feat(tools): coding-harness baseline primitives (#1205)

[senamakel]

Summary

• Adds 9 first-class coding-harness tools (grep, glob, list, edit, apply_patch, todowrite, plan_exit, web_fetch, lsp) so coding-oriented agents stop falling through to shell for file navigation and editing.
• Adds docs/CODING_HARNESS.md mapping the canonical surface (existing tools + new ones) with a permission table and notes on plan/build modes.
• Existing tools (file_read, file_write, shell, web_search, ask_clarification, spawn_subagent) already cover read/write/bash/websearch/question/task — this PR adds only the genuinely missing primitives instead of duplicating those.

Problem

OpenHuman's tool surface for coding-oriented agents was uneven:

• File and code navigation primitives (grep, glob, list) didn't exist as first-class tools — agents had to use shell with platform-specific commands.
• Precise editing (edit, apply_patch) was missing — file_write is whole-file overwrite, which is wasteful for small changes and dangerous for large files.
• Lightweight todo tracking (todowrite) and a plan→build hand-off marker (plan_exit) didn't exist.
• A simple URL-fetch primitive (web_fetch) sat between web_search (search) and http_request (full HTTP), but wasn't exposed.
• LSP-style code intelligence had no agent-facing surface or capability gate.

This is the baseline cut from issue #1205 (path A in scoping discussion): land the primitives + the mapping doc, defer plan/build mode runners, child-session task identity, real LSP backend, and richer permissions to follow-ups (explicitly listed at the bottom of docs/CODING_HARNESS.md).

Solution

New tools live under src/openhuman/tools/impl/{filesystem,agent,network,system}/ following the existing Tool trait pattern. Each shares the project's path-sandboxing, rate-limiting, and PermissionLevel machinery from SecurityPolicy. Registered in all_tools (the canonical agent registry); default_tools keeps its minimal subset.

Highlights:

• grep / glob use walkdir and skip .git, node_modules, target, .next, dist, build, .cache. Output is capped (max_matches / max_results) with explicit truncation markers.
• edit requires old_string to be unique by default — replace_all opts into bulk replace. Same symlink + size guards as file_write.
• apply_patch is atomic: every edit is validated up front (paths, exact-match, uniqueness) before any file is written. Validation failure leaves the workspace untouched. Multiple edits to the same file chain through an in-memory buffer, so a sequence like {old:"one"→"ONE"}, {old:"two"→"TWO"} works as expected.
• todowrite is a process-global Arc<TodoStore> (one shared registry per core). Per-session scoping deferred until task carries a stable session id.
• plan_exit emits a stable [plan_exit] marker plus the plan text. The plan→build mode runner that consumes the marker is follow-up work; today the marker is just stable enough to write prompts against.
• web_fetch reuses the same allowed_domains gate as http_request. Body is capped + truncated on UTF-8 char boundaries.
• lsp is capability-gated by OPENHUMAN_LSP_ENABLED. When the gate is off the tool isn't registered (so agents don't see a method that always errors). When on, the tool returns a clear not yet implemented error — schema is stable so callers can feature-detect.

Adds walkdir = \"2\" and glob = \"0.3\" as direct deps (both already transitive in Cargo.lock).

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) — 43 new unit tests across the new tools (path traversal, atomic rollback, ambiguous-match rejection, capability-gate parsing, …)
• Diff coverage ≥ 80% — coverage workflow will report on the PR; new code is heavily tested but I have not run diff-cover locally. If the gate fails, will add tests.
• Coverage matrix updated — N/A: tool catalog is documented in docs/CODING_HARNESS.md; the matrix tracks user-visible product features, not internal agent tools
• All affected feature IDs from the matrix are listed in the PR description — N/A: no matrix rows touched
• No new external network dependencies introduced — walkdir + glob are both pure-Rust crates already transitively present
• Manual smoke checklist updated if this touches release-cut surfaces — N/A: agent-facing tool catalog, no UI surface
• Linked issue closed via Closes #NNN in the ## Related section

Impact

• Runtime: desktop core only. New tools register in all_tools so existing agent loops pick them up automatically; no wiring change in the Tauri shell.
• Security: every new tool sits behind the existing SecurityPolicy (workspace path sandbox, symlink-escape blocks, rate limit, autonomy gate). apply_patch runs all path/permission checks before the first write.
• Backwards-compat: pure additions. No tool was renamed, no schema was migrated.
• CI: branch was pushed with --no-verify because the local pre-push hook failed on pre-existing app/ ESLint warnings (React setState-in-effect lints in mascot / commands code) plus a Tailwind class lint check — none of which this PR touches. Per CLAUDE.md (When the user asks you to push or open a PR, resolve blockers and push — don't prompt for permission. If a pre-push hook fails on something unrelated to your changes ... push with --no-verify and call it out in the PR body.)

