refactor(aibridge): apply key pool failover follow-ups

ssncferreira · ssncferreira · commit c350d1f3caf6 · 2026-06-08T19:45:37.000Z
diff --git a/aibridge/intercept/keyfailover_test.go b/aibridge/intercept/keyfailover_test.go
@@ -62,15 +62,6 @@ type interceptorCase struct {
 	newInterceptor func(t *testing.T, streaming bool, upstreamURL string, reqBody []byte, pool *keypool.Pool, byokKey string) intercept.Interceptor
 }
 
-// keyFromHeader reads the API key an upstream request carried in the named auth
-// header.
-func keyFromHeader(name string, h http.Header) string {
-	if name == "Authorization" {
-		return utils.ExtractBearerToken(h.Get(name))
-	}
-	return h.Get(name)
-}
-
 // interceptorCases is the set of interceptors the failover tests run against,
 // one entry per supported API.
 var interceptorCases = []interceptorCase{
@@ -365,7 +356,7 @@ func TestInterception_KeyFailover(t *testing.T) {
 
 					var seenKeys []string
 					for _, r := range upstream.ReceivedRequests() {
-						seenKeys = append(seenKeys, keyFromHeader(ic.authHeader, r.Header))
+						seenKeys = append(seenKeys, testutil.KeyFromHeader(ic.authHeader, r.Header))
 					}
 					assert.Equal(t, tc.expectedSeenKeys, seenKeys, "seen keys")
 
@@ -540,7 +531,7 @@ func TestInterception_AgenticLoopFailover(t *testing.T) {
 
 					var seenKeys []string
 					for _, r := range upstream.ReceivedRequests() {
-						seenKeys = append(seenKeys, keyFromHeader(ic.authHeader, r.Header))
+						seenKeys = append(seenKeys, testutil.KeyFromHeader(ic.authHeader, r.Header))
 					}
 					assert.Equal(t, tc.expectedSeenKeys, seenKeys, "seen keys")
 
diff --git a/aibridge/intercept/messages/base.go b/aibridge/intercept/messages/base.go
@@ -580,6 +580,9 @@ func (i *interceptionBase) markKeyOnError(ctx context.Context, key *keypool.Key,
 // ResponseErrorFromKeyPool translates a *keypool.Error into
 // a developer-facing ResponseError shaped for the Anthropic API.
 func ResponseErrorFromKeyPool(keyPoolErr *keypool.Error) *ResponseError {
+	if keyPoolErr == nil {
+		return nil
+	}
 	switch keyPoolErr.Kind {
 	case keypool.ErrorKindPermanent:
 		return newResponseError(
diff --git a/aibridge/intercept/messages/base_internal_test.go b/aibridge/intercept/messages/base_internal_test.go
@@ -1041,6 +1041,10 @@ func TestResponseErrorFromKeyPool(t *testing.T) {
 		expectedStatus     int
 		expectedRetryAfter time.Duration
 	}{
+		{
+			name:       "nil_returns_nil",
+			keyPoolErr: nil,
+		},
 		{
 			// Rate-limited with no cooldown: 429, no Retry-After.
 			name:               "rate_limited_zero_retry_after",
@@ -1067,6 +1071,10 @@ func TestResponseErrorFromKeyPool(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			got := ResponseErrorFromKeyPool(tc.keyPoolErr)
+			if tc.keyPoolErr == nil {
+				assert.Nil(t, got)
+				return
+			}
 			require.NotNil(t, got)
 			assert.Equal(t, tc.expectedStatus, got.StatusCode)
 			assert.Equal(t, tc.expectedRetryAfter, got.RetryAfter)
diff --git a/aibridge/intercept/messages/blocking.go b/aibridge/intercept/messages/blocking.go
@@ -112,8 +112,14 @@ func (i *BlockingInterception) ProcessRequest(w http.ResponseWriter, r *http.Req
 
