fix(composio): avoid nested auth retry

[honor2030]

Summary

• Route the standalone Composio auth-retry helper through the client’s single post-OAuth retry path instead of stacking retry wrappers.
• Keep execute_tool_with_post_oauth_retry test-visible and preserve gateway error matching for wrapped/case-varied Connection error, try to authenticate payloads.
• Move the retryable-error matcher coverage next to the consolidated client retry implementation.

Test Plan

• RUSTC=$(rustup which --toolchain 1.93.0 rustc) $(rustup which --toolchain 1.93.0 cargo) fmt --all
• RUSTC=$(rustup which --toolchain 1.93.0 rustc) $(rustup which --toolchain 1.93.0 cargo) test --manifest-path Cargo.toml -p openhuman openhuman::composio::auth_retry -- --nocapture
• RUSTC=$(rustup which --toolchain 1.93.0 rustc) $(rustup which --toolchain 1.93.0 cargo) test --manifest-path Cargo.toml -p openhuman openhuman::composio::client -- --nocapture
• RUSTC=$(rustup which --toolchain 1.93.0 rustc) $(rustup which --toolchain 1.93.0 cargo) test --manifest-path Cargo.toml -p openhuman openhuman::composio -- --nocapture

Summary by CodeRabbit

• Bug Fixes

  • Improved post-OAuth retry behavior and broader error matching to more reliably recover from transient authentication gaps during tool execution.

• Documentation

  • Clarified how gateway error fragments are matched for post-OAuth retry decisions.

• Tests

  • Added comprehensive integration and unit tests covering retry scenarios and edge cases.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25c464f1-14e7-4da9-882d-7d9a47ccb3d5

📥 Commits

Reviewing files that changed from the base of the PR and between f325a37 and 73992c9.

📒 Files selected for processing (4)

• src/openhuman/composio/auth_retry.rs
• src/openhuman/composio/auth_retry_tests.rs
• src/openhuman/composio/client.rs
• src/openhuman/composio/client_tests.rs

💤 Files with no reviewable changes (1)

• src/openhuman/composio/auth_retry_tests.rs

🚧 Files skipped from review as they are similar to previous changes (2)

• src/openhuman/composio/auth_retry.rs
• src/openhuman/composio/client_tests.rs

---

📝 Walkthrough

Walkthrough

Post-OAuth retry handling is centralized into ComposioClient::execute_tool_with_post_oauth_retry; the matcher now uses case-insensitive substring checks, the helper is exposed to the parent module, local retry constant/logic were removed, and async integration tests validate end-to-end behavior with a mock backend.

Changes

Composio post-OAuth retry refactoring

Layer / File(s)	Summary
Retry matcher refinement and helper visibility src/openhuman/composio/client.rs	Error matcher broadened from exact equality to case-insensitive substring containment; doc comments updated; execute_tool_with_post_oauth_retry visibility changed to pub(super).
Retry matcher unit tests src/openhuman/composio/client_tests.rs	New unit tests validate is_post_oauth_auth_readiness_error for multiple positive message variants and negative cases including successful: true.
Delegate retry to helper from auth_retry src/openhuman/composio/auth_retry.rs	Removed module-local RETRYABLE_AUTH_ERRORS and in-module retry control flow. execute_with_auth_retry_inner trims/validates slug, defaults args to {}, builds {tool, arguments} payload, logs execute start, and delegates execution (and retry) to client.execute_tool_with_post_oauth_retry.
Integration tests with mock Composio backend src/openhuman/composio/auth_retry_tests.rs	Adds async Tokio tests using a local Axum server that mimics /agent-integrations/composio/execute to assert: post-OAuth readiness error triggers exactly one retry then success; unrelated auth errors do not retry; success on first attempt skips retry; bounded retry when second attempt also errors. Removes prior synchronous string-match tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• tinyhumansai/openhuman#1707: Both PRs modify Composio post-OAuth auth-readiness retry logic with case-insensitive substring matching and extended test coverage in client_tests.rs.
• tinyhumansai/openhuman#1708: Both PRs address the same post-OAuth "Connection error, try to authenticate" single-retry behavior, with this PR refactoring retry logic from auth_retry.rs into ComposioClient::execute_tool_with_post_oauth_retry.
• tinyhumansai/openhuman#1803: Related tests and prior changes that interacted with stacked retry behaviors; this PR consolidates toward a single-retry contract.

Suggested labels

working

Suggested reviewers

• graycyrus
• senamakel

Poem

🐰 I hopped through code to tidy a loop,
Moved retries to one polite coop,
Substring whispers wake the gate,
Mock server queues each eager state,
One more try, then quiet — hop, reboot.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the primary change: consolidating nested auth retry logic by routing through the client's single post-OAuth retry path instead of maintaining duplicate retry implementations.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/openhuman/composio/auth_retry.rs (1)

57-60: ⚡ Quick win

Log the empty-slug rejection path.

