Fix 401/403/404 logged as app errors instead of user errors in production [Sentry #18P]

[Maria-Lordwill]

Problem

The axios response interceptor in commonRequest.ts logs ALL HTTP errors (including 401, 403, 404) as logger.error, which triggers Sentry.captureException. This floods Sentry with expected user errors (unauthorized, forbidden, not found) that are not application bugs.

Context

• Sentry issue: #18P — Permission denied logged as error (104 events, 20 users)
• Environment: production (pneumatic-frontend-prod)

Note

Issues #116 (PR #5 — "Not found" mixed bag) and #18Y/#184/#181/#17Z/#17K/#17H/#17E/#17D (PR #7 — public forms auth credentials) have been moved to separate investigations, as they require additional analysis of error sources beyond log filtering.

Solution

Introduced status-code-based log level filtering in the axios response interceptor. HTTP statuses 401 (Unauthorized), 403 (Forbidden), and 404 (Not Found) are now logged as logger.info (console only, no Sentry), while all other errors (400, 5xx) remain as logger.error (Sentry capture).

Also removed duplicate logger.error(error) from the commonRequest catch block — the interceptor already logs the error, so the catch block was sending the same error to Sentry a second time.

Implementation Details

New file: isUserError.ts

export const USER_ERROR_STATUSES = [401, 403, 404];

export function isUserError(status: number): boolean {
  return USER_ERROR_STATUSES.includes(status);
}

Modified: commonRequest.ts (response interceptor)

     if (error.response) {
-      logger.error('Response Error:', error.response.data);
+      if (isUserError(error.response.status)) {
+        logger.info('Response Error:', error.response.data);
+      } else {
+        logger.error('Response Error:', error.response.data);
+      }
     }

Modified: commonRequest.ts (catch block — removed duplicate logging)

   } catch (error) {
     if (shouldThrow) {
       throw error;
     }
-    logger.error(error);
     return undefined as unknown as T;
   }

Testing

Positive scenarios

• 401 Unauthorized: Open the app with an expired token → API returns 401 → verify NO new error event in Sentry, only console.info
• 403 Forbidden: Attempt an action without sufficient permissions → API returns 403 → verify NO new error event in Sentry
• 404 Not Found: Navigate to a non-existent resource (e.g., /workflows/99999999) → API returns 404 → verify NO new error event in Sentry

Negative / edge cases

• 400 Bad Request: Submit invalid form data → API returns 400 → verify error IS still sent to Sentry (app bug, not user error)
• 500 Internal Server Error: Trigger a server error → verify error IS still sent to Sentry
• Network error (no response): Disconnect network → verify logger.error('Request Error:') still fires

Automated tests

• frontend/src/public/api/__tests__/isUserError.test.ts — 8 tests, all passing
• Full test suite: 93 suites, 488 tests — all passing, no regressions

---

Closes https://pneumatic.sentry.io/issues/PNEUMATIC-FRONTEND-PROD-18P/

---

Note

Low Risk: Only changes client-side logging severity in the Axios response interceptor for a small set of HTTP statuses and removes a redundant catch-all logger.error, without altering request/response behavior.

---

Note

Low Risk
Low risk: changes only client-side error logging/annotation in the Axios interceptor and suppresses duplicate logs, without altering request/response behavior.

Overview
Reduces noise in production error reporting by treating HTTP 401/403/404 as user/expected failures: the Axios response interceptor now logs these as logger.info while continuing to log other response failures as logger.error.

Adds isUserError/USER_ERROR_STATUSES to centralize the status list, tags rejected errors with loggedByInterceptor to avoid duplicate logging in commonRequest, and includes Jest coverage for the new helper.

^{Written by Cursor Bugbot for commit 8c1106e. This will update automatically on new commits. Configure here.}

Note

Fix 401/403/404 HTTP errors logged as app errors instead of user errors

• Adds isUserError utility in isUserError.ts that identifies 401, 403, and 404 as user errors.
• Updates the axios response interceptor in commonRequest.ts to log 401/403/404 responses at info level instead of error, reducing noise in Sentry.
• Marks interceptor-logged errors with loggedByInterceptor: true to prevent duplicate logging in the commonRequest catch clause.

^{Macroscope summarized 8c1106e.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Autofix Details

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: File name doesn't match its exported API
  • Renamed the module and its test from getResponseLogLevel to isUserError and updated imports so the filename matches the exported API.

Or push these changes by commenting:

@cursor push 0c39fa3317

Preview (0c39fa3317)

diff --git a/frontend/src/public/api/__tests__/getResponseLogLevel.test.ts b/frontend/src/public/api/__tests__/isUserError.test.ts
--- a/frontend/src/public/api/__tests__/getResponseLogLevel.test.ts
+++ b/frontend/src/public/api/__tests__/isUserError.test.ts
@@ -1,5 +1,5 @@
 // <reference types="jest" />
-import { isUserError, USER_ERROR_STATUSES } from '../getResponseLogLevel';
+import { isUserError, USER_ERROR_STATUSES } from '../isUserError';
 
 describe('isUserError', () => {
   it.each([401, 403, 404])('status %d returns true (user error)', (status) => {

diff --git a/frontend/src/public/api/commonRequest.ts b/frontend/src/public/api/commonRequest.ts
--- a/frontend/src/public/api/commonRequest.ts
+++ b/frontend/src/public/api/commonRequest.ts
@@ -9,7 +9,7 @@
 import { getCurrentToken } from '../utils/auth';
 import { envBackendURL } from '../constants/enviroment';
 import { isRequestCanceled } from '../utils/isRequestCanceled';
-import { isUserError } from './getResponseLogLevel';
+import { isUserError } from './isUserError';
 
 export type TRequestType = 'public' | 'local';
 export type TResponseType = 'json' | 'text' | 'empty';

diff --git a/frontend/src/public/api/getResponseLogLevel.ts b/frontend/src/public/api/isUserError.ts

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}