Related

• Closes Add coding-harness baseline tools and control flows #1205
• Follow-up PR(s)/TODOs:
  • Plan-mode and build-mode runners that consume the [plan_exit] marker
  • Child-session-backed task execution with stable session ids
  • Real LSP backend behind the lsp tool (server spawn, JSON-RPC bridge, definition/references/hover/completion)
  • Richer permission model (per-tool channel allowlists, per-call approval policies)
  • Controller-registry exposure of agent-only tools to JSON-RPC where the Tauri shell needs them

Summary by CodeRabbit

• New Features

  • File search (regex + glob), directory listing, single-file and multi-file editing, and atomic batch patching
  • Todo list management with statuses and a plan→execution marker
  • HTTP GET web fetching (with domain/timeout controls)
  • LSP/code-intelligence stub gated behind a capability flag

• Documentation

  • Canonical coding-harness tool reference and added "Narrative architecture" link

• Chores

  • Added two new build dependencies for filesystem scanning

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2e276878-00da-4169-8523-391bd682a745

📥 Commits

Reviewing files that changed from the base of the PR and between 38025e0 and 56c8cca.

📒 Files selected for processing (10)

• docs/CODING_HARNESS.md
• src/openhuman/tools/impl/agent/mod.rs
• src/openhuman/tools/impl/agent/todo_write.rs
• src/openhuman/tools/impl/filesystem/apply_patch.rs
• src/openhuman/tools/impl/filesystem/edit_file.rs
• src/openhuman/tools/impl/filesystem/grep.rs
• src/openhuman/tools/impl/filesystem/list_files.rs
• src/openhuman/tools/impl/network/web_fetch.rs
• src/openhuman/tools/impl/system/lsp.rs
• src/openhuman/tools/ops.rs

✅ Files skipped from review due to trivial changes (1)

• docs/CODING_HARNESS.md

🚧 Files skipped from review as they are similar to previous changes (8)

• src/openhuman/tools/impl/network/web_fetch.rs
• src/openhuman/tools/impl/agent/todo_write.rs
• src/openhuman/tools/impl/filesystem/grep.rs
• src/openhuman/tools/impl/system/lsp.rs
• src/openhuman/tools/ops.rs
• src/openhuman/tools/impl/filesystem/edit_file.rs
• src/openhuman/tools/impl/filesystem/apply_patch.rs
• src/openhuman/tools/impl/filesystem/list_files.rs

---

📝 Walkthrough

Walkthrough

Adds a coding-harness surface: new filesystem navigation/editing tools (grep, glob, list, edit, apply_patch), web fetch, agent control-flow primitives (plan_exit, todowrite), an optional LSP stub behind an env gate, wiring/exports, tests, docs, and two new Cargo dependencies.

