test: guard RPC alias catalog freshness

[honor2030]

Summary

• add Rust freshness checks that compare the frontend RPC catalog against the core registry
• assert frontend LEGACY_METHOD_ALIASES stays in sync with the server-side legacy alias table
• remove the duplicate dispatch-local legacy alias table/tests now that dispatch already routes through the centralized resolve_legacy path

Refs #1597

Test plan

• cargo fmt --manifest-path Cargo.toml --all --check
• cargo test --manifest-path Cargo.toml legacy_aliases --lib
• cargo test --manifest-path Cargo.toml dispatch_legacy --lib
• cargo test --manifest-path Cargo.toml --lib
• git diff --check

Notes: the Rust suite still emits existing warnings unrelated to this change; the full lib suite passed with 6690 passed; 7 ignored.

Summary by CodeRabbit

• Tests

  • Expanded validation tests for RPC method aliases and schemas, ensuring client-server consistency.

• Chores

  • Refactored internal request dispatch routing and updated auxiliary review scripts for improved infrastructure reliability.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d6861107-15c6-454b-9710-9b9c521990a4

📥 Commits

Reviewing files that changed from the base of the PR and between 2c45ea9 and cc6eb18.

📒 Files selected for processing (2)

• scripts/shortcuts/review/fix.sh
• scripts/shortcuts/review/review.sh

---

📝 Walkthrough

Walkthrough

This PR consolidates legacy RPC method alias resolution from a local dispatcher function into a shared metadata accessor, validates frontend and server RPC catalog parity through file-based tests, and refactors review scripts to pass conflict blocks via environment variables instead of awk command-line parameters.

Changes

Legacy RPC method alias consolidation

Layer / File(s)	Summary
Alias metadata source extraction src/core/legacy_aliases.rs	New private legacy_aliases() function exposes the server legacy→canonical alias table; resolve_legacy() iterates over this helper instead of directly accessing LEGACY_ALIASES.
Dispatch consolidation src/core/dispatch.rs	dispatch() tier-0 rewrite replaces local normalize_legacy_method with imported resolve_legacy(), keeping tiered routing and conditional debug logging; the local normalizer function is removed.
Frontend↔server catalog consistency and end-to-end dispatch tests src/core/legacy_aliases.rs, src/core/dispatch.rs	Test module extended with disk readers parsing app/src/services/rpcMethods.ts to extract and validate frontend CORE_RPC_METHODS and LEGACY_METHOD_ALIASES against server registries; dispatch tests updated for end-to-end legacy alias routing.

Review script environment variable passing

Layer / File(s)	Summary
Environment variable conflict block passing scripts/shortcuts/review/fix.sh, scripts/shortcuts/review/review.sh	Both scripts export REVIEW_CONFLICT_BLOCK to awk and read it from ENVIRON["REVIEW_CONFLICT_BLOCK"] in the BEGIN block, replacing the -v conflict= parameter approach; placeholder substitutions and prompt generation remain unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• senamakel

Poem

🐰 A bunny's ode to cleaner paths:
Methods scattered far and wide,
Now in one shared place they hide,
Tests check frontend matches server,
Environment vars through awk deliver—
Clarity hops along with care! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the PR: adding Rust freshness checks to guard the RPC alias catalog and ensure it stays in sync between frontend and backend.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/core/legacy_aliases.rs`:
- Around line 161-164: The loop that parses CORE_RPC_METHODS currently ignores
non-parseable non-empty lines (the let Some((key, value)) = line.split_once(':')
else { continue; } branch), which can silently drop entries; change that branch
to fail loudly instead of continuing — e.g., return an Err or panic with a clear
message including the offending line so tests fail. Update the parsing code in
legacy_aliases.rs (the loop over body.lines() that uses split_once) to propagate
an error (or panic) when split_once returns None for a non-empty, non-comment
line, including the line content in the error message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1c426048-9307-4ec9-9e85-13be8451983a

📥 Commits

Reviewing files that changed from the base of the PR and between be21451 and f24919b.

📒 Files selected for processing (2)

• src/core/dispatch.rs
• src/core/legacy_aliases.rs

💤 Files with no reviewable changes (1)

• src/core/dispatch.rs

[graycyrus]

Walkthrough

Clean PR that removes a duplicate legacy-alias table from dispatch.rs (which was shadowing the centralized one in legacy_aliases.rs) and adds 14 well-structured freshness-guard tests that parse the frontend rpcMethods.ts catalog and compare it against the Rust-side registry. This directly addresses the drift problem from #1597. Solid work — the test coverage is thorough with good negative cases.

