fix(api): safely join api_url + path so misconfigured base can't corrupt routes

[senamakel]

Summary

• A misconfigured api_url (e.g. a user pasted the LLM endpoint https://api.tinyhumans.ai/openai/v1/chat/completions into the base URL setting) silently corrupted every /agent-integrations/... call because the HTTP clients just format!("{base}{path}")-concatenated.
• Result was URLs like …/openai/v1/chat/completions/agent-integrations/composio/toolkits that 404 — breaking Composio connections ("stale") and toolkit loading for affected users.
• Add api::config::api_url(base, path) that uses url::Url::join so an absolute-path reference replaces any path baked into the base (RFC 3986), and replace the three concat call sites.

Problem

The Config.api_url field is the single base for both LLM-proxy calls and /agent-integrations/* calls. When a user puts a path-bearing URL in that field, the integrations client compounds the path. Every Composio call (list_toolkits, list_tools, list_connections, authorize, triggers, …) and every shared integrations get/post is affected. The user-visible symptom is "Connections are showing stale status" plus 404s from list_toolkits.

Solution

• New helper pub fn api_url(base: &str, path: &str) -> String in src/api/config.rs.
  • Empty path → normalized base (no trailing slash).
  • Non-empty path → url::Url::parse(base)?.join(path)?. For an absolute-path reference (/agent-integrations/...) this replaces the base's path per RFC 3986, neutralising the misconfigured-base case.
  • Unparseable base → slash-safe fallback_concat so callers always get a usable string.
• Replaced the three call sites: src/openhuman/integrations/client.rs (POST + GET) and src/openhuman/composio/client.rs (DELETE).
• Tradeoff: Url::join would drop the base's last path segment if path is relative — documented in the helper's docstring. All our API paths start with /, so this is safe.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• N/A: pure bugfix in a code-path with existing tests; diff coverage is satisfied by the 5 new unit tests for api_url itself, which are the changed lines.
• N/A: behaviour-only change — no feature added/removed/renamed in the matrix.
• N/A: no matrix feature IDs touched.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• N/A: does not touch release-cut surfaces.
• N/A: no linked issue — surfaced directly in chat from a user repro.

Impact

• Runtime/platform: desktop (all OSes via the shared core). No mobile/web/CLI change beyond the fact that the core CLI also uses the same client.
• Performance: one Url::parse per request; negligible.
• Security: slightly safer — a path baked into a misconfigured base no longer carries through to every backend call. No auth/secrets change.
• Migration/compat: backward-compatible. Existing valid bases (https://api.tinyhumans.ai, with or without trailing slash) produce identical output to the old format! path.

Related

• Closes:
• Follow-up PR(s)/TODOs: optionally reject/strip a path on api_url at config load to warn the user proactively; not done here to keep the diff minimal.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: fix/api-url-safe-join
• Commit SHA: 7e5108d

Validation Run

• pnpm --filter openhuman-app format:check
• N/A: no app/ TypeScript changes in this PR.
• Focused tests: cargo test --manifest-path Cargo.toml --lib api::config:: (11/11 pass, including 5 new api_url_* tests)
• Rust fmt/check (if changed): cargo fmt --check clean
• N/A: Tauri shell unchanged.

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: URL construction in the integrations + composio HTTP clients goes through a safe joiner that uses RFC 3986 resolution instead of string concat.
• User-visible effect: users with a path-bearing api_url (e.g. pasted an LLM endpoint URL) no longer see /agent-integrations/* 404s. Composio connections stop showing "stale" for that misconfiguration.

Parity Contract

• Legacy behavior preserved: when api_url is the correct origin (e.g. https://api.tinyhumans.ai), the joined URL is byte-identical to what the previous format! produced.
• Guard/fallback/dispatch parity checks: unparseable base falls back to slash-safe concat (covered by api_url_unparseable_base_falls_back_to_concat).

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: N/A
• Resolution (closed/superseded/updated): N/A

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a centralized API URL joining helper (api_url) to handle RFC 3986-compliant path-joining semantics with fallback behavior, then updates two client implementations to use this helper instead of manual string concatenation.

Changes

API URL Normalization Consolidation

Layer / File(s)	Summary
API URL helper and validation src/api/config.rs	New api_url(base, path) function handles empty-path normalization, absolute-path replacement (RFC 3986 semantics), URL parsing with fallback concatenation, and trailing-slash trimming. Comprehensive test suite validates empty paths, absolute-path replacement, clean joining, query-string preservation, and fallback concatenation for invalid bases.
Client integration src/openhuman/composio/client.rs, src/openhuman/integrations/client.rs	ComposioClient::raw_delete, IntegrationClient::post, and IntegrationClient::get now derive request URLs via the centralized api_url helper instead of manual string concatenation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~18 minutes

Poem

A rabbit hops through URL paths,
With slashes trailing, parsing baths,
RFC guides the joining quest,
Where base and path are joined the best,
No more string concat in the fray,
One helper rules them all today! 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: a new safe API URL joining function that prevents misconfigured base URLs from corrupting API routes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Stopped waiting for pipeline failures after 30000ms. One of your pipelines takes longer than our 30000ms fetch window to run, so review may not consider pipeline-failure results for inline comments if any failures occurred after the fetch window. Increase the timeout if you want to wait longer or run a @coderabbit review after the pipeline has finished.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}