Changes

Coding-harness tool additions

Layer / File(s)	Summary
Data Shape / Types src/openhuman/tools/impl/agent/todo_write.rs, src/openhuman/tools/impl/agent/plan_exit.rs	New types: TodoStatus, TodoItem, TodoStore, PLAN_EXIT_MARKER.
Core Implementation (tools) src/openhuman/tools/impl/filesystem/{edit_file.rs,apply_patch.rs,glob_search.rs,grep.rs,list_files.rs}, src/openhuman/tools/impl/network/web_fetch.rs, src/openhuman/tools/impl/system/lsp.rs, src/openhuman/tools/impl/agent/{todo_write.rs,plan_exit.rs}	New Tool implementations: EditFileTool, ApplyPatchTool, GlobTool, GrepTool, ListFilesTool, WebFetchTool, LspTool (stub), TodoWriteTool, PlanExitTool. Each defines parameter schemas, permission levels, execute logic, and unit tests.
Security / Runtime Checks src/openhuman/tools/impl/filesystem/*, src/openhuman/tools/impl/network/web_fetch.rs, src/openhuman/tools/impl/system/lsp.rs	Tools integrate SecurityPolicy checks (autonomy, rate limiting, action recording), workspace path canonicalization, file size limits, UTF‑8-safe truncation/rewrites, and domain allowlisting for web fetch.
Module Wiring & Re-exports src/openhuman/tools/impl/filesystem/mod.rs, src/openhuman/tools/impl/agent/mod.rs, src/openhuman/tools/impl/network/mod.rs, src/openhuman/tools/impl/system/mod.rs	New mod entries and pub use re-exports for the added tools and symbols (ApplyPatchTool, EditFileTool, GlobTool, GrepTool, ListFilesTool, PlanExitTool, TodoWriteTool, WebFetchTool, LspTool, PLAN_EXIT_MARKER, global_todo_store, etc.).
Tool Registry Integration src/openhuman/tools/ops.rs	Instantiates and registers the new tools in the default tool registry; LspTool registered only when lsp_capability_enabled() is true.
Dependencies & Build Cargo.toml	Added crates: walkdir = "2" and glob = "0.3".
Documentation docs/CODING_HARNESS.md, CLAUDE.md	Added docs/CODING_HARNESS.md documenting the tool surface and updated CLAUDE.md with a “Narrative architecture” link to the docs.
Tests src/openhuman/tools/impl/{agent,filesystem,network,system}/*.rs	Unit and async tests added for each new tool covering success cases, validation errors, security gating, truncation, path traversal blocking, and capability gating.

Sequence Diagram(s)

sequenceDiagram
    actor Agent
    participant Edit as EditFileTool
    participant Sec as SecurityPolicy
    participant FS as WorkspaceFS

    Agent->>Edit: execute({path, old_string, new_string, replace_all})
    rect rgba(100, 150, 200, 0.5)
    Edit->>Sec: can_act(), is_rate_limited(), record_action()
    Sec-->>Edit: OK
    end
    rect rgba(150, 100, 200, 0.5)
    Edit->>FS: canonicalize(path), check symlink, read file
    FS-->>Edit: file contents (UTF‑8)
    end
    rect rgba(100, 200, 150, 0.5)
    Edit->>Edit: count occurrences, validate (0 => error, >1 && !replace_all => error)
    Edit->>FS: write updated contents
    FS-->>Edit: write result
    end
    Edit-->>Agent: ToolResult::success / ToolResult::error

Loading

sequenceDiagram
    actor Agent
    participant Plan as PlanExitTool
    participant Todo as TodoWriteTool
    participant Store as TodoStore

    Agent->>Plan: execute({plan})
    Plan->>Plan: trim & validate plan
    Plan-->>Agent: ToolResult::success("[plan_exit]\n{plan}")

    Agent->>Todo: execute({todos: [...]})
    Todo->>Todo: validate items (non-empty, ≤1 in_progress)
    Todo->>Store: replace(items)
    Store-->>Todo: OK
    Todo-->>Agent: ToolResult::success(rendered list)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• tinyhumansai/openhuman#522: also modifies src/openhuman/tools/impl/agent/mod.rs to add and re-export agent tools.
• tinyhumansai/openhuman#149: modifies src/openhuman/tools/ops.rs tool registry changes, related to registry wiring here.
• tinyhumansai/openhuman#500: modifies tool implementation surface and module wiring, related to added tool submodules and exports.

Poem

🐰 I hopped through code and left a trail,

New tools to search, to patch, to hail.
A plan is marked, a todo kept,
Edits applied and tests all prepped.
The harness grows — a busy hare's tale.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 43.70% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat(tools): coding-harness baseline primitives (#1205)' directly describes the main change—adding baseline coding-harness tools as specified in issue #1205.
Linked Issues check	✅ Passed	The PR implements the core acceptance criteria from #1205: first-class tools for grep, glob, list, edit, apply_patch, todowrite, plan_exit, web_fetch, lsp with capability gating; documentation via CODING_HARNESS.md; and comprehensive unit tests.
Out of Scope Changes check	✅ Passed	All changes directly support #1205 objectives: nine baseline tools, docs, test coverage, and dependencies (walkdir, glob) needed for file navigation and pattern matching.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

🧹 Nitpick comments (2)

src/openhuman/tools/impl/filesystem/apply_patch.rs (1)

69-231: ⚡ Quick win

Add grep-friendly tracing around validation and writes.

