fix: harden workspace routing and local-first gates#2445
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR adds contextual core readiness diagnostics; registers Lark/Feishu as a managed Composio toolkit with aliases and docs; skips billing fetches when chat workloads route locally; implements a desktop OAuth callback (GET /auth); makes memory client and persistence rebinding workspace-aware; and records vault host OS with compatibility filtering. ChangesCore Process Diagnostics
Larksuite Toolkit Integration
Billing Fetch Bypass When Routed Away
Desktop Authentication Callback Flow
Memory Client Rebinding for Workspace Switching
Vault Host OS Tracking for Multi-Device
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/openhuman/memory/conversations/bus.rs (1)
102-151:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftPersist against the event’s workspace, not the current global binding.
Looking up
workspace_dirat handle time means an in-flight event from workspace A can be written into workspace B after a login/account switch. A single channel turn can therefore be split across workspaces, and late events from the previous user can leak into the new user’s thread. The persistence target needs to travel with the event/user context instead of being read from mutable process-global state here.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/openhuman/memory/conversations/bus.rs` around lines 102 - 151, The code currently calls self.workspace_dir_snapshot() inside the DomainEvent handlers (e.g., in the ChannelMessageProcessed and the preceding channel-receive arm) which allows races where an event is persisted into whatever the current global workspace is; instead modify the DomainEvent variants to carry the originating workspace identifier/path (add a workspace_dir or workspace_id field to the relevant variants) and update the producer sites to populate that field, then in the handlers use that event.workspace_dir directly when calling persist_channel_turn (replace uses of self.workspace_dir_snapshot() in the ChannelMessageProcessed and corresponding inbound message arm with the workspace value from the event and pass it into persist_channel_turn so persistence always targets the event's originating workspace).
🧹 Nitpick comments (4)
src/openhuman/composio/providers/mod.rs (1)
358-373: ⚡ Quick winConsider also asserting
curated_tools/tool_executionon the larksuite row.Locking these flags down (whichever value reflects intent) prevents a future catalog wiring change from silently flipping
tool_executionwithout a test signal. See the related comment on Line 74 about the missingcatalog_for_toolkitarm.♻️ Suggested additional assertions
assert!(!larksuite.memory_ingest); + // Pin the catalog wiring intent explicitly so a future + // `catalog_for_toolkit` change is a deliberate test update. + assert!(!larksuite.curated_tools); + assert!(!larksuite.tool_execution); + assert_eq!(larksuite.curated_tool_count, 0); assert!(larksuite.description.contains("Lark")); assert!(larksuite.description.contains("Feishu"));Also applies to: 390-390
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/openhuman/composio/providers/mod.rs` around lines 358 - 373, The larksuite test (capability_matrix_includes_larksuite_as_catalog_only_chinese_workspace_toolkit) currently omits assertions for curated_tools and tool_execution; update the test to explicitly assert larksuite.curated_tools and larksuite.tool_execution to the intended boolean values (so future catalog wiring changes will fail the test if these flags flip), and apply the same explicit assertions to the other similar test referenced around the second occurrence (the one near line 390); locate these in the test by the capability_matrix() call and the larksuite variable binding to add the new assert! lines.app/src/hooks/useUsageState.test.ts (1)
493-511: ⚡ Quick winAdd a mixed-routing fetch case here.
