feat(deploy): VITE_OPENHUMAN_CORE_RPC_TOKEN build-time override

[CodeGhost21]

Summary

• Adds VITE_OPENHUMAN_CORE_RPC_TOKEN build-time env var so a desktop bundle can authenticate against a remote/cloud-hosted openhuman-core (paths shipped in feat(deploy): one-click cloud deployment for OpenHuman Core (closes #1280) #1304 / docs/CLOUD_DEPLOY.md) without depending on the embedded Tauri sidecar.
• Resolution order in coreRpcClient.getCoreRpcToken(): build-time override → Tauri core_rpc_token → null. Override wins because the user explicitly chose a non-default core at build time.
• Documents the security trade-off explicitly: VITE_* is baked into the bundle, so a build with this var set carries a secret. Intended for personal/internal builds, not public release artefacts.

Problem

After #1304 you can deploy openhuman-core to DigitalOcean / Compose / any Docker host, but there is no built-in path for the desktop app on main to talk to that hosted core: getCoreRpcToken() only resolves via the Tauri-shell-generated sidecar token. The matching client-side wiring lives in #1300, but that PR is scoped to backend-provisioned AWS instances — its deployment_get_core_token RPC pulls from the hosted backend, which has no record of a manually-deployed DO/Compose core's bearer.

This leaves anyone who follows docs/CLOUD_DEPLOY.md with a working hosted core they can only call via curl/scripts, not from the desktop app.

Solution

Treat the bearer the same way we already treat VITE_OPENHUMAN_CORE_RPC_URL: a build-time VITE_* override that pairs with the URL. When set, coreRpcClient.getCoreRpcToken() returns it before consulting the Tauri sidecar. Empty / whitespace values fall through so default builds are unaffected.

This is intentionally minimal and orthogonal to #1300:

• Feat/byoc aws deployment #1300 is the BYOC AWS flow where the backend owns provisioning + token storage.
• This PR is the “I deployed my own core, point a build at it” escape hatch.

The two can coexist; if/when #1300 lands, its localStorage path can take priority over this build-time override (or this can stay as a stable opt-in for builds that don't want to depend on a backend session).

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per docs/TESTING-STRATEGY.md
• Diff coverage ≥ 80% — three new tests cover all three branches of the new override (non-Tauri, Tauri-with-override, blank-override-falls-through). All 44 tests in coreRpcClient.test.ts pass locally.
• Coverage matrix updated — N/A: this is a build-config knob, not a user-visible feature row in docs/TEST-COVERAGE-MATRIX.md.
• All affected feature IDs from the matrix are listed in the PR description under ## Related — N/A: see above.
• No new external network dependencies introduced (mock backend used per docs/TESTING-STRATEGY.md)
• Manual smoke checklist updated if this touches release-cut surfaces (docs/RELEASE-MANUAL-SMOKE.md) — N/A: opt-in build-time var, default behaviour unchanged.
• Linked issue closed via Closes #NNN in the ## Related section — N/A: no linked issue, this is a follow-up surfaced while validating the feat(deploy): one-click cloud deployment for OpenHuman Core (closes #1280) #1304 deploy path against a live DO instance.

Impact

• Runtime: desktop only. No change to default builds (var unset → existing Tauri sidecar path runs unchanged).
• Security: documented in code (config.ts), env example (app/.env.example), and docs/CLOUD_DEPLOY.md: any build with this var set carries a secret in its JS bundle. Intended for personal/internal builds, not public release artefacts.
• Compatibility: no migration. Existing local-mode users see no difference.

Test plan

• pnpm exec tsc --noEmit clean
• pnpm exec eslint src/services/coreRpcClient.ts src/services/__tests__/coreRpcClient.test.ts src/utils/config.ts clean
• pnpm exec prettier --check on changed files clean
• pnpm exec vitest run src/services/__tests__/coreRpcClient.test.ts — 44/44 pass (3 new for the override)
• Manual smoke against a live DO-deployed openhuman-core: bearer token override → /rpc returns 200; same desktop bundle without the override → falls back to local sidecar.

Related

• Follow-up to feat(deploy): one-click cloud deployment for OpenHuman Core (closes #1280) #1304 (cloud one-click + Compose deploy paths).
• Complements Feat/byoc aws deployment #1300 (backend-mediated BYOC AWS flow); they are independent and additive.

Summary by CodeRabbit

• New Features

  • Added optional build-time RPC token (VITE_OPENHUMAN_CORE_RPC_TOKEN) for desktop bundles; when set it authenticates requests and takes precedence over the local sidecar token and URL resolution.

• Documentation

  • Cloud deployment guide updated with build-time RPC URL/token instructions and security guidance warning that VITE_* values are embedded in the bundle.

• Tests

  • Added coverage for token override, URL short-circuit, and fallback behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f30d1365-524f-4b78-ba0b-41809b03a0d9

📥 Commits

Reviewing files that changed from the base of the PR and between d8cf53e and c6cdec9.

