Skip to content

fix(core): unbreak the gates-off build and make the smoke lane run tests (#5022)#5023

Merged
senamakel merged 17 commits into
tinyhumansai:mainfrom
oxoxDev:fix/5022-gates-off-smoke
Jul 18, 2026
Merged

fix(core): unbreak the gates-off build and make the smoke lane run tests (#5022)#5023
senamakel merged 17 commits into
tinyhumansai:mainfrom
oxoxDev:fix/5022-gates-off-smoke

Conversation

@oxoxDev

@oxoxDev oxoxDev commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

🥞 Stacked PR — merge order (bottom → top)

  1. fix(tauri): resolve macOS-gated clippy -D warnings blocking pre-push (#5018) #5020 — macOS clippy fix ← unblocks all macOS pushes
  2. refactor(core): relocate the web chat conduit out of channels/ (#5002) #5004 — web_chat conduit relocation
  3. Gates-off build red on main: 2 ungated voice asserts + smoke lane runs no tests #5022 — gates-off asserts + smoke lanethis PR
  4. fix(learning): email-signature subscriber + rebuild trigger silently depend on channels being configured #5003 — learning channels-coupling fix (to be opened)
  5. feat(core): feature gate — channels & webviews #4801 — channels feature gate (top, last child of epic Feature gates for core subsystems — tracking (lightweight harness builds) #4795)

This is position 3/5. Branched on top of #5004, which is on top of #5020, so the diff currently shows their commits too; they self-clean as each merges below it. Review the #5022-scoped commits (test(core): …, ci(feature-gate-smoke): …).


Summary

Two things, both about the compile-time feature gates from epic #4795:

  1. Fixes 2 tests that are red on main in the gates-off (--no-default-features --features tokenjuice-treesitter) build.
  2. Upgrades the Rust Feature-Gate Smoke CI lane so that class of failure can never reach main silently again.

Problem

voice was the pathfinder gate (#4803) and predates the per-assert #[cfg] convention its five successors (web3/meet/mcp/skills/flows) all follow. Two asserts in src/core/all_tests.rs reference the voice namespace without a #[cfg(feature = "voice")], while every sibling gate's equivalent assert is gated:

  • harness_excludes_gated_namespacesassert!(full_ns.contains("voice"), …)
  • group_mapping_smokeassert_eq!(group_for_namespace("voice"), Some(DomainGroup::Voice));

group_for_namespace / the full namespace set are registry-derived, so with voice compiled out there is no entry to match and both asserts fail at runtime.

Why this sat red on main: the rust-feature-gate-smoke lane runs a single cargo check. cargo check never compiles test code and never runs tests, so a runtime assert failure in the gates-off build is structurally invisible to it. Four separate agents building the other gates each hit these two failures locally and each proved them not-their-diff — the lane never caught them.

Solution

The asserts (commit 1): add #[cfg(feature = "voice")] to both, matching their siblings. Left untouched: all_tests.rs:128 (namespace_description("voice") — a static match table, answers for every namespace regardless of features) and the voice entry in the harness absence list (absence holds in both directions — voice is runtime-filtered when the feature is on, compiled out when off).

The lane (commit 2), three changes:

  • cargo checkcargo check --all-targets — type-checks the gates-off test/bench/integration targets too, catching compile drift in tests/ that a bare check never sees.
  • New test-execution step — runs the gate-contract test modules with gates off:
    core::all:: core::cli:: core::jsonrpc:: core::legacy_aliases:: agent_registry::agents::loader::.
    This is what actually catches the ungated-assert class. Scope is deliberate: the full gates-off --lib run aborts on a pre-existing task_local stack overflow (agent::harness::session::tests::turn_dispatches_spawn_subagent_through_full_path) that reproduces in the gates-ON build too and OOMs unscoped — these filters route around it by scope, not by skip. Full-suite execution is deferred to CI: run the full gates-off test suite (blocked on task_local stack overflow) #5021.
  • New self-maintaining guard — asserts the set of source files that #[cfg]-gate a test on a domain feature equals a checked-in allowlist. When a future gate adds a gated test file, CI fails and the author must acknowledge it (and extend the scoped filter if the new module can carry a regression of this class). Stops the lane from silently under-covering as the gate surface grows.

Plus RUST_MIN_STACK (deep-async-stack belt, matching the coverage lanes) and a timeout bump (25 → 40; the lane now links and runs a test binary).

--all-targets does not replace the test step — it compiles test code but never runs it, so it cannot catch a runtime assert failure. The test step is the load-bearing part.

Submission Checklist

  • The 2 fixed asserts now pass in the gates-off build (52 passed; 0 failed, was 50 passed; 2 failed) and still execute in the gates-on build.
  • N/A: no product behaviour changed — this is test cfg + CI config only. No new happy/failure path.
  • N/A: no feature rows added, removed, or renamed — the gate set is unchanged; this fixes the tests that guard it.
  • N/A: no matrix feature IDs affected.
  • No new external network dependencies introduced.
  • N/A: no release-cut surface behaviour changes — desktop build byte-identical (all gates default-ON).
  • Linked issue closed via Closes in ## Related.

Impact

  • Platform: none user-facing. Test + CI only.
  • Binary size / behaviour: unchanged.
  • CI: the smoke lane now links (--all-targets) and runs a scoped test binary — a few minutes more runtime for a real gates-off regression net where there was none.
  • Risk: low. The asserts fix is mechanical + verified red→green. The lane change is additive; the guard is diff-checked to pass on the current tree.

