fix(init): retry transient auth validation once#1249
Draft
betegon wants to merge 1 commit into
Draft
Conversation
Contributor
Codecov Results 📊✅ Patch coverage is 100.00%. Project has 5369 uncovered lines. Coverage diff@@ Coverage Diff @@
## main #PR +/-##
==========================================
+ Coverage 81.78% 81.79% +0.01%
==========================================
Files 424 424 —
Lines 29452 29478 +26
Branches 19190 19205 +15
==========================================
+ Hits 24085 24109 +24
- Misses 5367 5369 +2
- Partials 1999 2000 +1Generated by Codecov Action |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds one narrowly authorized retry for transient authentication-service failures returned by the init Worker.
The retry gate requires all of the following:
MastraClientErrorparsed from an HTTP response;safeToRetry: true; andAUTH_UPSTREAM_TIMEOUTorAUTH_UPSTREAM_UNAVAILABLE.It applies to create-run, start-async, and resume-async, waits 250 ms, and then makes exactly one second attempt. The underlying Mastra client remains configured with
retries: 0, so there are no hidden retries and the hard maximum is two total attempts.Generic 5xx responses, upstream rate limiting, 401/403, unknown codes, and ambiguous network errors are never replayed. For resume requests, a retryable auth failure is known to happen before Mastra executes; it therefore retries directly instead of entering the existing stale/ambiguous run-state recovery path.
The CLI emits a breadcrumb/tag for the retry and shows a temporary health overlay during resume. Overlay cleanup runs in
finallyfor both success and failure.Server contract
This is coordinated with getsentry/cli-init-api#194, which emits the structured 503 only from auth middleware before the workflow handler. Either deploy order is backward compatible, but server first is preferred.
The failure was observed in CLI-17A: one auth call in the run reached the Worker five-second validation deadline while the other calls completed normally. The server PR switches to the lightweight token-validation endpoint, captures the timeout, and tags run ID/endpoint before auth.
Safety properties
runByIdfor this pre-workflow failure.MastraClientErrorcarrying the parsed server body.Test plan
pnpm exec vitest run test/lib/init/init-service-auth.test.ts test/lib/init/wizard-runner.test.ts— 68 tests pass.pnpm run typecheck— passes after generating the API schema required by a fresh worktree.pnpm run lint— 918 files pass.TZ=UTC, excluding the known bash completion simulation: 399 files, 8,462 tests pass, 14 skipped.main: six time-range assertions assume UTC while the local timezone is Europe/Madrid; two bash completion simulations return an empty completion in this shell environment.git diff --checkpasses.