 across 8 files.

Reproducibility: yes. at source level. Current main lacks the HTTP 429 metadata classifier and Volcengine subscription billing matcher, and the PR body reports a live Volcengine failure shape plus after-fix tests.

Review metrics: none identified.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Next step before merge

• [P2] No repair lane is needed; there are no blocking findings and the PR is already in the maintainer opt-in automerge path.

Security
Cleared: The diff only changes TypeScript error classification and tests; it does not touch dependencies, workflows, secrets, permissions, downloads, or release scripts.

Review details

Best possible solution:

Land the narrow classifier and regression-test update after the existing automerge checks, keeping future provider-only error policy in provider hooks when core context is not needed.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level. Current main lacks the HTTP 429 metadata classifier and Volcengine subscription billing matcher, and the PR body reports a live Volcengine failure shape plus after-fix tests.

Is this the best way to solve the issue?

Yes. The fix is narrow for the failure-classification layer, preserves explicit rate-limit handling, and updates the generic core path only where provider-specific hooks cannot help.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 310d28f719b8.

Label changes

Label justifications:

• P2: This is a normal-priority provider error-copy bug fix with limited blast radius and focused coverage.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The PR body includes structured after-fix proof from local OpenClaw runs and a live Volcengine Ark request, with observed improved error guidance and no secrets printed.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes structured after-fix proof from local OpenClaw runs and a live Volcengine Ark request, with observed improved error guidance and no secrets printed.

Evidence reviewed

PR surface:

Source +62, Tests +137. Total +199 across 8 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	65	3	+62
Tests	5	164	27	+137
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	8	229	30	+199

What I checked:

• Repository policy read: Root AGENTS.md and the relevant src/agents scoped guide were read fully; the review applied the deep-review, provider-contract, protected-label, and agent-test guidance. (AGENTS.md:1, 310d28f719b8)
• Current-main baseline: Current main's provider request classifier only returns the conversation-state class, so generic HTTP 429 metadata with generic runtime copy has no specialized user guidance before this PR. (src/auto-reply/reply/provider-request-error-classifier.ts:20, 310d28f719b8)
• PR 429 classifier: The PR adds a closed provider_rate_limit_or_quota_error class only when HTTP 429 evidence is present and the provider message is generic, avoiding duplicate handling for explicit rate-limit text. (src/auto-reply/reply/provider-request-error-classifier.ts:21, 5e10848a3788)
• PR error-object routing: buildExternalRunFailureReply now passes the original error object when present, so the classifier can inspect top-level, response, or cause status metadata instead of only flattened text. (src/auto-reply/reply/agent-runner-execution.ts:804, 5e10848a3788)
• PR Volcengine billing matcher: The failover matcher recognizes InvalidSubscription and Coding Plan subscription prose as billing, including long payloads that exceed the existing billing fast-path length cap. (src/agents/embedded-agent-helpers/failover-matches.ts:59, 5e10848a3788)
• Regression coverage: The branch adds tests for generic 429 metadata, explicit 429 non-duplication, Volcengine billing classification, and agent-runner user-facing fallback behavior. (src/auto-reply/reply/provider-request-error-classifier.test.ts:40, 5e10848a3788)

Likely related people:

• vincentkoc: Current-main blame for the central provider classifier, failover matcher, external-run failure reply, and provider hook surfaces points to Vincent Koc's recent agent/provider error-path work. (role: recent area contributor; confidence: high; commits: 6a0fdea90ad0; files: src/auto-reply/reply/provider-request-error-classifier.ts, src/auto-reply/reply/agent-runner-execution.ts, src/agents/embedded-agent-helpers/failover-matches.ts)
• steipete: Peter Steinberger authored the provider defaults/error-policy refactor that added the provider hook boundary relevant to deciding whether this belongs in core or provider plugins. (role: adjacent provider-boundary contributor; confidence: medium; commits: b167ad052c76; files: src/plugins/types.ts, src/plugins/provider-runtime.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[hxy91819]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=5e10848a3788ade37a0ce231ac75bf5afd8e733c)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-06-08T11:12:57Z
Merge commit: 439dcbde3b1f

What merged:

• The branch adds provider error classification for generic HTTP 429 runtime failures and Volcengine InvalidSubscription billing errors, plus focused regression tests and SIGTERM test stabilization.
• PR surface: Source +62, Tests +137. Total +199 across 8 files.
• Reproducibility: yes. at source level. Current main lacks the HTTP 429 metadata classifier and Volcengine subscription billing matcher, and the PR body reports a live Volcengine failure shape plus after-fix tests.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix: clarify provider quota errors

The automerge loop is complete.

Automerge progress:

• 2026-06-08 10:35:05 UTC review queued 5f2c2027bbb0 (after repair)

• 2026-06-08 10:38:37 UTC automerge wait 5f2c2027bbb0 (blocked) in 14m 21s Run: https://github.com/openclaw/clawsweeper/actions/runs/27131271863 GitHub checks failed: checks-node-agentic-commands-agent-channel:FAILURE

• 2026-06-08 10:38:39 UTC repair finished 5f2c2027bbb0 (pushed) in 14m 23s Run: https://github.com/openclaw/clawsweeper/actions/runs/27131271863 repair_contributor_branch

• 2026-06-08 10:44:36 UTC review passed 5f2c2027bbb0 (structured ClawSweeper verdict: pass (sha=5f2c2027bbb0e122a0951a98a8fb96f487148...)

• 2026-06-08 10:44:56 UTC repair queued 5f2c2027bbb0 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233

• 2026-06-08 10:46:41 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 automerge-openclaw-openclaw-91390

• 2026-06-08 10:47:04 UTC validation plan (passed) in 23s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-06-08 10:47:23 UTC Codex write preflight (passed) in 42s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 danger-full-access

• 2026-06-08 10:56:56 UTC Codex edit 1 5f2c2027bbb0 (complete) in 10m 15s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 exit 0

• 2026-06-08 11:00:45 UTC validation and review 1 5e10848a3788 (complete) in 14m 4s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 already-current

• 2026-06-08 11:00:50 UTC repair completed 5e10848a3788 (branch updated) in 14m 9s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 initial automerge rebase is delegated to Codex repair

• 2026-06-08 11:00:50 UTC review queued 5e10848a3788 (after repair)

• 2026-06-08 11:10:54 UTC automerge wait 5e10848a3788 (waiting) in 24m 13s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 waiting for exact-head ClawSweeper review pass

• 2026-06-08 11:10:55 UTC repair finished 5e10848a3788 (pushed) in 24m 15s Run: https://github.com/openclaw/clawsweeper/actions/runs/27132380233 repair_contributor_branch

• 2026-06-08 11:12:46 UTC review passed 5e10848a3788 (structured ClawSweeper verdict: pass (sha=5e10848a3788ade37a0ce231ac75bf5afd8e7...)

• 2026-06-08 11:12:59 UTC merged 5e10848a3788 (merged by ClawSweeper automerge)