revert: remove all Sentry error suppression (12 PRs)

[graycyrus]

Summary

Reverts all Sentry error suppression code from 12 PRs that hid bugs instead of fixing root causes.

Affected PRs: #2813, #2850, #2899, #2906, #2915, #2923, #2924, #2928, #2930, #2934, #2937, #2939

Errors will resume firing Sentry events. Each will get a proper root-cause fix in separate PRs.

Why

Suppressing errors hides bugs. The correct approach is to fix the root cause — add backoff, refresh tokens, handle gracefully — not silence the symptom.

Test plan

• cargo check passes
• No compile errors from removed code

Summary by CodeRabbit

• Bug Fixes

  • Fixed overly broad error suppression in monitoring, ensuring more failure scenarios are now properly reported.
  • Tightened error classification to more accurately detect API key and configuration issues.
  • Removed workaround filters that previously masked upstream rate-limit and embeddings errors.

• Chores

  • Simplified error handling logic for improved consistency across provider integrations and memory operations.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR removes several observability error classification pathways and Sentry suppression filters. Core changes: ExpectedErrorKind::MemoryStorePiiRejection is deleted entirely; ApiKeyMissing, session-expired, and Composio classifiers are tightened; budget filter is simplified from two-tier to single tag-gated tier; Sentry before_send suppression for embeddings 401 and rate-limit patterns is removed; provider /models 404 special handling is removed; and provider config rejection phrase matching is refined.

Changes

Error classification pathway removal and Sentry filter simplification

Layer / File(s)	Summary
Core observability classifier refactoring src/core/observability.rs	ExpectedErrorKind::MemoryStorePiiRejection variant, dispatch arm, and helper predicate removed; ApiKeyMissing matcher tightened to remove env-var "_api_key is not configured" pattern; is_session_expired_message drops "backend rejected session token" matching; Composio direct-mode classifier narrowed to HTTP 401 only; is_budget_event rewritten as single tag-gated tier requiring failure=="non_2xx" and status=="400", with tag-less "Insufficient budget" detection helper removed; unit tests updated to match removed/refined matchers.
Sentry before_send filter removal src/main.rs	Two suppression filters removed: embeddings-path HTTP 401 events (API-key related) and upstream rate-limit pattern detection (scanning event message/logentry/exception text), allowing those event types to proceed through remaining before_send logic and secret scrubbing.
Provider error handling and config rejection tightening src/openhuman/inference/provider/ops.rs, src/openhuman/inference/provider/config_rejection.rs	HTTP 404 special handling removed from list_configured_models_from_config (now flows to generic error path); rate-limit body detection suppression removed from api_error; provider config rejection phrase matching refined (thinking-mode substring updated, Ollama subscription anchor more specific, tool-unsupported phrases pruned); associated test coverage deleted for removed behaviors and phrase families.
Inference logging and documentation updates src/openhuman/inference/ops.rs, src/openhuman/memory_store/factories.rs, src/openhuman/subconscious/store.rs	Inference test-provider error logging changed to unconditional error! (removes expected-error conditional warn! path); Ollama health-gate Sentry reporting documentation clarified; subconscious module documentation shortened and directory-creation error message improved; test coverage adjusted for removed reporting path.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• tinyhumansai/openhuman#2850: Inverse relationship—fix(observability): demote memory-store PII rejection errors from Sentry to warn #2850 added the ExpectedErrorKind::MemoryStorePiiRejection pathway that this PR removes entirely.
• tinyhumansai/openhuman#2915: Directly related—this PR removes the "_api_key is not configured" env-var-style matching from ApiKeyMissing that #2915 added.
• tinyhumansai/openhuman#2930: Inverse relationship—fix(observability): suppress composio-direct HTTP 403 Sentry noise (TAURI-RUST-322) #2930 adds HTTP 403 support for Composio-direct classification that this PR removes.

Suggested labels

rust-core, sentry-traced-bug, working

Suggested reviewers

• oxoxDev
• M3gA-Mind
• sanil-23

Poem

🐰 A rabbit hops through classifier code,
Sweeping away the paths no longer rode—
Expect no more for PII and tokens past,
Simpler filters at last, at last!
Tighter phrases, cleaner logic flow,
Watch the noise just go, just go! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the PR's main objective: reverting Sentry error suppression code across multiple prior PRs, which aligns directly with the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/openhuman/inference/ops.rs (1)

182-182: ⚡ Quick win

Add correlation fields to the error log.

Include workload and provider on this error event to keep failure logs queryable with the same context as the start event.

