Fix APIM gateway hang when AI metadata parsing fails (#5028)

[Tharsanan1]

Issue

Fixes wso2/api-manager#5028

When an LLM provider is configured with an invalid attributeIdentifier (e.g., a regex pattern used where a JSONPath expression is expected), the gateway hangs indefinitely on every request instead of returning an error response. The root cause is that BuiltInLLMProviderService.getResponseMetadata() throws an APIManagementException on parse failure, and AIAPIMediator.processOutboundResponse() exits before setting TARGET_ENDPOINT = EXIT_ENDPOINT. The Synapse sequence then waits for a routing signal that never arrives, causing the connection to hang until the 180-second socket timeout.

Root Cause

BuiltInLLMProviderService.getResponseMetadata() wrapped both PathNotFoundException and generic Exception in a re-thrown APIManagementException. When this exception propagated out of processOutboundResponse(), the mediator returned false from mediate() without having set TARGET_ENDPOINT = EXIT_ENDPOINT, leaving the Synapse mediation sequence in a hung state.

What Was Changed

Part 1 — Gateway resilience (BuiltInLLMProviderService.java)

• Removed the catch (PathNotFoundException e) re-throw block.
• Changed catch (Exception e) from re-throwing APIManagementException to log.warn(...), so the gateway always completes the response even when metadata extraction fails.

Part 2 — Validation at configuration time (APIAdminImpl.java, ExceptionCodes.java)

• Added validateLLMProviderMetadataIdentifiers() called from both addLLMProvider() and updateLLMProvider().
• For payload input sources: validates attributeIdentifier as a JSONPath expression using JsonPath.compile().
• For path input sources: validates attributeIdentifier as a regex using Pattern.compile().
• Invalid expressions are rejected with HTTP 400 and error code 903104 (AI_SERVICE_PROVIDER_INVALID_METADATA_IDENTIFIER).

Tests

• New: BuiltInLLMProviderServiceTest.java — 13 unit tests covering happy path, invalid JSONPath, missing fields, null inputs, regex extraction, and mixed input sources.
• Extended: APIAdminImplTest.java — 11 new tests covering add/update validation with valid/invalid JSONPath and regex identifiers, null config, empty identifiers, and mixed scenarios.

Verification

• Invalid JSONPath rejected at configuration time: HTTP 400 with {"code":903104,"message":"Invalid metadata identifier","description":"Invalid JSONPath expression '[0-9]+' for attribute 'promptTokenCount'"}.
• Valid provider configuration accepted: HTTP 201.
• Gateway resilience: 4 consecutive invocations with a provider that causes PathNotFoundException at runtime all returned HTTP 200 in under 1 second (previously hung for 180 seconds).
• All 24 new unit tests pass (api module: 14/14, impl module: 21/21).

Test Evidence

api module:    Tests run: 14, Failures: 0, Errors: 0, Skipped: 0  (BUILD SUCCESS)
impl module:   Tests run: 21, Failures: 0, Errors: 0, Skipped: 0  (BUILD SUCCESS)

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 541a995a-8a22-4dc0-890f-5330bfba4df1

📥 Commits

Reviewing files that changed from the base of the PR and between 39a253f and 0429e89.

📒 Files selected for processing (1)

• components/apimgt/org.wso2.carbon.apimgt.api/pom.xml

🚧 Files skipped from review as they are similar to previous changes (1)

• components/apimgt/org.wso2.carbon.apimgt.api/pom.xml

---

📝 Walkthrough

Walkthrough

Adds upfront validation of LLM provider metadata identifiers (JSONPath or regex) in APIAdminImpl, introduces an error code, makes BuiltInLLMProviderService resilient to extraction errors by logging and returning partial metadata, adds test dependencies, and adds unit tests for service and admin validation.