Related


AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

Commit & Branch

  • Branch: fix/5022-gates-off-smoke

Validation Run

  • N/A: pnpm typecheck / format:check — no TypeScript or frontend files changed
  • Gates-off test (the fix): GGML_NATIVE=OFF cargo test --no-default-features --features tokenjuice-treesitter --lib core::all::tests52 passed; 0 failed (was 50/2)
  • Gates-off --all-targets check (new lane step): GGML_NATIVE=OFF cargo check --no-default-features --features tokenjuice-treesitter --all-targets
  • Scoped test command (exact lane step) run locally
  • Guard step diff verified against the current tree (passes; fails on a synthetic new gated-test file)
  • cargo fmt --check clean; workflow YAML validated

Summary by CodeRabbit

  • New Features
    • Web chat responses can now be delivered as readable multi-part messages with citations, usage details, and optional reactions.
    • Progress updates include interim narration, live heartbeats, capped tool output, and improved worktree details.
    • Added clearer handling for timeouts, provider errors, retry guidance, and budget limits.
  • Bug Fixes
    • Improved session reuse, cancellation behavior, and prevention of stale or incomplete chat state.
  • Tests
    • Expanded coverage for chat delivery, concurrency, error handling, and timeout scenarios.
  • Documentation
    • Updated web chat references and test coverage documentation.

oxoxDev added 17 commits July 17, 2026 21:17
…5002)

Move channels/providers/web -> web_chat/, taking web_errors.rs and
web_tests.rs with it (both were reached via #[path] from web/mod.rs and
never declared in providers/mod.rs). Drop the now-redundant ../ path
attribute on web_errors. No back-compat re-export: channels no longer
exports web.
…humansai#5002)

The 5 channels/ modules that consume the conduit (bus, host::adapters,
proactive, telegram::remote_control, runtime::startup) now import it from
its new home. Dependency is one-way: channels -> web_chat.
)

Harness-family consumers (core::{socketio,jsonrpc,all,observability,
event_bus}, agent::task_dispatcher, threads::ops, agentbox::invoker,
cron::scheduler, flows::ops, test_support::introspect) now import the
conduit from openhuman::web_chat.

src/core/all.rs keeps its DomainGroup::Channels tag: the web RPC surface
must stay hidden by DomainSet::harness() at runtime exactly as today.
Re-tagging it would be an unreviewed behaviour change; tinyhumansai#4801 will cfg
this registration site instead.

rustfmt reflows 4 call sites purely because the shorter path now fits.
channels_large_round25 imported the module with {self}, which bound the
local name 'web'; rebound as {self as web} so its 7 bare web:: uses keep
resolving rather than renaming them.
Comment/README-only. Several already named a stale 'channels/providers/web.rs'
(the module has been a directory for a while); the move made them wrong twice
over. Historical plan snapshots under docs/plans, docs/superpowers and
docs/tinyagents-full-migration-plan are left as-is -- they record a past state.
…le (tinyhumansai#5002)

The four EventHandler::name() returns still read `channels::web::*`, naming a
module that no longer exists after the relocation. AGENTS.md's convention is
`<domain>::<purpose>`, and sibling subscribers follow it (`cron::delivery`,
`memory::conversations::persistence`).

Log-output only: `name()` is consumed at src/core/event_bus/bus.rs:145,169 and
both uses are tracing fields. Dispatch filters on `domains()`, not `name()`.
Verified nothing keys on the old strings — no classifier, filter, or frontend
reference.
…chat (tinyhumansai#5002)

The PromptEnforcementContext source label still read
`channels.providers.web.start_chat`, naming a module that no longer exists.
Siblings use the dotted module path (`agent.bus.run_turn`,
`agent.runtime.run_single`), so the canonical value is `web_chat.start_chat`.

Diagnostic-only: `source` is consumed at
src/openhuman/prompt_injection/detector.rs:504 as a `tracing::info!` field.
Verified nothing matches on the literal.

Caught by CodeRabbit on tinyhumansai#5004 — the original grep proof searched the Rust path
form (`channels::providers::web`) and was blind to the dot-separated string.
…nyhumansai#5002)

Comment referenced `channels/providers/web::ArtifactSurfaceSubscriber`; the
subscriber now lives in `web_chat`. Comment-only, no executable change.
@oxoxDev
oxoxDev requested a review from a team July 17, 2026 17:07
@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb7f49ae-1462-4a8b-a64b-e3ccfa88afef

📥 Commits

Reviewing files that changed from the base of the PR and between fb61376 and b657f74.

📒 Files selected for processing (76)
  • .github/workflows/ci-lite.yml
  • app/src-tauri/src/claude_code.rs
  • app/src-tauri/src/imessage_scanner/mod.rs
  • app/src-tauri/src/lib.rs
  • app/src-tauri/src/mascot_native_window.rs
  • app/src-tauri/src/native_notifications/mod.rs
  • app/src-tauri/src/notch_window.rs
  • app/src/services/chatService.ts
  • docs/TEST-COVERAGE-MATRIX.md
  • src/core/all.rs
  • src/core/all_tests.rs
  • src/core/event_bus/events.rs
  • src/core/jsonrpc.rs
  • src/core/observability.rs
  • src/core/socketio.rs
  • src/main.rs
  • src/openhuman/agent/README.md
  • src/openhuman/agent/progress_tracing/journal_projection.rs
  • src/openhuman/agent/task_dispatcher/executor.rs
  • src/openhuman/agent/task_dispatcher/registry.rs
  • src/openhuman/agent/triage/evaluator.rs
  • src/openhuman/agent/turn_origin.rs
  • src/openhuman/agent_orchestration/command_center/mod.rs
  • src/openhuman/agent_orchestration/run_ledger_finalize.rs
  • src/openhuman/agentbox/invoker.rs
  • src/openhuman/approval/README.md
  • src/openhuman/approval/gate.rs
  • src/openhuman/artifacts/store.rs
  • src/openhuman/channels/bus.rs
  • src/openhuman/channels/host/adapters.rs
  • src/openhuman/channels/mod.rs
  • src/openhuman/channels/proactive.rs
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/providers/telegram/remote_control.rs
  • src/openhuman/channels/runtime/dispatch/processor.rs
  • src/openhuman/channels/runtime/startup.rs
  • src/openhuman/cron/scheduler.rs
  • src/openhuman/cron/scheduler_tests.rs
  • src/openhuman/flows/ops.rs
  • src/openhuman/inference/provider/error_code.rs
  • src/openhuman/meet_agent/brain/llm.rs
  • src/openhuman/mod.rs
  • src/openhuman/prompt_injection/README.md
  • src/openhuman/security/egress/mod.rs
  • src/openhuman/test_support/README.md
  • src/openhuman/test_support/introspect.rs
  • src/openhuman/threads/README.md
  • src/openhuman/threads/ops.rs
  • src/openhuman/wallet/README.md
  • src/openhuman/wallet/execution.rs
  • src/openhuman/web_chat/event_bus.rs
  • src/openhuman/web_chat/mod.rs
  • src/openhuman/web_chat/ops.rs
  • src/openhuman/web_chat/presentation.rs
  • src/openhuman/web_chat/presentation_tests.rs
  • src/openhuman/web_chat/progress_bridge.rs
  • src/openhuman/web_chat/run_task.rs
  • src/openhuman/web_chat/schemas.rs
  • src/openhuman/web_chat/session.rs
  • src/openhuman/web_chat/types.rs
  • src/openhuman/web_chat/web_errors.rs
  • src/openhuman/web_chat/web_tests.rs
  • tests/agent_harness_e2e.rs
  • tests/agentbox_e2e.rs
  • tests/composio_list_tools_stack_overflow_regression.rs
  • tests/raw_coverage/channels_bus_presentation_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_large_round25_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_deep_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_leftovers_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_runtime_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_startup_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_telegram_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_yuanbao_round22_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_approval_channels_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_network_channels_raw_coverage_e2e.rs
  • tests/web_cancel_request_scoping.rs
💤 Files with no reviewable changes (2)
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/mod.rs