This new write path has security gates, many failure branches, and filesystem I/O, but it currently emits no stable diagnostics. A few debug/trace logs for entry, rejection reasons, and per-file write completion would make production failures much easier to root-cause without exposing file contents.

As per coding guidelines, src/**/*.rs: Use log / tracing at debug / trace levels for Rust code diagnostics with stable grep-friendly prefixes ([domain], [rpc], [ui-flow]) and redact secrets/PII.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/impl/filesystem/apply_patch.rs` around lines 69 - 231,
Add grep-friendly debug/trace logs in execute to make validation and writes
observable: log entry into execute, each validation rejection branch (e.g., path
not allowed, rate limit, missing/empty fields, old_string not found, file too
large, symlink reject, resolve/read/write failures) using stable prefixes like
"[rpc]" or "[ui-flow]" and redact file contents; log per-file successful write
completions and the final summary. Place these logs near the relevant
symbols/blocks: at the start of async fn execute(&self,...), inside the parsed
loop where ParsedEdit is constructed and checks (old_string empty,
is_path_allowed), in the path resolution/metadata block before inserting
FileBuffer, when counting matches on buf.contents and before returning errors,
and after tokio::fs::write for each FileBuffer; use log::debug or tracing::trace
consistently and include identifying context (edit.index, edit.path, count) but
never print file contents or secrets.

src/openhuman/tools/impl/filesystem/edit_file.rs (1)

59-162: 💤 Low value

Consider adding diagnostic logging for the edit operation.

The execute() method performs security checks, file operations, and validation without any logging. Per coding guidelines, new flows should include debug/trace level logging with grep-friendly prefixes for diagnostics.

📝 Example logging additions

+use tracing::{debug, trace};

 // At start of execute():
+debug!("[edit] path={path} replace_all={replace_all}");

 // After successful write:
+debug!("[edit] completed: {path}, {count} replacement(s)");

 // On validation failures:
+trace!("[edit] rejected: old_string not found in {path}");

Based on learnings: "Log entry/exit, branches, external calls, retries/timeouts, state transitions, and errors with default verbose diagnostics on new/changed flows"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/impl/filesystem/edit_file.rs` around lines 59 - 162, Add
grep-friendly debug/trace logging to the execute() flow: log entry/exit for
execute(), key branch outcomes (security.can_act, is_rate_limited,
is_path_allowed, is_resolved_path_allowed, record_action), filesystem
calls/results (resolved path from tokio::fs::canonicalize, symlink check via
tokio::fs::symlink_metadata, read_to_string contents length, replacement count
and whether replace_all was used), and errors returned when
canonicalize/read_to_string/write fail; use the existing logger (or introduce
one if missing) and include the path/resolved.display(), count, and error
messages in logs while keeping error messages returned via ToolResult unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/CODING_HARNESS.md`:
- Around line 36-38: The sentence containing "issue `#1205`" is being rendered as
a heading; update the line in CODING_HARNESS.md that reads "Names in parentheses
are the canonical coding-harness names from issue `#1205`." to prevent Markdown
treating the hash as a heading — either escape the hash as "\#1205" or reflow
the sentence so "issue `#1205`" stays on the previous line (or wrap the reference
in backticks) so it renders as plain text; make the change where the sentence
"Names in parentheses are the canonical coding-harness names..." appears.

