fix(welcome): include bearer token in core RPC test-connection probe

[sanil-23]

Summary

• Welcome page's "Test Connection" RPC probe now sends Authorization: Bearer <token>, so it stops being rejected with 401 when the URL is correct.
• Exports getCoreRpcToken from coreRpcClient.ts so other call sites can attach the bearer header without going through callCoreRpc.

Problem

Clicking Test Connection in the welcome page's "Configure RPC URL (Advanced)" section fired a raw fetch() with only Content-Type — no Authorization header. The embedded core's auth middleware rejected every probe with 401, regardless of whether the URL was actually correct, surfacing to the user as a misleading "Connection failed". Every other core RPC caller in the app already attaches the bearer; this one path was the outlier.

Solution

Resolve the per-process bearer token via the existing getCoreRpcToken helper (now exported) and attach Authorization: Bearer <token> to the ping. Behavior matches every other core RPC caller in the app.

Submission Checklist

• N/A: behaviour is gated on a manual click of an Advanced UI button; covered by manual smoke when an end user customises the RPC URL
• N/A: 12-line UI fix, change is too small to move the diff-coverage gate meaningfully
• N/A: behaviour-only change to an existing dev-only UI surface
• N/A: no feature IDs touched
• No new external network dependencies introduced
• N/A: not a release-cut surface
• N/A: no linked issue

Impact

• Desktop only. Affects the Welcome page's "Configure RPC URL (Advanced)" → "Test Connection" path. No runtime behavior change for users who don't customise the RPC URL.

Related

• Closes:
• Follow-up PR(s)/TODOs: separate PR for dev:app:win Windows dev-environment plumbing

Summary by CodeRabbit

• New Features

  • Connection tester now sends authenticated requests when a token is available and uses a unified routine for improved reliability while preserving existing success/failure UI behavior.

• Tests

  • Added tests validating connection behavior with and without authentication across environments, ensuring request format and response handling.

[coderabbitai]

Caution

Review failed

Failed to post review comments

📝 Walkthrough

Walkthrough

Added exported function testCoreRpcConnection(url: string) in app/src/services/coreRpcClient.ts, replaced an inline fetch in app/src/pages/Welcome.tsx with a call to that function, and added unit tests for testCoreRpcConnection in app/src/services/__tests__/coreRpcClient.test.ts.

Changes

Token-Based RPC Connection Test

Layer / File(s)	Summary
Public API / Export app/src/services/coreRpcClient.ts	Added exported function testCoreRpcConnection(url: string): Promise<Response>.
Core Service Implementation app/src/services/coreRpcClient.ts	testCoreRpcConnection calls getCoreRpcToken() and POSTs a JSON-RPC openhuman.ping payload to the provided URL, adding Authorization: Bearer <token> when a token exists, and returns the raw fetch Response.
UI Wiring / Usage app/src/pages/Welcome.tsx	Imported testCoreRpcConnection and replaced the inline fetch ping with await testCoreRpcConnection(normalized), preserving existing success/failure handling and UI state updates.
Tests app/src/services/__tests__/coreRpcClient.test.ts	Added tests for testCoreRpcConnection covering POST payload, header behavior with/without token (including Tauri vs non-Tauri behavior), and that the raw fetch Response is returned.

Sequence Diagram(s)

sequenceDiagram
  participant Welcome as Welcome (UI)
  participant Service as coreRpcClient.testCoreRpcConnection
  participant Token as getCoreRpcToken
  participant Core as Core RPC Server

  Welcome->>Service: testCoreRpcConnection(normalizedURL)
  Service->>Token: getCoreRpcToken()
  Token-->>Service: token or null
  Service->>Core: POST JSON-RPC openhuman.ping (Authorization: Bearer <token>?)
  Core-->>Service: HTTP Response
  Service-->>Welcome: Response returned

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped to call a tiny ping,
A token tucked beneath my wing.
I posted JSON, then paused to wait—
The server sent a tidy state.
Hops, headers, bytes — such simple fate.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: extracting the test-connection probe into a helper function that includes the bearer token in Core RPC requests.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/pages/Welcome.tsx`:
- Around line 68-80: The component is assembling auth headers and performing a
raw RPC POST (using getCoreRpcToken, headers, fetch to normalized with method
'openhuman.ping'), which belongs in the coreRpcClient service; move this logic
into a new method on app/src/services/coreRpcClient (e.g., pingCore or
probeCore) that: (1) obtains the token via getCoreRpcToken, (2) builds the
headers including Authorization when present, (3) performs the JSON-RPC POST to
the provided URL (the normalized value), and (4) returns a normalized
success/failure result; then replace the direct fetch call in Welcome.tsx with a
call to that new coreRpcClient method.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0ad7a13e-d559-482f-a1c8-67f7e1b4b077

📥 Commits

Reviewing files that changed from the base of the PR and between a3a1843 and 9f11463.

