feat: make autonomy action budget configurable

[YOMXXX]

Summary

• Keeps the non-overlapping action-budget backend improvements after feat(app): UI control for max_actions_per_hour (#2486) #2500 landed the primary UI/RPC path.
• Adds OPENHUMAN_MAX_ACTIONS_PER_HOUR as an env overlay for config.autonomy.max_actions_per_hour.
• Makes openhuman.security_policy_info reflect the active loaded config instead of SecurityPolicy::default().
• Improves exhausted action-budget errors with the configured hourly limit and points users to the existing Settings -> Advanced -> Agent autonomy panel.
• Adds the legacy openhuman.update_autonomy_settings alias on both frontend and core routing.
• Removes the superseded ActionBudgetPanel UI/route/i18n so users do not see two panels editing the same setting.

Problem

• Refs OpenHuman 不执行命令和无反馈的分析 #2486.
• feat(app): UI control for max_actions_per_hour (#2486) #2500 already merged the main max_actions_per_hour UI/RPC feature as AutonomyPanel at /settings/autonomy.
• This PR still carried a second ActionBudgetPanel at /settings/action-budget, which duplicated the same config field in Developer Options.
• The remaining useful gaps are backend/operator controls and policy visibility: env override support, active-config policy info, and clearer exhausted-budget messaging.

Solution

• Keep feat(app): UI control for max_actions_per_hour (#2486) #2500 as the canonical UI for max_actions_per_hour.
• Remove ActionBudgetPanel, its route, menu item, test, and i18n strings from this branch.
• Preserve the env overlay and security-policy changes, with docs/error text now pointing to Agent autonomy instead of the removed Action Budget panel.
• Preserve legacy alias parity for clients still calling openhuman.update_autonomy_settings.

Submission Checklist

If a section does not apply to this change, mark the item as N/A with a one-line reason. Do not delete items.

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• Diff coverage >= 80% - changed lines (Vitest + cargo-llvm-cov merged via diff-cover) meet the gate enforced by .github/workflows/coverage.yml. Focused Rust/Vitest tests cover the changed paths; CI Coverage Gate remains authoritative.
• Coverage matrix updated - N/A: existing settings/config/security behavior, no feature row added/removed/renamed in docs/TEST-COVERAGE-MATRIX.md.
• All affected feature IDs from the matrix are listed in the PR description under ## Related - N/A: no matrix feature ID changed.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• Manual smoke checklist updated if this touches release-cut surfaces - N/A: advanced local setting only, no release smoke surface changed.
• Linked issue closed via Closes #NNN in the ## Related section - N/A: OpenHuman 不执行命令和无反馈的分析 #2486 also covers command allowlists, approval UX, auth/socket feedback, and no-feedback diagnostics; this PR addresses the action-budget backend/operator portion only.

Impact

• No duplicate Settings UI remains from this PR; users should use Settings -> Advanced -> Agent autonomy from feat(app): UI control for max_actions_per_hour (#2486) #2500.
• Core config gains one env override: OPENHUMAN_MAX_ACTIONS_PER_HOUR.
• security_policy_info now reports policy values derived from the active config.
• Exhausted action-budget errors include the configured hourly limit and recovery guidance.
• No new network dependency and no migration required.

Related

• Refs OpenHuman 不执行命令和无反馈的分析 #2486
• Closes: N/A - OpenHuman 不执行命令和无反馈的分析 #2486 includes broader socket/auth feedback diagnostics beyond this scoped action-budget backend/operator fix.
• Follow-up PR(s)/TODOs: consider a separate PR for command allowlist/approval UX and socket/auth feedback visibility from OpenHuman 不执行命令和无反馈的分析 #2486.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: feat/configurable-action-budget
• Commit SHA: 472008bf6ee6168a203824cb960679ab54cf1183

