feat(welcome): split onboarding tool + detect gmail/webview logins

[senamakel]

Summary

• Split complete_onboarding into two single-purpose tools: check_onboarding_status (read-only, no args) and complete_onboarding (finalizer, no args). Shared helpers live in a new onboarding_status module so both tools and welcome_proactive use one code path.
• Extended the welcome-snapshot with two new fields the agent was missing: composio_connected_toolkits (which OAuth toolkits are actually authorised — e.g. ["gmail"]) and webview_logins (per-provider bool for gmail, whatsapp, telegram, slack, discord, linkedin, zoom, google_messages).
• Added openhuman::webview_accounts: Tauri exports the shared CEF cookies SQLite via OPENHUMAN_CEF_COOKIES_DB, core opens it read-only (mode=ro&immutable=1&nolock=1) and probes for known session-cookie names per host suffix. Fails closed (all-false) on any error — the welcome snapshot must always build.
• Updated welcome agent.toml + prompt.md to use both tools by name, read the new snapshot fields before pitching, and never re-offer an already-connected toolkit.

Why

The old single tool gated two distinct operations (inspect + finalize) on an action param, which the model occasionally confused. More importantly the snapshot only exposed integrations.composio: bool (the enabled flag), not which toolkits were actually connected, so the welcome agent would re-pitch Gmail even when the user had just authorised it. Webview logins (the user being signed in to mail.google.com or web.whatsapp.com inside the embedded browser) were invisible to the agent entirely.

Test plan

• cargo check — core + Tauri shell clean.
• cargo test --lib for webview_accounts, onboarding_status, check_onboarding_status, complete_onboarding, welcome — all pass (36 tests across these modules).
• New webview-accounts unit tests cover: missing env, empty env, nonexistent path, corrupt DB, detected gmail via SID cookie, detected slack+linkedin, rejection of non-session cookies (NID/CONSENT), LIKE-escape safety.
• Manual smoke: fresh install with chat_onboarding_completed=false, sign in, chat with welcome agent, confirm it calls check_onboarding_status first and reflects gmail connection (Composio and/or webview) before offering.
• Manual smoke: complete_onboarding rejects when ready_to_complete=false with the existing error wording.

Summary by CodeRabbit

• New Features

  • Added a read-only onboarding status check that returns a workspace readiness snapshot.
  • Added detection of logged-in webview provider accounts and propagation of the webview cookies DB location to the core process for cross-process session awareness.

• Refactor

  • Simplified onboarding completion to a single finalization action.
  • Centralized onboarding state and readiness logic into a dedicated module.

[coderabbitai]

Warning

Rate limit exceeded

@senamakel has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 36 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 3 minutes and 36 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 407245c9-b34d-4c15-bcf1-f49ed5fd4154

📥 Commits

Reviewing files that changed from the base of the PR and between 82c0cb2 and 40f237e.

📒 Files selected for processing (1)

• src/openhuman/webview_accounts/ops.rs

📝 Walkthrough

Walkthrough

Adds a read-only check_onboarding_status tool and a centralized onboarding_status helper, introduces webview login detection via a new webview_accounts module (driven by OPENHUMAN_CEF_COOKIES_DB env var), refactors complete_onboarding into a finalizer, and updates welcome agent prompts, configs, and registrations to use snapshot-driven onboarding checks.

Changes

Cohort / File(s)	Summary
Onboarding Status Core src/openhuman/tools/impl/agent/onboarding_status.rs, src/openhuman/tools/impl/agent/check_onboarding_status.rs	New onboarding_status helper centralizing exchange counter, auth detection, readiness logic, and snapshot builder. Adds CheckOnboardingStatusTool returning a JSON snapshot including webview_logins.
Complete Onboarding Refactor src/openhuman/tools/impl/agent/complete_onboarding.rs	Refactors complete_onboarding into a no-arg finalizer that delegates readiness checks to onboarding_status; removes prior snapshot-generation and local exchange-counter helpers.
Webview Login Detection & Env Propagation src/openhuman/webview_accounts/ops.rs, src/openhuman/webview_accounts/mod.rs, src/openhuman/mod.rs, app/src-tauri/src/lib.rs	Adds webview_accounts module with detect_webview_logins() that reads a CEF/Chromium cookies SQLite DB path from OPENHUMAN_CEF_COOKIES_DB; Tauri side best-effort exports that env var (or clears it if unresolved).
Agent Config, Prompts & Tests src/openhuman/agent/agents/welcome/agent.toml, src/openhuman/agent/agents/welcome/prompt.md, src/openhuman/agent/agents/loader.rs, src/openhuman/agent/welcome_proactive.rs	Adds check_onboarding_status to welcome agent tools and tests; updates prompt and proactive welcome to use snapshot-driven flow and disallow proactive tool use for completion.
Tool Registry & Module Exports src/openhuman/tools/impl/agent/mod.rs, src/openhuman/tools/ops.rs	Re-exports and registers CheckOnboardingStatusTool in the default tool registry; updates tests confirming registration.
Routing & Dispatch src/openhuman/channels/runtime/dispatch.rs, src/openhuman/channels/providers/web.rs	Switches welcome exchange-count increments to use onboarding_status helpers; minor doc/comment updates referencing complete_onboarding.
Config Docs & API Exposure src/openhuman/config/ops.rs, src/openhuman/config/schema/types.rs	Small documentation comment adjustments for onboarding-related config fields.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Agent as Welcome Agent
    participant Check as check_onboarding_status
    participant Status as onboarding_status
    participant Webview as webview_accounts
    participant Config as Config/State
    participant Complete as complete_onboarding