Change Summary

File	Change type	Description
src/core/dispatch.rs	Removed dead code	Removed duplicate normalize_legacy_method() function + 2 associated tests. The Tier 0 resolve_legacy() call (line 57) already handles this, with its own debug logging at line 62.
src/core/legacy_aliases.rs	Added accessor + 14 tests	Added legacy_aliases() accessor for the constant table. Added text-parsing helpers to extract CORE_RPC_METHODS and LEGACY_METHOD_ALIASES from the frontend TS catalog. Added 3 freshness-guard tests that assert frontend↔core consistency.

Per-file Analysis

src/core/dispatch.rs

The removal is safe — normalize_legacy_method was a private function with an identical alias table to LEGACY_ALIASES in legacy_aliases.rs. The Tier 0 block at line 57 already calls resolve_legacy() with equivalent debug logging ([rpc-legacy-alias]), so there's no observability regression. The retained dispatch_legacy_ping_rewrites_and_succeeds integration test confirms the path still works end-to-end.

src/core/legacy_aliases.rs

The freshness tests are well-designed:

• Unit-tested parsers: quoted_value, object_body_after_marker, parse_core_rpc_methods, and parse_frontend_legacy_aliases each have positive + negative (#[should_panic]) test cases.
• Three guard tests cover all drift vectors: frontend methods exist in core registry, frontend aliases match server aliases, alias targets exist in registry.
• Uses BTreeMap/BTreeSet for deterministic comparison — nice touch.
• CARGO_MANIFEST_DIR for path resolution is the correct pattern for workspace-relative test fixtures.

One observation below about the text-parsing approach.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/composio/auth_retry_tests.rs`:
- Around line 30-37: The async closure passed to from_fn must be a named async
fn; extract the closure into a function like async fn
force_connection_close(req: axum::extract::Request, next: Next) ->
axum::response::Response that awaits next.run(req), mutates headers to insert
header::CONNECTION = HeaderValue::from_static("close"), and returns the
response, then pass that function to from_fn (from_fn(force_connection_close));
follow the same signature/pattern used by http_request_log_middleware and
cors_middleware to satisfy Axum 0.8's trait bounds.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ffd85057-d4c5-4995-8327-b1f892fb7670

📥 Commits

Reviewing files that changed from the base of the PR and between 23e1360 and 28a675b.

📒 Files selected for processing (1)

• src/openhuman/composio/auth_retry_tests.rs

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Axum 0.8.0 middleware from_fn closure signature and Next run method

💡 Result:

In Axum 0.8.x, the axum::middleware::from_fn function allows you to create a middleware layer from an asynchronous function [1][2]. Closure/Function Signature Requirements To use from_fn, your async function must adhere to the following signature requirements [3][4]: 1. It must be an async fn [3][4]. 2. It can take zero or more FromRequestParts extractors as the initial arguments [3][4]. 3. It must take exactly one Request (from axum::extract::Request) as the second-to-last argument [3][4]. 4. It must take Next (from axum::middleware::Next) as the final argument [3][4]. 5. It must return a type that implements IntoResponse (e.g., Response or Result<Response, StatusCode>) [3][4]. Note that from_fn does not support direct State extraction; for stateful middleware, you should use axum::middleware::from_fn_with_state instead [3][5]. Next Run Method The Next struct represents the remainder of the middleware stack, including the final request handler [4]. It provides a single asynchronous method to continue the request processing [6][4]: pub async fn run(self, req: Request) -> Response Calling next.run(req).await executes the remaining middleware and the handler, returning the resulting Response [6][7][4]. You can modify the Request before passing it to run or modify the Response returned by run before returning it from your middleware function [7][2][8]. Example Usage async fn my_middleware( request: Request, next: Next,) -> Response { // Logic before the handler let response = next.run(request).await; // Logic after the handler response } // Applying the middleware let app = Router::new.route("/", get(handler)).layer(axum::middleware::from_fn(my_middleware));

Citations:

• 1: https://medium.com/@syeedmdtalha/axum-middleware-a-beginners-complete-guide-e61887a232f4
• 2: https://www.rustfinity.com/blog/axum-rust-tutorial
• 3: https://docs.rs/axum/latest/axum/middleware/fn.from_fn.html
• 4: https://www.mintlify.com/tokio-rs/axum/api/middleware/from-fn
• 5: https://docs.rs/axum/latest/axum/middleware/fn.from_fn_with_state.html
• 6: https://docs.rs/axum/latest/axum/middleware/struct.Next.html
• 7: https://aarambhdevhub.medium.com/i-built-a-complete-axum-0-8-203061e27de5
• 8: https://docs.rs/crate/axum/latest/source/src/docs/middleware.md

---

🏁 Script executed:

rg "from_fn" --type rust -A 3 -B 1

Repository: tinyhumansai/openhuman

Length of output: 5090

---

🏁 Script executed:

grep -B 5 "http_request_log_middleware\|rpc_auth_middleware\|cors_middleware" src/core/jsonrpc.rs | head -60