This new validation branch bails without a grep-friendly diagnostic, so whitespace-only slugs will be harder to trace than the rest of the flow. Add a [composio][auth_retry] debug/trace event before returning.

Proposed fix

     let tool = slug.trim();
     if tool.is_empty() {
+        tracing::debug!(
+            target: "composio",
+            raw_slug_len = slug.len(),
+            "[composio][auth_retry] rejecting empty tool slug"
+        );
         anyhow::bail!("composio.execute_tool: tool slug must not be empty");
     }

As per coding guidelines, src/**/*.rs: "use log / tracing at debug or trace level for development-oriented diagnostics on new/changed flows, including logs at entry/exit points, branch decisions, external calls, retries/timeouts, state transitions, and error handling paths".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/composio/auth_retry.rs` around lines 57 - 60, The branch that
trims and rejects an empty tool slug currently bails silently; add a tracing
call before the bail so the rejection is grep-able and follows logging
guidelines: in the auth_retry.rs code where slug is trimmed into let tool =
slug.trim(); and before anyhow::bail!("composio.execute_tool: tool slug must not
be empty"); emit a trace or debug event (e.g., tracing::debug! or
tracing::trace!) with a clear tag like "[composio][auth_retry]" and include the
original slug (or its whitespace-only indication) to aid debugging, then proceed
to bail as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/openhuman/composio/auth_retry.rs`:
- Around line 57-60: The branch that trims and rejects an empty tool slug
currently bails silently; add a tracing call before the bail so the rejection is
grep-able and follows logging guidelines: in the auth_retry.rs code where slug
is trimmed into let tool = slug.trim(); and before
anyhow::bail!("composio.execute_tool: tool slug must not be empty"); emit a
trace or debug event (e.g., tracing::debug! or tracing::trace!) with a clear tag
like "[composio][auth_retry]" and include the original slug (or its
whitespace-only indication) to aid debugging, then proceed to bail as before.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 54bb7193-305a-4e5d-a508-207b047a655c

📥 Commits

Reviewing files that changed from the base of the PR and between a6def97 and f325a37.

📒 Files selected for processing (4)

• src/openhuman/composio/auth_retry.rs
• src/openhuman/composio/auth_retry_tests.rs
• src/openhuman/composio/client.rs
• src/openhuman/composio/client_tests.rs

💤 Files with no reviewable changes (1)

• src/openhuman/composio/auth_retry_tests.rs

[graycyrus]

Walkthrough

Clean consolidation that collapses two parallel auth-retry paths into one. auth_retry.rs now delegates to the client's execute_tool_with_post_oauth_retry instead of reimplementing first-call → check → sleep → retry. Net reduction of 31 lines while preserving all behavior. The substring-match widening in is_post_oauth_auth_readiness_error correctly absorbs the gateway-wrapper matching that auth_retry.rs was doing independently. Tests relocated and expanded — good.

Change Summary

File	Change type	Description
auth_retry.rs	Refactored	Removed standalone retry loop + RETRYABLE_AUTH_ERRORS constant; now validates input, constructs body, and delegates to client's retry method
auth_retry_tests.rs	Reduced	Removed unit tests for deleted is_retryable_auth_error; integration tests preserved
client.rs	Modified	execute_tool_with_post_oauth_retry widened to pub(super); is_post_oauth_auth_readiness_error changed from exact to substring match
client_tests.rs	Expanded	Added post_oauth_auth_readiness_error_matches_known_gateway_variants and rejection tests covering wrapped messages + successful-response edge case

Per-file analysis

auth_retry.rs

The rewrite correctly mirrors the body construction in execute_tool (line 166 of client.rs): trim → empty check → unwrap args → json!({ "tool", "arguments" }). The 8s backoff from RETRY_BACKOFF is passed through instead of the client's default 10s — intentional per issue #1688.

client.rs

pub(super) visibility is the right scope — only auth_retry.rs (same module) needs access. The exact→substring match change is safe: "connection error, try to authenticate" is specific enough that false positives are negligible, and it now handles the gateway wrapper text that was previously only caught by auth_retry.rs.

Tests

Coverage is equivalent or better. The new client_tests.rs tests cover case-insensitive matching, wrapped gateway messages, unrelated errors, and the successful: true edge case (should not retry). The mock-server integration tests in auth_retry_tests.rs are preserved.

Overall: well-scoped refactor, no concerns beyond a minor readability nit.