    Agent->>Check: request snapshot
    Check->>Config: load config/state
    Check->>Status: compute_state(config)
    Status->>Config: read exchange count, composio connections, JWT
    Check->>Webview: detect_webview_logins(env: OPENHUMAN_CEF_COOKIES_DB)
    Webview->>Webview: open cookies DB (readonly) & query providers
    Webview-->>Check: webview_logins JSON
    Status->>Status: build_status_snapshot(..., webview_logins)
    Status-->>Check: snapshot JSON
    Check-->>Agent: return snapshot
    Agent->>Agent: decide actions/pitches
    Agent->>Complete: call when snapshot.ready_to_complete == true
    Complete->>Status: compute_state(config)
    Status-->>Complete: onboarding state (ready/not-ready)
    Complete-->>Agent: success / not-ready error

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(agent): welcome->orchestrator routing + per-agent tool scoping (#525, #526) #544: Overlapping onboarding refactor and splitting of complete/check behaviors into dedicated tools and helpers.
• feat(onboarding): complete conversational onboarding stack and UX audit #619: Related modifications to onboarding tooling, welcome flow, and exchange-count logic.
• fix: wire proactive welcome into conversations #635: Related changes to proactive welcome, onboarding exchange-count criteria, and agent prompts.

Suggested reviewers

• graycyrus

Poem

🐰 A cookie trail beneath the trees,
A snapshot hums on gentle breeze.
Check status first, then finish true —
Webview logins tell who’s who.
Hop, welcome, patch—our carrots grew!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(welcome): split onboarding tool + detect gmail/webview logins' accurately summarizes the two main changes: splitting the onboarding tool into separate concerns and adding webview login detection.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

src/openhuman/agent/agents/welcome/prompt.md (1)

39-39: Minor: Consider capitalizing "LinkedIn".

Static analysis flagged that linkedin should be capitalized as LinkedIn since it's a proper noun. This is a minor documentation polish.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/openhuman/agent/agents/welcome/prompt.md` at line 39, Minor documentation
polish: in the description of the webview_logins field, update the provider name
"linkedin" to the proper-cased "LinkedIn" (inside the providers list for
webview_logins) so the line reads: **`webview_logins`** — bools per provider
(`gmail`, `whatsapp`, `telegram`, `slack`, `discord`, `LinkedIn`, `zoom`,
`google_messages`).

src/openhuman/tools/impl/agent/onboarding_status.rs (1)

135-177: Consider extracting channel detection into a helper.

The channel detection logic (14 if blocks checking is_some()) is straightforward but verbose. As a future refactor, consider a macro or a struct-to-channel-list helper to reduce repetition. This is purely optional and doesn't affect correctness.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/openhuman/tools/impl/agent/onboarding_status.rs` around lines 135 - 177,
The repeated is_some() checks populating channels_connected from
config.channels_config are verbose; extract this into a helper to iterate known
channel fields and push their string names when present. Create a function
(e.g., collect_connected_channels or impl ChannelsConfig::connected_names) that
takes &config.channels_config and returns Vec<&'static str>, move the series of
if checks into that helper, and replace the inlined block in
onboarding_status.rs to call that function and assign channels_connected to its
result (referencing channels_connected and config.channels_config to find the
call site).

src/openhuman/webview_accounts/mod.rs (1)

276-294: Consider test isolation for env var manipulation.