This pins the
ALL_WORKLOADSshort-circuit, but the hook also usesCHAT_WORKLOADSfor banner suppression. A companion test where chat routes away whilememoryorembeddingsstay onopenhumanwould lock in that billing fetches are still expected in that mixed state.🧪 Suggested companion test
+ it('still fetches billing when a background workload remains on OpenHuman', async () => { + const { useUsageState } = await import('./useUsageState'); + + mockLoadAISettings.mockResolvedValue({ + ...ALL_LOCAL_AI_SETTINGS, + routing: { + ...ALL_LOCAL_AI_SETTINGS.routing, + memory: { kind: 'openhuman' }, + }, + }); + mockGetCurrentPlan.mockResolvedValue(freePlan()); + mockGetTeamUsage.mockResolvedValue(buildUsage()); + + const { result } = renderHook(() => useUsageState()); + + await waitFor(() => { + expect(result.current.isLoading).toBe(false); + }); + + expect(result.current.isFullyRoutedAway).toBe(true); + expect(mockGetCurrentPlan).toHaveBeenCalledTimes(1); + expect(mockGetTeamUsage).toHaveBeenCalledTimes(1); + });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@app/src/hooks/useUsageState.test.ts` around lines 493 - 511, Add a new test alongside the existing one for useUsageState that covers the mixed-routing case: import useUsageState and set mockLoadAISettings to return AI settings where CHAT_WORKLOADS are routed away but OTHER workloads (e.g., memory and embeddings) remain on OpenHuman (do not use the ALL_WORKLOADS short-circuit); then assert that the hook still fetches billing by expecting mockGetCurrentPlan and mockGetTeamUsage to have been called and that result.current.isFullyRoutedAway is false (and that currentPlan/teamUsage reflect fetched values or are not null as appropriate). Use the same mock functions (mockLoadAISettings, mockGetCurrentPlan, mockGetTeamUsage) and the useUsageState symbol to locate where to add this companion test.src/openhuman/vault/store.rs (2)
51-51: ⚡ Quick winMigration runs on every
with_connectioncall.
ensure_host_os_columnruns thePRAGMA table_info(vaults)query and column scan for every vault operation (list, get, insert, upsert, delete, touch, etc.) for the lifetime of the process. The work is idempotent and individually cheap, but it is unnecessary after the first run.Consider gating it behind a process-level
OnceLock<()>(or running it eagerly at startup) so the schema check happens once per DB rather than per RPC.♻️ Sketch of a one-shot guard
+use std::sync::OnceLock; + +static HOST_OS_MIGRATED: OnceLock<()> = OnceLock::new(); + pub(crate) fn with_connection<T>( config: &Config, f: impl FnOnce(&Connection) -> Result<T>, ) -> Result<T> { ... - ensure_host_os_column(&conn).context("Failed to migrate vault schema")?; + if HOST_OS_MIGRATED.get().is_none() { + ensure_host_os_column(&conn).context("Failed to migrate vault schema")?; + let _ = HOST_OS_MIGRATED.set(()); + } f(&conn) }Note: if the workspace_dir can change at runtime (e.g. after the workspace rebind introduced elsewhere in this PR), key the guard on the resolved DB path instead of using a unit
OnceLock.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/openhuman/vault/store.rs` at line 51, ensure_host_os_column is being invoked on every with_connection call causing redundant PRAGMA checks; change this so the migration runs only once per database by gating ensure_host_os_column behind a process-level one-shot guard (e.g., a static OnceLock<()> or a keyed guard keyed by the resolved DB path if workspace_dir can change at runtime). Move the ensure_host_os_column invocation out of the hot path inside with_connection and run it once before the first operation against a given DB (or eagerly at startup), using the chosen OnceLock/guard to skip subsequent calls; reference ensure_host_os_column and with_connection when making the change and ensure the guard uses the resolved DB path if workspace rebinds are possible.
315-327: 💤 Low valueMinor: POSIX
//pathwould be classified as a Windows UNC and hidden on Linux/macOS.