Suggested diff

-        Err(err) => error!(error = %err, "{LOG_PREFIX} test_provider_model:error"),
+        Err(err) => error!(
+            workload,
+            provider,
+            error = %err,
+            "{LOG_PREFIX} test_provider_model:error"
+        ),

As per coding guidelines: “Prefix debug logs with stable, grep-friendly identifiers … and include correlation fields such as request IDs, method names, or entity IDs.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/inference/ops.rs` at line 182, The error log at the Err branch
currently only logs the error; update the error! invocation in the Err(err) arm
to include the correlation fields workload and provider (e.g. error!(workload =
%workload, provider = %provider, error = %err, "{LOG_PREFIX}
test_provider_model:error")), keeping the existing LOG_PREFIX message and error
formatting; ensure workload and provider are in scope or passed into the
function containing this Err(err) match arm (refer to the Err branch where
error!(...) is called).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/inference/provider/config_rejection.rs`:
- Around line 170-192: Run the project's formatter and commit the changes so CI
passes: execute pnpm format (which runs rustfmt/prettier) and ensure cargo fmt
has formatted Rust files; then add and commit the updated file containing the
string entries "thinking mode must be passed back" and "requires a subscription,
upgrade for access" so pnpm format:check and cargo fmt --check succeed in CI.

---

Nitpick comments:
In `@src/openhuman/inference/ops.rs`:
- Line 182: The error log at the Err branch currently only logs the error;
update the error! invocation in the Err(err) arm to include the correlation
fields workload and provider (e.g. error!(workload = %workload, provider =
%provider, error = %err, "{LOG_PREFIX} test_provider_model:error")), keeping the
existing LOG_PREFIX message and error formatting; ensure workload and provider
are in scope or passed into the function containing this Err(err) match arm
(refer to the Err branch where error!(...) is called).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 07dd0604-9948-4940-a388-c4c8b3baedc0

📥 Commits

Reviewing files that changed from the base of the PR and between b7110d0 and 34ed335.

📒 Files selected for processing (8)

• src/core/observability.rs
• src/main.rs
• src/openhuman/inference/ops.rs
• src/openhuman/inference/ops_tests.rs
• src/openhuman/inference/provider/config_rejection.rs
• src/openhuman/inference/provider/ops.rs
• src/openhuman/memory_store/factories.rs
• src/openhuman/subconscious/store.rs

💤 Files with no reviewable changes (2)

• src/openhuman/inference/ops_tests.rs
• src/main.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Run formatter to unblock CI.

cargo fmt --check and pnpm format:check are failing for this file, so this PR is currently blocked. Please run pnpm format and commit the formatter output.

As per coding guidelines **/*.{ts,tsx,rs,json,js}: “Run pnpm format … before committing; pnpm format:check … must pass in CI.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/inference/provider/config_rejection.rs` around lines 170 - 192,
Run the project's formatter and commit the changes so CI passes: execute pnpm
format (which runs rustfmt/prettier) and ensure cargo fmt has formatted Rust
files; then add and commit the updated file containing the string entries
"thinking mode must be passed back" and "requires a subscription, upgrade for
access" so pnpm format:check and cargo fmt --check succeed in CI.

[sanil-23]

@graycyrus the revert itself reads clean — it's a symmetric removal of the suppression branches plus their before_send call sites in main.rs, and the inline tests were updated to match the reverted classifier behavior. The intent (resume firing these to Sentry and fix root causes separately) is clear. A couple of things to sort before I can approve:

CI is red, so I'm holding the full approve:

• PR Submission Checklist is failing only because the two Test plan checkboxes are still - [ ]. Once cargo check / no-compile-errors are confirmed, tick them and that check goes green.
• E2E (Playwright) web lane 2/4 and 3/4 are failing. This is a Rust-only change with no frontend diff, so these look unrelated/flaky — but they need to be green (or re-run) before merge, not waved through.

[major] Out-of-scope change in src/openhuman/inference/provider/ops.rs
The stated scope is reverting Sentry suppression across the 12 listed PRs, but list_models also drops the OpenAI Codex OAuth routing path — resolve_openai_codex_routing, the OAuth client_version query param, openai_codex_user_agent, and the OPENAI_CODEX_ACCOUNT_HEADER — replacing it with a plain endpoint + bare Bearer request. That helper (resolve_openai_codex_routing in openai_codex.rs) still exists on this branch, so it's now orphaned for this path, and Codex OAuth users would lose the account header + OAuth user-agent on model listing (likely 401s). This has nothing to do with error suppression — was it intentionally bundled in, or did the revert sweep up an unrelated commit? If it's not part of the suppression revert, please split it out.