The tests manipulate OPENHUMAN_CEF_COOKIES_DB via std::env::set_var/remove_var. In Rust, environment variable access is not thread-safe, so these tests could interfere with each other if run in parallel. Consider using #[serial] from the serial_test crate if you observe flaky test failures.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/openhuman/webview_accounts/mod.rs` around lines 276 - 294, The tests
manipulate the environment variable COOKIES_DB_ENV (via
std::env::set_var/remove_var) which is not thread-safe; annotate the tests
(e.g., missing_env_returns_all_false and detects_gmail_via_sid_cookie) with a
serialization attribute such as #[serial] from the serial_test crate (add the
crate to dev-dependencies if missing and import serial_test::serial) so
detect_webview_logins-based tests run one at a time and avoid cross-test env var
interference.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@app/src-tauri/src/lib.rs`:
- Around line 697-709: The code currently logs the full cookies DB path and
leaves OPENHUMAN_CEF_COOKIES_DB unchanged on cache-dir resolution failure;
update the app.path().app_cache_dir() branch so the success path does NOT log
the absolute cookies_db (remove cookies_db.display() from log::info or redact
it) and the failure branch unsets/clears the OPENHUMAN_CEF_COOKIES_DB
environment variable (e.g., remove the var or set to empty) instead of leaving a
stale value; refer to the cookies_db variable, the OPENHUMAN_CEF_COOKIES_DB env
var, and the log::info / log::warn calls to locate where to change this.

---

Nitpick comments:
In `@src/openhuman/agent/agents/welcome/prompt.md`:
- Line 39: Minor documentation polish: in the description of the webview_logins
field, update the provider name "linkedin" to the proper-cased "LinkedIn"
(inside the providers list for webview_logins) so the line reads:
**`webview_logins`** — bools per provider (`gmail`, `whatsapp`, `telegram`,
`slack`, `discord`, `LinkedIn`, `zoom`, `google_messages`).

In `@src/openhuman/tools/impl/agent/onboarding_status.rs`:
- Around line 135-177: The repeated is_some() checks populating
channels_connected from config.channels_config are verbose; extract this into a
helper to iterate known channel fields and push their string names when present.
Create a function (e.g., collect_connected_channels or impl
ChannelsConfig::connected_names) that takes &config.channels_config and returns
Vec<&'static str>, move the series of if checks into that helper, and replace
the inlined block in onboarding_status.rs to call that function and assign
channels_connected to its result (referencing channels_connected and
config.channels_config to find the call site).

In `@src/openhuman/webview_accounts/mod.rs`:
- Around line 276-294: The tests manipulate the environment variable
COOKIES_DB_ENV (via std::env::set_var/remove_var) which is not thread-safe;
annotate the tests (e.g., missing_env_returns_all_false and
detects_gmail_via_sid_cookie) with a serialization attribute such as #[serial]
from the serial_test crate (add the crate to dev-dependencies if missing and
import serial_test::serial) so detect_webview_logins-based tests run one at a
time and avoid cross-test env var interference.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 61dbdcfd-eaae-4e02-9626-bb3f381a390d

📥 Commits

Reviewing files that changed from the base of the PR and between 11c67a7 and b7778af.

📒 Files selected for processing (16)

• app/src-tauri/src/lib.rs
• src/openhuman/agent/agents/loader.rs
• src/openhuman/agent/agents/welcome/agent.toml
• src/openhuman/agent/agents/welcome/prompt.md
• src/openhuman/agent/welcome_proactive.rs
• src/openhuman/channels/providers/web.rs
• src/openhuman/channels/runtime/dispatch.rs
• src/openhuman/config/ops.rs
• src/openhuman/config/schema/types.rs
• src/openhuman/mod.rs
• src/openhuman/tools/impl/agent/check_onboarding_status.rs
• src/openhuman/tools/impl/agent/complete_onboarding.rs
• src/openhuman/tools/impl/agent/mod.rs
• src/openhuman/tools/impl/agent/onboarding_status.rs
• src/openhuman/tools/ops.rs
• src/openhuman/webview_accounts/mod.rs

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/openhuman/agent/agents/welcome/prompt.md`:
- Around line 39-41: The prompt text uses the wrong casing for the LinkedIn
snapshot key; update the prompt fragment that mentions webview_logins and
composio_connected_toolkits to use the actual key "linkedin" (lowercase) instead
of "LinkedIn" so it matches the webview_logins schema and allows the agent to
detect an existing LinkedIn session (look for the webview_logins,
composio_connected_toolkits, and the Gmail/LinkedIn pairing logic in the welcome
prompt).

