fix(config): isolate backend API URL resolution

[Zavianx]

Summary

• add effective_backend_api_url so hosted backend calls ignore local-AI api_url overrides
• migrate backend-facing call sites to the backend resolver while keeping provider/chat completions on effective_api_url
• add a CI grep guard to prevent regressions in backend call sites

Fixes #1663

Testing

• cargo fmt --all -- --check
• git diff --check
• cargo test -p openhuman
• cargo clippy -p openhuman
• cargo llvm-cov -p openhuman --lcov --output-path /tmp/lcov-core.info
• pnpm --filter openhuman-app compile
• pnpm --filter openhuman-app format:check
• pnpm --filter openhuman-app lint
• app: pnpm test:coverage
• cargo test --manifest-path app/src-tauri/Cargo.toml
• cargo llvm-cov --manifest-path app/src-tauri/Cargo.toml --lcov --output-path /tmp/lcov-tauri.info
• bash scripts/install.sh --dry-run --verbose
• cargo tauri build --bundles deb
• pre-push hook: format:check, lint, compile, rust:check

Summary by CodeRabbit

• Refactor

  • Introduced a hosted-backend URL resolver so backend requests ignore overrides that appear to target local-AI endpoints, preventing misrouted requests and 404s.
  • Updated app modules to use the backend-specific resolver for all backend calls, aligning cached keys and OAuth/client flows with the backend URL.

• Tests

  • Added a CI guard that detects and blocks direct use of the old API resolver pattern.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d9f69425-de80-42e2-ad92-6610a6b04da3

📥 Commits

Reviewing files that changed from the base of the PR and between 090f2ae and 1a0514a.

📒 Files selected for processing (21)

• .github/workflows/test.yml
• src/api/config.rs
• src/api/mod.rs
• src/core/jsonrpc.rs
• src/openhuman/app_state/ops.rs
• src/openhuman/billing/ops.rs
• src/openhuman/channels/bus.rs
• src/openhuman/channels/controllers/ops.rs
• src/openhuman/config/ops.rs
• src/openhuman/credentials/ops.rs
• src/openhuman/embeddings/cloud.rs
• src/openhuman/integrations/client.rs
• src/openhuman/local_ai/gif_decision.rs
• src/openhuman/meet_agent/brain.rs
• src/openhuman/memory/tree/score/embed/cloud.rs
• src/openhuman/referral/ops.rs
• src/openhuman/socket/schemas.rs
• src/openhuman/team/ops.rs
• src/openhuman/voice/cloud_transcribe.rs
• src/openhuman/voice/reply_speech.rs
• src/openhuman/webhooks/ops.rs

✅ Files skipped from review due to trivial changes (4)

• src/openhuman/voice/reply_speech.rs
• src/openhuman/local_ai/gif_decision.rs
• src/api/mod.rs
• src/openhuman/memory/tree/score/embed/cloud.rs

🚧 Files skipped from review as they are similar to previous changes (16)

• src/openhuman/embeddings/cloud.rs
• src/openhuman/voice/cloud_transcribe.rs
• src/openhuman/app_state/ops.rs
• src/openhuman/team/ops.rs
• .github/workflows/test.yml
• src/openhuman/socket/schemas.rs
• src/openhuman/meet_agent/brain.rs
• src/core/jsonrpc.rs
• src/openhuman/billing/ops.rs
• src/openhuman/channels/bus.rs
• src/openhuman/channels/controllers/ops.rs
• src/openhuman/referral/ops.rs
• src/openhuman/credentials/ops.rs
• src/openhuman/webhooks/ops.rs
• src/openhuman/config/ops.rs
• src/openhuman/integrations/client.rs

---

📝 Walkthrough

Walkthrough

Add effective_backend_api_url with local-AI override heuristic, migrate server and OpenHuman backend callers to use it, add unit tests, and add a CI git-grep guard to block regressions.

