fix: set retryable=False for message-based auth errors in _classify_by_message() (#7027)

Auth errors matched by message pattern were incorrectly marked retryable=True, causing futile retry loops. Aligns with _classify_by_status() which already sets retryable=False for 401/403. Fixes #7026. Contributed by @kuishou68.
2026-04-10 17:48:45 +08:00
parent a7588830d4
commit 45034b746f
1 changed files with 5 additions and 1 deletions
--- a/agent/error_classifier.py
+++ b/agent/error_classifier.py
@@ -725,10 +725,14 @@ def _classify_by_message(
        )

    # Auth patterns
+    # Auth errors should NOT be retried directly — the credential is invalid and
+    # retrying with the same key will always fail.  Set retryable=False so the
+    # caller triggers credential rotation (should_rotate_credential=True) or
+    # provider fallback rather than an immediate retry loop.
    if any(p in error_msg for p in _AUTH_PATTERNS):
        return result_fn(
            FailoverReason.auth,
-            retryable=True,
+            retryable=False,
            should_rotate_credential=True,
        )