In `@src/openhuman/webview_accounts/mod.rs`:
- Around line 124-246: Extract the operational implementation from this mod.rs
into a new sibling file (e.g., ops.rs) and re-export the public API from mod.rs;
specifically move the functions detect_webview_logins,
provider_has_session_cookie, escape_like and any helper logic that touches
Connection/OpenFlags/cookies_db_path and PROVIDERS usage into the new file, keep
mod.rs only for exports (pub use
crate::openhuman::webview_accounts::ops::{detect_webview_logins,
provider_has_session_cookie, escape_like} or similar), update module
declarations (mod ops;) and adjust visibility (pub(crate) / pub) so tests and
callers still compile, and run cargo build/tests to ensure no missing imports or
visibility issues.
- Around line 137-160: The tracing::debug call inside the
Connection::open_with_flags Err branch currently logs the absolute cookies DB
path via path.display(), which can expose PII; change that debug call to remove
path.display() and instead log a non-sensitive identifier such as the
environment key or a constant like "cookies_db" and the error class (err) only —
update the tracing::debug invocation in the error arm of
Connection::open_with_flags (the block that currently returns
Value::Object(out)) to omit the raw path field and replace it with a redacted
identifier while keeping the existing error = %err and message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2c169439-e75b-43c8-9ff4-1a038fb4e37c

📥 Commits

Reviewing files that changed from the base of the PR and between b7778af and 6f4a951.

📒 Files selected for processing (3)

• app/src-tauri/src/lib.rs
• src/openhuman/agent/agents/welcome/prompt.md
• src/openhuman/webview_accounts/mod.rs

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/openhuman/webview_accounts/ops.rs (1)

106-160: Add explicit start/end probe logs for the detector.

You already log error paths and per-provider outcomes; adding one entry log and one completion summary (e.g., providers checked, logged-in count) would better satisfy the repo’s logging policy for external DB probes.

As per coding guidelines: "Add substantial development-oriented logging at entry/exit points, branch decisions, external calls, retries/timeouts, state transitions, and error paths" and "Rust debug logging must use stable grep-friendly prefixes (e.g., [domain], [rpc], [ui-flow]) and correlation fields (request IDs, method names, entity IDs)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/openhuman/webview_accounts/ops.rs` around lines 106 - 160, Add a debug
entry log at the start of detect_webview_logins (include env = COOKIES_DB_ENV
and a stable prefix like "[webview_accounts] detect_start") and an exit/summary
debug log before returning Value::Object(out) that reports how many providers
from PROVIDERS were checked and the count of logged-in providers (include a
stable prefix like "[webview_accounts] detect_complete" and correlation fields
such as the number of providers and logged_in_count). Place the entry log
immediately after creating the out map and the summary log after the loop that
calls provider_has_session_cookie(&conn, p); ensure both logs follow the
project's grep-friendly prefix style and include the COOKIES_DB_ENV field where
appropriate.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/openhuman/webview_accounts/ops.rs`:
- Around line 134-138: The SQLite file URI currently embeds path.display() raw
into uri, which breaks on spaces and reserved chars; update the code that builds
uri (the let uri = ... line used before Connection::open_with_flags) to first
convert backslashes to forward slashes and percent-encode the filesystem path
using the urlencoding crate (e.g., call urlencoding::encode on the normalized
path string) and then interpolate that encoded path into the
"file:{encoded}?mode=ro&immutable=1&nolock=1" URI before calling
Connection::open_with_flags with OpenFlags::SQLITE_OPEN_READ_ONLY |
OpenFlags::SQLITE_OPEN_URI so SQLite parses it correctly.

---

Nitpick comments:
In `@src/openhuman/webview_accounts/ops.rs`:
- Around line 106-160: Add a debug entry log at the start of
detect_webview_logins (include env = COOKIES_DB_ENV and a stable prefix like
"[webview_accounts] detect_start") and an exit/summary debug log before
returning Value::Object(out) that reports how many providers from PROVIDERS were
checked and the count of logged-in providers (include a stable prefix like
"[webview_accounts] detect_complete" and correlation fields such as the number
of providers and logged_in_count). Place the entry log immediately after
creating the out map and the summary log after the loop that calls
provider_has_session_cookie(&conn, p); ensure both logs follow the project's
grep-friendly prefix style and include the COOKIES_DB_ENV field where
appropriate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 78289c64-1929-4b6e-a476-7bdadad55a01

📥 Commits

Reviewing files that changed from the base of the PR and between 6f4a951 and 82c0cb2.

📒 Files selected for processing (3)

• src/openhuman/agent/agents/welcome/prompt.md
• src/openhuman/webview_accounts/mod.rs
• src/openhuman/webview_accounts/ops.rs