fix(observability): classify embedding API 401 'Invalid token' as SessionExpired (TAURI-RUST-4K5 regression)

[sanil-23]

Summary

Fix the core::observability::tests::classifies_embedding_api_invalid_token_401_as_session_expired test that's been failing on every PR rebased onto current main.

Root cause

PR #2786 (commit 14ff92b2) introduced the is_embedding_backend_auth_failure matcher and the 4K5 wire-shape test, both targeting SessionExpired so the FE re-login prompt fires (alongside the 4P0 OpenHuman-backend variant).

PR #2830 (commit d578b57e, "demote expected-error Sentry buckets across embeddings, provider, memory-store, FS, and thinking-mode wire shapes") landed shortly after on a pre-#2786 base. Its merge:

• kept the is_embedding_backend_auth_failure matcher arm in expected_error_kind, but
• reverted the return value from Some(ExpectedErrorKind::SessionExpired) to Some(ExpectedErrorKind::BackendUserError), and
• the older classifies_embedding_backend_auth_failure test (also asserting BackendUserError) survived the merge unchanged, masking the regression in fix(observability): demote expected-error Sentry buckets across embeddings, provider, memory-store, FS, and thinking-mode wire shapes #2830's own CI.

The result: classifies_embedding_api_invalid_token_401_as_session_expired (added by #2786) panics on current main:

assertion `left == right` failed: TAURI-RUST-4K5 verbatim wire shape must classify as SessionExpired
  left:  Some(BackendUserError)
  right: Some(SessionExpired)

Verified reproducer: git checkout upstream/main && cargo test --lib core::observability::tests::classifies_embedding_api_invalid_token_401_as_session_expired fails.

What this PR changes

src/core/observability.rs only:

1. One-char classifier fix — flip the is_embedding_backend_auth_failure arm's return from BackendUserError back to SessionExpired, the intent introduced by fix(observability): classify OpenHuman/Embedding/streaming backend 'Invalid token' 401 as SessionExpired (TAURI-RUST-4P0 + 4K5 + 1EE) #2786.
2. Reconcile the older test — classifies_embedding_backend_auth_failure (TAURI-RUST-T) was asserting the pre-fix(observability): classify OpenHuman/Embedding/streaming backend 'Invalid token' 401 as SessionExpired (TAURI-RUST-4P0 + 4K5 + 1EE) #2786 behavior. Update it to expect SessionExpired, matching the design contract. Updated the doc-comment to cross-reference fix(observability): classify OpenHuman/Embedding/streaming backend 'Invalid token' 401 as SessionExpired (TAURI-RUST-4P0 + 4K5 + 1EE) #2786 and the companion 4K5 test.

Both tests share the same wire shapes (Embedding API error 401 Unauthorized: and Embedding API error (401 Unauthorized): + "error":"Invalid token"); now they classify consistently.

Impact

Unblocks every PR rebasing onto current main. Confirmed downstream:

• feat(intelligence): add architecture diagram viewer #2687, feat(tool_policy): diagnostics RPC and Developer Options panel #2715, Add generated tool provenance and admission checks #2549 — all in this session's shepherd queue, all inheriting this failure on their post-fix(observability): classify RPC filesystem path validation errors as expected (Sentry TAURI-RUST-4QH) #2795 heads.

Test plan

• All 121 core::observability::tests::* pass locally (121 passed; 0 failed).
• No other tests affected — the change only flips the kind returned for a wire shape that two tests already pin to a single expected value.
• CI green on this PR before merge.

🤖 Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@sanil-23, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 22 minutes and 53 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7e6d2da1-a40e-4463-af5f-3d2ec9a016c5

📥 Commits

Reviewing files that changed from the base of the PR and between e83bfd6 and 3b95e1a.

📒 Files selected for processing (1)

• src/core/observability.rs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[graycyrus]

@sanil-23 hey! the code looks good to me — clean regression fix with the right behavior restored. CI is still pending, so i'll hold off on approving until those are green. once everything passes, i'll come back and approve this. let me know if you need anything in the meantime.

---

What this fixes: The merge of #2830 onto a pre-#2786 base silently reverted is_embedding_backend_auth_failure from SessionExpired back to BackendUserError, breaking the 4K5 wire-shape test added by #2786. This PR restores the correct classification and reconciles the older test to match the established contract.

Diff: One classifier flip in expected_error_kind + one test update. Both tests now consistently assert SessionExpired for the 401/"Invalid token" wire shapes. The change is minimal, targeted, and well-documented.