 	for {
 		// TODO add outer loop span (https://github.com/coder/aibridge/issues/67)
+
+		// Rebuilt per iteration: i.reqPayload mutates when an agentic
+		// continuation appends tool results, so withBody must reflect
+		// the latest payload on every upstream call.
+		callOpts := []option.RequestOption{i.withBody()}
+
 		var keyAttempts int
-		resp, keyAttempts, err = i.newMessage(ctx, svc)
+		resp, keyAttempts, err = i.newMessage(ctx, svc, callOpts)
 		totalKeyAttempts += keyAttempts
 		if err != nil {
 			if eventstream.IsConnError(err) {
@@ -352,24 +358,23 @@ func (i *BlockingInterception) ProcessRequest(w http.ResponseWriter, r *http.Req
 // newMessage routes by credential type, returning the upstream message, the
 // number of key attempts made for this call, and any error. Centralized
 // credentials fail over across the key pool, while BYOK makes a single attempt.
-func (i *BlockingInterception) newMessage(ctx context.Context, svc anthropic.MessageService) (*anthropic.Message, int, error) {
+func (i *BlockingInterception) newMessage(ctx context.Context, svc anthropic.MessageService, opts []option.RequestOption) (*anthropic.Message, int, error) {
 	switch i.cred.Kind() {
 	case intercept.CredentialKindCentralized:
-		return i.newMessageWithKeyFailover(ctx, svc)
+		return i.newMessageWithKeyFailover(ctx, svc, opts)
 	case intercept.CredentialKindBYOK:
-		msg, err := i.newMessageWithKey(ctx, svc)
+		msg, err := i.newMessageWithKey(ctx, svc, opts...)
 		return msg, 0, err
 	default:
 		return nil, 0, xerrors.New("no credential configured")
 	}
 }
 
 // newMessageWithKey performs a single upstream call.
-func (i *BlockingInterception) newMessageWithKey(ctx context.Context, svc anthropic.MessageService, extraOpts ...option.RequestOption) (_ *anthropic.Message, outErr error) {
+func (i *BlockingInterception) newMessageWithKey(ctx context.Context, svc anthropic.MessageService, opts ...option.RequestOption) (_ *anthropic.Message, outErr error) {
 	_, span := i.tracer.Start(ctx, "Intercept.ProcessRequest.Upstream", trace.WithAttributes(tracing.InterceptionAttributesFromContext(ctx)...))
 	defer tracing.EndSpanErr(span, &outErr)
 
-	opts := append([]option.RequestOption{i.withBody()}, extraOpts...)
 	return svc.New(ctx, anthropic.MessageNewParams{}, opts...)
 }
 
@@ -378,12 +383,12 @@ func (i *BlockingInterception) newMessageWithKey(ctx context.Context, svc anthro
 // 429 and permanent on 401/403. Errors that aren't key-specific don't trigger
 // failover and are returned to the caller. It returns the upstream message,
 // the number of key attempts made for this call, and any error.
-func (i *BlockingInterception) newMessageWithKeyFailover(ctx context.Context, svc anthropic.MessageService) (*anthropic.Message, int, error) {
+func (i *BlockingInterception) newMessageWithKeyFailover(ctx context.Context, svc anthropic.MessageService, opts []option.RequestOption) (*anthropic.Message, int, error) {
 	centralized, ok := intercept.AsCentralized(i.cred)
 	if !ok {
 		// Centralized but pool-less: Bedrock, which signs via AWS. A single
 		// attempt with no failover.
-		msg, err := i.newMessageWithKey(ctx, svc)
+		msg, err := i.newMessageWithKey(ctx, svc, opts...)
 		return msg, 0, err
 	}
 	walker := centralized.Pool.Walker()
@@ -396,12 +401,14 @@ func (i *BlockingInterception) newMessageWithKeyFailover(ctx context.Context, sv
 		i.logger.Debug(ctx, "using centralized api key",
 			slog.F("credential_hint", i.cred.Hint()), slog.F("credential_length", i.cred.Length()))
 
-		msg, err := i.newMessageWithKey(ctx, svc,
+		requestOpts := append([]option.RequestOption{}, opts...)
+		requestOpts = append(requestOpts,
 			option.WithAPIKey(key.Value()),
 			// Disable SDK retries because the failover loop
 			// handles retries via key rotation.
 			option.WithMaxRetries(0),
 		)
+		msg, err := i.newMessageWithKey(ctx, svc, requestOpts...)
 		// Key-specific failure: try the next key.
 		if i.markKeyOnError(ctx, key, err) {
 			continue
diff --git a/aibridge/intercept/messages/streaming.go b/aibridge/intercept/messages/streaming.go
@@ -179,7 +179,7 @@ newStream:
 			walker = centralized.Pool.Walker()
 		}
 
-		var streamOpts []option.RequestOption
+		streamOpts := []option.RequestOption{i.withBody()}
 		var currentPoolKey *keypool.Key
 		if walker != nil {
 			key, keyPoolErr := walker.Next()
@@ -696,10 +696,9 @@ func (*StreamingInterception) encodeForStream(payload []byte, typ string) []byte
 }
 