Validation Run

• pnpm --filter openhuman-app format:check
• pnpm typecheck (after pnpm install --frozen-lockfile installed branch-added workspace deps)
• Focused tests: pnpm --filter openhuman-app test:unit src/components/settings/panels/__tests__/DeveloperOptionsPanel.test.tsx src/components/settings/panels/__tests__/AutonomyPanel.test.tsx; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml action_budget_error_mentions_limit_and_settings --lib; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml env_overlay_autonomy_max_actions_per_hour_accepts_valid_u32 --lib; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml security_policy_info_reflects_configured_action_budget --lib
• Rust fmt/check (if changed): cargo fmt --manifest-path Cargo.toml --all --check; pre-push cargo check --manifest-path app/src-tauri/Cargo.toml completed successfully.
• Tauri fmt/check (if changed): pre-push pnpm rust:check completed successfully.
• Additional validation: pnpm i18n:check; git diff --check; pre-push hook completed successfully on commit 472008bf (format:check, lint with existing warnings only, compile, rust:check, lint:commands-tokens).

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: action-budget operator/env controls and policy introspection remain, while the duplicate Action Budget settings panel is removed in favor of the merged Agent autonomy panel.
• User-visible effect: exhausted-budget errors name the configured hourly limit and direct users to Settings -> Advanced -> Agent autonomy.

Parity Contract

• Legacy behavior preserved: default budget remains 20 actions/hour unless config/env/UI updates it; feat(app): UI control for max_actions_per_hour (#2486) #2500 remains the canonical UI/RPC path.
• Guard/fallback/dispatch parity checks: legacy openhuman.update_autonomy_settings aliases map to openhuman.config_update_autonomy_settings on frontend and core.

Duplicate / Superseded PR Handling

• Duplicate PR(s): feat(app): UI control for max_actions_per_hour (#2486) #2500 landed the primary max_actions_per_hour UI/RPC feature while this PR was open.
• Canonical PR: feat(app): UI control for max_actions_per_hour (#2486) #2500 for UI/RPC; this PR for env override, active policy info, error guidance, and legacy alias parity.
• Resolution (closed/superseded/updated): Updated this PR in 472008bf to remove the duplicate ActionBudgetPanel and keep only non-overlapping backend/operator value.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR implements a rolling-hour action budget feature that allows administrators to cap side-effecting tool operations. Changes span backend config/RPC/security updates, a new frontend settings panel with Tauri integration, routing wiring, comprehensive i18n additions across all language chunks, environment variable override support, and architecture documentation.