Everything else looks like a faithful revert. Fix CI + confirm that Codex routing removal is intentional and I'll do the final pass and approve.

[sanil-23]

@graycyrus heads up — CI isn't green yet (Rust Core Coverage, Frontend Coverage, and E2E web lane 1/4 are re-running/failing), so I'll hold a full approval until those settle. Thanks for adding the workload/provider correlation fields to the error log in the latest commit — good catch keeping the failure path queryable.

One thing I want to flag before this lands, separate from CI:

[major] src/openhuman/inference/provider/ops.rs — list_models: this revert also strips the OpenAI Codex OAuth routing (resolve_openai_codex_routing, the codex client_version query param, the codex user-agent / originator / account headers, and merge_openai_codex_model_hints). That code came from #2748 (Codex OAuth provider support), not from any of the 12 Sentry-suppression PRs this is meant to revert. The chat path in factory.rs still routes Codex through the codex backend, so after this PR model listing and chat disagree: list_models would hit the configured endpoint without the codex client_version/account header and skip the codex model hints, which breaks model discovery for Codex OAuth providers. Recommend dropping that hunk so the revert stays scoped to Sentry suppression — happy to re-check once it's split out.

Once CI is green and that's sorted I'll come back and approve.

[sanil-23]

@graycyrus heads up — CI is still red, and at least one failure is caused by the revert itself, not flakiness, so I'll hold off on approving until it's sorted.

Rust Core Coverage fails in provider_ops_leftovers_cover_model_listing_error_shapes_and_auth_styles (tests/inference_compatible_admin_leftovers_raw_coverage_e2e.rs:345):

404 models unsupported: "provider returned 404: no model list"

Removing the 404 -> empty-list short-circuit in list_configured_models_from_config (src/openhuman/inference/provider/ops.rs) means a /models 404 now returns an Err instead of an empty { models: [], unsupported: true } payload. That's the intended behavior change for the suppression revert, but this pre-existing e2e test still asserts the old "empty list" contract and wasn't updated in this PR, so it hard-fails. Please update that test to expect the new error shape so the suite matches the revert.

Frontend Coverage (Vitest) and E2E web lane 1/4 are also red. Those look unrelated to a Rust-only diff, so a re-run or rebase on main should clear them — ping me if they persist.

The revert itself still reads clean and symmetric otherwise. Once the full suite is green I'll come back and approve.

[sanil-23]

@graycyrus heads up — CI is still red, so I'll hold a full approve until it's green. The latest commit correctly updated the 404 /models assertions, nice. But there's one more pre-existing test left asserting the old contract:

• tests/inference_provider_admin_round22_raw_coverage_e2e.rs:254 — provider_admin_model_listing_covers_openrouter_validation_and_local_synthesis now fails: assertion failed: object_error.contains("nested provider failure"). The /object-error/models mock returns HTTP 200 with an error-shaped body ({"error":{"message":"nested provider failure"}}), and this test expects that to surface as an error. The revert dropped the logic that detected an embedded error in a 200 model-listing response, so list_configured_models("object-error") no longer returns an Err. Same class of leftover as the 404 tests you just fixed — please update (or remove) this assertion to match the reverted behavior so Rust Core Coverage goes green.

The other two red checks look unrelated to this Rust-only diff: Frontend Coverage (Vitest) fails on a notification-settings UI test, and E2E web lane 1/4 is failing on ECONNREFUSED to the mock backend (infra flake). A rebase + re-run should clear those. Once CI is fully green I'll come back and approve.

[senamakel]

@sanil-23 Addressed the outstanding items:

Merge conflict resolved — src/openhuman/inference/provider/ops_tests.rs had a conflict between HEAD (which removed the models_404_returns_empty_list_not_error test as part of the revert) and main (which added it). Resolved by keeping HEAD's side (removing the test), consistent with the revert intent.

Missing #[test] attribute fixed — classifies_whatsapp_data_sqlite_busy_errors in observability.rs was missing its #[test] attribute (introduced when the revert inlined tests from the external file). Added it back — test now runs and passes.

Re: inference_provider_admin_round22_raw_coverage_e2e.rs:254 — The provider_admin_model_listing_covers_openrouter_validation_and_local_synthesis test (the "nested provider failure" assertion) already passes on this branch. The embedded-error-in-200 detection logic (lines 185-198 of provider/ops.rs) was NOT part of the suppression reverts — it's still in place. The mock returns {"error":{"message":"nested provider failure"}} with HTTP 200, the code detects the error field, and returns Err("provider returned error payload: nested provider failure"). The test's expect_err + contains("nested provider failure") assertion matches correctly.