📝 Walkthrough

Walkthrough

This PR moves web-chat functionality to openhuman::web_chat, adds session, presentation, progress, schema, and error modules with extensive tests, redirects runtime integrations, expands gates-off CI coverage, and applies small macOS/Tauri adjustments.

Changes

Web chat relocation and runtime behavior

Layer / File(s) Summary
Web chat contracts and controller wiring
src/openhuman/web_chat/*, src/core/all.rs, src/core/jsonrpc.rs, src/core/socketio.rs, src/openhuman/channels/*
Adds web-chat request/session/controller contracts and redirects controller, event, and channel wiring to openhuman::web_chat.
Session execution and error classification
src/openhuman/web_chat/session.rs, src/openhuman/web_chat/run_task.rs, src/openhuman/web_chat/web_errors.rs
Adds cached-agent session construction, scoped turn execution, provider error classification, retry metadata, timeout handling, and poisoned-session detection.
Response presentation and progress streaming
src/openhuman/web_chat/presentation.rs, src/openhuman/web_chat/progress_bridge.rs, src/openhuman/web_chat/ops.rs
Adds response segmentation, reactions, usage/citation delivery, progress heartbeats, interim narration, capped tool output, ledger updates, and tracing support.
Integration and validation
src/openhuman/web_chat/*_tests.rs, src/openhuman/web_chat/web_tests.rs, tests/raw_coverage/*, tests/*, docs/TEST-COVERAGE-MATRIX.md, src/openhuman/**
Updates callers, tests, coverage imports, and documentation for the new module path and validates schemas, classification, concurrency, timeouts, segmentation, and event behavior.

Feature-gate smoke coverage

Layer / File(s) Summary
Gates-off smoke procedure
.github/workflows/ci-lite.yml, src/core/all_tests.rs
Adds scoped gates-off checking and testing, raises the stack and timeout settings, and guards the feature-gated test-file allowlist.

Native shell adjustments

Layer / File(s) Summary
macOS native paths
app/src-tauri/src/*
Uses tail expressions in macOS command branches, adds notch-panel hiding, adjusts webview references, suppresses the intentional keep-alive warning, and simplifies marker matching.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related issues

Possibly related PRs

Suggested labels: rust-core, bug

Suggested reviewers: senamakel

Poem

A rabbit hops through web-chat streams,
With heartbeats, bubbles, and cached dreams.
Gates now test where tests should run,
Mac windows hide when work is done.
Errors wear clearer coats of light—
Hop, hop, ship the build tonight!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The PR also bundles large web_chat relocation and macOS/commentary changes that are unrelated to #5022's gates-off and CI smoke-lane scope. Split the web_chat/macos refactors and other unrelated edits into separate PRs, keeping this change focused on the gates-off fix and smoke-lane CI updates.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main fix: gates-off build stabilization plus CI smoke lane testing changes.
Linked Issues check ✅ Passed The PR addresses both linked requirements by gating the two voice asserts and upgrading the smoke lane to check all targets, run scoped tests, and add a guard.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install timed out. The project may have too many dependencies for the sandbox.


Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b657f74245

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +464 to +465
ACTUAL=$(grep -rlE '#\[cfg\((not\()?feature = "(voice|media|web3|meet|mcp|skills|flows)"' src --include='*.rs' \
| xargs grep -lE '#\[test\]|#\[tokio::test\]|fn .*_test' 2>/dev/null | sed 's|^src/||' | sort -u)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Handle compound feature cfgs in the guard

This matcher only recognizes #[cfg(feature = ...)] and #[cfg(not(feature = ...))] when that predicate appears first, so it already omits feature-gated test modules using the conventional compound form, such as #[cfg(all(test, feature = "mcp"))] in src/openhuman/mcp_server/tools/mod.rs:38 and #[cfg(all(test, feature = "skills"))] in src/openhuman/skill_registry/mod.rs:34. Adding or removing gated tests in those modules will not change ACTUAL, allowing the supposedly self-maintaining guard to silently under-cover the exact cases it is meant to detect; make the scan recognize feature predicates nested in all(...)/any(...) as well.

Useful? React with 👍 / 👎.

@coderabbitai coderabbitai Bot added bug rust-core Core Rust runtime in src/: CLI, core_server, shared infrastructure. labels Jul 17, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 10

🧹 Nitpick comments (2)
src/openhuman/web_chat/progress_bridge.rs (1)

308-1457: 📐 Maintainability & Code Quality | 🔵 Trivial | 🏗️ Heavy lift

Split the progress bridge into focused modules.

This 1,100-line function mixes event dispatch, ledger persistence, tracing export, heartbeat state, and wire projection. Move these into an export-focused progress_bridge/mod.rs with dedicated dispatcher, ledger, tracing, and projection modules.

