fix(media,slack,discord): pin 4xx+resize-fallback surfaces with tests

howie · claude · howie · commit 1bbe2d51d383 · 2026-05-17T20:45:44.000+08:00
Addresses two regression surfaces flagged in reviewer Pass-2 follow-up: 1. media.rs: resize-fallback threshold (restored by 6d7fd5f, missing from this branch before the rebase). Extract encode_validated_image() to make the <=1 MB fallback testable without HTTP I/O. Add two new tests: - resize_fail_under_1mb_falls_back_to_original_bytes - resize_fail_over_1mb_returns_processing_failed 2. slack.rs / discord.rs: HTTP 4xx silently dropped by catch-all Err(e) arm. Add shared media::failed_attachment_entry() helper (pure fn, no logging) that maps MediaFetchError -> Option<String>: 4xx returns Some (user notified, agent receives format_failed_attachment_note); 5xx/network returns None (logged only). Both adapters now call the helper instead of duplicating the multi-arm match, and discord.rs gains parity with the 4xx arm that 6d7fd5f added only to slack.rs. New tests in media::tests (5) and discord::tests (2) covering: - failed_attachment_entry: NotAnImage, SizeExceeded, 401, 403, 502 - discord parity: 403 notifies, 500 is logged-only Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
diff --git a/src/discord.rs b/src/discord.rs
@@ -739,47 +739,26 @@ impl EventHandler for Handler {
                             ));
                         }
                     }
-                    Err(media::MediaFetchError::SizeExceeded { actual, limit }) => {
-                        tracing::warn!(
-                            url = %attachment.url,
-                            filename = %attachment.filename,
-                            actual,
-                            limit,
-                            "image exceeds size limit"
-                        );
-                        failed_image_files.push(format!(
-                            "{} (exceeds {limit} byte limit)",
-                            attachment.filename
-                        ));
-                    }
-                    Err(
-                        media::MediaFetchError::UnsupportedResponseType { .. }
-                        | media::MediaFetchError::InvalidImageBody { .. },
-                    ) => {
-                        tracing::warn!(
-                            url = %attachment.url,
-                            filename = %attachment.filename,
-                            "image validation failed; body is not a supported image"
-                        );
-                        failed_image_files.push(attachment.filename.clone());
-                    }
-                    Err(media::MediaFetchError::ProcessingFailed(e)) => {
-                        tracing::warn!(
-                            url = %attachment.url,
-                            filename = %attachment.filename,
-                            error = %e,
-                            "image post-processing failed"
-                        );
-                        failed_image_files.push(attachment.filename.clone());
-                    }
-                    // Network/HTTP failures: transient; warn in logs only, don't notify user.
                     Err(e) => {
-                        tracing::warn!(
-                            url = %attachment.url,
-                            filename = %attachment.filename,
-                            error = %e,
-                            "image attachment failed"
-                        );
+                        if let Some(entry) =
+                            media::failed_attachment_entry(&attachment.filename, &e)
+                        {
+                            tracing::warn!(
+                                url = %attachment.url,
+                                filename = %attachment.filename,
+                                error = %e,
+                                "image attachment failed"
+                            );
+                            failed_image_files.push(entry);
+                        } else {
+                            // Network/HTTP 5xx failures: transient; warn in logs only.
+                            tracing::warn!(
+                                url = %attachment.url,
+                                filename = %attachment.filename,
+                                error = %e,
+                                "image download failed"
+                            );
+                        }
                     }
                 }
             }
@@ -2246,4 +2225,22 @@ mod tests {
     fn normal_channel_creates_thread() {
         assert!(!should_skip_thread_creation(false, false));
     }
+
+    // --- failed_attachment_entry parity tests (mirrors media::tests) ---
+
+    /// HTTP 4xx from Discord CDN (e.g. expired signed URL) must push into
+    /// failed_image_files so the user gets a warning and the agent is notified.