Changes

Hosted Backend URL Resolver Migration

Layer / File(s)	Summary
Effective backend URL resolver src/api/config.rs	Add effective_backend_api_url that skips a user api_url override when it looks like a local-AI endpoint, falling back to env/default backend base; add warn_backend_url_fallback_once and redact_url_for_logs; update docs and unit tests validating fallback, env precedence, real override preservation, and equivalence to effective_api_url(&None).
Core server integration and exports src/api/mod.rs, src/core/jsonrpc.rs, src/openhuman/config/ops.rs	Reformat pub use re-exports; update JSON-RPC runtime code paths (Telegram auth callback, root endpoint api_server, socket auto-connect) and load_and_resolve_api_url to use effective_backend_api_url.
OpenHuman module caller migrations src/openhuman/{app_state,billing,channels,config,credentials,embeddings,integrations,local_ai,meet_agent,memory,referral,socket,team,voice,webhooks}/...	Migrate backend request builders and callers to import and call effective_backend_api_url instead of effective_api_url; update imports and doc comments where applicable.
CI regression prevention .github/workflows/test.yml	Add a pre-test rust-core-tests step that uses git grep to detect forbidden effective_api_url( usage and fail CI with a clear message if found.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• tinyhumansai/openhuman#1630: Introduced the local-AI heuristic and effective_integrations_api_url; this PR generalizes and migrates callers to effective_backend_api_url.
• tinyhumansai/openhuman#1042: Frontend/runtime work that consumes resolved backend URL; related end-to-end backend URL resolution changes.
• tinyhumansai/openhuman#1508: Overlaps on embedding client/base URL resolution changes affecting OpenHumanCloudEmbedding.

Suggested reviewers

• senamakel

Poem

🐰 I hopped through code with careful paws,

Swapped the resolver to respect backend laws.
Tests now guard the path where endpoints stray,
CI watches tight to keep wrong calls away.
✨ Thump-thump — the backend hums anew today.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the primary change: introducing effective_backend_api_url to separate backend API URL resolution from generic/local-AI-aware resolution.
Linked Issues check	✅ Passed	All four objectives from #1663 are met: effective_backend_api_url introduced [#1663], 16+ call sites migrated across billing/team/referral/webhooks/credentials/channels/voice/socket/app_state/core/jsonrpc [#1663], effective_api_url preserved for chat-completions (providers) [#1663], and CI grep guard added to prevent regressions [#1663].
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the linked issue objectives. Function renaming, call-site migrations, guard implementation, and documentation updates are all necessary for the stated goals of isolating backend API URL resolution and preventing local-AI override leakage.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test.yml:
- Around line 93-107: The CI file's changed-files guard list is missing the
migrated memory package; add the memory module to the list so backend callers
under src/openhuman/memory (specifically
src/openhuman/memory/tree/score/embed/cloud.rs) are covered by the CI
gate—update the block that enumerates paths (the list containing
src/openhuman/embeddings, src/openhuman/integrations, etc.) to include
src/openhuman/memory so regressions in the memory/cloud embedding code are
caught.

In `@src/api/config.rs`:
- Around line 184-193: The warning currently logs the full user-provided URL in
warn_backend_url_fallback_once (static WARNED), which can leak credentials or
tokens; modify warn_backend_url_fallback_once to redact sensitive parts of
local_url before logging by parsing with url::Url (or equivalent), stripping or
masking userinfo (username/password) and sensitive query parameters (or dropping
the query) and then pass the sanitized string into the tracing::warn call
instead of the raw local_url so no secrets are emitted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 19be91ae-e24e-43cd-8553-ac84e24e15f2

📥 Commits

Reviewing files that changed from the base of the PR and between 5e6073b and 6d72f1e.

📒 Files selected for processing (21)

• .github/workflows/test.yml
• src/api/config.rs
• src/api/mod.rs
• src/core/jsonrpc.rs
• src/openhuman/app_state/ops.rs
• src/openhuman/billing/ops.rs
• src/openhuman/channels/bus.rs
• src/openhuman/channels/controllers/ops.rs
• src/openhuman/config/ops.rs
• src/openhuman/credentials/ops.rs
• src/openhuman/embeddings/cloud.rs
• src/openhuman/integrations/client.rs
• src/openhuman/local_ai/gif_decision.rs
• src/openhuman/meet_agent/brain.rs
• src/openhuman/memory/tree/score/embed/cloud.rs
• src/openhuman/referral/ops.rs
• src/openhuman/socket/schemas.rs
• src/openhuman/team/ops.rs
• src/openhuman/voice/cloud_transcribe.rs
• src/openhuman/voice/reply_speech.rs
• src/openhuman/webhooks/ops.rs

[senamakel]

has been merged in #1630 but thanks for the pr