openclaw/src/agents/auth-profiles.markauthprofilefailure.test.ts

import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { describe, expect, it } from "vitest";
import {
  calculateAuthProfileCooldownMs,
  ensureAuthProfileStore,
  markAuthProfileFailure,
} from "./auth-profiles.js";

type AuthProfileStore = ReturnType<typeof ensureAuthProfileStore>;

async function withAuthProfileStore(
  fn: (ctx: { agentDir: string; store: AuthProfileStore }) => Promise<void>,
): Promise<void> {
  const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));
  try {
    const authPath = path.join(agentDir, "auth-profiles.json");
    fs.writeFileSync(
      authPath,
      JSON.stringify({
        version: 1,
        profiles: {
          "anthropic:default": {
            type: "api_key",
            provider: "anthropic",
            key: "sk-default",
          },
          "openrouter:default": {
            type: "api_key",
            provider: "openrouter",
            key: "sk-or-default",
          },
        },
      }),
    );

    const store = ensureAuthProfileStore(agentDir);
    await fn({ agentDir, store });
  } finally {
    fs.rmSync(agentDir, { recursive: true, force: true });
  }
}

function expectCooldownInRange(remainingMs: number, minMs: number, maxMs: number): void {
  expect(remainingMs).toBeGreaterThan(minMs);
  expect(remainingMs).toBeLessThan(maxMs);
}

describe("markAuthProfileFailure", () => {
  it("disables billing failures for ~5 hours by default", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      const startedAt = Date.now();
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "billing",
        agentDir,
      });

      const disabledUntil = store.usageStats?.["anthropic:default"]?.disabledUntil;
      expect(typeof disabledUntil).toBe("number");
      const remainingMs = (disabledUntil as number) - startedAt;
      expectCooldownInRange(remainingMs, 4.5 * 60 * 60 * 1000, 5.5 * 60 * 60 * 1000);
    });
  });
  it("honors per-provider billing backoff overrides", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      const startedAt = Date.now();
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "billing",
        agentDir,
        cfg: {
          auth: {
            cooldowns: {
              billingBackoffHoursByProvider: { Anthropic: 1 },
              billingMaxHours: 2,
            },
          },
        } as never,
      });

      const disabledUntil = store.usageStats?.["anthropic:default"]?.disabledUntil;
      expect(typeof disabledUntil).toBe("number");
      const remainingMs = (disabledUntil as number) - startedAt;
      expectCooldownInRange(remainingMs, 0.8 * 60 * 60 * 1000, 1.2 * 60 * 60 * 1000);
    });
  });
  it("keeps persisted cooldownUntil unchanged across mid-window retries", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "rate_limit",
        agentDir,
      });

      const firstCooldownUntil = store.usageStats?.["anthropic:default"]?.cooldownUntil;
      expect(typeof firstCooldownUntil).toBe("number");

      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "rate_limit",
        agentDir,
      });

      const secondCooldownUntil = store.usageStats?.["anthropic:default"]?.cooldownUntil;
      expect(secondCooldownUntil).toBe(firstCooldownUntil);

      const reloaded = ensureAuthProfileStore(agentDir);
      expect(reloaded.usageStats?.["anthropic:default"]?.cooldownUntil).toBe(firstCooldownUntil);
    });
  });
  it("records overloaded failures in the cooldown bucket", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "overloaded",
        agentDir,
      });

      const stats = store.usageStats?.["anthropic:default"];
      expect(typeof stats?.cooldownUntil).toBe("number");
      expect(stats?.disabledUntil).toBeUndefined();
      expect(stats?.disabledReason).toBeUndefined();
      expect(stats?.failureCounts?.overloaded).toBe(1);
    });
  });
  it("disables auth_permanent failures via disabledUntil (like billing)", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "auth_permanent",
        agentDir,
      });

