commit 5c86165937d556a7a37f51f609661d9c4910087e
author crawshaw <david@zentus.com> Tue Jul 29 16:34:52 2025 +0000
committer crawshaw <david@zentus.com> Tue Jul 29 16:34:59 2025 +0000
tree 665944b890553e3d87da6bc7178aa62ed903acaf
parent 0eff94f27145fc2d6709208ff2329b8e6d557c32

oai: retry once for TLS bad record MAC errors

Add automatic retry logic for the specific TLS error "tls: bad record MAC"
that occurs occasionally with Fireworks API. The first occurrence triggers
an automatic retry, only failing to the user after a second consecutive failure.

This addresses intermittent connection issues without requiring manual
intervention for transient TLS handshake problems.

Co-Authored-By: sketch <hello@sketch.dev>
Change-ID: s701f83a97373c925k

llm/oai/oai.go

diff --git a/llm/oai/oai.go b/llm/oai/oai.go
index 2b8b3a1..8a450c4 100644
--- a/llm/oai/oai.go
+++ b/llm/oai/oai.go
@@ -733,6 +733,13 @@
 		}
 
 		// Handle errors
+		// Check for TLS "bad record MAC" errors and retry once
+		if strings.Contains(err.Error(), "tls: bad record MAC") && attempts == 0 {
+			slog.WarnContext(ctx, "tls bad record MAC error, retrying once", "error", err.Error())
+			errs = errors.Join(errs, fmt.Errorf("TLS error (attempt %d): %w", attempts+1, err))
+			continue
+		}
+
 		var apiErr *openai.APIError
 		if ok := errors.As(err, &apiErr); !ok {
 			// Not an OpenAI API error, return immediately with accumulated errors