Changes

Action Budget Feature

Layer / File(s)	Summary
Backend configuration foundation src/openhuman/config/ops.rs, src/openhuman/config/ops_tests.rs, src/openhuman/config/schema/load_tests.rs, .env.example	AutonomySettingsPatch struct and apply_autonomy_settings / load_and_apply_autonomy_settings functions persist max_actions_per_hour to config and return refreshed snapshots; environment variable OPENHUMAN_MAX_ACTIONS_PER_HOUR (default 20) overrides at startup; tests validate parsing and persistence.
Backend RPC controller src/openhuman/config/schemas.rs	New update_autonomy_settings RPC with AutonomySettingsUpdate request struct registered in controller schemas and wired to handle_update_autonomy_settings handler that applies patches and returns updated config snapshot.
Backend security policy src/openhuman/security/ops.rs, src/openhuman/security/policy.rs, src/openhuman/security/policy_tests.rs, src/openhuman/security/schemas.rs	SecurityPolicy introspection now derives from runtime config instead of defaults; adds security_policy_info_for_config and async load_and_get_security_policy_info to support config-dependent policy info; rate-limit exceeded error for actions now includes configured limit and settings path guidance; handle_policy_info awaits the async loader.
Frontend RPC bindings app/src/services/rpcMethods.ts, app/src/utils/tauriCommands/config.ts, src/core/legacy_aliases.rs	CORE_RPC_METHODS.configUpdateAutonomySettings mapped to openhuman.config_update_autonomy_settings; AutonomySettingsUpdate TypeScript interface and openhumanUpdateAutonomySettings Tauri wrapper; legacy alias for openhuman.update_autonomy_settings.
Frontend ActionBudgetPanel app/src/components/settings/panels/ActionBudgetPanel.tsx, app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx	React component loads active budget via openhumanGetConfig, validates input within bounds (MIN_ACTION_BUDGET–MAX_ACTION_BUDGET), saves via openhumanUpdateAutonomySettings, and shows desktop-only error in non-Tauri environments; test suite covers load, save, validation, and platform availability.
Frontend routing & menu app/src/pages/Settings.tsx, app/src/components/settings/panels/DeveloperOptionsPanel.tsx	Adds action-budget leaf route and developer options menu entry with i18n-backed title/description and icon.
Internationalization app/src/lib/i18n/en.ts, app/src/lib/i18n/chunks/ar-5.ts, app/src/lib/i18n/chunks/bn-5.ts, app/src/lib/i18n/chunks/de-5.ts, app/src/lib/i18n/chunks/en-5.ts, app/src/lib/i18n/chunks/es-5.ts, app/src/lib/i18n/chunks/fr-5.ts, app/src/lib/i18n/chunks/hi-5.ts, app/src/lib/i18n/chunks/id-5.ts, app/src/lib/i18n/chunks/it-5.ts, app/src/lib/i18n/chunks/ko-5.ts, app/src/lib/i18n/chunks/pt-5.ts, app/src/lib/i18n/chunks/ru-5.ts, app/src/lib/i18n/chunks/zh-CN-5.ts	settings.developerMenu.actionBudget.* (title/description) and settings.actionBudget.* (active limit, actions-per-hour labels, desktop-only notice, load/save/validation messages) keys added across all language chunks in English; de-5.ts also removes obsolete MCP server entries.
Architecture documentation gitbooks/developing/architecture/agent-harness.md	Documents "Local action budget" session field as a rolling hourly cap sourced from config.autonomy.max_actions_per_hour, and "Action budget policy" in stop-hooks describing SecurityPolicy enforcement with user configuration and OPENHUMAN_MAX_ACTIONS_PER_HOUR override.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• tinyhumansai/openhuman#1705: Adds and synchronizes the legacy RPC alias openhuman.update_autonomy_settings → openhuman.config_update_autonomy_settings alongside existing legacy method tests.
• tinyhumansai/openhuman#2250: Modifies DeveloperOptionsPanel.tsx to render developer menu labels via i18n keys, aligning with the panel structure changes in this PR.
• tinyhumansai/openhuman#2258: Also modifies DeveloperOptionsPanel.tsx developerItems model with titleKey/descriptionKey i18n wiring directly overlapping this PR's changes.

Suggested reviewers

• graycyrus

Poem

🐰 A budget to reign in the actions so wild,
Per hour they're capped, every tool reconciled,
The frontend now shows where admins can adjust,
Security keeps the framework robust!
hops away with pride

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly summarizes the main objective: making the autonomy action budget configurable. The changeset comprehensively implements this feature across frontend, backend, and configuration.
Docstring Coverage	✅ Passed	Docstring coverage is 81.08% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/openhuman/config/schemas.rs (1)

1022-1030: ⚡ Quick win

Add RPC entry/exit/error logs to the new autonomy update handler.

This path mutates persisted config and currently has no diagnostic logs for enter/success/failure.

Suggested patch

 fn handle_update_autonomy_settings(params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async move {
-        let update = deserialize_params::<AutonomySettingsUpdate>(params)?;
+        log::debug!("[config][rpc] update_autonomy_settings enter");
+        let update = match deserialize_params::<AutonomySettingsUpdate>(params) {
+            Ok(u) => u,
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings invalid params: {err}");
+                return Err(err);
+            }
+        };
         let patch = config_rpc::AutonomySettingsPatch {
             max_actions_per_hour: update.max_actions_per_hour,
         };
-        to_json(config_rpc::load_and_apply_autonomy_settings(patch).await?)
+        match config_rpc::load_and_apply_autonomy_settings(patch).await {
+            Ok(outcome) => {
+                log::debug!("[config][rpc] update_autonomy_settings ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: Use log / tracing at debug or trace level on RPC entry and exit, error paths, state transitions....

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/config/schemas.rs` around lines 1022 - 1030, Add diagnostic
logs to handle_update_autonomy_settings: on RPC entry log the incoming
params/deserialized update (debug/trace), wrap the call to
config_rpc::load_and_apply_autonomy_settings(patch).await with a success log on
completion (debug) and an error log that captures the error context before
returning (error). Ensure logs include the function name
handle_update_autonomy_settings and the patch/max_actions_per_hour value and
propagate the original error unchanged after logging.

src/openhuman/security/schemas.rs (1)

42-45: ⚡ Quick win

Add diagnostic logging around policy_info RPC execution.