      const stats = store.usageStats?.["anthropic:default"];
      expect(typeof stats?.disabledUntil).toBe("number");
      expect(stats?.disabledReason).toBe("auth_permanent");
      // Should NOT set cooldownUntil (that's for transient errors)
      expect(stats?.cooldownUntil).toBeUndefined();
    });
  });
  it("resets backoff counters outside the failure window", async () => {
    const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));
    try {
      const authPath = path.join(agentDir, "auth-profiles.json");
      const now = Date.now();
      fs.writeFileSync(
        authPath,
        JSON.stringify({
          version: 1,
          profiles: {
            "anthropic:default": {
              type: "api_key",
              provider: "anthropic",
              key: "sk-default",
            },
          },
          usageStats: {
            "anthropic:default": {
              errorCount: 9,
              failureCounts: { billing: 3 },
              lastFailureAt: now - 48 * 60 * 60 * 1000,
            },
          },
        }),
      );

      const store = ensureAuthProfileStore(agentDir);
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "billing",
        agentDir,
        cfg: {
          auth: { cooldowns: { failureWindowHours: 24 } },
        } as never,
      });

      expect(store.usageStats?.["anthropic:default"]?.errorCount).toBe(1);
      expect(store.usageStats?.["anthropic:default"]?.failureCounts?.billing).toBe(1);
    } finally {
      fs.rmSync(agentDir, { recursive: true, force: true });
    }
  });

  it("resets error count when previous cooldown has expired to prevent escalation", async () => {
    const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));
    try {
      const authPath = path.join(agentDir, "auth-profiles.json");
      const now = Date.now();
      // Simulate state left on disk after 3 rapid failures within a 1-min cooldown
      // window. The cooldown has since expired, but clearExpiredCooldowns() only
      // ran in-memory and never persisted — so disk still carries errorCount: 3.
      fs.writeFileSync(
        authPath,
        JSON.stringify({
          version: 1,
          profiles: {
            "anthropic:default": {
              type: "api_key",
              provider: "anthropic",
              key: "sk-default",
            },
          },
          usageStats: {
            "anthropic:default": {
              errorCount: 3,
              failureCounts: { rate_limit: 3 },
              lastFailureAt: now - 120_000, // 2 minutes ago
              cooldownUntil: now - 60_000, // expired 1 minute ago
            },
          },
        }),
      );

      const store = ensureAuthProfileStore(agentDir);
      await markAuthProfileFailure({
        store,
        profileId: "anthropic:default",
        reason: "rate_limit",
        agentDir,
      });

      const stats = store.usageStats?.["anthropic:default"];
      // Error count should reset to 1 (not escalate to 4) because the
      // previous cooldown expired. Cooldown should be ~1 min, not ~60 min.
      expect(stats?.errorCount).toBe(1);
      expect(stats?.failureCounts?.rate_limit).toBe(1);
      const cooldownMs = (stats?.cooldownUntil ?? 0) - now;
      // calculateAuthProfileCooldownMs(1) = 60_000 (1 minute)
      expect(cooldownMs).toBeLessThan(120_000);
      expect(cooldownMs).toBeGreaterThan(0);
    } finally {
      fs.rmSync(agentDir, { recursive: true, force: true });
    }
  });

  it("does not persist cooldown windows for OpenRouter profiles", async () => {
    await withAuthProfileStore(async ({ agentDir, store }) => {
      await markAuthProfileFailure({
        store,
        profileId: "openrouter:default",
        reason: "rate_limit",
        agentDir,
      });

      await markAuthProfileFailure({
        store,
        profileId: "openrouter:default",
        reason: "billing",
        agentDir,
      });

      expect(store.usageStats?.["openrouter:default"]).toBeUndefined();

      const reloaded = ensureAuthProfileStore(agentDir);
      expect(reloaded.usageStats?.["openrouter:default"]).toBeUndefined();
    });
  });
});