Quality suite: cargo check ✅, cargo fmt --check ✅, pre-push hooks (format + lint) ✅. The memory_sync_provider_trait_defaults_and_connection_hook_are_deterministic test failure is pre-existing on main and unrelated to this PR.

[sanil-23]

@graycyrus thanks for the updates here.

The previous concern is resolved: the list_models 404 contract change is now reflected in the e2e coverage test (provider_ops_leftovers_cover_model_listing_error_shapes_and_auth_styles), which correctly asserts that a 404 from the models endpoint surfaces as a real error instead of a synthetic empty-list success. That's the right call — the whole point of the revert is to let these failures fire rather than be masked. The #2748 Codex OAuth model-listing path is preserved through the merge, and restoring the missing #[test] on classifies_whatsapp_data_sqlite_busy_errors means that case actually runs again. Good catch on that last one.

Code-wise this looks clean: the revert is symmetric and the tests now match the reverted behavior.

The only thing holding an approval is CI. E2E (Playwright / web lane 1/4) is currently red and the Rust Core / Frontend coverage jobs are still running. The web-lane failure looks unrelated to this Rust-only diff (likely flaky), so a rerun may well clear it — but let's get all required checks green first. Once they are, ping me and I'll approve.

[sanil-23]

@graycyrus the revert itself reads cleanly and the merge-conflict handling around #2748 (preserving the Codex OAuth model listing while keeping only the intended #2939/#2899 reverts) is well reasoned. A couple of things to sort before I can do a final approval pass:

CI is red. Two checks are failing:

• Rust Core Coverage fails on tests/tools_approval_channels_raw_coverage_e2e.rs:1689 (assertion failed: unknown_toolkit.output().contains("gmail_pro")). That file isn't touched by this PR and the assertion has nothing to do with Sentry suppression, so this looks like a flaky/unrelated failure rather than a regression from the revert. Please re-run it to confirm.
• E2E (Playwright / web lane 1/4) is also red while lanes 2-4 pass — same story, likely flaky. A re-run should settle both.

One correctness thing worth double-checking in config_rejection.rs. The revert dropped several patterns from is_provider_config_rejection_message, but a few of the removed patterns are substrings of patterns that were kept, so the suppression behaviour may be unchanged for those shapes:

• removed "in the thinking mode must be passed back" but kept "thinking mode must be passed back" — the kept (shorter) substring still matches the same bodies.
• removed "requires a subscription" but kept "requires a subscription, upgrade for access" — bodies carrying the full phrase still match and stay suppressed.

If those two classes were meant to keep firing to Sentry, this revert doesn't actually un-suppress them. If they were intentionally left in scope (added by a PR not on the revert list), ignore this — but it's worth a sentence in the PR description either way so the next person doesn't assume they're back on. (The earlier CodeRabbit cargo fmt comment looks resolved — Rust Quality (fmt, clippy) is green now.)

Once CI is green I'll come back and approve. Let me know if you want a hand chasing down the flaky tests.

[sanil-23]

Thanks for unwinding the suppression layers — restoring real Sentry signal for genuine errors is the right call, and the bulk of this diff is exactly that: pure classification/before_send removals that let throttle, auth, and config-rejection events fire again. Tests moved cleanly and CI is green.

One change crosses from "restore Sentry noise" into "change runtime behavior," and I'd like it split out or reconsidered before merge:

[major] src/openhuman/inference/provider/ops.rs — list_configured_models_from_config

The removed block didn't just suppress a Sentry event; it returned a graceful result:

if status == NOT_FOUND {
    return Ok(RpcOutcome::new(json!({ "models": [], "unsupported": true }), ...));
}

With it gone, a 404 from /models now falls straight through to the generic !status.is_success() path and returns Err(...). For OpenAI-compatible providers that legitimately have no /models endpoint (DeepSeek, Moonshot, Kimi, custom proxies — the cases the comment called out), model listing will now surface a hard error to the caller instead of an empty list. Any frontend reading the unsupported: true flag also loses it.

That's a user-facing regression, not restored telemetry. Could you keep the 404 graceful-degradation branch (you can still drop the Sentry suppression around it) and revert only the classification piece? If the intent is that a follow-up restores this behavior, it'd be safer to land that first.

Everything else (main.rs before_send filters, observability classifiers, config_rejection phrases, inference ops) is a clean, scoped revert — no concerns there.