📒 Files selected for processing (2)

• app/src/pages/Welcome.tsx
• app/src/services/coreRpcClient.ts

[sanil-23]

@coderabbitai full review

Refactor commit b3fbc2e5 extracted the inline RPC/auth assembly into testCoreRpcConnection in coreRpcClient.ts per your earlier suggestion (you confirmed this in the inline thread).

Test commit a9eb239c then added 4 unit tests for the new helper (POST envelope shape, no-token / Tauri-token header behaviour, raw Response passthrough) — Coverage Gate (diff-cover ≥ 80%) is now ✅.

Both fixes are landed; could you re-review and update the review state? Currently still showing CHANGES_REQUESTED from the original review which is stale.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@sanil-23 Thanks for the detailed update! I can see that:

1. Refactor commit b3fbc2e5 — testCoreRpcConnection(url) has been extracted into coreRpcClient.ts, moving the RPC/auth assembly out of Welcome.tsx as suggested.
2. Test commit a9eb239c — 4 unit tests added covering POST envelope shape, no-token/Tauri-token header behaviour, and raw Response passthrough, with the coverage gate now passing ✅.

I'll kick off a fresh full review now to clear the stale CHANGES_REQUESTED state and evaluate the current state of the PR.

[full_review]

[sanil-23]

@coderabbitai review

The earlier [full_review] at 16:57 didn't produce a new review submission — the formal review state is still showing CHANGES_REQUESTED from the original 14:46 review. All concerns from that review are addressed (refactor in b3fbc2e5, tests in a9eb239c) and you confirmed both inline. Could you submit a fresh review state on the current HEAD (a9eb239) so the sticky CHANGES_REQUESTED clears?

[coderabbitai]

✅ Actions performed

Full review triggered.

[sanil-23]

Status note for maintainer

This PR is code-complete and fully green — only the formal review state is stuck:

All CI checks (incl. Coverage Gate ≥ 80%)	✅ green
CodeRabbit pre-merge checks	✅ SUCCESS
Both CodeRabbit inline concerns	✅ acknowledged with <!-- <review_comment_addressed> --> markers
Formal reviewDecision	🟡 sticky CHANGES_REQUESTED from 14:46

What happened

The original review at 14:46 was preceded by a CodeRabbit "Review failed" auto-comment at 14:41 — that left their review pipeline in a transient bad state. Both inline concerns from the 14:46 review have since been addressed:

• Refactor b3fbc2e5 — extracted the inline RPC/auth assembly into testCoreRpcConnection(url) in coreRpcClient.ts. CodeRabbit confirmed inline at 14:55: "Encapsulating the token retrieval, header assembly, and JSON-RPC POST inside testCoreRpcConnection in coreRpcClient.ts is exactly the right move."
• Tests a9eb239c — 4 unit tests for testCoreRpcConnection. Coverage Gate now passes.

I've pinged @coderabbitai full review and @coderabbitai review, and pushed empty commit e58d11f4 to retrigger the pipeline — none of these have produced a new review submission to clear the stale CHANGES_REQUESTED.

Recommended action

If CodeRabbit doesn't auto-resolve in the next pass, dismiss the 14:46 review ("Dismiss review" → reason: "All concerns addressed in b3fbc2e + a9eb239, confirmed inline by reviewer"). Compare to #1302 where CodeRabbit naturally upgraded their review to APPROVED after the fix was confirmed — that path didn't fire here.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@sanil-23 Understood — I can confirm both concerns from the original 14:46 review are fully addressed:

1. ✅ Refactor (b3fbc2e5) — testCoreRpcConnection(url) extracted into coreRpcClient.ts, moving RPC/auth assembly out of Welcome.tsx.
2. ✅ Tests (a9eb239c) — 4 unit tests covering POST envelope shape, no-token/Tauri-token header behaviour, and raw Response passthrough; Coverage Gate passes.

I'm triggering a fresh full review now. This will submit a new formal review submission against the current HEAD (a9eb239c) and should clear the stale CHANGES_REQUESTED state. If this pass still doesn't update the review decision in the GitHub UI, you can manually dismiss the 14:46 review via "Dismiss review" with the reason: "All concerns addressed in b3fbc2e + a9eb239, confirmed inline by reviewer."

[full_review]