fix(auth): update RPC method names for authentication calls

[M3gA-Mind]

Refactor authentication-related RPC method names to use underscores instead of dots for consistency. Updated methods include get_state, get_session_token, clear_session, and store_session.

chore: update OpenHuman version to 0.51.19

style: standardize string formatting in quickjs_libs/bootstrap.js and other files

• Replace single quotes with double quotes for string literals in various functions.
• Ensure consistent formatting across console logging and error handling.

fix(config): improve token retrieval logic in ops_core.rs

• Enhance the logic for retrieving the active session token from the credentials store, accommodating user-specific directories.

Summary

• What changed and why.
• Keep this to 3-6 bullets focused on user-visible or architecture-impacting changes.

Problem

• What issue or risk this PR addresses.
• Include context needed for reviewers to evaluate correctness quickly.

Solution

• How the implementation solves the problem.
• Note important design decisions and tradeoffs.

Submission Checklist

• Unit tests — Vitest (app/) and/or cargo test (core) for logic you add or change
• E2E / integration — Where behavior is user-visible or crosses UI → Tauri → sidecar → JSON-RPC; use existing harnesses (app/test/e2e, mock backend, tests/json_rpc_e2e.rs as appropriate)
• N/A — If truly not applicable, say why (e.g. change is documentation-only)
• Doc comments — /// / //! (Rust), JSDoc or brief file/module headers (TS) on public APIs and non-obvious modules
• Inline comments — Where logic, invariants, or edge cases aren’t clear from names alone (keep them grep-friendly; avoid restating the code)

(Any feature related checklist can go in here)

Impact

• Runtime/platform impact (desktop/mobile/web/CLI), if any.
• Performance, security, migration, or compatibility implications.

Related

• Issue(s):
• Follow-up PR(s)/TODOs:

Summary by CodeRabbit

• Documentation

  • Added comprehensive proxy endpoint flow documentation.

• Bug Fixes

  • Enhanced authentication error detection to inspect response bodies for structured auth failures.
  • Improved credential storage to prefer user-scoped directories with safe fallback behavior.

• Refactor

  • Updated internal RPC method identifiers used by authentication helpers.

• Tests

  • Updated unit/e2e tests and adjusted OAuth button styling expectations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e3c10453-3a56-43c3-ac2f-89a3c5b014a2

📥 Commits

Reviewing files that changed from the base of the PR and between 10c69a3 and fc3da62.

📒 Files selected for processing (4)

• app/src/utils/__tests__/tauriCommands.test.ts
• app/test/OAuthGitHub.test.tsx
• app/test/OAuthTwitter.test.tsx
• app/test/e2e/specs/login-flow.spec.ts

✅ Files skipped from review due to trivial changes (2)

• app/test/OAuthGitHub.test.tsx
• app/test/OAuthTwitter.test.tsx

---

📝 Walkthrough

Walkthrough

Updates Tauri RPC auth method names, adds proxy-route flow documentation, enhances QuickJS OAuth auth-failure detection, and changes credentials-store resolution to prefer a user-scoped directory when present.

