Merge pull request #1 from hex-ci/devin/1780630050-retry-unexpected-eof

Retry upstream "unexpected EOF" errors instead of returning them to the client

Author: hex-ci

sdk/cliproxy/auth/conductor.go

@@ -2319,6 +2319,16 @@ func (m *Manager) shouldRetryAfterError(err error, attempt int, providers []stri
 	if isRequestInvalidError(err) {
 		return 0, false
 	}
+	// Treat transient upstream stream interruptions (e.g. "unexpected EOF")
+	// like a normal retryable API error instead of surfacing them to the
+	// client. These carry no HTTP status, so they would otherwise fall through
+	// the 429-only retry path below and abort the request.
+	if isUnexpectedEOFError(err) {
+		if !m.retryAllowed(attempt, providers) {
+			return 0, false
+		}
+		return 0, true
+	}
 	wait, found := m.closestCooldownWait(providers, model, attempt)
 	if found {
 		if wait > maxWait {
@@ -2705,6 +2715,20 @@ func errorString(err error) string {
 	return err.Error()
 }
 
+// isUnexpectedEOFError reports whether err represents an "unexpected EOF"
+// surfaced when an upstream connection or stream is cut off mid-response.
+// These are transient connection failures rather than genuine API errors, so
+// callers should retry them instead of returning them to the client.
+func isUnexpectedEOFError(err error) bool {
+	if err == nil {
+		return false
+	}
+	if errors.Is(err, io.ErrUnexpectedEOF) {
+		return true
+	}
+	return strings.Contains(strings.ToLower(err.Error()), "unexpected eof")
+}
+
 func statusCodeFromError(err error) int {
 	if err == nil {
 		return 0

sdk/cliproxy/auth/conductor_overrides_test.go

@@ -2,6 +2,8 @@ package auth
 
 import (
 	"context"
+	"fmt"
+	"io"
 	"net/http"
 	"sync"
 	"testing"
@@ -108,6 +110,55 @@ func TestManager_ShouldRetryAfterError_UsesOAuthModelAliasForCooldown(t *testing
 	}
 }
 
+func TestManager_ShouldRetryAfterError_RetriesUnexpectedEOF(t *testing.T) {
+	m := NewManager(nil, nil, nil)
+	m.SetRetryConfig(3, 30*time.Second, 0)
+
+	model := "test-model"
+	auth := &Auth{ID: "auth-1", Provider: "claude"}
+	if _, errRegister := m.Register(context.Background(), auth); errRegister != nil {
+		t.Fatalf("register auth: %v", errRegister)
+	}
+
+	_, _, maxWait := m.retrySettings()
+
+	// A statusless "unexpected EOF" error (as produced by a truncated upstream
+	// stream) must be retried immediately rather than surfaced to the client.
+	wait, shouldRetry := m.shouldRetryAfterError(&Error{Message: "unexpected EOF"}, 0, []string{"claude"}, model, maxWait)
+	if !shouldRetry {
+		t.Fatalf("expected shouldRetry=true for unexpected EOF, got false")
+	}
+	if wait != 0 {
+		t.Fatalf("expected immediate retry (wait=0), got %v", wait)
+	}
+
+	// io.ErrUnexpectedEOF (possibly wrapped) is detected as well.
+	wrapped := fmt.Errorf("read stream: %w", io.ErrUnexpectedEOF)
+	if _, shouldRetry = m.shouldRetryAfterError(wrapped, 0, []string{"claude"}, model, maxWait); !shouldRetry {
+		t.Fatalf("expected shouldRetry=true for wrapped io.ErrUnexpectedEOF, got false")
+	}
+
+	// Retries stop once the configured request-retry count is exhausted.
+	if _, shouldRetry = m.shouldRetryAfterError(&Error{Message: "unexpected EOF"}, 3, []string{"claude"}, model, maxWait); shouldRetry {
+		t.Fatalf("expected shouldRetry=false on attempt=3 for request_retry=3, got true")
+	}
+}
+
+func TestManager_ShouldRetryAfterError_UnexpectedEOFRespectsRetryDisabled(t *testing.T) {
+	m := NewManager(nil, nil, nil)
+	m.SetRetryConfig(0, 30*time.Second, 0)
+
+	auth := &Auth{ID: "auth-1", Provider: "claude"}
+	if _, errRegister := m.Register(context.Background(), auth); errRegister != nil {
+		t.Fatalf("register auth: %v", errRegister)
+	}
+
+	_, _, maxWait := m.retrySettings()
+	if _, shouldRetry := m.shouldRetryAfterError(&Error{Message: "unexpected EOF"}, 0, []string{"claude"}, "test-model", maxWait); shouldRetry {
+		t.Fatalf("expected shouldRetry=false when request-retry=0, got true")
+	}
+}
+
 type credentialRetryLimitExecutor struct {
 	id string