In `@src/openhuman/tools/impl/filesystem/apply_patch.rs`:
- Around line 142-160: The code currently calls tokio::fs::canonicalize(&full)
before checking for symlinks, which loses the symlink bit; call
tokio::fs::symlink_metadata(&full).await first and if
meta.file_type().is_symlink() return ToolResult::error for edit.index/edit.path,
then proceed to tokio::fs::canonicalize(&full).await and the existing
self.security.is_resolved_path_allowed(&resolved) check; ensure the error
messages use the same format as the current ToolResult::error calls.
- Around line 214-223: The current write loop in apply_patch.rs writes buffers
directly (using tokio::fs::write on buf.resolved with buf.contents) which means
partial commits occur if a later write fails; change this to perform atomic
writes by writing each buffer to a temporary sibling file (e.g., buf.resolved +
".tmp" or use a unique temp name), fsync the temp file and its parent directory
as appropriate, then rename (std::fs::rename / tokio equivalent) the temp file
over the target to atomically replace it; on any failure, delete any created
temps and return ToolResult::error with the original error (preserving the
existing error handling), or alternatively stage all temps first and only rename
them after all temps are successfully created to guarantee an all-or-nothing
outcome (reference buffers, buf.resolved, buf.contents, and the
ToolResult::error return path).

In `@src/openhuman/tools/impl/filesystem/edit_file.rs`:
- Around line 117-123: The symlink check is ineffective because
tokio::fs::canonicalize was run before calling tokio::fs::symlink_metadata on
resolved; canonicalize follows symlinks so meta.file_type().is_symlink() will
always be false. Move or add a symlink_metadata check that inspects the original
un-canonicalized input path (the variable holding the user-provided path) prior
to calling tokio::fs::canonicalize, and return the same
ToolResult::error("Refusing to edit through symlink: ...") when that metadata
reports is_symlink(); keep the existing resolved-based checks for other
validations after canonicalization.
- Around line 99-103: record_action() is being called too early in EditFile::...
(in src/openhuman/tools/impl/filesystem/edit_file.rs), consuming the action
budget before path resolution, symlink/size checks, file reading, and match
validation; move the call to self.security.record_action() so it runs only after
all validations pass and immediately before the actual write operation (i.e.,
after path resolution, symlink/size checks, reading the file content, and match
validation) so failures during validation do not decrement the budget; ensure
any early-return error paths do not call record_action(), and keep the same
error handling if record_action() itself returns false.

In `@src/openhuman/tools/impl/filesystem/grep.rs`:
- Around line 191-193: The truncation code uses &line[..MAX_LINE_BYTES] which
can panic on UTF-8 multibyte boundaries; change the logic that builds
display_line (the branch that checks line.len() > MAX_LINE_BYTES) to compute a
safe byte index at or before MAX_LINE_BYTES by testing is_char_boundary() on the
candidate end and stepping backward until you hit a valid character boundary (or
use char-based slicing to accumulate characters up to the byte limit), then
slice line[..safe_end] and append the ellipsis; update references around
display_line, MAX_LINE_BYTES and line to use this safe_end approach so no
runtime panic occurs.

In `@src/openhuman/tools/impl/filesystem/list_files.rs`:
- Around line 90-102: The loop using read.next_entry().await currently ignores
Err by exiting the while-let and returning partial results; change it to
explicitly match the result from read.next_entry().await (handle
Ok(Some(entry)), Ok(None) => break, and Err(e) => propagate/return the error) so
I/O failures are not silently swallowed; update the logic around the entries
vector push (and MAX_ENTRIES check) inside the Ok(Some(entry)) arm and ensure
the function's return type returns or maps the error from next_entry() instead
of treating it as success.

In `@src/openhuman/tools/impl/network/web_fetch.rs`:
- Around line 96-114: The code currently only validates the initial URL with
validate_url, letting reqwest follow redirects and thereby bypass the allowlist;
fix by building the reqwest client with
.redirect(reqwest::redirect::Policy::none()) and then manually handling
redirects: after client.get(&url).send().await inspect 3xx responses for a
Location header, resolve it against resp.url(), call validate_url(new_url,
&self.allowed_domains) for each redirect hop (limit hops to a safe number), and
only follow to the next location if validation succeeds; perform the actual
fetch on the final validated URL and return ToolResult::error on any validation
failure or redirect resolution error (use the same error patterns as the
existing client/build/send branches).
- Around line 115-128: Currently the code calls resp.text().await which buffers
the entire response into memory before truncating; change the implementation to
consume resp.bytes_stream() (using futures_util::StreamExt) and iteratively
append chunks into a growable buffer until you've reached max_bytes or the
stream ends, stopping early to avoid allocating more than max_bytes; when
stopping early set the truncated flag true, ensure you cut the final buffer on a
char boundary (like the existing is_char_boundary logic) before converting to
&str, and map any stream/IO errors into the same ToolResult::error path so
errors from the streaming read are returned consistently (update the
snippet/truncated logic around the resp handling and keep the same return
behavior).

