Handle 403 and 429 from /api/ai/triage in the UI#18
Merged
Conversation
Backend PR #13 made /api/ai/triage admin/operator-only (403 for readonly and per-VPS agent keys), and PR #16 added a per-user LLM rate limit (429 with Retry-After). The web UI silently routed both into a generic red "Request failed" banner and still rendered the "Ask AI" button on the VPS detail page for every authenticated role. VpsDetail: gate the "Ask AI" button behind canMutate (admin|operator), matching the other mutation actions on the page. AiTriageDialog: branch on axios error status. 429 surfaces the Retry-After header as "Try again in X minutes Y seconds" in an amber panel (it's a recoverable hint, not a hard error). 403 renders a friendly "your role doesn't permit AI triage" amber panel — readonly users can still reach the standalone /ai-triage page from the sidebar, so the dialog still needs this branch. Other errors keep the existing red banner. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backend PR #13 made
/api/ai/triageadmin/operator-only (403 for readonly users and per-VPS agent API-keys), and PR #16 added a per-user LLM rate limit (429 withRetry-After). The web UI was unprepared on both fronts:This PR fixes both in one place.
Changes
sigma-web/src/pages/VpsDetail.tsx— gate the "Ask AI" button behind the existingcanMutate(admin | operator), matching the other mutation buttons.sigma-web/src/components/AiTriageDialog.tsx— branch onaxios.isAxiosError(error)+error.response?.status:error.response.headers['retry-after']and render an amber panel: "You've hit your LLM rate limit. Try again in X minutes Y seconds" (uses minutes when >= 60s, plain seconds otherwise). Amber because it's a recoverable hint, mirroring the existingavailable: falsedegraded view./ai-triagepage from the sidebar.Test plan
readonlyuser, visit/vps/:id— the "Ask AI" button is hidden.admin/operator, the "Ask AI" button is still shown (and not when the VPS is deleted).readonlyuser, open/ai-triagefrom the sidebar and submit — dialog renders the amber 403 panel ("your role doesn't permit AI triage"), not a red banner.operator, exhaust the per-user LLM rate limit and submit — dialog renders the amber 429 panel showing the formattedRetry-Afterduration. Verify the minutes/seconds formatting boundary (e.g. 30s -> "30 seconds", 90s -> "1 minute 30 seconds", 120s -> "2 minutes").npm run buildinsigma-web/passes with no TS errors.Refs #13 (403), #16 (429).
Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com