Skip to content

feat(middleware): retry with rotated auth key on rate-limit errors (#423)#434

Merged
alexey-pelykh merged 1 commit intomainfrom
feat/auth-key-retry-423
Mar 8, 2026
Merged

feat(middleware): retry with rotated auth key on rate-limit errors (#423)#434
alexey-pelykh merged 1 commit intomainfrom
feat/auth-key-retry-423

Conversation

@alexey-pelykh
Copy link
Copy Markdown

@alexey-pelykh alexey-pelykh commented Mar 8, 2026

Summary

  • When an agent has multiple auth profiles (auth: ["key1", "key2"]), rate-limit or auth errors now trigger automatic retry with the next key in the rotation
  • Each key is tried at most once per message — retry budget equals number of configured keys
  • Single-key or auth: false agents execute once with no retry (existing behavior preserved)

Changes

  • src/middleware/error-classifier.ts — Add isAuthRotatableError() detecting rate-limit (429, quota exceeded, resource exhausted, too many requests) and auth failures (401, unauthorized, invalid key)
  • src/auth/env-injection.ts — Add resolveAuthProfileCount() returning the number of configured auth profiles for an agent
  • src/middleware/auth-key-retry.ts (new)withAuthKeyRetry() orchestrator wrapping execute callbacks with automatic retry on rotatable errors, capped at one attempt per key
  • src/auto-reply/reply/agent-runner-execution.ts — Replace direct resolveAuthEnv + bridge creation with withAuthKeyRetry wrapper

Test plan

  • Rate-limit error with multi-key config triggers retry with next key
  • Retry succeeds with second key → normal response returned
  • All keys fail → error surfaced to user
  • Single key config → no retry attempted
  • auth: false → no retry attempted
  • Retry count never exceeds number of configured keys
  • Non-rotatable errors (context overflow, network) are not retried
  • Auth env correctly merged with base env
  • All 8054 existing unit tests pass (no regressions)

Closes #423

🤖 Generated with Claude Code

@alexey-pelykh @claude
feat(middleware): retry with rotated auth key on rate-limit errors (#423
c701e9c 
)

When an agent has multiple auth profiles configured, rate-limit or auth
errors now trigger automatic retry with the next key in the rotation.
Each key is tried at most once per message.

- Add isAuthRotatableError() to error-classifier — detects rate-limit
  (429, quota exceeded, resource exhausted) and auth failures (401,
  unauthorized, invalid key) that may benefit from key rotation
- Add resolveAuthProfileCount() to env-injection — returns the number
  of auth profiles configured for an agent
- Add withAuthKeyRetry() orchestrator in auth-key-retry.ts — wraps
  execute callbacks with automatic retry on rotatable errors, capped
  at one attempt per configured key
- Integrate withAuthKeyRetry in agent-runner-execution.ts — replaces
  direct resolveAuthEnv + bridge creation with retry-aware wrapper

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexey-pelykh alexey-pelykh enabled auto-merge (squash) March 8, 2026 09:11
@alexey-pelykh alexey-pelykh merged commit 0b680c2 into main Mar 8, 2026
5 checks passed
@alexey-pelykh alexey-pelykh deleted the feat/auth-key-retry-423 branch March 8, 2026 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(middleware): retry with rotated auth key on rate-limit errors

1 participant

@alexey-pelykh