Changes

Cohort / File(s)	Summary
Tauri Auth RPC Method Names app/src/utils/tauriCommands/auth.ts, app/src/utils/__tests__/tauriCommands.test.ts	Renamed four Tauri RPC method identifiers from dot-notation to underscore-notation (e.g., openhuman.auth.get_state → openhuman.auth_get_state) and updated corresponding unit test expectations.
Backend Proxy Documentation docs/proxy-route-flow.md	Added new documentation describing end-to-end handling for /proxy/by-id/:integrationId/{*path} and /proxy/encrypted/:integrationId/{*path} including auth, rate-limiting, provider token handling, encrypted-token flow, error mapping, and safe-response headers.
QuickJS OAuth & Bootstrap Logic src/openhuman/skills/quickjs_libs/bootstrap.js	Normalized string quoting; extended globalThis.data.oauth.fetch to detect auth failures by parsing JSON body (authError === true) and optionally honor reconnectRequired; clear scoped globalThis.__oauthCredential in revoke.
Credentials Directory Resolution src/openhuman/skills/quickjs_libs/qjs_ops/ops_core.rs	token_from_credentials_store() now verifies workspace root exists, attempts to read active user id, and prefers a user-scoped credentials directory if present, falling back to root.
UI Test Styling Expectations app/test/OAuthGitHub.test.tsx, app/test/OAuthTwitter.test.tsx	Updated OAuth provider button tests to expect neutral light background (bg-white) and dark label text (text-gray-900) instead of dark backgrounds/white text.
E2E Auth Persistence Test app/test/e2e/specs/login-flow.spec.ts	Removed assertion that persisted Redux auth exists under a specific localStorage key; test now relies on UI navigation confirmation and logs persistence-format is implementation-specific.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant ProxyController as Proxy Controller
  participant TokenStore as Token Store / Credentials
  participant Decrypt as Decryption (X-Encryption-Key)
  participant Provider as Upstream Provider
  Client->>ProxyController: HTTPS request to /proxy/encrypted/:integrationId/{*path} + X-Encryption-Key
  ProxyController->>TokenStore: verify JWT + check integration ownership
  ProxyController->>Decrypt: parse & validate X-Encryption-Key
  Decrypt-->>ProxyController: decrypted token (or error)
  ProxyController->>TokenStore: resolve provider config, attempt token refresh if needed
  TokenStore-->>ProxyController: access token (or 401)
  ProxyController->>Provider: forward request with access token (axios, timeout)
  Provider-->>ProxyController: response (200 / 401 / 403 / network error)
  alt 401 from Provider
    ProxyController->>TokenStore: force-refresh using encrypted token, retry once
    TokenStore-->>ProxyController: refreshed token or failure
    ProxyController->>Provider: retry request
    Provider-->>ProxyController: response
  end
  ProxyController-->>Client: mapped response or structured error (includes reconnect/auth hints for 401/403)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Fix/202: e2e logout relogin onboarding #305 — Touches e2e authentication persistence checks around the same persist:auth key and adjusts test expectations related to persisted auth state.

Suggested reviewers

• senamakel
• graycyrus

Poem

🐰
Hops through methods, underscores bright,
I sniffed out tokens in the night.
Encrypted paths and docs in bloom,
Scoped credentials find their room.
A carrot-cheer for code made right!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the primary change: updating RPC method names from dot notation to underscores for authentication calls across multiple files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/openhuman/skills/quickjs_libs/bootstrap.js (1)

136-138: Consider migrating var to const/let for consistency.

This file uses var extensively (e.g., lines 136-138, 141, 151, 162, 911-912, 924, etc.). QuickJS supports const and let, and the coding guidelines prefer them over var. Since this PR already touches string formatting, consider a follow-up to modernize variable declarations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/openhuman/skills/quickjs_libs/bootstrap.js` around lines 136 - 138, The
code uses legacy `var` for local variables (e.g., `method`, `headers`, `body` in
the HTTP request block) instead of `const`/`let`; update these declarations
across bootstrap.js (including other occurrences such as near lines with
`method`, `headers`, `body`, and other var usages) to `const` when the variable
is never reassigned and to `let` when it is mutated, ensuring no behavior
changes; scan functions like the HTTP request handler and other scopes that use
`var` and replace them accordingly while keeping scoping semantics the same.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/openhuman/skills/quickjs_libs/bootstrap.js`:
- Around line 136-138: The code uses legacy `var` for local variables (e.g.,
`method`, `headers`, `body` in the HTTP request block) instead of `const`/`let`;
update these declarations across bootstrap.js (including other occurrences such
as near lines with `method`, `headers`, `body`, and other var usages) to `const`
when the variable is never reassigned and to `let` when it is mutated, ensuring
no behavior changes; scan functions like the HTTP request handler and other
scopes that use `var` and replace them accordingly while keeping scoping
semantics the same.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 13201741-2773-4523-93eb-2d1c534a7b4a

📥 Commits

Reviewing files that changed from the base of the PR and between 3a2e4b1 and 10c69a3.

⛔ Files ignored due to path filters (1)

• app/src-tauri/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• app/src/utils/tauriCommands/auth.ts
• docs/proxy-route-flow.md
• src/openhuman/skills/quickjs_libs/bootstrap.js
• src/openhuman/skills/quickjs_libs/qjs_ops/ops_core.rs