Repository: tinyhumansai/openhuman

Length of output: 1396

---

🏁 Script executed:

rg "http_request_log_middleware|cors_middleware" src/core/jsonrpc.rs -A 15 | head -80

Repository: tinyhumansai/openhuman

Length of output: 2558

---

🏁 Script executed:

cat -n src/openhuman/composio/auth_retry_tests.rs | head -50

Repository: tinyhumansai/openhuman

Length of output: 2467

---

🌐 Web query:

Axum 0.8.0 from_fn async closure vs async fn trait

💡 Result:

In Axum 0.8.0, the middleware::from_fn function is designed to create middleware from an async fn [1][2][3]. It requires the provided function to be an async fn that accepts specific extractors (including Next as the final argument) and returns a type that implements IntoResponse [2][3][4]. Regarding the distinction between using an async fn and an async closure (or a closure returning a future) with from_fn: 1. Functionality: from_fn is explicitly documented to require an async fn [2][3][4]. While Axum's routing handlers (e.g., get(), post()) have blanket implementations of the Handler trait that support both async fn and closures (provided they meet specific trait bounds like Clone, Send, and 'static) [5][6][7], middleware::from_fn is more restrictive in its API design [2][3]. 2. API Constraints: The from_fn API expects a function that can be introspected for its arguments (extractors) and its return type to construct the middleware layer [1][2]. Using an async fn is the idiomatic and supported way to satisfy these requirements [2][3]. If you attempt to pass a closure to from_fn, you will likely encounter trait bound errors because the FromFn implementation is specifically tailored for function items that satisfy the async fn signature requirements [1][2]. 3. Comparison with Handlers: Unlike route handlers, which are highly polymorphic via the Handler trait [5][8], from_fn is a specific utility for middleware creation [1][9]. If you need to use a closure for middleware logic, you would typically need to implement the tower::Layer and tower::Service traits manually, rather than relying on the from_fn helper [9]. In summary, while Axum 0.8.0 continues to support closures for route handlers, middleware::from_fn is strictly intended for async fn definitions [2][3][4]. If you require the flexibility of a closure for middleware, you should implement the Layer and Service traits directly [9].

Citations:

• 1: https://docs.rs/axum/latest/axum/middleware/struct.FromFn.html
• 2: https://doc.cuprate.org/axum/middleware/fn.from_fn.html
• 3: https://docs.rs/axum/latest/axum/middleware/fn.from_fn.html
• 4: https://www.mintlify.com/tokio-rs/axum/api/middleware/from-fn
• 5: https://docs.rs/axum/0.8.8/axum/handler/trait.Handler.html
• 6: https://jabber-tools.github.io/google_cognitive_apis/doc/0.2.0/axum/handler/trait.Handler.html
• 7: https://stackoverflow.com/questions/78594708/why-does-my-axum-handler-not-implement-handler
• 8: https://doc.cuprate.org/axum/handler/index.html
• 9: https://docs.rs/crate/axum/latest/source/src/docs/middleware.md

---

🏁 Script executed:

rg "axum\s*=" Cargo.toml Cargo.lock | head -20

Repository: tinyhumansai/openhuman

Length of output: 194

---

🏁 Script executed:

cat -n src/openhuman/composio/auth_retry_tests.rs | sed -n '22,44p'

Repository: tinyhumansai/openhuman

Length of output: 1355

---

Refactor the middleware to use a named async function instead of an async closure.

The from_fn middleware factory in Axum 0.8 requires an async fn, not an async closure. The closure |req: axum::extract::Request, next: Next| async move { ... } will fail to compile due to trait bound constraints. Extract this to a named async function matching the pattern used elsewhere in the codebase (e.g., http_request_log_middleware, cors_middleware):

Suggested fix

async fn force_connection_close(req: axum::extract::Request, next: Next) -> axum::response::Response {
    let mut resp = next.run(req).await;
    resp.headers_mut()
        .insert(header::CONNECTION, HeaderValue::from_static("close"));
    resp
}

// Then apply:
let app = app.layer(from_fn(force_connection_close));

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/composio/auth_retry_tests.rs` around lines 30 - 37, The async
closure passed to from_fn must be a named async fn; extract the closure into a
function like async fn force_connection_close(req: axum::extract::Request, next:
Next) -> axum::response::Response that awaits next.run(req), mutates headers to
insert header::CONNECTION = HeaderValue::from_static("close"), and returns the
response, then pass that function to from_fn (from_fn(force_connection_close));
follow the same signature/pattern used by http_request_log_middleware and
cors_middleware to satisfy Axum 0.8's trait bounds.