Changes

AI Provider Metadata Validation

Layer / File(s)	Summary
Test dependencies components/apimgt/org.wso2.carbon.apimgt.api/pom.xml	Added junit and net.minidev:json-smart as test-scoped dependencies.
Error Code Definition components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java	New enum constant AI_SERVICE_PROVIDER_INVALID_METADATA_IDENTIFIER (903104) with HTTP status 400 and parameterized message.
Service-Level Error Handling components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/BuiltInLLMProviderService.java	getResponseMetadata now catches general exceptions during extraction, logs a warning, and returns the current metadata map instead of throwing.
Service Behavior Tests components/apimgt/org.wso2.carbon.apimgt.api/src/test/java/org/wso2/carbon/apimgt/api/BuiltInLLMProviderServiceTest.java	New test class covering valid extraction, invalid JSONPath/regex resilience, missing fields, null/empty payloads or metadata lists, path-regex extraction, malformed JSON, combined sources, invalid path regex, and map-preservation.
Validation imports components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java	Added JsonPath/InvalidPathException imports to enable JSONPath compilation checks.
Provider Metadata Validation Method components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java	Added validateLLMProviderMetadataIdentifiers(LLMProvider) which parses provider configurations, iterates metadata entries, and validates payload identifiers as JSONPath and path identifiers as regex, throwing APIManagementException with AI_SERVICE_PROVIDER_INVALID_METADATA_IDENTIFIER on invalid patterns.
Validation Integration components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java	addLLMProvider and updateLLMProvider now invoke metadata validation before persisting/updating.
Provider Validation Tests components/apimgt/org.wso2.carbon.apimgt.impl/src/test/java/org/wso2/carbon/apimgt/impl/APIAdminImplTest.java	Added tests asserting rejection on invalid JSONPath/regex, acceptance of valid expressions, handling of null/missing configurations, skipping empty attribute identifiers, update validation, and mixed-valid/invalid identifier scenarios.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers:

• tharindu1st
• AnuGayan
• Arshardh
• RakhithaRR
• ashera96
• HeshanSudarshana
• HiranyaKavishani
• senthuran16
• chamilaadhi
• pubudu538

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 3.23% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main fix: resolving gateway hangs caused by AI metadata parsing failures, directly addressing issue #5028.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, covering the root cause, what was changed in multiple parts, tests added, and verification results.
Linked Issues check	✅ Passed	All code changes directly implement the objectives from issue #5028: gateway resilience improvements to prevent hangs on metadata parse failures, configuration-time validation to reject invalid metadata identifiers with proper error codes, and comprehensive unit tests covering multiple scenarios.
Out of Scope Changes check	✅ Passed	All changes are within scope: test dependencies are required for unit tests; BuiltInLLMProviderService changes provide runtime resilience; APIAdminImpl and ExceptionCodes changes add configuration-time validation; and new unit tests verify the implementations address issue #5028.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2
#### Log Improvement Suggestion No: 3
#### Log Improvement Suggestion No: 4
#### Log Improvement Suggestion No: 5

[Copilot]

Pull request overview

This PR addresses a gateway hang that occurs when AI response metadata parsing fails, by making runtime metadata extraction resilient and adding configuration-time validation for LLM provider metadata identifiers.

Changes:

• Swallow/skip runtime exceptions in BuiltInLLMProviderService.getResponseMetadata() to avoid breaking the mediation flow.
• Validate configured metadata attributeIdentifier values on add/update of LLMProvider (JSONPath for payload sources, regex for path sources) and introduce a new 400 error code for invalid identifiers.
• Add/extend unit tests for both runtime metadata extraction and admin-side validation, plus required test dependencies.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
components/apimgt/org.wso2.carbon.apimgt.impl/src/test/java/org/wso2/carbon/apimgt/impl/APIAdminImplTest.java	Adds unit tests covering add/update validation behavior for JSONPath/regex metadata identifiers.
components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java	Adds configuration-time validation of LLM provider metadata identifiers during add/update operations.
components/apimgt/org.wso2.carbon.apimgt.api/src/test/java/org/wso2/carbon/apimgt/api/BuiltInLLMProviderServiceTest.java	Introduces unit tests for resilient response metadata extraction (payload JSONPath + path regex).
components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java	Adds a new exception code for invalid metadata identifiers (HTTP 400).
components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/BuiltInLLMProviderService.java	Changes runtime metadata extraction to log-and-skip on errors rather than throwing.
components/apimgt/org.wso2.carbon.apimgt.api/pom.xml	Adds test dependencies needed for the new unit tests in the api module.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ashera96]

@coderabbitai please review

[coderabbitai]

@ashera96 Sure! I'll review the changes in this PR right away.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[RakhithaRR]

@coderabbitai review and approve

[coderabbitai]

@RakhithaRR I'll kick off a review of the changes right away!

Regarding approval — I'm only able to approve a PR when the @coderabbitai approve command is posted as a top-level PR comment (not within a reply thread). Please post that as a standalone comment if you'd like me to proceed with approval.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[RakhithaRR]

@coderabbitai approve

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.