This RPC now depends on async config I/O but doesn’t log entry/success/failure, which makes field debugging harder.

Suggested patch

 fn handle_policy_info(_params: Map<String, Value>) -> ControllerFuture {
-    Box::pin(async {
-        to_json(crate::openhuman::security::rpc::load_and_get_security_policy_info().await?)
+    Box::pin(async {
+        log::debug!("[security][rpc] policy_info enter");
+        match crate::openhuman::security::rpc::load_and_get_security_policy_info().await {
+            Ok(outcome) => {
+                log::debug!("[security][rpc] policy_info ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[security][rpc] policy_info failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: Use log / tracing at debug or trace level on RPC entry and exit, error paths, state transitions....

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/security/schemas.rs` around lines 42 - 45, The RPC handler
handle_policy_info lacks diagnostics; add tracing/log calls around the async
call to crate::openhuman::security::rpc::load_and_get_security_policy_info() to
record entry, success, and failure: log at debug/trace when entering
handle_policy_info (include any incoming params or a brief marker), log
debug/trace on successful result before returning the JSON, and log error with
the error details if the await returns Err (include context string). Use the
existing logging/tracing crate conventions (e.g.,
tracing::debug!/tracing::error!) so callers can trace async config I/O and
failures in load_and_get_security_policy_info().

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/components/settings/panels/ActionBudgetPanel.tsx`:
- Around line 47-51: The panel currently shows a desktop-only error but still
allows Save to be clicked; prevent that by gating the save path and disabling
the Save button when not running in Tauri: add a runtime flag check (use
isTauri() or a local isTauriState set on mount) at the top of the save handler
(e.g., the component's save/handleSave function) to return early when not Tauri,
and set the Save button's disabled prop to true when !isTauri() (also update the
other occurrence referenced around lines 147-151). Ensure you use the same
isTauri/isTauriState used where setIsLoading and setError are called so UI state
and action gating remain consistent.

---

Nitpick comments:
In `@src/openhuman/config/schemas.rs`:
- Around line 1022-1030: Add diagnostic logs to handle_update_autonomy_settings:
on RPC entry log the incoming params/deserialized update (debug/trace), wrap the
call to config_rpc::load_and_apply_autonomy_settings(patch).await with a success
log on completion (debug) and an error log that captures the error context
before returning (error). Ensure logs include the function name
handle_update_autonomy_settings and the patch/max_actions_per_hour value and
propagate the original error unchanged after logging.

In `@src/openhuman/security/schemas.rs`:
- Around line 42-45: The RPC handler handle_policy_info lacks diagnostics; add
tracing/log calls around the async call to
crate::openhuman::security::rpc::load_and_get_security_policy_info() to record
entry, success, and failure: log at debug/trace when entering handle_policy_info
(include any incoming params or a brief marker), log debug/trace on successful
result before returning the JSON, and log error with the error details if the
await returns Err (include context string). Use the existing logging/tracing
crate conventions (e.g., tracing::debug!/tracing::error!) so callers can trace
async config I/O and failures in load_and_get_security_policy_info().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9f524bd5-1e23-415d-bda2-0e63ff611f21

📥 Commits

Reviewing files that changed from the base of the PR and between ed3e453 and 497d027.

📒 Files selected for processing (32)

• .env.example
• app/src/components/settings/panels/ActionBudgetPanel.tsx
• app/src/components/settings/panels/DeveloperOptionsPanel.tsx
• app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx
• app/src/lib/i18n/chunks/ar-5.ts
• app/src/lib/i18n/chunks/bn-5.ts
• app/src/lib/i18n/chunks/de-3.ts
• app/src/lib/i18n/chunks/de-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/fr-5.ts
• app/src/lib/i18n/chunks/hi-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/it-5.ts
• app/src/lib/i18n/chunks/ko-5.ts
• app/src/lib/i18n/chunks/pt-5.ts
• app/src/lib/i18n/chunks/ru-5.ts
• app/src/lib/i18n/chunks/zh-CN-5.ts
• app/src/lib/i18n/en.ts
• app/src/pages/Settings.tsx
• app/src/services/rpcMethods.ts
• app/src/utils/tauriCommands/config.ts
• gitbooks/developing/architecture/agent-harness.md
• src/openhuman/config/ops.rs
• src/openhuman/config/ops_tests.rs
• src/openhuman/config/schema/load.rs
• src/openhuman/config/schema/load_tests.rs
• src/openhuman/config/schemas.rs
• src/openhuman/security/ops.rs
• src/openhuman/security/policy.rs
• src/openhuman/security/policy_tests.rs
• src/openhuman/security/schemas.rs

