fix: Do not capture 404 responses from external APIs at Sentry (#904)

## Description

External APIs (Jupiter, CoinGecko, Rugcheck) return 404 for tokens or
coins that simply don't exist — a normal scenario, not an error.
Downgrade 404s to Logger.debug so they no longer trigger Sentry alerts,
matching the existing pattern in the OSEC verified-programs route.

## Type of change

<!-- Check the appropriate options that apply to this PR -->

-   [x] Bug fix


## Testing
- Tests should pass

## Related Issues

Closes
[HOO-363](https://linear.app/solana-fndn/issue/HOO-363/do-not-capture-404-responses-from-external-apis-at-sentry)

## Checklist

<!-- Verify that you have completed the following before requesting
review -->

-   [x] My code follows the project's style guidelines
-   [x] I have added tests that prove my fix/feature works
-   [x] All tests pass locally and in CI
-   [x] CI/CD checks pass

Author: askov

app/api/receipt/price/[mintAddress]/route.ts

@@ -41,7 +41,9 @@ export async function GET(_request: Request, { params: { mintAddress } }: Params
         });
 
         if (!response.ok) {
-            if (response.status === 429) {
+            if (response.status === 404) {
+                Logger.debug('[api:jupiter-price] Token not found', { mintAddress });
+            } else if (response.status === 429) {
                 Logger.warn('Jupiter price API rate limit exceeded', { sentry: true });
             } else {
                 Logger.error(new Error(`Jupiter price API error: ${response.status}`), { sentry: true });

app/api/verification/coingecko/[coinId]/route.ts

@@ -43,7 +43,9 @@ export async function GET(_request: Request, { params: { coinId } }: Params) {
         });
 
         if (!response.ok) {
-            if (response.status === 429) {
+            if (response.status === 404) {
+                Logger.debug('[api:coingecko] Coin not found', { coinId });
+            } else if (response.status === 429) {
                 Logger.warn('[api:coingecko] Rate limit exceeded', { sentry: true });
             } else {
                 Logger.panic(new Error(`Coingecko API error: ${response.status}`));

app/api/verification/jupiter/[mintAddress]/route.ts

@@ -42,7 +42,9 @@ export async function GET(_request: Request, { params: { mintAddress } }: Params
         });
 
         if (!response.ok) {
-            if (response.status === 429) {
+            if (response.status === 404) {
+                Logger.debug('[api:jupiter] Token not found', { mintAddress });
+            } else if (response.status === 429) {
                 Logger.warn('[api:jupiter] Rate limit exceeded', { sentry: true });
             } else {
                 Logger.panic(new Error(`Jupiter API error: ${response.status}`));

app/api/verification/rugcheck/[mintAddress]/route.ts

@@ -1,7 +1,7 @@
 import { PublicKey } from '@solana/web3.js';
 import { NextResponse } from 'next/server';
 import fetch from 'node-fetch';
-import { is, number, type } from 'superstruct';
+import { is, literal, number, type } from 'superstruct';
 
 import { Logger } from '@/app/shared/lib/logger';
 
@@ -11,8 +11,6 @@ const RugCheckResponseSchema = type({
     score_normalised: number(),
 });
 
-const RUGCHECK_API_KEY = process.env.RUGCHECK_API_KEY;
-
 type Params = {
     params: {
         mintAddress: string;
@@ -26,7 +24,9 @@ export async function GET(_request: Request, { params: { mintAddress } }: Params
         return NextResponse.json({ error: 'Invalid mint address' }, { status: 400 });
     }
 
-    if (!RUGCHECK_API_KEY) {
+    const apiKey = process.env.RUGCHECK_API_KEY;
+
+    if (!apiKey) {
         return NextResponse.json(
             { error: 'Rugcheck API is misconfigured' },
             { headers: NO_STORE_HEADERS, status: 500 },
@@ -37,12 +37,18 @@ export async function GET(_request: Request, { params: { mintAddress } }: Params
         const response = await fetch(`https://premium.rugcheck.xyz/v1/tokens/${mintAddress}/report`, {
             headers: {
                 'Content-Type': 'application/json',
-                'x-api-key': RUGCHECK_API_KEY,
+                'x-api-key': apiKey,
             },
         });
 