[coderabbitai]

🧹 Nitpick comments (2)

src/openhuman/composio/auth_retry_tests.rs (2)

221-232: 💤 Low value

Document why only this test requires tolerance.

The other three tests in this file (retries_once_on_post_oauth_auth_error_then_succeeds, does_not_retry_on_unrelated_error_payload, does_not_retry_on_first_attempt_success) continue to use strict equality assertions without flakiness. Only this test—where both calls return the same error—requires the (2..=4) range.

This asymmetry might provide useful clues for the structural fix mentioned in the companion branch. The pattern suggests connection-pool retry behavior may be triggered more aggressively when consecutive responses are both errors, possibly due to:

• Error responses causing the connection to be marked unhealthy
• Timing differences (error responses may return faster, affecting connection reuse windows)

Consider adding a comment in the test or companion branch documentation noting this asymmetry:

// NOTE: Other tests in this file don't exhibit connection-pool retries; only
// this test (consecutive error responses) triggers the stale-pool behavior.
// This asymmetry suggests response-dependent connection handling in hyper's pool.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/composio/auth_retry_tests.rs` around lines 221 - 232, Add a
brief explanatory comment above the flaky assertion in the test that reads why
this single test (the one computing physical_hits from
counter.load(Ordering::SeqCst) and asserting (2..=4).contains(&physical_hits))
tolerates a 2..=4 range: note that unlike the other tests
(retries_once_on_post_oauth_auth_error_then_succeeds,
does_not_retry_on_unrelated_error_payload,
does_not_retry_on_first_attempt_success) this test sends consecutive error
responses which appears to trigger hyper's connection-pool retransmit behavior
(stale-pool retries), so we accept extra physical hits while still preventing
infinite-loop regressions; include the suggested NOTE text referencing the
observed asymmetry and why the range is needed.

---

221-232: ⚡ Quick win

The physical hit upper bound of 4 is well-justified for this specific error-path scenario.

The math is sound: 2 logical execute_tool() calls × up to 1 hyper connection-pool retransmit each = 4 maximum physical requests. Since this is the only test exercising both calls failing (all other tests use strict equality), the relaxed assertion is appropriate for this specific case. The test still catches the critical regression (infinite loops would exceed this bound by far).

The environment-specific behavior (Linux CI up to 4 hits vs. macOS/local staying at 2) aligns with typical connection-pool variance across systems. The current implementation with (2..=4) is conservative and maintains regression detection while accommodating the observed variance.

Optional: If you want empirical validation of the actual observed range in CI, consider temporarily logging physical_hits values in test output to confirm the bound holds:

eprintln!("[auth_retry_test] physical_hits = {physical_hits}");

This would let you verify whether the bound could be tightened in future iterations, but the current range is safe and reasonable.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/composio/auth_retry_tests.rs` around lines 221 - 232, The
failure message currently embeds "{physical_hits}" literally because the assert!
call uses a plain string instead of a formatted message; update the assert!
invocation in the test to pass physical_hits as a format argument (or use
format!) so the actual value is printed on failure. For example, modify the
assert! that uses physical_hits to call assert!(
(2..=4).contains(&physical_hits), "must retry exactly once, never a third time;
physical hits = {}", physical_hits ) so the variable is interpolated when the
assertion fails.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/openhuman/composio/auth_retry_tests.rs`:
- Around line 221-232: Add a brief explanatory comment above the flaky assertion
in the test that reads why this single test (the one computing physical_hits
from counter.load(Ordering::SeqCst) and asserting
(2..=4).contains(&physical_hits)) tolerates a 2..=4 range: note that unlike the
other tests (retries_once_on_post_oauth_auth_error_then_succeeds,
does_not_retry_on_unrelated_error_payload,
does_not_retry_on_first_attempt_success) this test sends consecutive error
responses which appears to trigger hyper's connection-pool retransmit behavior
(stale-pool retries), so we accept extra physical hits while still preventing
infinite-loop regressions; include the suggested NOTE text referencing the
observed asymmetry and why the range is needed.
- Around line 221-232: The failure message currently embeds "{physical_hits}"
literally because the assert! call uses a plain string instead of a formatted
message; update the assert! invocation in the test to pass physical_hits as a
format argument (or use format!) so the actual value is printed on failure. For
example, modify the assert! that uses physical_hits to call assert!(
(2..=4).contains(&physical_hits), "must retry exactly once, never a third time;
physical hits = {}", physical_hits ) so the variable is interpolated when the
assertion fails.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bb004789-8bed-44ec-bf68-26031bfab3a2

📥 Commits

Reviewing files that changed from the base of the PR and between 28a675b and 2c45ea9.

📒 Files selected for processing (1)

• src/openhuman/composio/auth_retry_tests.rs