From 986013b9b89f803be2f789210802bba284ee626d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=86=A0=E8=BE=B0?= <liguanchen@xiaomi.com>
Date: Sat, 23 May 2026 23:19:33 +0800
Subject: [PATCH 1/3] test(auth): cover upstream Composio 401 session guard

---
 .../services/__tests__/coreRpcClient.test.ts    |  5 +++++
 src/core/jsonrpc_tests.rs                       | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/app/src/services/__tests__/coreRpcClient.test.ts b/app/src/services/__tests__/coreRpcClient.test.ts
index 707c853d56..0b366f9028 100644
--- a/app/src/services/__tests__/coreRpcClient.test.ts
+++ b/app/src/services/__tests__/coreRpcClient.test.ts
@@ -685,6 +685,11 @@ describe('classifyRpcError', () => {
       undefined,
       'provider_auth',
     ],
+    [
+      '[composio] list_connections failed: Backend returned 500 Internal Server Error for GET https://api.tinyhumans.ai/agent-integrations/composio/connections: 401 {"error":{"message":"Invalid API key: ak_o1Og5*****","code":10401,"slug":"HTTP_Unauthorized","status":401}}',
+      undefined,
+      'provider_auth',
+    ],
     ['OpenAI API error (401 Unauthorized): invalid api key', undefined, 'provider_auth'],
     ['Anthropic API error (401 Unauthorized): auth error', undefined, 'provider_auth'],
     ['some random message', undefined, 'unknown'],
diff --git a/src/core/jsonrpc_tests.rs b/src/core/jsonrpc_tests.rs
index 866cbbe8f5..f1c5c5e37f 100644
--- a/src/core/jsonrpc_tests.rs
+++ b/src/core/jsonrpc_tests.rs
@@ -657,6 +657,23 @@ fn is_session_expired_error_does_not_match_byo_key_provider_401() {
     ));
 }
 
+#[test]
+fn is_session_expired_error_does_not_match_backend_wrapped_composio_invalid_api_key() {
+    // Issue #2537: the backend can return a 500 whose body wraps a Composio
+    // upstream 401. That is a scoped integration/service failure, not proof
+    // that the user's OpenHuman app session expired.
+    let msg = r#"[composio] list_connections failed: Backend returned 500 Internal Server Error for GET https://api.tinyhumans.ai/agent-integrations/composio/connections: 401 {"error":{"message":"Invalid API key: ak_o1Og5*****","code":10401,"slug":"HTTP_Unauthorized","status":401}}"#;
+
+    assert!(
+        !is_session_expired_error(msg),
+        "Composio upstream 401 wrapped by the backend must not publish SessionExpired"
+    );
+    assert!(
+        is_unconfirmed_unauthorized_error(msg),
+        "auth-looking upstream failures should still be logged diagnostically"
+    );
+}
+
 #[test]
 fn is_session_expired_error_does_not_match_invalid_token_case_insensitive() {
     // "invalid token" is no longer a session-expiry trigger (issue #2286):

From 837f9d4c6b40b5892c82a48065f3bcca2fe06193 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=86=A0=E8=BE=B0?= <liguanchen@xiaomi.com>
Date: Sat, 23 May 2026 23:56:06 +0800
Subject: [PATCH 2/3] chore(ci): rerun cancelled checks


From e52f06aedd634d37ef2d5cb4bdc3049bb63e3892 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=86=A0=E8=BE=B0?= <liguanchen@xiaomi.com>
Date: Sun, 24 May 2026 00:01:15 +0800
Subject: [PATCH 3/3] chore(ci): retry transient checklist job