As per coding guidelines, Rust files should preferably remain approximately 500 lines or fewer, and mod.rs files should remain export-focused.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/progress_bridge.rs` around lines 308 - 1457, The
monolithic spawn_progress_bridge function combines event dispatch, ledger
persistence, tracing, heartbeat management, and wire-event projection. Split it
into an export-focused progress_bridge/mod.rs plus dedicated dispatcher, ledger,
tracing, and projection modules, moving each responsibility behind focused
functions while preserving existing behavior and public exports. Keep mod.rs
limited to module declarations and re-exports, and keep Rust source files
preferably under approximately 500 lines.

Source: Coding guidelines

src/openhuman/web_chat/web_errors.rs (1)

507-936: 📐 Maintainability & Code Quality | 🔵 Trivial | 🏗️ Heavy lift

Split the oversized classifier and test suite into focused modules.

  • src/openhuman/web_chat/web_errors.rs#L507-L936: extract managed-code, transport, provider, and copy-building classifiers while preserving top-level precedence.
  • src/openhuman/web_chat/web_tests.rs#L1-L31: split classifier, schema, cache, and concurrency tests into sibling modules.

As per coding guidelines: “Prefer files of approximately 500 lines or fewer.”

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/web_errors.rs` around lines 507 - 936, Split the
oversized web-chat error classifier into focused sibling modules while
preserving classify_inference_error’s existing precedence and behavior: move
managed-code, transport, provider, and user-facing copy-building logic into
appropriate modules with clear interfaces. Also split web_tests.rs into sibling
modules for classifier, schema, cache, and concurrency tests, updating module
declarations and imports so all tests remain discoverable and passing. Apply
changes to src/openhuman/web_chat/web_errors.rs lines 507-936 and
src/openhuman/web_chat/web_tests.rs lines 1-31; no behavior changes are needed.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci-lite.yml:
- Around line 435-470: Update the ACTUAL computation in the “Guard — new
feature-gated test modules must be acknowledged” workflow step to detect feature
predicates nested in composite cfg expressions such as any(...) and all(...),
including multiline predicates. Replace the current prefix-only grep with a
predicate-aware scanner while preserving the existing test-file filtering and
feature set.
- Around line 383-385: Update the smoke-lane Cargo command near the workflow
step around the all-targets comment to include --all-targets, ensuring
integration tests and other targets are compiled after gated target references
are fixed. Keep the timeout and surrounding workflow behavior unchanged, and
ensure the comments accurately describe the command.

In `@src/openhuman/approval/README.md`:
- Line 59: Update the event-bus ownership documentation in the approval README
so the subscriber location referenced by the sentence around the channels web
provider uses web_chat consistently, matching ApprovalSurfaceSubscriber and the
preceding DomainEvent description.

In `@src/openhuman/web_chat/presentation.rs`:
- Around line 64-74: The reaction task is awaited before response delivery
without a time limit. Update the reaction handling around try_reaction and
reaction_handle to apply an explicit timeout, abort the task on expiry, and add
grep-friendly diagnostics for timeout and join-error outcomes while preserving
successful reactions; ensure slow local inference cannot delay emitting segments
or chat_done.

In `@src/openhuman/web_chat/progress_bridge.rs`:
- Around line 196-209: Update session_profile_user_attribution to return only
the opaque state.user_id and never read or return the user's email; preserve
None for signed-out or unreadable profiles so callers can use anonymous
transport attribution. Update the related stored-session test to expect "u-1"
instead of the email, and ensure the trace builder paths at the referenced
usages do not reintroduce email as userId.

In `@src/openhuman/web_chat/run_task.rs`:
- Around line 115-124: Update the agent setup flow around the cache reuse match
and fresh construction to call set_event_context with the current client_id and
request-scoped context after either path produces the agent. Ensure reused
agents receive the new socket’s context while preserving the existing
construction and cache behavior.
- Around line 92-104: The session fingerprint must include every input used to
construct an agent. In src/openhuman/web_chat/run_task.rs lines 92-104, update
provider_role_for_model_override usage to derive the effective role from the
request/profile override or config.default_model, matching build_session_agent.
In src/openhuman/web_chat/session.rs lines 182-203, extend
SessionCacheFingerprint with normalized locale or the composed prompt-suffix
signature and populate it wherever the fingerprint is constructed.

In `@src/openhuman/web_chat/session.rs`:
- Around line 129-134: Update the short_thread construction in the session setup
to truncate thread_id by up to 12 Unicode characters rather than byte-slicing,
using chars().take(12) and collecting into a String so multibyte UTF-8 input
cannot panic; preserve the existing agent.set_agent_definition_name format.

In `@src/openhuman/web_chat/types.rs`:
- Around line 81-83: Constrain WebChatParams.source at the RPC boundary before
constructing ChatRequestMetadata: parse it against an allowlisted source enum
and reject or normalize unknown values, ensuring ChatRequestMetadata.source
cannot contain arbitrary user-authored text. Update the affected metadata
construction paths and add a regression test covering an unknown or sensitive
source value.

In `@src/openhuman/web_chat/web_errors.rs`:
- Around line 668-696: Update the rate-limit condition in the error
classification branch so a bare “429” substring is not sufficient; require
explicit rate-limit wording or recognized provider/HTTP status envelope patterns
such as “api error (429” or “too many requests”. Keep context-overflow detection
and existing rate-limit handling unchanged for genuinely matching errors.

---

Nitpick comments:
In `@src/openhuman/web_chat/progress_bridge.rs`:
- Around line 308-1457: The monolithic spawn_progress_bridge function combines
event dispatch, ledger persistence, tracing, heartbeat management, and
wire-event projection. Split it into an export-focused progress_bridge/mod.rs
plus dedicated dispatcher, ledger, tracing, and projection modules, moving each
responsibility behind focused functions while preserving existing behavior and
public exports. Keep mod.rs limited to module declarations and re-exports, and
keep Rust source files preferably under approximately 500 lines.