looks_like_windows_unc_pathmatches any path whose first two bytes are the same slash (//fooor\\foo), andlooks_like_unix_absolute_pathexplicitly excludes UNC-shaped inputs. A Linux/macOS vault whoseroot_pathhappens to start with//(rare but POSIX-legal) will therefore be reported as cross-host and silently hidden.If you want to preserve that case, restrict the UNC heuristic to backslash form (Windows-specific) and let
//…fall through as Unix-absolute:♻️ Suggested tweak
fn looks_like_windows_unc_path(path: &str) -> bool { let bytes = path.as_bytes(); bytes.len() >= 3 - && matches!(bytes[0], b'\\' | b'/') - && bytes[1] == bytes[0] + && bytes[0] == b'\\' + && bytes[1] == b'\\' && !matches!(bytes[2], b'\\' | b'/') }Otherwise, this is a known limitation worth a
///doc comment so future readers don't reintroduce the case.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/openhuman/vault/store.rs` around lines 315 - 327, The UNC detection currently treats any path starting with two identical slashes as Windows UNC which misclassifies POSIX paths like "//foo"; change looks_like_windows_unc_path to only detect backslash form (require bytes[0] == b'\\' && bytes[1] == b'\\' and bytes.len() >= 3 and bytes[2] != b'\\' && bytes[2] != b'/'), and update looks_like_unix_absolute_path to allow paths starting with "//" (i.e., do not exclude UNC-shaped inputs when they begin with forward slashes), and optionally add a short doc comment above both functions documenting the heuristic and limitation so future readers don't reintroduce the issue.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@app/src/hooks/useUsageState.ts`:
- Around line 61-75: The routing gate that checks workloadsRoutedAway is
currently executed after the TTL cache is consulted, causing stale billing state
when the cache is warm; update useUsageState to evaluate
workloadsRoutedAway(ALl_WORKLOADS) using fresh aiSettings (from loadAISettings
or a forced fetch) before returning any cached result from _cache or
short-circuiting, i.e., move the routing check ahead of the cache-read logic
(refer to aiSettings, loadAISettings, _cache, USAGE_UNAVAILABLE,
workloadsRoutedAway, ALL_WORKLOADS and refresh) so switching routing to
local/cloud immediately returns the routed-away path instead of waiting for the
TTL to expire.
In `@src/openhuman/memory/global.rs`:
- Around line 64-89: The current init path can leave a stale GlobalMemoryClient
in slot if MemoryClient::from_workspace_dir(...) fails; update the function that
calls MemoryClient::from_workspace_dir to grab the write lock (slot.write()),
clear the existing binding (set guard to None or otherwise invalidate the old
GlobalMemoryClient) before returning the error from
MemoryClient::from_workspace_dir, so that on failure subsequent client() or
store_session() cannot continue using the previous workspace; reference the
existing symbols MemoryClient::from_workspace_dir, slot, guard,
GlobalMemoryClient, client(), and store_session() when making this change.
---
Outside diff comments:
In `@src/openhuman/memory/conversations/bus.rs`:
- Around line 102-151: The code currently calls self.workspace_dir_snapshot()
inside the DomainEvent handlers (e.g., in the ChannelMessageProcessed and the
preceding channel-receive arm) which allows races where an event is persisted
into whatever the current global workspace is; instead modify the DomainEvent
variants to carry the originating workspace identifier/path (add a workspace_dir
or workspace_id field to the relevant variants) and update the producer sites to
populate that field, then in the handlers use that event.workspace_dir directly
when calling persist_channel_turn (replace uses of self.workspace_dir_snapshot()
in the ChannelMessageProcessed and corresponding inbound message arm with the
workspace value from the event and pass it into persist_channel_turn so
persistence always targets the event's originating workspace).
---
Nitpick comments:
In `@app/src/hooks/useUsageState.test.ts`:
- Around line 493-511: Add a new test alongside the existing one for
useUsageState that covers the mixed-routing case: import useUsageState and set
mockLoadAISettings to return AI settings where CHAT_WORKLOADS are routed away
but OTHER workloads (e.g., memory and embeddings) remain on OpenHuman (do not
use the ALL_WORKLOADS short-circuit); then assert that the hook still fetches
billing by expecting mockGetCurrentPlan and mockGetTeamUsage to have been called
and that result.current.isFullyRoutedAway is false (and that
currentPlan/teamUsage reflect fetched values or are not null as appropriate).