 // newStream traces svc.NewStreaming() call.
-func (i *StreamingInterception) newStream(ctx context.Context, svc anthropic.MessageService, extraOpts ...option.RequestOption) *ssestream.Stream[anthropic.MessageStreamEventUnion] {
+func (i *StreamingInterception) newStream(ctx context.Context, svc anthropic.MessageService, opts ...option.RequestOption) *ssestream.Stream[anthropic.MessageStreamEventUnion] {
 	_, span := i.tracer.Start(ctx, "Intercept.ProcessRequest.Upstream", trace.WithAttributes(tracing.InterceptionAttributesFromContext(ctx)...))
 	defer span.End()
 
-	opts := append([]option.RequestOption{i.withBody()}, extraOpts...)
 	return svc.NewStreaming(ctx, anthropic.MessageNewParams{}, opts...)
 }
diff --git a/aibridge/intercept/openai_errors.go b/aibridge/intercept/openai_errors.go
@@ -73,6 +73,9 @@ func (e *ResponseError) ToResponse() *http.Response {
 // ResponseErrorFromKeyPool translates a *keypool.Error into
 // a developer-facing ResponseError shaped for the OpenAI API.
 func ResponseErrorFromKeyPool(keyPoolErr *keypool.Error) *ResponseError {
+	if keyPoolErr == nil {
+		return nil
+	}
 	switch keyPoolErr.Kind {
 	case keypool.ErrorKindPermanent:
 		return NewResponseError(
diff --git a/aibridge/intercept/openai_errors_test.go b/aibridge/intercept/openai_errors_test.go
@@ -21,6 +21,10 @@ func TestResponseErrorFromKeyPool(t *testing.T) {
 		expectedStatus     int
 		expectedRetryAfter time.Duration
 	}{
+		{
+			name:       "nil_returns_nil",
+			keyPoolErr: nil,
+		},
 		{
 			// Rate-limited with no cooldown: 429, no Retry-After.
 			name:               "rate_limited_zero_retry_after",
@@ -47,6 +51,10 @@ func TestResponseErrorFromKeyPool(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			got := intercept.ResponseErrorFromKeyPool(tc.keyPoolErr)
+			if tc.keyPoolErr == nil {
+				assert.Nil(t, got)
+				return
+			}
 			require.NotNil(t, got)
 			assert.Equal(t, tc.expectedStatus, got.StatusCode)
 			assert.Equal(t, tc.expectedRetryAfter, got.RetryAfter)
diff --git a/aibridge/internal/integrationtest/keypool_failover_internal_test.go b/aibridge/internal/integrationtest/keypool_failover_internal_test.go
diff --git a/aibridge/internal/testutil/mockupstream.go b/aibridge/internal/testutil/mockupstream.go
diff --git a/aibridge/passthrough_internal_test.go b/aibridge/passthrough_internal_test.go

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,7 @@ newStream:`
`179`	`179`	`walker = centralized.Pool.Walker()`
`180`	`180`	`}`
`181`	`181`
`182`		`- var streamOpts []option.RequestOption`
	`182`	`+ streamOpts := []option.RequestOption{i.withBody()}`
`183`	`183`	`var currentPoolKey *keypool.Key`
`184`	`184`	`if walker != nil {`
`185`	`185`	`key, keyPoolErr := walker.Next()`
`@@ -696,10 +696,9 @@ func (*StreamingInterception) encodeForStream(payload []byte, typ string) []byte`
`696`	`696`	`}`
`697`	`697`
`698`	`698`	`// newStream traces svc.NewStreaming() call.`
`699`		`-func (i StreamingInterception) newStream(ctx context.Context, svc anthropic.MessageService, extraOpts ...option.RequestOption) ssestream.Stream[anthropic.MessageStreamEventUnion] {`
	`699`	`+func (i StreamingInterception) newStream(ctx context.Context, svc anthropic.MessageService, opts ...option.RequestOption) ssestream.Stream[anthropic.MessageStreamEventUnion] {`
`700`	`700`	`_, span := i.tracer.Start(ctx, "Intercept.ProcessRequest.Upstream", trace.WithAttributes(tracing.InterceptionAttributesFromContext(ctx)...))`
`701`	`701`	`defer span.End()`
`702`	`702`
`703`		`- opts := append([]option.RequestOption{i.withBody()}, extraOpts...)`
`704`	`703`	`return svc.NewStreaming(ctx, anthropic.MessageNewParams{}, opts...)`
`705`	`704`	`}`