In `@src/openhuman/web_chat/web_errors.rs`:
- Around line 507-936: Split the oversized web-chat error classifier into
focused sibling modules while preserving classify_inference_error’s existing
precedence and behavior: move managed-code, transport, provider, and user-facing
copy-building logic into appropriate modules with clear interfaces. Also split
web_tests.rs into sibling modules for classifier, schema, cache, and concurrency
tests, updating module declarations and imports so all tests remain discoverable
and passing. Apply changes to src/openhuman/web_chat/web_errors.rs lines 507-936
and src/openhuman/web_chat/web_tests.rs lines 1-31; no behavior changes are
needed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb7f49ae-1462-4a8b-a64b-e3ccfa88afef

📥 Commits

Reviewing files that changed from the base of the PR and between fb61376 and b657f74.

📒 Files selected for processing (76)
  • .github/workflows/ci-lite.yml
  • app/src-tauri/src/claude_code.rs
  • app/src-tauri/src/imessage_scanner/mod.rs
  • app/src-tauri/src/lib.rs
  • app/src-tauri/src/mascot_native_window.rs
  • app/src-tauri/src/native_notifications/mod.rs
  • app/src-tauri/src/notch_window.rs
  • app/src/services/chatService.ts
  • docs/TEST-COVERAGE-MATRIX.md
  • src/core/all.rs
  • src/core/all_tests.rs
  • src/core/event_bus/events.rs
  • src/core/jsonrpc.rs
  • src/core/observability.rs
  • src/core/socketio.rs
  • src/main.rs
  • src/openhuman/agent/README.md
  • src/openhuman/agent/progress_tracing/journal_projection.rs
  • src/openhuman/agent/task_dispatcher/executor.rs
  • src/openhuman/agent/task_dispatcher/registry.rs
  • src/openhuman/agent/triage/evaluator.rs
  • src/openhuman/agent/turn_origin.rs
  • src/openhuman/agent_orchestration/command_center/mod.rs
  • src/openhuman/agent_orchestration/run_ledger_finalize.rs
  • src/openhuman/agentbox/invoker.rs
  • src/openhuman/approval/README.md
  • src/openhuman/approval/gate.rs
  • src/openhuman/artifacts/store.rs
  • src/openhuman/channels/bus.rs
  • src/openhuman/channels/host/adapters.rs
  • src/openhuman/channels/mod.rs
  • src/openhuman/channels/proactive.rs
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/providers/telegram/remote_control.rs
  • src/openhuman/channels/runtime/dispatch/processor.rs
  • src/openhuman/channels/runtime/startup.rs
  • src/openhuman/cron/scheduler.rs
  • src/openhuman/cron/scheduler_tests.rs
  • src/openhuman/flows/ops.rs
  • src/openhuman/inference/provider/error_code.rs
  • src/openhuman/meet_agent/brain/llm.rs
  • src/openhuman/mod.rs
  • src/openhuman/prompt_injection/README.md
  • src/openhuman/security/egress/mod.rs
  • src/openhuman/test_support/README.md
  • src/openhuman/test_support/introspect.rs
  • src/openhuman/threads/README.md
  • src/openhuman/threads/ops.rs
  • src/openhuman/wallet/README.md
  • src/openhuman/wallet/execution.rs
  • src/openhuman/web_chat/event_bus.rs
  • src/openhuman/web_chat/mod.rs
  • src/openhuman/web_chat/ops.rs
  • src/openhuman/web_chat/presentation.rs
  • src/openhuman/web_chat/presentation_tests.rs
  • src/openhuman/web_chat/progress_bridge.rs
  • src/openhuman/web_chat/run_task.rs
  • src/openhuman/web_chat/schemas.rs
  • src/openhuman/web_chat/session.rs
  • src/openhuman/web_chat/types.rs
  • src/openhuman/web_chat/web_errors.rs
  • src/openhuman/web_chat/web_tests.rs
  • tests/agent_harness_e2e.rs
  • tests/agentbox_e2e.rs
  • tests/composio_list_tools_stack_overflow_regression.rs
  • tests/raw_coverage/channels_bus_presentation_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_large_round25_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_deep_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_leftovers_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_runtime_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_startup_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_telegram_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_yuanbao_round22_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_approval_channels_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_network_channels_raw_coverage_e2e.rs
  • tests/web_cancel_request_scoping.rs
💤 Files with no reviewable changes (2)
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/mod.rs

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 10

🧹 Nitpick comments (2)
src/openhuman/web_chat/progress_bridge.rs (1)

308-1457: 📐 Maintainability & Code Quality | 🔵 Trivial | 🏗️ Heavy lift

Split the progress bridge into focused modules.

This 1,100-line function mixes event dispatch, ledger persistence, tracing export, heartbeat state, and wire projection. Move these into an export-focused progress_bridge/mod.rs with dedicated dispatcher, ledger, tracing, and projection modules.

As per coding guidelines, Rust files should preferably remain approximately 500 lines or fewer, and mod.rs files should remain export-focused.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/progress_bridge.rs` around lines 308 - 1457, The
monolithic spawn_progress_bridge function combines event dispatch, ledger
persistence, tracing, heartbeat management, and wire-event projection. Split it
into an export-focused progress_bridge/mod.rs plus dedicated dispatcher, ledger,
tracing, and projection modules, moving each responsibility behind focused
functions while preserving existing behavior and public exports. Keep mod.rs
limited to module declarations and re-exports, and keep Rust source files
preferably under approximately 500 lines.

Source: Coding guidelines

src/openhuman/web_chat/web_errors.rs (1)

507-936: 📐 Maintainability & Code Quality | 🔵 Trivial | 🏗️ Heavy lift

Split the oversized classifier and test suite into focused modules.

  • src/openhuman/web_chat/web_errors.rs#L507-L936: extract managed-code, transport, provider, and copy-building classifiers while preserving top-level precedence.
  • src/openhuman/web_chat/web_tests.rs#L1-L31: split classifier, schema, cache, and concurrency tests into sibling modules.

As per coding guidelines: “Prefer files of approximately 500 lines or fewer.”