Use the same mock functions (mockLoadAISettings, mockGetCurrentPlan,
mockGetTeamUsage) and the useUsageState symbol to locate where to add this
companion test.
In `@src/openhuman/composio/providers/mod.rs`:
- Around line 358-373: The larksuite test
(capability_matrix_includes_larksuite_as_catalog_only_chinese_workspace_toolkit)
currently omits assertions for curated_tools and tool_execution; update the test
to explicitly assert larksuite.curated_tools and larksuite.tool_execution to the
intended boolean values (so future catalog wiring changes will fail the test if
these flags flip), and apply the same explicit assertions to the other similar
test referenced around the second occurrence (the one near line 390); locate
these in the test by the capability_matrix() call and the larksuite variable
binding to add the new assert! lines.
In `@src/openhuman/vault/store.rs`:
- Line 51: ensure_host_os_column is being invoked on every with_connection call
causing redundant PRAGMA checks; change this so the migration runs only once per
database by gating ensure_host_os_column behind a process-level one-shot guard
(e.g., a static OnceLock<()> or a keyed guard keyed by the resolved DB path if
workspace_dir can change at runtime). Move the ensure_host_os_column invocation
out of the hot path inside with_connection and run it once before the first
operation against a given DB (or eagerly at startup), using the chosen
OnceLock/guard to skip subsequent calls; reference ensure_host_os_column and
with_connection when making the change and ensure the guard uses the resolved DB
path if workspace rebinds are possible.
- Around line 315-327: The UNC detection currently treats any path starting with
two identical slashes as Windows UNC which misclassifies POSIX paths like
"//foo"; change looks_like_windows_unc_path to only detect backslash form
(require bytes[0] == b'\\' && bytes[1] == b'\\' and bytes.len() >= 3 and
bytes[2] != b'\\' && bytes[2] != b'/'), and update looks_like_unix_absolute_path
to allow paths starting with "//" (i.e., do not exclude UNC-shaped inputs when
they begin with forward slashes), and optionally add a short doc comment above
both functions documenting the heuristic and limitation so future readers don't
reintroduce the issue.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 6b79ff4d-4431-479c-909b-ee08a53db61e
📒 Files selected for processing (20)
app/src-tauri/src/core_process.rsapp/src-tauri/src/core_process_tests.rsapp/src/components/composio/toolkitMeta.test.tsxapp/src/components/composio/toolkitMeta.tsxapp/src/hooks/useUsageState.test.tsapp/src/hooks/useUsageState.tsapp/src/lib/composio/toolkitSlug.tsapp/src/utils/tauriCommands/vault.tsgitbooks/features/native-tools/integrations.mdsrc/core/auth.rssrc/core/jsonrpc.rssrc/openhuman/composio/providers/descriptions.rssrc/openhuman/composio/providers/mod.rssrc/openhuman/credentials/ops.rssrc/openhuman/memory/conversations/bus.rssrc/openhuman/memory/global.rssrc/openhuman/vault/ops.rssrc/openhuman/vault/store.rssrc/openhuman/vault/tests.rssrc/openhuman/vault/types.rs
coderabbitai
Bot
added
the
rust-core
…nd test coverage - Gate ensure_host_os_column behind a per-DB-path OnceLock so the PRAGMA check runs once per database instead of every with_connection - Restrict UNC path detection to backslash-only (\\) so POSIX //foo paths are no longer misclassified as Windows UNC - Pin curated_tools, tool_execution, curated_tool_count assertions on the larksuite capability matrix test - Add mixed-routing billing test: chat routed locally while memory stays on OpenHuman still fetches billing
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/openhuman/vault/store.rs (1)
316-340:⚠️ Potential issue | 🟠 Major | ⚡ Quick winDon’t classify
//...as a Windows UNC path.Lines 328-334 currently treat both
\\server\shareand//server/shareas UNC. That makeslooks_like_unix_absolute_path("//server/share")return false, so valid Unix-style absolute paths with a double-slash prefix get hidden on macOS/Linux. The PR intent here was to make UNC detection backslash-only; the new assertions insrc/openhuman/vault/tests.rsare currently enforcing the opposite behavior.Suggested fix
