* feat: Provider-agnostic error handling for Issue #362
Implements generic error handling that works for OpenAI, Google AI,
Anthropic, and other LLM providers to prevent silent failures.
Essential files only:
1. Provider error adapters (new) - handles any LLM provider
2. Backend API key validation - detects invalid keys before operations
3. Frontend error handler - provider-aware error messages
4. Updated hooks - uses generic error handling
Core functionality:
✅ Validates API keys before expensive operations (crawl, upload, refresh)
✅ Shows clear provider-specific error messages
✅ Works with OpenAI: 'Please verify your OpenAI API key in Settings'
✅ Works with Google: 'Please verify your Google API key in Settings'
✅ Prevents 90-minute debugging sessions from Issue #362
No unnecessary changes - only essential error handling logic.
Fixes#362
* fix: Enhance API key validation with detailed logging and error handling
- Add comprehensive logging to trace validation flow
- Ensure validation actually blocks operations on authentication failures
- Improve error detection to catch wrapped OpenAI errors
- Fail fast on any validation errors to prevent wasted operations
This should ensure invalid API keys are caught before crawl starts,
not during embedding processing after documents are crawled.
* fix: Simplify API key validation to always fail on exceptions
- Remove complex provider adapter imports that cause module issues
- Simplified validation that fails fast on any embedding creation error
- Enhanced logging to trace exactly what's happening
- Always block operations when API key validation fails
This ensures invalid API keys are caught immediately before
crawl operations start, preventing silent failures.
* fix: Add API key validation to refresh and upload endpoints
The validation was only added to new crawl endpoint but missing from:
- Knowledge item refresh endpoint (/knowledge-items/{source_id}/refresh)
- Document upload endpoint (/documents/upload)
Now all three endpoints that create embeddings will validate API keys
before starting operations, preventing silent failures on refresh/upload.
* security: Implement core security fixes from CodeRabbit review
Enhanced sanitization and provider detection based on CodeRabbit feedback:
✅ Comprehensive regex patterns for all provider API keys
- OpenAI: sk-[a-zA-Z0-9]{48} with case-insensitive matching
- Google AI: AIza[a-zA-Z0-9_-]{35} with flexible matching
- Anthropic: sk-ant-[a-zA-Z0-9_-]{10,} with variable length
✅ Enhanced provider detection with multiple patterns
- Case-insensitive keyword matching (openai, google, anthropic)
- Regex-based API key detection for reliable identification
- Additional keywords (gpt, claude, vertex, googleapis)
✅ Improved sanitization patterns
- Provider-specific URL sanitization (openai.com, googleapis.com, anthropic.com)
- Organization and project ID redaction
- OAuth token and bearer token sanitization
- Sensitive keyword detection and generic fallback
✅ Sanitized error logging
- All error messages sanitized before logging
- Prevents sensitive data exposure in backend logs
- Maintains debugging capability with redacted information
Core security improvements while maintaining simplicity for beta deployment.
* fix: Replace ad-hoc error sanitization with centralized ProviderErrorFactory
- Remove local _sanitize_provider_error implementation with inline regex patterns
- Add ProviderErrorFactory import from embeddings.provider_error_adapters
- Update _validate_provider_api_key calls to pass correct active embedding provider
- Replace sanitization call with ProviderErrorFactory.sanitize_provider_error()
- Eliminate duplicate logic and fixed-length key assumptions
- Ensure provider-specific, configurable sanitization patterns are used consistently
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: Remove accidentally committed PRP file
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: address code review feedback
- Add barrel export for providerErrorHandler in utils/index.ts
- Change TypeScript typing from 'any' to 'unknown' for strict type safety
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Rasmus Widing <rasmus.widing@gmail.com>
9f2d70ae0e