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/web_errors.rs` around lines 507 - 936, Split the
oversized web-chat error classifier into focused sibling modules while
preserving classify_inference_error’s existing precedence and behavior: move
managed-code, transport, provider, and user-facing copy-building logic into
appropriate modules with clear interfaces. Also split web_tests.rs into sibling
modules for classifier, schema, cache, and concurrency tests, updating module
declarations and imports so all tests remain discoverable and passing. Apply
changes to src/openhuman/web_chat/web_errors.rs lines 507-936 and
src/openhuman/web_chat/web_tests.rs lines 1-31; no behavior changes are needed.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci-lite.yml:
- Around line 435-470: Update the ACTUAL computation in the “Guard — new
feature-gated test modules must be acknowledged” workflow step to detect feature
predicates nested in composite cfg expressions such as any(...) and all(...),
including multiline predicates. Replace the current prefix-only grep with a
predicate-aware scanner while preserving the existing test-file filtering and
feature set.
- Around line 383-385: Update the smoke-lane Cargo command near the workflow
step around the all-targets comment to include --all-targets, ensuring
integration tests and other targets are compiled after gated target references
are fixed. Keep the timeout and surrounding workflow behavior unchanged, and
ensure the comments accurately describe the command.

In `@src/openhuman/approval/README.md`:
- Line 59: Update the event-bus ownership documentation in the approval README
so the subscriber location referenced by the sentence around the channels web
provider uses web_chat consistently, matching ApprovalSurfaceSubscriber and the
preceding DomainEvent description.

In `@src/openhuman/web_chat/presentation.rs`:
- Around line 64-74: The reaction task is awaited before response delivery
without a time limit. Update the reaction handling around try_reaction and
reaction_handle to apply an explicit timeout, abort the task on expiry, and add
grep-friendly diagnostics for timeout and join-error outcomes while preserving
successful reactions; ensure slow local inference cannot delay emitting segments
or chat_done.

In `@src/openhuman/web_chat/progress_bridge.rs`:
- Around line 196-209: Update session_profile_user_attribution to return only
the opaque state.user_id and never read or return the user's email; preserve
None for signed-out or unreadable profiles so callers can use anonymous
transport attribution. Update the related stored-session test to expect "u-1"
instead of the email, and ensure the trace builder paths at the referenced
usages do not reintroduce email as userId.

In `@src/openhuman/web_chat/run_task.rs`:
- Around line 115-124: Update the agent setup flow around the cache reuse match
and fresh construction to call set_event_context with the current client_id and
request-scoped context after either path produces the agent. Ensure reused
agents receive the new socket’s context while preserving the existing
construction and cache behavior.
- Around line 92-104: The session fingerprint must include every input used to
construct an agent. In src/openhuman/web_chat/run_task.rs lines 92-104, update
provider_role_for_model_override usage to derive the effective role from the
request/profile override or config.default_model, matching build_session_agent.
In src/openhuman/web_chat/session.rs lines 182-203, extend
SessionCacheFingerprint with normalized locale or the composed prompt-suffix
signature and populate it wherever the fingerprint is constructed.

In `@src/openhuman/web_chat/session.rs`:
- Around line 129-134: Update the short_thread construction in the session setup
to truncate thread_id by up to 12 Unicode characters rather than byte-slicing,
using chars().take(12) and collecting into a String so multibyte UTF-8 input
cannot panic; preserve the existing agent.set_agent_definition_name format.

In `@src/openhuman/web_chat/types.rs`:
- Around line 81-83: Constrain WebChatParams.source at the RPC boundary before
constructing ChatRequestMetadata: parse it against an allowlisted source enum
and reject or normalize unknown values, ensuring ChatRequestMetadata.source
cannot contain arbitrary user-authored text. Update the affected metadata
construction paths and add a regression test covering an unknown or sensitive
source value.

In `@src/openhuman/web_chat/web_errors.rs`:
- Around line 668-696: Update the rate-limit condition in the error
classification branch so a bare “429” substring is not sufficient; require
explicit rate-limit wording or recognized provider/HTTP status envelope patterns
such as “api error (429” or “too many requests”. Keep context-overflow detection
and existing rate-limit handling unchanged for genuinely matching errors.

---

Nitpick comments:
In `@src/openhuman/web_chat/progress_bridge.rs`:
- Around line 308-1457: The monolithic spawn_progress_bridge function combines
event dispatch, ledger persistence, tracing, heartbeat management, and
wire-event projection. Split it into an export-focused progress_bridge/mod.rs
plus dedicated dispatcher, ledger, tracing, and projection modules, moving each
responsibility behind focused functions while preserving existing behavior and
public exports. Keep mod.rs limited to module declarations and re-exports, and
keep Rust source files preferably under approximately 500 lines.

In `@src/openhuman/web_chat/web_errors.rs`:
- Around line 507-936: Split the oversized web-chat error classifier into
focused sibling modules while preserving classify_inference_error’s existing
precedence and behavior: move managed-code, transport, provider, and user-facing
copy-building logic into appropriate modules with clear interfaces. Also split
web_tests.rs into sibling modules for classifier, schema, cache, and concurrency
tests, updating module declarations and imports so all tests remain discoverable
and passing. Apply changes to src/openhuman/web_chat/web_errors.rs lines 507-936
and src/openhuman/web_chat/web_tests.rs lines 1-31; no behavior changes are
needed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb7f49ae-1462-4a8b-a64b-e3ccfa88afef

📥 Commits

Reviewing files that changed from the base of the PR and between fb61376 and b657f74.