+    #[test]
+    fn discord_failed_attachment_entry_http_4xx_notifies_user() {
+        let e = media::MediaFetchError::HttpStatus(reqwest::StatusCode::FORBIDDEN);
+        let entry = media::failed_attachment_entry("photo.png", &e).unwrap();
+        assert_eq!(entry, "photo.png");
+    }
+
+    /// HTTP 5xx is transient; should not notify the user.
+    #[test]
+    fn discord_failed_attachment_entry_http_5xx_is_logged_only() {
+        let e = media::MediaFetchError::HttpStatus(reqwest::StatusCode::INTERNAL_SERVER_ERROR);
+        assert!(media::failed_attachment_entry("photo.png", &e).is_none());
+    }
 }
diff --git a/src/media.rs b/src/media.rs
@@ -83,6 +83,28 @@ pub fn format_failed_attachment_note(filenames: &[String]) -> String {
     )
 }
 
+/// Returns the entry to push into `failed_image_files` for the given error, or
+/// `None` if the error is transient / network-level and should only be logged.
+///
+/// HTTP 4xx responses are treated as permanent-ish failures (missing scope,
+/// revoked credentials, expired URL) and warrant user notification.  HTTP 5xx
+/// and network errors are transient and are logged only.
+pub(crate) fn failed_attachment_entry(filename: &str, e: &MediaFetchError) -> Option<String> {
+    match e {
+        MediaFetchError::NotAnImage => None,
+        MediaFetchError::SizeExceeded { limit, .. } => {
+            Some(format!("{filename} (exceeds {limit} byte limit)"))
+        }
+        MediaFetchError::UnsupportedResponseType { .. }
+        | MediaFetchError::InvalidImageBody { .. }
+        | MediaFetchError::ProcessingFailed(_) => Some(filename.to_string()),
+        MediaFetchError::HttpStatus(status) if status.is_client_error() => {
+            Some(filename.to_string())
+        }
+        _ => None,
+    }
+}
+
 /// Strip MIME parameters and trim whitespace.  `"image/png; charset=binary"` → `"image/png"`.
 pub(crate) fn strip_mime_params(mime: &str) -> &str {
     mime.split(';').next().unwrap_or(mime).trim()
@@ -285,7 +307,19 @@ pub async fn download_and_encode_image(
         return Err(e);
     }
 
-    let (output_bytes, output_mime) = match resize_and_compress(&bytes) {
+    encode_validated_image(&bytes, mime, filename)
+}
+
+/// Resize, compress and Base64-encode bytes that have already passed
+/// `validate_image_response`.  On resize failure, falls back to the raw
+/// validated bytes when the body is ≤ 1 MB (e.g. animated WebP that the
+/// image crate cannot decode but is small enough to pass through).
+fn encode_validated_image(
+    bytes: &[u8],
+    mime: &str,
+    filename: &str,
+) -> Result<ContentBlock, MediaFetchError> {
+    let (output_bytes, output_mime) = match resize_and_compress(bytes) {
         Ok(result) => result,
         Err(e) => {
             if bytes.len() <= 1024 * 1024 {
@@ -841,4 +875,77 @@ mod tests {
         assert!(note.contains("`fi'le.png`"));
         assert!(!note.contains("``"));
     }
+
+    // --- encode_validated_image: resize-fallback threshold tests ---
+
+    /// Minimal WebP header stub: RIFF magic + WEBP FourCC.
+    /// `validate_image_response` accepts it (format detected as WebP);
+    /// `resize_and_compress`'s `decode()` fails because there are no VP8 chunks.
+    /// Generated inline — no copyright concern.
+    fn make_webp_stub() -> Vec<u8> {
+        b"RIFF\x00\x00\x00\x00WEBP".to_vec()
+    }
+
+    #[test]
+    fn resize_fail_under_1mb_falls_back_to_original_bytes() {
+        let bytes = make_webp_stub(); // 12 bytes << 1 MB
+        let result = encode_validated_image(&bytes, "image/webp", "test.webp");
+        let block = result.expect("should fall back to original bytes, not error");
+        match block {
+            ContentBlock::Image { media_type, data } => {
+                assert_eq!(media_type, "image/webp");
+                // Data is Base64 of the original stub bytes.