💤 Files with no reviewable changes (1)

• app/src/lib/i18n/chunks/de-3.ts

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/openhuman/security/schemas.rs (1)

42-45: ⚡ Quick win

Instrument policy_info handler with debug/warn logs.

The new async path is good, but it currently has no explicit RPC entry/failure logs for observability.

Suggested update

 fn handle_policy_info(_params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async {
-        to_json(crate::openhuman::security::rpc::load_and_get_security_policy_info().await?)
+        log::debug!("[security][rpc] policy_info enter");
+        match crate::openhuman::security::rpc::load_and_get_security_policy_info().await {
+            Ok(outcome) => {
+                log::debug!("[security][rpc] policy_info ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[security][rpc] policy_info failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: `src/openhuman/**/*.rs` should log RPC entry/exit and error paths with structured, grep-friendly context.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/security/schemas.rs` around lines 42 - 45, Instrument the
handle_policy_info RPC handler to emit structured entry/exit and error logs: at
the start of handle_policy_info() log RPC entry with a context field like
{"rpc":"policy_info"}, then wrap the await call to
crate::openhuman::security::rpc::load_and_get_security_policy_info() so that on
success you log a debug/trace exit (include any lightweight result metadata) and
on failure you log a warn/error with the error details and same context; use the
project logging macros (e.g., tracing::debug!/warn!) and ensure logs reference
the function name handle_policy_info and the called function
load_and_get_security_policy_info for easy grepping.

src/openhuman/config/schemas.rs (1)

1022-1030: ⚡ Quick win

Add entry/success/failure logs to the new autonomy RPC handler.

This new RPC path currently has no debug/warn instrumentation, which makes runtime triage harder than adjacent handlers.

Proposed logging pattern

 fn handle_update_autonomy_settings(params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async move {
-        let update = deserialize_params::<AutonomySettingsUpdate>(params)?;
+        log::debug!("[config][rpc] update_autonomy_settings enter");
+        let update = match deserialize_params::<AutonomySettingsUpdate>(params) {
+            Ok(u) => u,
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings invalid params: {err}");
+                return Err(err);
+            }
+        };
         let patch = config_rpc::AutonomySettingsPatch {
             max_actions_per_hour: update.max_actions_per_hour,
         };
-        to_json(config_rpc::load_and_apply_autonomy_settings(patch).await?)
+        match config_rpc::load_and_apply_autonomy_settings(patch).await {
+            Ok(outcome) => {
+                log::debug!("[config][rpc] update_autonomy_settings ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: `src/openhuman/**/*.rs`: use `log` / `tracing` at `debug` or `trace` on RPC entry/exit and error paths with grep-friendly context.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/config/schemas.rs` around lines 1022 - 1030, The handler
handle_update_autonomy_settings lacks logging; add trace/debug logs on entry
(log the deserialized AutonomySettingsUpdate or its key fields), a success debug
log after to_json returns (including the applied patch or resulting state), and
an error/warn log around the await of
config_rpc::load_and_apply_autonomy_settings(patch).await? so any failure is
logged with the error details and a grep-friendly context string like
"handle_update_autonomy_settings". Use the project's logging crate (log or
tracing) consistent with nearby handlers and include the function name and
relevant identifiers (AutonomySettingsUpdate, AutonomySettingsPatch,
config_rpc::load_and_apply_autonomy_settings) in messages.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.env.example:
- Around line 75-76: Move the OPENHUMAN_MAX_ACTIONS_PER_HOUR entry so it appears
before the OPENHUMAN_MODEL entry in the .env example to satisfy dotenv key
ordering; update the block by cutting the line
"OPENHUMAN_MAX_ACTIONS_PER_HOUR=20" and pasting it above the existing
"OPENHUMAN_MODEL" key so dotenv-linter no longer reports UnorderedKey.