         if (!response.ok) {
-            if (response.status === 429) {
+            if (response.status === 404 || (await isNotFoundResponse(response))) {
+                Logger.debug('[api:rugcheck] Token not found', { mintAddress });
+                return NextResponse.json(
+                    { error: 'Failed to fetch rugcheck data' },
+                    { headers: NO_STORE_HEADERS, status: 404 },
+                );
+            } else if (response.status === 429) {
                 Logger.warn('[api:rugcheck] Rate limit exceeded', { sentry: true });
             } else {
                 Logger.panic(new Error(`Rugcheck API error: ${response.status}`));
@@ -71,3 +77,18 @@ export async function GET(_request: Request, { params: { mintAddress } }: Params
         );
     }
 }
+
+const RugCheckNotFoundSchema = type({
+    error: literal('not found'),
+});
+
+// Rugcheck returns 400 {"error":"not found"} for unrecognized tokens instead of 404
+async function isNotFoundResponse(response: import('node-fetch').Response): Promise<boolean> {
+    if (response.status !== 400) return false;
+    try {
+        const body = await response.json();
+        return is(body, RugCheckNotFoundSchema);
+    } catch {
+        return false;
+    }
+}

app/api/verification/rugcheck/__tests__/route.test.ts

@@ -0,0 +1,107 @@
+import fetch from 'node-fetch';
+import { vi } from 'vitest';
+
+import { Logger } from '@/app/shared/lib/logger';
+
+import { GET } from '../[mintAddress]/route';
+
+const VALID_MINT = 'B61SyRxF2b8JwSLZHgEUF6rtn6NUikkrK1EMEgP6nhXW';
+
+vi.mock('node-fetch', async () => {
+    const actual = await vi.importActual('node-fetch');
+    return {
+        ...actual,
+        default: vi.fn(),
+    };
+});
+
+const fetchMock = vi.mocked(fetch);
+
+describe('Rugcheck API Route', () => {
+    const originalEnv = process.env;
+
+    beforeEach(() => {
+        process.env = { ...originalEnv, RUGCHECK_API_KEY: 'test-key' };
+    });
+
+    afterEach(() => {
+        process.env = originalEnv;
+        vi.clearAllMocks();
+    });
+
+    it('should return 400 for an invalid mint address', async () => {
+        const response = await callRoute('not-a-valid-key');
+        expect(response.status).toBe(400);
+        expect(await response.json()).toEqual({ error: 'Invalid mint address' });
+    });
+
+    it('should return 500 when API key is missing', async () => {
+        delete process.env.RUGCHECK_API_KEY;
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(500);
+        expect(await response.json()).toEqual({ error: 'Rugcheck API is misconfigured' });
+    });
+
+    it('should return 404 when rugcheck responds with 400 (not found)', async () => {
+        mockFetchResponse(400, { error: 'not found' });
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(404);
+        expect(await response.json()).toEqual({ error: 'Failed to fetch rugcheck data' });
+    });
+
+    it('should return 400 and report to sentry when rugcheck responds with 400 and unexpected body', async () => {
+        mockFetchResponse(400, { error: 'bad request' });
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(400);
+        expect(Logger.panic).toHaveBeenCalled();
+    });
+
+    it('should return 404 when rugcheck responds with 404', async () => {
+        mockFetchResponse(404);
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(404);
+        expect(await response.json()).toEqual({ error: 'Failed to fetch rugcheck data' });
+    });
+
+    it('should return 429 and log to sentry when rate limited', async () => {
+        mockFetchResponse(429);
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(429);
+        expect(Logger.warn).toHaveBeenCalledWith('[api:rugcheck] Rate limit exceeded', { sentry: true });
+    });
+
+    it('should return 502 when response schema is invalid', async () => {
+        mockFetchResponse(200, { unexpected: 'shape' });
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(502);
+        expect(await response.json()).toEqual({ error: 'Invalid response from rugcheck API' });
+    });
+
+    it('should return score on success', async () => {
+        mockFetchResponse(200, { score_normalised: 85 });
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(200);
+        expect(await response.json()).toEqual({ score: 85 });
+    });
+
+    it('should return 500 when fetch throws', async () => {
+        fetchMock.mockRejectedValueOnce(new Error('Network error'));
+        const response = await callRoute(VALID_MINT);
+        expect(response.status).toBe(500);
+        expect(await response.json()).toEqual({ error: 'Failed to fetch rugcheck data' });
+    });
+});
+
+function mockFetchResponse(status: number, body: Record<string, unknown> = {}) {
+    const ok = status >= 200 && status < 300;
+    fetchMock.mockResolvedValueOnce({
+        json: async () => body,
+        ok,
+        status,
+    } as Awaited<ReturnType<typeof fetch>>);
+}
+
+function callRoute(mintAddress: string) {
+    const request = new Request(`http://localhost:3000/api/verification/rugcheck/${mintAddress}`);
+    return GET(request, { params: { mintAddress } });
+}