describe("calculateAuthProfileCooldownMs", () => {
  it("applies exponential backoff with a 1h cap", () => {
    expect(calculateAuthProfileCooldownMs(1)).toBe(60_000);
    expect(calculateAuthProfileCooldownMs(2)).toBe(5 * 60_000);
    expect(calculateAuthProfileCooldownMs(3)).toBe(25 * 60_000);
    expect(calculateAuthProfileCooldownMs(4)).toBe(60 * 60_000);
    expect(calculateAuthProfileCooldownMs(5)).toBe(60 * 60_000);
  });
});
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`import fs from "node:fs";`
			`import os from "node:os";`
			`import path from "node:path";`
			`import { describe, expect, it } from "vitest";`
perf(test): consolidate auth/pty/health mini suites 2026-02-16 01:12:21 +00:00			`import {`
			`calculateAuthProfileCooldownMs,`
			`ensureAuthProfileStore,`
			`markAuthProfileFailure,`
			`} from "./auth-profiles.js";`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`type AuthProfileStore = ReturnType<typeof ensureAuthProfileStore>;`

			`async function withAuthProfileStore(`
			`fn: (ctx: { agentDir: string; store: AuthProfileStore }) => Promise<void>,`
			`): Promise<void> {`
			`const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));`
			`try {`
			`const authPath = path.join(agentDir, "auth-profiles.json");`
			`fs.writeFileSync(`
			`authPath,`
			`JSON.stringify({`
			`version: 1,`
			`profiles: {`
			`"anthropic:default": {`
			`type: "api_key",`
			`provider: "anthropic",`
			`key: "sk-default",`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`},`
Tests: skip OpenRouter failure cooldown persistence 2026-02-24 18:45:53 -05:00			`"openrouter:default": {`
			`type: "api_key",`
			`provider: "openrouter",`
			`key: "sk-or-default",`
			`},`
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`},`
			`}),`
			`);`

			`const store = ensureAuthProfileStore(agentDir);`
			`await fn({ agentDir, store });`
			`} finally {`
			`fs.rmSync(agentDir, { recursive: true, force: true });`
			`}`
			`}`

			`function expectCooldownInRange(remainingMs: number, minMs: number, maxMs: number): void {`
			`expect(remainingMs).toBeGreaterThan(minMs);`
			`expect(remainingMs).toBeLessThan(maxMs);`
			`}`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`describe("markAuthProfileFailure", () => {`
			`it("disables billing failures for ~5 hours by default", async () => {`
			`await withAuthProfileStore(async ({ agentDir, store }) => {`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`const startedAt = Date.now();`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "billing",`
			`agentDir,`
			`});`

chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com> 2026-01-14 14:31:43 +00:00			`const disabledUntil = store.usageStats?.["anthropic:default"]?.disabledUntil;`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`expect(typeof disabledUntil).toBe("number");`
			`const remainingMs = (disabledUntil as number) - startedAt;`
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`expectCooldownInRange(remainingMs, 4.5 * 60 * 60 * 1000, 5.5 * 60 * 60 * 1000);`
			`});`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`});`
			`it("honors per-provider billing backoff overrides", async () => {`
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`await withAuthProfileStore(async ({ agentDir, store }) => {`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`const startedAt = Date.now();`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "billing",`
			`agentDir,`
			`cfg: {`
			`auth: {`
			`cooldowns: {`
			`billingBackoffHoursByProvider: { Anthropic: 1 },`
			`billingMaxHours: 2,`
			`},`
			`},`
			`} as never,`
			`});`

chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com> 2026-01-14 14:31:43 +00:00			`const disabledUntil = store.usageStats?.["anthropic:default"]?.disabledUntil;`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`expect(typeof disabledUntil).toBe("number");`
			`const remainingMs = (disabledUntil as number) - startedAt;`
refactor(agent): dedupe harness and command workflows 2026-02-16 14:52:09 +00:00			`expectCooldownInRange(remainingMs, 0.8 * 60 * 60 * 1000, 1.2 * 60 * 60 * 1000);`
			`});`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`});`
refactor(auth-profiles): centralize active-window logic + strengthen regression coverage 2026-02-22 13:22:55 +01:00			`it("keeps persisted cooldownUntil unchanged across mid-window retries", async () => {`
			`await withAuthProfileStore(async ({ agentDir, store }) => {`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "rate_limit",`
			`agentDir,`
			`});`

			`const firstCooldownUntil = store.usageStats?.["anthropic:default"]?.cooldownUntil;`
			`expect(typeof firstCooldownUntil).toBe("number");`