---

Nitpick comments:
In `@src/openhuman/config/schemas.rs`:
- Around line 1022-1030: The handler handle_update_autonomy_settings lacks
logging; add trace/debug logs on entry (log the deserialized
AutonomySettingsUpdate or its key fields), a success debug log after to_json
returns (including the applied patch or resulting state), and an error/warn log
around the await of config_rpc::load_and_apply_autonomy_settings(patch).await?
so any failure is logged with the error details and a grep-friendly context
string like "handle_update_autonomy_settings". Use the project's logging crate
(log or tracing) consistent with nearby handlers and include the function name
and relevant identifiers (AutonomySettingsUpdate, AutonomySettingsPatch,
config_rpc::load_and_apply_autonomy_settings) in messages.

In `@src/openhuman/security/schemas.rs`:
- Around line 42-45: Instrument the handle_policy_info RPC handler to emit
structured entry/exit and error logs: at the start of handle_policy_info() log
RPC entry with a context field like {"rpc":"policy_info"}, then wrap the await
call to crate::openhuman::security::rpc::load_and_get_security_policy_info() so
that on success you log a debug/trace exit (include any lightweight result
metadata) and on failure you log a warn/error with the error details and same
context; use the project logging macros (e.g., tracing::debug!/warn!) and ensure
logs reference the function name handle_policy_info and the called function
load_and_get_security_policy_info for easy grepping.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5edfbc0e-0f78-4a08-a028-7fc9db5cfde4

📥 Commits

Reviewing files that changed from the base of the PR and between 497d027 and 2dac605.

📒 Files selected for processing (33)

• .env.example
• app/src/components/settings/panels/ActionBudgetPanel.tsx
• app/src/components/settings/panels/DeveloperOptionsPanel.tsx
• app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx
• app/src/lib/i18n/chunks/ar-5.ts
• app/src/lib/i18n/chunks/bn-5.ts
• app/src/lib/i18n/chunks/de-3.ts
• app/src/lib/i18n/chunks/de-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/fr-5.ts
• app/src/lib/i18n/chunks/hi-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/it-5.ts
• app/src/lib/i18n/chunks/ko-5.ts
• app/src/lib/i18n/chunks/pt-5.ts
• app/src/lib/i18n/chunks/ru-5.ts
• app/src/lib/i18n/chunks/zh-CN-5.ts
• app/src/lib/i18n/en.ts
• app/src/pages/Settings.tsx
• app/src/services/rpcMethods.ts
• app/src/utils/tauriCommands/config.ts
• gitbooks/developing/architecture/agent-harness.md
• src/core/legacy_aliases.rs
• src/openhuman/config/ops.rs
• src/openhuman/config/ops_tests.rs
• src/openhuman/config/schema/load.rs
• src/openhuman/config/schema/load_tests.rs
• src/openhuman/config/schemas.rs
• src/openhuman/security/ops.rs
• src/openhuman/security/policy.rs
• src/openhuman/security/policy_tests.rs
• src/openhuman/security/schemas.rs

💤 Files with no reviewable changes (1)

• app/src/lib/i18n/chunks/de-3.ts

✅ Files skipped from review due to trivial changes (5)

• src/openhuman/security/policy.rs
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/fr-5.ts

[YOMXXX]

@graycyrus CI is green and CodeRabbit is approved. Could you take a look when you have a chance?

[YOMXXX]

@graycyrus Ready for review again.

Latest state on cb92e1c8:

• all required checks are green, including the rerun test / Rust Core Tests + Quality
• CodeRabbit is approved
• no unresolved review threads remain
• the extra commit is an empty chore: rerun cancelled CI commit to replace the prior cancelled GitHub Actions run, after rerun was unavailable without repository admin rights

[YOMXXX]

@graycyrus Ready for review again.

