Handle re-authentication for both unauthorized and forbidden responses

[kartpop]

Summary

Target issue is #PLEASE_TYPE_ISSUE_NUMBER
Explain the motivation for making this change. What existing problem does the pull request solve?

Checklist

Before submitting a pull request, please ensure that you mark these task.

• Ran fastapi run --reload app/main.py or docker compose up in the repository root and test.
• If you've fixed a bug or added code that is tested and has test cases.

Notes

Please add here if any other information is required for the reviewer.

Summary by CodeRabbit

• Bug Fixes
  • Improved authentication handling to properly re-authenticate when encountering unauthorized or forbidden responses, ensuring more reliable API connectivity.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The change extends authentication retry logic in the cron invocation script to handle both HTTP 401 (unauthorized) and 403 (forbidden) status codes, triggering re-authentication for either response. The log message was updated to reflect this expanded error handling.

Changes

Cohort / File(s)	Summary
Authentication retry expansion scripts/python/invoke-cron.py	Extended retry logic to handle both 401 and 403 HTTP status codes; updated log message to "Token expired or invalid, re-authenticating..."

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

• Single file modification affecting authentication error handling
• Straightforward status code condition expansion with corresponding log message update
• No changes to core request-retry flow or Authorization header logic

Poem

🐰 A token expired or forbidden, you say?
No worries, dear script shall re-authenticate today!
Four-oh-one, four-oh-three, all the same—
We refresh and retry, back in the game! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main change: expanding authentication retry handling to cover both 401 and 403 responses.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bug/fix-invoke-cron

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1821b84 and f9bee82.

📒 Files selected for processing (1)

• scripts/python/invoke-cron.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use type hints in Python code (Python 3.11+ project)

Files:

• scripts/python/invoke-cron.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: checks (3.11.7, 6)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, find and read the file to understand the context
wc -l scripts/python/invoke-cron.py

Repository: ProjectTech4DevAI/ai-platform

Length of output: 106

---

🏁 Script executed:

#!/bin/bash
# Read the full file to understand context
cat -n scripts/python/invoke-cron.py

Repository: ProjectTech4DevAI/ai-platform

Length of output: 8083

---

🏁 Script executed:

#!/bin/bash
# Check git history for this file to see if there's context about the 403 change
git log --oneline -20 scripts/python/invoke-cron.py

Repository: ProjectTech4DevAI/ai-platform

Length of output: 151

---

🏁 Script executed:

#!/bin/bash
# Check for Python version specification in project
find . -maxdepth 2 -type f \( -name "pyproject.toml" -o -name "setup.py" -o -name ".python-version" -o -name "Makefile" \) -exec cat {} \; 2>/dev/null | head -100

Repository: ProjectTech4DevAI/ai-platform

Length of output: 2254

---

Treating 403 (Forbidden) the same as 401 (Unauthorized) lacks justification and may cause unnecessary retries.

HTTP 403 indicates an authenticated user lacks permission, which is fundamentally different from 401 (authentication expired/invalid). If the endpoint returns 403 due to insufficient permissions, re-authenticating with the same credentials produces another token with identical permissions, causing the retry to fail again with 403. This wastes API calls without resolving the underlying authorization issue. The commit message provides no explanation for this behavior.

Add type hints to methods per project standards (Python 3.12+, mypy strict=true). Methods authenticate (line 53), invoke_endpoint (line 86), and run (line 131) are missing return type annotations.

Consider:

• Only trigger re-authentication on 401 (authentication problem)
• Let 403 (authorization problem) propagate as an error
• If the API returns 403 for expired tokens (non-standard), document this clearly

[Prajna1999]

Although this coderabbit comment makes sense, but as a hotfix this should work.

[coderabbitai]

@Prajna1999, understood! For a hotfix, getting the system working quickly is the priority.

Would you like me to create a follow-up issue to properly distinguish between 401 and 403 responses in a future PR? That way, the temporary workaround can be refined when there's more time to implement the proper authorization error handling.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Prajna1999]

Mostly about the cooderabbit comment. Else LGTM.

[Prajna1999]

Although this coderabbit comment makes sense, but as a hotfix this should work.