fix(ci): bump Windows test timeout to 35m and fix dead security::secrets filter

[M3gA-Mind]

Summary

• Raise timeout-minutes for the rust-core-tests-windows CI job from 20 → 35 minutes.
• Fix the test filter from -- security::secrets (matched zero tests) to -- keyring::encrypted_store (the actual module path for the Windows ACL suite).

Problem

• The production release workflow (main Release Production, run 26514109166) failed on the Pretest — unit + rust / Rust Core Tests (Windows — secrets ACL) job with: "The job has exceeded the maximum execution time of 20m0s".
• Cold-cache Windows compilation of the full openhuman crate takes ~19 minutes (only 12.75% sccache hit rate on the failing run), leaving no time for the post-job cache-save step within the 20-minute budget — the runner was killed mid-cleanup.
• The test filter -- security::secrets has always matched zero tests: src/openhuman/security/secrets.rs is a one-line re-export (pub use crate::openhuman::keyring::encrypted_store::*), not a module with its own tests. The actual Windows ACL test module (repair_windows_acl, is_permission_error, icacls grant args, self-repair path) lives at openhuman::keyring::encrypted_store::tests.

Solution

• Timeout: 35 minutes gives ample headroom for cold-cache Windows builds (~19 min compile + ~1 min tests + ~2 min cache save) while still catching genuine hangs.
• Filter: Changed to -- keyring::encrypted_store which correctly matches openhuman::keyring::encrypted_store::tests::*, including all #[cfg(windows)] tests described in the step comment.

Submission Checklist

• N/A: no new application code — CI workflow change only; no test additions needed for workflow YAML
• N/A: no changed application lines — diff-cover gate does not apply to .github/ files
• N/A: no feature added/removed/renamed
• N/A: all affected feature IDs from the matrix — no matrix rows affected
• N/A: no new network dependencies
• N/A: no release-cut surfaces touched
• N/A: no tracked issue to close (this is a CI infrastructure fix)

Impact

• CI only: no runtime/product behavior changes.
• Windows test job will now actually run its intended test suite instead of silently passing with 0 tests.

Related

• Production build run that failed: https://github.com/tinyhumansai/openhuman/actions/runs/26514109166
• Closes:
• Follow-up PR(s)/TODOs:

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: fix/production-build-timeout
• Commit SHA: 040cce5

Validation Run

• pnpm --filter openhuman-app format:check
• N/A: pnpm typecheck — no TS changes
• N/A: Focused tests — workflow-only change
• N/A: Rust fmt/check — no Rust changes
• N/A: Tauri fmt/check — no Tauri changes

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: Windows CI job now actually runs keyring::encrypted_store tests instead of 0 tests, and has 35 min to complete rather than 20.
• User-visible effect: None (CI infrastructure only).

Parity Contract

• Legacy behavior preserved: All other jobs unchanged.
• Guard/fallback/dispatch parity checks: N/A

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: this PR
• Resolution (closed/superseded/updated): N/A

Summary by CodeRabbit

Release Notes

• Chores
  • Updated CI testing infrastructure to improve test reliability and coverage for Windows environments.

Note: This release contains internal infrastructure improvements with no user-facing changes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 237a2442-0ad8-439e-a44c-c3ab657d00e2

📥 Commits

Reviewing files that changed from the base of the PR and between 040cce5 and 79ccfd9.

📒 Files selected for processing (1)

• .github/workflows/test-reusable.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/test-reusable.yml

---

📝 Walkthrough

Walkthrough

This PR updates the Windows-specific Rust core test job in the reusable CI workflow: it increases the job timeout from 20 to 35 minutes and changes the cargo test filter to run keyring::encrypted_store tests instead of security::secrets tests, with comments updated to match.

Changes

Windows CI Test Job Configuration

Layer / File(s)	Summary
Windows core test timeout and test module target .github/workflows/test-reusable.yml	Job timeout increases from 20 to 35 minutes. Cargo test invocation targets keyring::encrypted_store instead of security::secrets, and inline comments are updated to reflect the correct module path and Windows-only test coverage.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• tinyhumansai/openhuman#2061: Previous Windows CI job that ran cargo test -p openhuman -- security::secrets, directly related to this test-selection update.

Suggested labels

working

Suggested reviewers

• graycyrus

Poem

🐰 A timeout stretched, from twenty to thirty-five,
Tests hop to the encrypted store to keep hope alive,
Windows-only checks now find their way,
CI carrots gleam for a brighter day,
Hop, run, and pass — the rabbit cheers, hooray!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: increasing Windows test timeout to 35 minutes and fixing the test filter from a non-existent security::secrets to the correct keyring::encrypted_store module.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test-reusable.yml:
- Around line 153-159: The existing comment incorrectly references
security/secrets.rs and a non-existent test named repair_windows_acl; update it
to say that the Windows ACL tests live in
src/openhuman/keyring/encrypted_store_tests.rs and are exposed via
keyring::encrypted_store (so cargo test -- keyring::encrypted_store targets
them), remove the misleading reference to security/secrets.rs, and replace the
repair_windows_acl mention with the actual test helpers and test names
(repair_windows_acl is a helper function, while the tests are self_repair_*,
is_permission_error_*, and qualify_windows_username_*) so the comment accurately
documents the target suite referenced by the run command.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d3600292-935a-4a5d-b866-a2a8011130aa

📥 Commits

Reviewing files that changed from the base of the PR and between 82dd260 and 040cce5.

📒 Files selected for processing (1)

• .github/workflows/test-reusable.yml