fix: validate model exists in Llama Stack before rlsapi_v1 inference

Add check_model_configured() call to the /infer handler so a
misconfigured default_model/default_provider gets a clear 404 instead
of an opaque 500 from the inference call. Matches the existing pattern
in responses.py.

Extract validation into _resolve_validated_model_id() to keep
infer_endpoint complexity at B(9).

Signed-off-by: Major Hayden <major@redhat.com>

Author: major

src/app/endpoints/rlsapi_v1.py

@@ -29,6 +29,7 @@
 from models.responses import (
     ForbiddenResponse,
     InternalServerErrorResponse,
+    NotFoundResponse,
     PromptTooLongResponse,
     QuotaExceededResponse,
     ServiceUnavailableResponse,
@@ -47,6 +48,7 @@
 from utils.quota import check_tokens_available
 from utils.responses import (
     build_turn_summary,
+    check_model_configured,
     extract_text_from_response_items,
     extract_token_usage,
     get_mcp_tools,
@@ -236,6 +238,28 @@ async def _get_default_model_id() -> str:
     return model.id
 
 
+async def _resolve_validated_model_id() -> str:
+    """Resolve and validate the default model against Llama Stack.
+
+    Combines model resolution with existence validation so callers get
+    either a known-good model ID or a clear 404 error.
+
+    Returns:
+        The validated model identifier string in "provider/model" format.
+
+    Raises:
+        HTTPException: 404 if the resolved model does not exist in Llama Stack.
+        HTTPException: 503 if Llama Stack is unreachable during resolution or validation.
+    """
+    model_id = await _get_default_model_id()
+    client = AsyncLlamaStackClientHolder().get_client()
+    if not await check_model_configured(client, model_id):
+        _, model_name = extract_provider_and_model_from_model_id(model_id)
+        error_response = NotFoundResponse(resource="model", resource_id=model_name)
+        raise HTTPException(**error_response.model_dump())
+    return model_id
+
+
 async def retrieve_simple_response(
     question: str,
     instructions: str,
@@ -668,7 +692,7 @@ async def infer_endpoint(  # pylint: disable=R0914
     if blocked_response is not None:
         return blocked_response
 
-    model_id = await _get_default_model_id()
+    model_id = await _resolve_validated_model_id()
     provider, model = extract_provider_and_model_from_model_id(model_id)
     mcp_tools: list[Any] = await get_mcp_tools(request_headers=request.headers)
 

tests/unit/app/endpoints/test_rlsapi_v1.py

@@ -146,6 +146,19 @@ def mock_shield_passed_fixture(mocker: MockerFixture) -> None:
     )
 
 
+@pytest.fixture(autouse=True, name="mock_model_configured")
+def mock_model_configured_fixture(mocker: MockerFixture) -> None:
+    """Mock model existence check to pass for all endpoint tests by default.
+
+    Individual tests can override this by patching check_model_configured
+    with a different return value.
+    """
+    mocker.patch(
+        "app.endpoints.rlsapi_v1.check_model_configured",
+        new=mocker.AsyncMock(return_value=True),
+    )
+
+
 @pytest.fixture(name="mock_api_connection_error")
 def mock_api_connection_error_fixture(mocker: MockerFixture) -> None:
     """Mock responses.create() to raise APIConnectionError."""
@@ -522,6 +535,35 @@ async def test_infer_endpoint_configuration_not_loaded(
     assert exc_info.value.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
 
 
+@pytest.mark.asyncio
+async def test_infer_model_not_found_returns_404(
+    mocker: MockerFixture,
+    mock_configuration: AppConfig,
+    mock_llm_response: None,
+    mock_auth_resolvers: None,
+    mock_request_factory: Callable[..., Any],
+    mock_background_tasks: Any,
+) -> None:
+    """Test /infer returns HTTP 404 when configured model does not exist in Llama Stack."""
+    mocker.patch(
+        "app.endpoints.rlsapi_v1.check_model_configured",
+        new=mocker.AsyncMock(return_value=False),
+    )
+
+    infer_request = RlsapiV1InferRequest(question="How do I list files?")
+    mock_request = mock_request_factory()
+
+    with pytest.raises(HTTPException) as exc_info:
+        await infer_endpoint(
+            infer_request=infer_request,
+            request=mock_request,
+            background_tasks=mock_background_tasks,
+            auth=MOCK_AUTH,
+        )
+    assert exc_info.value.status_code == status.HTTP_404_NOT_FOUND
+    assert "model" in str(exc_info.value.detail).lower()
+
+
 @pytest.mark.asyncio
 async def test_infer_minimal_request(
     mocker: MockerFixture,