📒 Files selected for processing (5)

• app/.env.example
• app/src/services/__tests__/coreRpcClient.test.ts
• app/src/services/coreRpcClient.ts
• app/src/utils/config.ts
• docs/CLOUD_DEPLOY.md

🚧 Files skipped from review as they are similar to previous changes (1)

• app/src/utils/config.ts

---

📝 Walkthrough

Walkthrough

Adds a build-time Vite env var VITE_OPENHUMAN_CORE_RPC_TOKEN (exported as CORE_RPC_TOKEN_OVERRIDE) and makes coreRpcClient resolve tokens/URLs with override-first precedence; updates config export, unit tests, and cloud deployment docs.

Changes

Core RPC Token Override for Cloud Deployment

Layer / File(s)	Summary
Configuration Constants app/.env.example, app/src/utils/config.ts	VITE_OPENHUMAN_CORE_RPC_TOKEN added to .env.example with security notes; exported as CORE_RPC_TOKEN_OVERRIDE constant (trimmed, defaulting to undefined).
Token Resolution & Integration app/src/services/coreRpcClient.ts	getCoreRpcToken() checks CORE_RPC_TOKEN_OVERRIDE first and caches/returns it (logs override use); getCoreRpcUrl() short-circuits to build-time/stored URL when override present and skips Tauri invoke.
Test Coverage app/src/services/__tests__/coreRpcClient.test.ts	New tests: non-Tauri uses env override as Authorization: Bearer ...; Tauri override prevents invoke('core_rpc_token'); override + VITE_OPENHUMAN_CORE_RPC_URL/stored URL short-circuits Tauri URL lookup; blank/whitespace override falls back to sidecar token.
Deployment Documentation docs/CLOUD_DEPLOY.md	Clarifies container runs openhuman-core serve on :7788 behind TLS; documents build-time VITE_OPENHUMAN_CORE_RPC_URL/TOKEN usage for desktop bundles, token precedence, and security warnings about embedding secrets in JS bundles.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• tinyhumansai/openhuman#1301: Related coreRpcClient modifications for token handling and test infrastructure.
• tinyhumansai/openhuman#1313: Prior changes to coreRpcClient test suite and token resolution logic.

Suggested reviewers

• senamakel

Poem

🐰 A rabbit hums a build-time tune,
A secret baked beneath the moon,
Override hops in, tokens align,
Headers bear the auth divine,
Cloud and bundle snug in line.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a build-time environment variable override for core RPC authentication to support remote/cloud-hosted cores.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Microsoft Presidio Analyzer (2.2.362)

app/.env.example

Microsoft Presidio Analyzer failed to scan this file

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

app/src/services/coreRpcClient.ts (1)

80-89: ⚡ Quick win

Add a debug log for the override URL short-circuit branch.

This branch bypasses Tauri URL resolution entirely; adding a branch-decision log here will make routing/auth diagnostics much easier.

Suggested patch

   if (CORE_RPC_TOKEN_OVERRIDE) {
+    coreRpcLog('using build-time core RPC URL because token override is set');
     resolvedCoreRpcUrl = CORE_RPC_URL;
     return resolvedCoreRpcUrl;
   }

As per coding guidelines, "Add substantial, development-oriented logs at entry/exit points, branch decisions, external calls, retries/timeouts, state transitions, and error handling paths; use namespaced debug logs in production app code."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/src/services/coreRpcClient.ts` around lines 80 - 89, Add a debug log when
the CORE_RPC_TOKEN_OVERRIDE short-circuits URL resolution: inside the branch
that checks CORE_RPC_TOKEN_OVERRIDE (where resolvedCoreRpcUrl is set to
CORE_RPC_URL and returned), emit a namespaced debug message indicating the
override was used and include the resolvedCoreRpcUrl value and token presence
(e.g., show whether CORE_RPC_TOKEN_OVERRIDE is set) to aid routing/auth
diagnostics; update the branch around the CORE_RPC_TOKEN_OVERRIDE check in
coreRpcClient.ts to log before returning.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@app/src/services/coreRpcClient.ts`:
- Around line 80-89: Add a debug log when the CORE_RPC_TOKEN_OVERRIDE
short-circuits URL resolution: inside the branch that checks
CORE_RPC_TOKEN_OVERRIDE (where resolvedCoreRpcUrl is set to CORE_RPC_URL and
returned), emit a namespaced debug message indicating the override was used and
include the resolvedCoreRpcUrl value and token presence (e.g., show whether
CORE_RPC_TOKEN_OVERRIDE is set) to aid routing/auth diagnostics; update the
branch around the CORE_RPC_TOKEN_OVERRIDE check in coreRpcClient.ts to log
before returning.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: aa12ef0c-2139-4535-aa06-b49642344e3b

📥 Commits

Reviewing files that changed from the base of the PR and between 4b21d5d and d8cf53e.

📒 Files selected for processing (5)

• app/.env.example
• app/src/services/__tests__/coreRpcClient.test.ts
• app/src/services/coreRpcClient.ts
• app/src/utils/config.ts
• docs/CLOUD_DEPLOY.md

✅ Files skipped from review due to trivial changes (1)

• app/.env.example

🚧 Files skipped from review as they are similar to previous changes (3)

• app/src/utils/config.ts
• docs/CLOUD_DEPLOY.md
• app/src/services/tests/coreRpcClient.test.ts

[senamakel]

unit tests are breaking bro