📒 Files selected for processing (76)
  • .github/workflows/ci-lite.yml
  • app/src-tauri/src/claude_code.rs
  • app/src-tauri/src/imessage_scanner/mod.rs
  • app/src-tauri/src/lib.rs
  • app/src-tauri/src/mascot_native_window.rs
  • app/src-tauri/src/native_notifications/mod.rs
  • app/src-tauri/src/notch_window.rs
  • app/src/services/chatService.ts
  • docs/TEST-COVERAGE-MATRIX.md
  • src/core/all.rs
  • src/core/all_tests.rs
  • src/core/event_bus/events.rs
  • src/core/jsonrpc.rs
  • src/core/observability.rs
  • src/core/socketio.rs
  • src/main.rs
  • src/openhuman/agent/README.md
  • src/openhuman/agent/progress_tracing/journal_projection.rs
  • src/openhuman/agent/task_dispatcher/executor.rs
  • src/openhuman/agent/task_dispatcher/registry.rs
  • src/openhuman/agent/triage/evaluator.rs
  • src/openhuman/agent/turn_origin.rs
  • src/openhuman/agent_orchestration/command_center/mod.rs
  • src/openhuman/agent_orchestration/run_ledger_finalize.rs
  • src/openhuman/agentbox/invoker.rs
  • src/openhuman/approval/README.md
  • src/openhuman/approval/gate.rs
  • src/openhuman/artifacts/store.rs
  • src/openhuman/channels/bus.rs
  • src/openhuman/channels/host/adapters.rs
  • src/openhuman/channels/mod.rs
  • src/openhuman/channels/proactive.rs
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/providers/telegram/remote_control.rs
  • src/openhuman/channels/runtime/dispatch/processor.rs
  • src/openhuman/channels/runtime/startup.rs
  • src/openhuman/cron/scheduler.rs
  • src/openhuman/cron/scheduler_tests.rs
  • src/openhuman/flows/ops.rs
  • src/openhuman/inference/provider/error_code.rs
  • src/openhuman/meet_agent/brain/llm.rs
  • src/openhuman/mod.rs
  • src/openhuman/prompt_injection/README.md
  • src/openhuman/security/egress/mod.rs
  • src/openhuman/test_support/README.md
  • src/openhuman/test_support/introspect.rs
  • src/openhuman/threads/README.md
  • src/openhuman/threads/ops.rs
  • src/openhuman/wallet/README.md
  • src/openhuman/wallet/execution.rs
  • src/openhuman/web_chat/event_bus.rs
  • src/openhuman/web_chat/mod.rs
  • src/openhuman/web_chat/ops.rs
  • src/openhuman/web_chat/presentation.rs
  • src/openhuman/web_chat/presentation_tests.rs
  • src/openhuman/web_chat/progress_bridge.rs
  • src/openhuman/web_chat/run_task.rs
  • src/openhuman/web_chat/schemas.rs
  • src/openhuman/web_chat/session.rs
  • src/openhuman/web_chat/types.rs
  • src/openhuman/web_chat/web_errors.rs
  • src/openhuman/web_chat/web_tests.rs
  • tests/agent_harness_e2e.rs
  • tests/agentbox_e2e.rs
  • tests/composio_list_tools_stack_overflow_regression.rs
  • tests/raw_coverage/channels_bus_presentation_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_large_round25_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_deep_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_provider_leftovers_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_runtime_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_startup_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_telegram_raw_coverage_e2e.rs
  • tests/raw_coverage/channels_web_yuanbao_round22_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_approval_channels_raw_coverage_e2e.rs
  • tests/raw_coverage/tools_network_channels_raw_coverage_e2e.rs
  • tests/web_cancel_request_scoping.rs
💤 Files with no reviewable changes (2)
  • src/openhuman/channels/providers/mod.rs
  • src/openhuman/channels/mod.rs
🛑 Comments failed to post (10)
.github/workflows/ci-lite.yml (2)

383-385: 🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift

The smoke lane still does not compile all targets.

Line 416 omits --all-targets, while Lines 383-384 claim that all targets are now linked. Integration tests and other targets therefore remain unchecked, contrary to the stated PR objective. Restore cargo check --all-targets after fixing the gated target references, or revise the objective and comments.

Also applies to: 410-416

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci-lite.yml around lines 383 - 385, Update the smoke-lane
Cargo command near the workflow step around the all-targets comment to include
--all-targets, ensuring integration tests and other targets are compiled after
gated target references are fixed. Keep the timeout and surrounding workflow
behavior unchanged, and ensure the comments accurately describe the command.

435-470: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Composite cfg predicates bypass the allowlist guard.

Line 464 only recognizes predicates beginning directly with feature or not(feature). Tests using common forms such as cfg(any(feature = ...)) or cfg(all(..., feature = ...)) are omitted from ACTUAL, allowing silent undercoverage. Use a predicate-aware or multiline scanner.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci-lite.yml around lines 435 - 470, Update the ACTUAL
computation in the “Guard — new feature-gated test modules must be acknowledged”
workflow step to detect feature predicates nested in composite cfg expressions
such as any(...) and all(...), including multiline predicates. Replace the
current prefix-only grep with a predicate-aware scanner while preserving the
existing test-file filtering and feature set.
src/openhuman/approval/README.md (1)

59-59: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Keep the event-bus ownership documentation consistent.

Line 59 now points to src/openhuman/web_chat/, but Line 62 still says the subscriber lives in the channels web provider. Update that sentence to web_chat as well.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/approval/README.md` at line 59, Update the event-bus ownership
documentation in the approval README so the subscriber location referenced by
the sentence around the channels web provider uses web_chat consistently,
matching ApprovalSurfaceSubscriber and the preceding DomainEvent description.
src/openhuman/web_chat/presentation.rs (1)

64-74: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Bound the optional reaction call so it cannot block response delivery.

The spawned task is immediately awaited before the first event, so slow local inference delays chat_done and all segments. Apply an explicit timeout, abort on expiry, and log timeout/join-error branches—or emit the reaction independently after delivering the response.

As per coding guidelines, new flows require grep-friendly diagnostics covering external calls, retries/timeouts, and errors.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/presentation.rs` around lines 64 - 74, The reaction
task is awaited before response delivery without a time limit. Update the
reaction handling around try_reaction and reaction_handle to apply an explicit
timeout, abort the task on expiry, and add grep-friendly diagnostics for timeout
and join-error outcomes while preserving successful reactions; ensure slow local
inference cannot delay emitting segments or chat_done.

Source: Coding guidelines

src/openhuman/web_chat/progress_bridge.rs (1)

196-209: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Do not export email addresses as tracing user IDs.