Latest state after syncing current upstream/main in 06f9ab01:

• merge conflicts are resolved
• all required checks are green, including Coverage Gate and Linux Appium E2E
• no unresolved review threads remain
• CodeRabbit has no active actionable blocker

[senamakel]

@graycyrus @YOMXXX heads-up after re-syncing main:

PR #2500 ("feat(app): UI control for max_actions_per_hour") merged into main while this PR was open and ships effectively the same feature under a different name. After merging main into this branch the tree had collisions in both TS and Rust:

• duplicate openhumanUpdateAutonomySettings TS functions (TS2323)
• duplicate AutonomySettingsPatch / apply_autonomy_settings / load_and_apply_autonomy_settings in src/openhuman/config/ops.rs (E0428/E0119)
• duplicate AutonomySettingsUpdate struct, schema arm, registered controller, and handle_update_autonomy_settings handler in src/openhuman/config/schemas.rs

I deduped on the backend by keeping main's versions (they add max_actions_per_hour range validation 1-10_000 plus a sibling get_autonomy_settings RPC) and removed this PR's earlier duplicates. Both AutonomyPanel (main, route /settings/autonomy) and ActionBudgetPanel (this PR, route /settings/action-budget) now talk to the same backend.

⚠️ Both panels still render side-by-side in DeveloperOptions and write the same config field — the user will see two settings entries for the same value. The right call is probably to drop ActionBudgetPanel + its i18n keys + its DeveloperOptions entry + its route, since #2500 already covers it. Leaving this for human decision rather than gutting the PR unilaterally.

Latest pushed commit: ec55001

[YOMXXX]

@graycyrus @senamakel Updated in 472008bf to resolve the post-#2500 overlap. The duplicate ActionBudgetPanel route/menu/i18n/test files are removed; Settings now keeps #2500's Agent autonomy panel as the single UI for max_actions_per_hour. This PR now retains only the non-overlapping pieces: OPENHUMAN_MAX_ACTIONS_PER_HOUR env override, active-config security_policy_info, exhausted-budget guidance, and legacy alias parity.\n\nValidation run: pnpm i18n:check, pnpm typecheck, pnpm --filter openhuman-app format:check, focused DeveloperOptions/AutonomyPanel Vitest, focused Rust env/security/policy tests, git diff --check, and the pre-push hook completed on the pushed commit.

[YOMXXX]

@graycyrus @senamakel Ready for review again.

Latest state on e8556c0d:

• all checks are green after the CI retrigger, including Windows secrets ACL and Coverage Gate
• the feat(app): UI control for max_actions_per_hour (#2486) #2500 overlap remains resolved by keeping feat(app): UI control for max_actions_per_hour (#2486) #2500 as the only UI surface
• no unresolved review threads remain

[YOMXXX]

Checked the latest CI. The blocking issue is the same Linux Appium E2E failure seen on #2551:

• openhuman.composio_list_triggers returns ok=false in mega-flow.spec.ts:251
• openhuman.composio_enable_trigger returns ok=false in mega-flow.spec.ts:580

The Windows secrets ACL check is reported as failed in the checks table, but GitHub marks the job conclusion as CANCELLED; the log does not show a Rust panic or test failure and ends with The operation was canceled. I would treat that as a CI cancellation/rerun candidate, not a code failure.

Rust Tauri Coverage (cargo-llvm-cov) is still in progress. Since two unrelated PRs are failing on the same Composio E2E path, I am not treating this as PR-specific until we capture the underlying RPC error from the core/app log.

[YOMXXX]

Follow-up: opened #2609 to make this shared E2E failure diagnosable. It adds runner-temp app log upload paths and changes the mega-flow Composio RPC assertions to include the RPC method/status/error instead of only Expected true / Received false.

This should also help distinguish the Linux Appium Composio blocker from the separate Windows secrets ACL CANCELLED job on this PR.

[YOMXXX]

Follow-up on the shared Linux Appium failure: #2609 now confirms and fixes the root cause. The failing mega-flow Composio RPCs were caused by the E2E app using the OS keyring on headless Linux, where Secret Service access returns permission errors and the backend session token is lost after login.

#2609 defaults E2E sessions to OPENHUMAN_KEYRING_BACKEND=file under the disposable OPENHUMAN_WORKSPACE, keeps the richer RPC diagnostics, and the latest run passes Linux Appium E2E (smoke + mega-flow). Once that lands on main, this PR should be unblocked by rebasing/rerunning CI; alternatively the runner fix can be cherry-picked here if this PR needs to merge first.