fn looks_like_windows_unc_path(path: &str) -> bool { let bytes = path.as_bytes(); bytes.len() >= 3 - && matches!(bytes[0], b'\\' | b'/') - && bytes[1] == bytes[0] + && bytes[0] == b'\\' + && bytes[1] == b'\\' && !matches!(bytes[2], b'\\' | b'/') }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/openhuman/vault/store.rs` around lines 316 - 340, The UNC detection currently treats both backslash and forward-slash prefixes as UNC, hiding valid Unix paths like "//server/share"; update looks_like_windows_unc_path so it only recognizes backslash-style UNC paths (i.e., require bytes[0] == b'\\' and bytes[1] == b'\\' and ensure bytes[2] is not a separator) so that looks_like_unix_absolute_path("//...") will return true; leave looks_like_windows_drive_path, looks_like_windows_absolute_path, and the unix check logic unchanged other than relying on the corrected looks_like_windows_unc_path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/openhuman/vault/store.rs`:
- Around line 57-64: The contains-and-insert must be done under a single Mutex
lock to prevent concurrent migrations; change the code around MIGRATED_VAULT_DBS
so you acquire migrated.lock() once, check whether the HashSet contains db_path,
and if not call ensure_host_os_column(&conn) while still holding that lock, then
insert db_path into the set (so both check and insert happen atomically); use
the existing symbols MIGRATED_VAULT_DBS, migrated, ensure_host_os_column,
db_path and conn to locate and update the logic.
---
Outside diff comments:
In `@src/openhuman/vault/store.rs`:
- Around line 316-340: The UNC detection currently treats both backslash and
forward-slash prefixes as UNC, hiding valid Unix paths like "//server/share";
update looks_like_windows_unc_path so it only recognizes backslash-style UNC
paths (i.e., require bytes[0] == b'\\' and bytes[1] == b'\\' and ensure bytes[2]
is not a separator) so that looks_like_unix_absolute_path("//...") will return
true; leave looks_like_windows_drive_path, looks_like_windows_absolute_path, and
the unix check logic unchanged other than relying on the corrected
looks_like_windows_unc_path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 88ff8df7-8ffb-45f1-ab85-d4a47d4faf6f
📒 Files selected for processing (4)
app/src/hooks/useUsageState.test.tssrc/openhuman/composio/providers/mod.rssrc/openhuman/vault/store.rssrc/openhuman/vault/tests.rs
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
|
@graycyrus @senamakel This PR is ready for human review/merge. Latest effective checks are green, CodeRabbit approved/no actionable comments, and the cancelled entries visible in the rollup are superseded runs from earlier pushes. |
|
@YOMXXX this PR has merge conflicts with main — please rebase/resolve before review. |
…h-2437-host-local-settings # Conflicts: # app/src/components/composio/toolkitMeta.test.tsx
…h-2437-host-local-settings
|
Synced latest Local validation before push:
CI has restarted on the new head. |
|
Follow-up CI fix pushed in Root cause from the failed Rust Core Tests job was not a Rust assertion failure: the lib unit test Change made:
Local validation:
|
|
@M3gA-Mind @graycyrus @senamakel Ready for review again. Latest state on
|
|
@M3gA-Mind @graycyrus @senamakel Ready for review again. Latest state after syncing
|
|
@M3gA-Mind @graycyrus @senamakel Ready for review again. Latest state after syncing current
|
2 participants
Summary
host_osstamping and hide cross-host absolute paths from list/get/files surfaces./authcallback fallback for browser login flows and richer core startup timeout diagnostics.larksuite) catalog/capability metadata.Problem
/authwithout bearer auth and were rejected before they could store the session.Solution
