fix(examples): pin poms to 8.5.1; fail loud on tenant mismatch [skip-runtime-e2e]#196
Open
saurabhjain1592 wants to merge 2 commits into
Open
fix(examples): pin poms to 8.5.1; fail loud on tenant mismatch [skip-runtime-e2e]#196saurabhjain1592 wants to merge 2 commits into
saurabhjain1592 wants to merge 2 commits into
Conversation
Release-gate smoke against a live enterprise stack (v9.6.1, epic #2861)
surfaced two example-level issues:
- Example poms pinned stale SDK versions (basic at 6.1.0, the rest at
8.5.0), so smoke runs resolved remote Maven artifacts instead of the
locally built 8.5.1 under test. Pin all four to 8.5.1.
- basic swallowed a 403 tenant-mismatch rejection as a policy block and
exited 0: the agent's error body carries a literal "blocked":false
key, which trips the SDK's handleErrorResponse body.contains("blocked")
heuristic and misclassifies the 403 as PolicyViolationException. Until
the library fix ships, the example treats a Tenant mismatch message as
the auth failure it is and exits 1 with a pointer to the
AXONFLOW_CLIENT_ID/user-token tenant pairing requirement.
Verified against the live stack: all four examples exit 0 with real
LLM round-trips, and basic exits 1 on a deliberately mismatched
client-id/token pairing.
Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
No-diff commit: the DoD workflow only runs on opened/synchronize/reopened, so the [skip-runtime-e2e] title + justification body edit needs a fresh synchronize event to be evaluated against the updated payload. Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #194 (merged mid-smoke) from the release-readiness gate for getaxonflow/axonflow-enterprise#2861 — Java SDK examples smoke-tested against a live enterprise stack (platform v9.6.1).
What
basicpinned 6.1.0 and the other three pinned 8.5.0, so smoke runs resolved remote Maven artifacts instead of the locally built 8.5.1 under test.basic: fail loud on tenant-mismatch 403. The agent's 403 error body carries a literal"blocked":falsekey, which trips the SDK'shandleErrorResponsebody.contains("blocked")heuristic and misclassifies the auth rejection asPolicyViolationException— the example then printedBlocked by policy: Tenant mismatchand exited 0 (same swallowed-auth class fix(examples): basic reads AXONFLOW_USER_TOKEN; async parity e2e #194 fixed for 401s). Until the library heuristic is fixed, the example treats aTenant mismatchmessage as an auth failure and exits 1 with a pointer to the client-id/user-token tenant pairing requirement.Library follow-up (not in this PR — examples-only)
AxonFlow.handleErrorResponseshould only map a 403 toPolicyViolationExceptionwhen the body actually signals a block (e.g."blocked":true), not on a bareblockedsubstring that matches every error envelope.Testing (live stack, v9.6.1 enterprise)
basic,explain-decision,list-decisions,wcp-retry-idempotency) exit 0 with meaningful output under the stack's canonical tenant identity, including a real LLM round-trip, a stacked-SQLisys_sqli_stacked_dropblock explained end-to-end, and the full WCP retry/idempotency assertion suite.basicrun with a client id that does not match the user token's tenant now exits 1 withproxyLLMCall failed (auth): ... Tenant mismatch.Skip-runtime-e2e justification
Examples-only change — no
src/mainlibrary code or SDK runtime surface is touched (4 example pom version pins + one example error-handling branch). The examples themselves were exercised end-to-end against a live enterprise stack (platform v9.6.1): all four exit 0 with a real LLM round-trip, a stacked-SQLisys_sqli_stacked_dropblock explained via the decisions API, and the full WCP retry/idempotency assertion suite; a negative run provesbasicnow exits 1 on a tenant-mismatched client-id/user-token pairing. The SDK surface these examples call is already covered by runtime-e2e (incl. the async verdict-parity leg added in #194).