			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "rate_limit",`
			`agentDir,`
			`});`

			`const secondCooldownUntil = store.usageStats?.["anthropic:default"]?.cooldownUntil;`
			`expect(secondCooldownUntil).toBe(firstCooldownUntil);`

			`const reloaded = ensureAuthProfileStore(agentDir);`
			`expect(reloaded.usageStats?.["anthropic:default"]?.cooldownUntil).toBe(firstCooldownUntil);`
			`});`
			`});`
fix(agents): handle overloaded failover separately (#38301) * fix(agents): skip auth-profile failure on overload * fix(agents): note overload auth-profile fallback fix * fix(agents): classify overloaded failures separately * fix(agents): back off before overload failover * fix(agents): tighten overload probe and backoff state * fix(agents): persist overloaded cooldown across runs * fix(agents): tighten overloaded status handling * test(agents): add overload regression coverage * fix(agents): restore runner imports after rebase * test(agents): add overload fallback integration coverage * fix(agents): harden overloaded failover abort handling * test(agents): tighten overload classifier coverage * test(agents): cover all-overloaded fallback exhaustion * fix(cron): retry overloaded fallback summaries * fix(cron): treat HTTP 529 as overloaded retry 2026-03-07 01:42:11 +03:00			`it("records overloaded failures in the cooldown bucket", async () => {`
			`await withAuthProfileStore(async ({ agentDir, store }) => {`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "overloaded",`
			`agentDir,`
			`});`

			`const stats = store.usageStats?.["anthropic:default"];`
			`expect(typeof stats?.cooldownUntil).toBe("number");`
			`expect(stats?.disabledUntil).toBeUndefined();`
			`expect(stats?.disabledReason).toBeUndefined();`
			`expect(stats?.failureCounts?.overloaded).toBe(1);`
			`});`
			`});`
fix(auth): distinguish revoked API keys from transient auth errors (#25754) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8f9c07a200644284e11adae76368adab40c5fa4e Co-authored-by: rrenamed <87486610+rrenamed@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras 2026-02-26 02:47:16 +02:00			`it("disables auth_permanent failures via disabledUntil (like billing)", async () => {`
			`await withAuthProfileStore(async ({ agentDir, store }) => {`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "auth_permanent",`
			`agentDir,`
			`});`

			`const stats = store.usageStats?.["anthropic:default"];`
			`expect(typeof stats?.disabledUntil).toBe("number");`
			`expect(stats?.disabledReason).toBe("auth_permanent");`
			`// Should NOT set cooldownUntil (that's for transient errors)`
			`expect(stats?.cooldownUntil).toBeUndefined();`
			`});`
			`});`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`it("resets backoff counters outside the failure window", async () => {`
refactor: rename to openclaw 2026-01-30 03:15:10 +01:00			`const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`try {`
			`const authPath = path.join(agentDir, "auth-profiles.json");`
			`const now = Date.now();`
			`fs.writeFileSync(`
			`authPath,`
			`JSON.stringify({`
			`version: 1,`
			`profiles: {`
			`"anthropic:default": {`
			`type: "api_key",`
			`provider: "anthropic",`
			`key: "sk-default",`
			`},`
			`},`
			`usageStats: {`
			`"anthropic:default": {`
			`errorCount: 9,`
			`failureCounts: { billing: 3 },`
			`lastFailureAt: now - 48 * 60 * 60 * 1000,`
			`},`
			`},`
			`}),`
			`);`

			`const store = ensureAuthProfileStore(agentDir);`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "billing",`
			`agentDir,`
			`cfg: {`
			`auth: { cooldowns: { failureWindowHours: 24 } },`
			`} as never,`
			`});`