host_osto vault persistence, migrate existing DBs, stamp new vaults, and filter both explicit host mismatches and legacy cross-platform path shapes./authfrom bearer middleware and handle one-time login tokens or directkey=authJWT callbacks with escaped success/error HTML.larksuitealiasing, UI metadata, provider capability description, and docs that separate live channel support from future native historical backfill.Submission Checklist
pnpm test:coverageand proxy-clearedpnpm test:rustcompleted; CIdiff-coverremains the source of truth for the merged Vitest + cargo-llvm-cov gate.## Related— N/A: no matrix feature IDs were added/renamed.docs/RELEASE-MANUAL-SMOKE.md) — N/A: no release-cut smoke flow changed; behavior is covered by unit/Rust tests and docs.Closes #NNNin the## RelatedsectionImpact
/authcan complete login fallback flows without a bearer token because the callback token is the credential.--no-verifyonly because the local checkout is missing the vendored Tauri CEF dependency used bypnpm rust:check; the exact blocker is listed below.Related
AI Authored PR Metadata (required for Codex/Linear PRs)
Linear Issue
Commit & Branch
codex/gh-2437-host-local-settingsb02300998de31bf68219270630df7436ec290b52Validation Run
node scripts/codex-pr-preflight.mjs --lightweight— passed after renaming branch to checklist format.pnpm --filter openhuman-app format:check— passed; Node engine warning only (wanted >=24.0.0, localv22.14.0).pnpm typecheck— passed.pnpm lint— passed with 0 errors / 48 existing warnings.pnpm --dir app exec vitest run src/hooks/useUsageState.test.ts src/components/composio/toolkitMeta.test.tsx --config test/vitest.config.ts— 2 files, 16 tests passed.pnpm --dir app exec vitest run src/hooks/useUsageState.test.ts --config test/vitest.config.ts— 13 tests passed.GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml vault::tests:: --lib— 22 passed, including forward-slash UNC compatibility.GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml openhuman::memory::global::tests:: --lib— 6 passed.GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml openhuman::memory::conversations::bus::tests:: --lib— 4 passed.GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml public_paths_include_desktop_auth_callback --lib— passed.GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml openhuman::composio::providers::tests:: --lib— 13 passed.HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy= NO_PROXY=127.0.0.1,localhost GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml openhuman::inference::provider::ops::tests:: --lib -- --nocapture— 23 passed; OpenRouter model-list tests now avoid process-globalOPENHUMAN_WORKSPACE.pnpm test:coverage— passed; 315 test files passed / 1 skipped, 3060 tests passed / 3 skipped.cargo fmt --manifest-path Cargo.toml --all --check— passed.GGML_NATIVE=OFF cargo check --manifest-path Cargo.toml— passed with existing warnings.HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy= NO_PROXY=127.0.0.1,localhost GGML_NATIVE=OFF pnpm test:rust— passed after clearing the macOS system proxy from local-refusal tests.cargo fmt --manifest-path app/src-tauri/Cargo.toml --all --check— passed.git diff --check— passed.Validation Blocked
command:cargo test --manifest-path app/src-tauri/Cargo.toml core_not_ready_error_includes_startup_diagnosticserror:failed to read app/src-tauri/vendor/tauri-cef/crates/tauri/Cargo.toml: No such file or directory (os error 2)impact:Tauri shell compile/test and the pre-pushpnpm rust:checkcannot run in this checkout until the vendored Tauri CEF dependency is present; root Rust and app validations passed. The branch was pushed with--no-verifyfor this environment blocker only.Behavior Changes
/authcan complete fallback desktop login callbacks; all-workload local/custom AI routing skips OpenHuman billing/usage fetches; Lark / Feishu appears in Composio metadata.Parity Contract
/authis public only for callback token handling;vault_filesnow uses the same filtered lookup asvault_get; conversation persistence keeps one subscriber and updates its shared workspace binding.Duplicate / Superseded PR Handling
YOMXXX:codex/gh-2437-host-local-settings.Summary by CodeRabbit
New Features
Improvements
Documentation