In `@src/openhuman/tools/impl/system/lsp.rs`:
- Around line 131-157: These tests mutate the process-wide env var
LSP_ENABLED_ENV and can race when run in parallel; wrap the body of
lsp_capability_gate_off_by_default and lsp_capability_gate_accepts_truthy_values
with a shared process-wide mutex (e.g., a static Mutex via once_cell::sync::Lazy
or lazy_static) and acquire the lock at the start of each test before changing
the env, then release at the end (drop the guard) so tests run serially;
reference LSP_ENABLED_ENV, lsp_capability_enabled, and the two test functions to
locate where to add the guard.

In `@src/openhuman/tools/ops.rs`:
- Around line 118-124: The TodoStore is being created inline inside
all_tools_with_runtime (via Arc::new(TodoStore::new()) passed to
TodoWriteTool::new) which makes todowrite state transient; instead hoist the
Arc<TodoStore> creation out of the registry constructor and accept or capture a
shared Arc<TodoStore> so the same store is reused across calls. Update the
all_tools_with_runtime signature (or its caller) to take an Arc<TodoStore>
parameter and pass that Arc into TodoWriteTool::new, or create a process-wide
singleton Arc<TodoStore> and use that, ensuring TodoWriteTool::new receives the
shared store rather than constructing TodoStore::new inline.

---

Nitpick comments:
In `@src/openhuman/tools/impl/filesystem/apply_patch.rs`:
- Around line 69-231: Add grep-friendly debug/trace logs in execute to make
validation and writes observable: log entry into execute, each validation
rejection branch (e.g., path not allowed, rate limit, missing/empty fields,
old_string not found, file too large, symlink reject, resolve/read/write
failures) using stable prefixes like "[rpc]" or "[ui-flow]" and redact file
contents; log per-file successful write completions and the final summary. Place
these logs near the relevant symbols/blocks: at the start of async fn
execute(&self,...), inside the parsed loop where ParsedEdit is constructed and
checks (old_string empty, is_path_allowed), in the path resolution/metadata
block before inserting FileBuffer, when counting matches on buf.contents and
before returning errors, and after tokio::fs::write for each FileBuffer; use
log::debug or tracing::trace consistently and include identifying context
(edit.index, edit.path, count) but never print file contents or secrets.

In `@src/openhuman/tools/impl/filesystem/edit_file.rs`:
- Around line 59-162: Add grep-friendly debug/trace logging to the execute()
flow: log entry/exit for execute(), key branch outcomes (security.can_act,
is_rate_limited, is_path_allowed, is_resolved_path_allowed, record_action),
filesystem calls/results (resolved path from tokio::fs::canonicalize, symlink
check via tokio::fs::symlink_metadata, read_to_string contents length,
replacement count and whether replace_all was used), and errors returned when
canonicalize/read_to_string/write fail; use the existing logger (or introduce
one if missing) and include the path/resolved.display(), count, and error
messages in logs while keeping error messages returned via ToolResult unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6353139b-4faf-4a3a-9825-9cb2f350a224

📥 Commits

Reviewing files that changed from the base of the PR and between 50d109b and 38025e0.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• CLAUDE.md
• Cargo.toml
• docs/CODING_HARNESS.md
• src/openhuman/tools/impl/agent/mod.rs
• src/openhuman/tools/impl/agent/plan_exit.rs
• src/openhuman/tools/impl/agent/todo_write.rs
• src/openhuman/tools/impl/filesystem/apply_patch.rs
• src/openhuman/tools/impl/filesystem/edit_file.rs
• src/openhuman/tools/impl/filesystem/glob_search.rs
• src/openhuman/tools/impl/filesystem/grep.rs
• src/openhuman/tools/impl/filesystem/list_files.rs
• src/openhuman/tools/impl/filesystem/mod.rs
• src/openhuman/tools/impl/network/mod.rs
• src/openhuman/tools/impl/network/web_fetch.rs
• src/openhuman/tools/impl/system/lsp.rs
• src/openhuman/tools/impl/system/mod.rs
• src/openhuman/tools/ops.rs