			`expect(store.usageStats?.["anthropic:default"]?.errorCount).toBe(1);`
chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com> 2026-01-14 14:31:43 +00:00			`expect(store.usageStats?.["anthropic:default"]?.failureCounts?.billing).toBe(1);`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`} finally {`
			`fs.rmSync(agentDir, { recursive: true, force: true });`
			`}`
			`});`
Tests: skip OpenRouter failure cooldown persistence 2026-02-24 18:45:53 -05:00
fix(auth): reset cooldown error counters on expiry to prevent infinite escalation (#41028) Merged via squash. Prepared head SHA: 89bd83f09a141f68c0cd715a3652559ad04be7c6 Co-authored-by: zerone0x <39543393+zerone0x@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf 2026-03-10 04:40:11 +08:00			`it("resets error count when previous cooldown has expired to prevent escalation", async () => {`
			`const agentDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-auth-"));`
			`try {`
			`const authPath = path.join(agentDir, "auth-profiles.json");`
			`const now = Date.now();`
			`// Simulate state left on disk after 3 rapid failures within a 1-min cooldown`
			`// window. The cooldown has since expired, but clearExpiredCooldowns() only`
			`// ran in-memory and never persisted — so disk still carries errorCount: 3.`
			`fs.writeFileSync(`
			`authPath,`
			`JSON.stringify({`
			`version: 1,`
			`profiles: {`
			`"anthropic:default": {`
			`type: "api_key",`
			`provider: "anthropic",`
			`key: "sk-default",`
			`},`
			`},`
			`usageStats: {`
			`"anthropic:default": {`
			`errorCount: 3,`
			`failureCounts: { rate_limit: 3 },`
			`lastFailureAt: now - 120_000, // 2 minutes ago`
			`cooldownUntil: now - 60_000, // expired 1 minute ago`
			`},`
			`},`
			`}),`
			`);`

			`const store = ensureAuthProfileStore(agentDir);`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "anthropic:default",`
			`reason: "rate_limit",`
			`agentDir,`
			`});`

			`const stats = store.usageStats?.["anthropic:default"];`
			`// Error count should reset to 1 (not escalate to 4) because the`
			`// previous cooldown expired. Cooldown should be ~1 min, not ~60 min.`
			`expect(stats?.errorCount).toBe(1);`
			`expect(stats?.failureCounts?.rate_limit).toBe(1);`
			`const cooldownMs = (stats?.cooldownUntil ?? 0) - now;`
			`// calculateAuthProfileCooldownMs(1) = 60_000 (1 minute)`
			`expect(cooldownMs).toBeLessThan(120_000);`
			`expect(cooldownMs).toBeGreaterThan(0);`
			`} finally {`
			`fs.rmSync(agentDir, { recursive: true, force: true });`
			`}`
			`});`

Tests: skip OpenRouter failure cooldown persistence 2026-02-24 18:45:53 -05:00			`it("does not persist cooldown windows for OpenRouter profiles", async () => {`
			`await withAuthProfileStore(async ({ agentDir, store }) => {`
			`await markAuthProfileFailure({`
			`store,`
			`profileId: "openrouter:default",`
			`reason: "rate_limit",`
			`agentDir,`
			`});`

			`await markAuthProfileFailure({`
			`store,`
			`profileId: "openrouter:default",`
			`reason: "billing",`
			`agentDir,`
			`});`

			`expect(store.usageStats?.["openrouter:default"]).toBeUndefined();`

			`const reloaded = ensureAuthProfileStore(agentDir);`
			`expect(reloaded.usageStats?.["openrouter:default"]).toBeUndefined();`
			`});`
			`});`
refactor(src): split oversized modules 2026-01-14 01:08:15 +00:00			`});`
perf(test): consolidate auth/pty/health mini suites 2026-02-16 01:12:21 +00:00
			`describe("calculateAuthProfileCooldownMs", () => {`
			`it("applies exponential backoff with a 1h cap", () => {`
			`expect(calculateAuthProfileCooldownMs(1)).toBe(60_000);`
			`expect(calculateAuthProfileCooldownMs(2)).toBe(5 * 60_000);`
			`expect(calculateAuthProfileCooldownMs(3)).toBe(25 * 60_000);`
			`expect(calculateAuthProfileCooldownMs(4)).toBe(60 * 60_000);`
			`expect(calculateAuthProfileCooldownMs(5)).toBe(60 * 60_000);`
			`});`
			`});`