test(2275): add 401-not-retried regression test (#178)

saurabhjain1592 · web-flow · commit 677890290ef1 · 2026-05-20T13:23:33.000+02:00
Locks in that HTTP 401 responses on /api/v1/audit/tool-call are terminal end-to-end through the WireMock HTTP path. Backstops getaxonflow/axonflow-enterprise#2275 where a customer's misconfigured deployment caused a tight 401 retry loop against community-saas (~30 401/hour from a single source IP). Java SDK is already safe: AxonFlow.handleErrorResponse maps 401 to AuthenticationException, and RetryExecutor.isRetryable returns false for AuthenticationException (src/main/java/com/getaxonflow/sdk/util/RetryExecutor.java:117-146). The existing RetryExecutorTest.shouldNotRetryOnAuthenticationException tests this at the exception-class level. This new test makes the contract explicit at the HTTP-status-code level for the specific endpoint named in #2275. Mutation-tested: removing AuthenticationException from the non-retryable list AND broadening the AxonFlowException retry check from `>= 500` to `>= 400` makes the test fail with `Expected exactly 1 requests matching the following pattern but received 3`, confirming the assertion isn't tautological. No code change; test-only. Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
diff --git a/src/test/java/com/getaxonflow/sdk/AuditToolCallTest.java b/src/test/java/com/getaxonflow/sdk/AuditToolCallTest.java
@@ -243,4 +243,34 @@ void responseToStringShouldIncludeKeyFields() {
     assertThat(str).contains("aud_1");
     assertThat(str).contains("recorded");
   }
+
+  // Regression test for getaxonflow/axonflow-enterprise#2275: 401 on
+  // /api/v1/audit/tool-call must be terminal — the SDK must NOT retry an
+  // auth failure, because retrying with the same invalid token just
+  // compounds the storm on the agent (716 × 401 / 24h observed from one
+  // source IP against community-saas on 2026-05-19).
+  //
+  // Java SDK is already safe: the orchestrator response handler maps 401
+  // to AuthenticationException (AxonFlow.java handleErrorResponse) and
+  // RetryExecutor.isRetryable returns false for AuthenticationException
+  // (RetryExecutor.java:119-122). This test locks in the contract
+  // end-to-end through the WireMock HTTP path, since the existing
+  // RetryExecutorTest.shouldNotRetryOnAuthenticationException is at the
+  // exception-class level rather than the HTTP-status-code level.
+  @Test
+  @DisplayName("401 must not be retried — issue #2275")
+  void shouldNotRetryOn401Issue2275() {
+    stubFor(
+        post(urlEqualTo("/api/v1/audit/tool-call"))
+            .willReturn(aResponse().withStatus(401).withBody("{\"error\":\"unauthorized\"}")));
+
+    AuditToolCallRequest request =
+        AuditToolCallRequest.builder().toolName("web_search").build();
+
+    assertThatThrownBy(() -> axonflow.auditToolCall(request))
+        .isInstanceOf(AxonFlowException.class);
+
+    // wiremock counts requests; exactly one means the SDK did NOT retry.
+    verify(1, postRequestedFor(urlEqualTo("/api/v1/audit/tool-call")));
+  }
 }