The cold-cache path prefers email over the opaque user_id, while the trace builder also falls back to email or client_id. When tracing or usage sharing is enabled, this exports full PII as userId. Use only the opaque backend ID and leave anonymous attribution unset.

Proposed fix
 fn session_profile_user_attribution(config: &crate::openhuman::config::Config) -> Option<String> {
     let state = crate::openhuman::credentials::session_support::build_session_state(config).ok()?;
-    state
-        .user
-        .as_ref()
-        .and_then(|u| u.get("email"))
-        .and_then(serde_json::Value::as_str)
-        .map(str::to_string)
-        .or(state.user_id)
+    state.user_id
 }

-            let user_attributed = identity.is_some();
             let user_id = identity
-                .and_then(|i| i.id.or(i.email))
-                .or_else(|| session_profile_user_attribution(&config))
-                .unwrap_or_else(|| client_id.clone());
+                .and_then(|i| i.id)
+                .or_else(|| session_profile_user_attribution(&config));
+            let user_attributed = user_id.is_some();

-            let mut trace_ctx = TraceContext::new(trace_id, Some(user_id))
+            let mut trace_ctx = TraceContext::new(trace_id, user_id)

Update the stored-session test to expect "u-1" rather than the email.

As per coding guidelines, diagnostics must never log secrets or full PII.

Also applies to: 365-406, 1494-1523

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/progress_bridge.rs` around lines 196 - 209, Update
session_profile_user_attribution to return only the opaque state.user_id and
never read or return the user's email; preserve None for signed-out or
unreadable profiles so callers can use anonymous transport attribution. Update
the related stored-session test to expect "u-1" instead of the email, and ensure
the trace builder paths at the referenced usages do not reintroduce email as
userId.

Source: Coding guidelines

src/openhuman/web_chat/run_task.rs (2)

92-104: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Keep the session fingerprint aligned with every agent-construction input.

The cache currently tracks neither the actual effective provider role in all cases nor locale-conditioned prompt state, allowing stale agents to survive relevant configuration changes.

  • src/openhuman/web_chat/run_task.rs#L92-L104: derive the role from the request/profile override or config.default_model, matching build_session_agent.
  • src/openhuman/web_chat/session.rs#L182-L203: add normalized locale or the composed prompt-suffix signature to SessionCacheFingerprint.
📍 Affects 2 files
  • src/openhuman/web_chat/run_task.rs#L92-L104 (this comment)
  • src/openhuman/web_chat/session.rs#L182-L203
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/run_task.rs` around lines 92 - 104, The session
fingerprint must include every input used to construct an agent. In
src/openhuman/web_chat/run_task.rs lines 92-104, update
provider_role_for_model_override usage to derive the effective role from the
request/profile override or config.default_model, matching build_session_agent.
In src/openhuman/web_chat/session.rs lines 182-203, extend
SessionCacheFingerprint with normalized locale or the composed prompt-suffix
signature and populate it wherever the fingerprint is constructed.

115-124: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Refresh request-scoped event context when reusing an agent.

The cache is thread-scoped across socket reconnects, but set_event_context is only called during construction. A reused agent retains the previous socket’s client_id, misattributing subsequent agent-originated events. Reapply the current context after both cache reuse and fresh construction.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/run_task.rs` around lines 115 - 124, Update the agent
setup flow around the cache reuse match and fresh construction to call
set_event_context with the current client_id and request-scoped context after
either path produces the agent. Ensure reused agents receive the new socket’s
context while preserving the existing construction and cache behavior.
src/openhuman/web_chat/session.rs (1)

129-134: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Truncate thread_id on a character boundary.

thread_id[..12] panics when byte 12 falls inside a multibyte UTF-8 character. Since chat ingress accepts arbitrary strings, use thread_id.chars().take(12).collect::<String>().

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/session.rs` around lines 129 - 134, Update the
short_thread construction in the session setup to truncate thread_id by up to 12
Unicode characters rather than byte-slicing, using chars().take(12) and
collecting into a String so multibyte UTF-8 input cannot panic; preserve the
existing agent.set_agent_definition_name format.
src/openhuman/web_chat/types.rs (1)

81-83: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Constrain source before it reaches telemetry.

WebChatParams.source accepts arbitrary caller-supplied text and is copied into ChatRequestMetadata.source, which is used for analytics/log filtering. This permits PII, credentials, or unbounded high-cardinality values to enter downstream telemetry. Parse an allowlisted source enum or reject/normalize unknown values at the RPC boundary, and add a regression test.

As per coding guidelines, analytics dimensions must be privacy-safe and must never carry user-authored text.

Also applies to: 129-132

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/types.rs` around lines 81 - 83, Constrain
WebChatParams.source at the RPC boundary before constructing
ChatRequestMetadata: parse it against an allowlisted source enum and reject or
normalize unknown values, ensuring ChatRequestMetadata.source cannot contain
arbitrary user-authored text. Update the affected metadata construction paths
and add a regression test covering an unknown or sensitive source value.

Source: Coding guidelines

src/openhuman/web_chat/web_errors.rs (1)

668-696: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Do not classify every bare 429 as rate limiting.

An unrelated error such as “context length is 429 tokens” is claimed here before the context-overflow branch. Anchor this to rate-limit wording or provider/HTTP status envelopes such as api error (429 and too many requests.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/web_chat/web_errors.rs` around lines 668 - 696, Update the
rate-limit condition in the error classification branch so a bare “429”
substring is not sufficient; require explicit rate-limit wording or recognized
provider/HTTP status envelope patterns such as “api error (429” or “too many
requests”. Keep context-overflow detection and existing rate-limit handling
unchanged for genuinely matching errors.

@senamakel
senamakel merged commit cc51f99 into tinyhumansai:main Jul 18, 2026
23 of 31 checks passed
@github-project-automation github-project-automation Bot moved this from Todo to Done in Team Openhuman Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug rust-core Core Rust runtime in src/: CLI, core_server, shared infrastructure.

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

Gates-off build red on main: 2 ungated voice asserts + smoke lane runs no tests

2 participants