+                let decoded = BASE64.decode(&data).expect("valid Base64");
+                assert_eq!(decoded, bytes);
+            }
+            other => panic!("expected ContentBlock::Image, got {other:?}"),
+        }
+    }
+
+    #[test]
+    fn resize_fail_over_1mb_returns_processing_failed() {
+        let mut bytes = make_webp_stub();
+        // Pad to just over 1 MB so the >1 MB branch fires.
+        bytes.resize(1024 * 1024 + 1, 0x00);
+        let result = encode_validated_image(&bytes, "image/webp", "big.webp");
+        assert!(
+            matches!(result, Err(MediaFetchError::ProcessingFailed(_))),
+            "expected ProcessingFailed for >1MB resize failure, got {result:?}"
+        );
+    }
+
+    // --- failed_attachment_entry tests ---
+
+    #[test]
+    fn failed_attachment_entry_not_an_image_returns_none() {
+        let e = MediaFetchError::NotAnImage;
+        assert!(failed_attachment_entry("img.png", &e).is_none());
+    }
+
+    #[test]
+    fn failed_attachment_entry_size_exceeded_includes_limit() {
+        let e = MediaFetchError::SizeExceeded { actual: 20_000_000, limit: 10_000_000 };
+        let entry = failed_attachment_entry("big.png", &e).unwrap();
+        assert_eq!(entry, "big.png (exceeds 10000000 byte limit)");
+    }
+
+    #[test]
+    fn failed_attachment_entry_http_4xx_notifies_user() {
+        let e = MediaFetchError::HttpStatus(reqwest::StatusCode::FORBIDDEN);
+        let entry = failed_attachment_entry("photo.png", &e).unwrap();
+        assert_eq!(entry, "photo.png");
+    }
+
+    #[test]
+    fn failed_attachment_entry_http_5xx_is_logged_only() {
+        let e = MediaFetchError::HttpStatus(reqwest::StatusCode::BAD_GATEWAY);
+        assert!(failed_attachment_entry("photo.png", &e).is_none());
+    }
+
+    #[test]
+    fn failed_attachment_entry_http_401_notifies_user() {
+        let e = MediaFetchError::HttpStatus(reqwest::StatusCode::UNAUTHORIZED);
+        let entry = failed_attachment_entry("secret.png", &e).unwrap();
+        assert_eq!(entry, "secret.png");
+    }
 }
diff --git a/src/slack.rs b/src/slack.rs
@@ -1048,32 +1048,13 @@ async fn handle_message(
                         extra_blocks.push(block);
                     }
                     Err(media::MediaFetchError::NotAnImage) => {}
-                    Err(media::MediaFetchError::SizeExceeded { actual, limit }) => {
-                        warn!(filename, actual, limit, "image exceeds size limit");
-                        failed_image_files.push(format!("{filename} (exceeds {limit} byte limit)"));
-                    }
-                    Err(
-                        media::MediaFetchError::UnsupportedResponseType { .. }
-                        | media::MediaFetchError::InvalidImageBody { .. },
-                    ) => {
-                        warn!(
-                            filename,
-                            "image validation failed; server may have returned non-image content"
-                        );
-                        failed_image_files.push(filename.to_string());
-                    }
-                    Err(media::MediaFetchError::ProcessingFailed(ref e)) => {
-                        warn!(filename, error = %e, "image post-processing failed");
-                        failed_image_files.push(filename.to_string());
-                    }
-                    Err(media::MediaFetchError::HttpStatus(status))
-                        if status.is_client_error() =>
-                    {
-                        warn!(filename, %status, "image download denied");
-                        failed_image_files.push(filename.to_string());
-                    }
                     Err(e) => {
-                        warn!(filename, error = %e, "image download failed");
+                        if let Some(entry) = media::failed_attachment_entry(filename, &e) {
+                            warn!(filename, error = %e, "image attachment failed");
+                            failed_image_files.push(entry);
+                        } else {
+                            warn!(filename, error = %e, "image download failed");
+                        }
                     }
                 }
             }
