feat: make autonomy action budget configurable

[YOMXXX]

Summary

• Adds persisted autonomy settings updates for max_actions_per_hour, including a typed config patch, config load/apply helper, and controller/RPC exposure.
• Adds an Advanced Settings action-budget panel so users can inspect and update the local action budget without editing TOML by hand.
• Makes security policy info reflect active config instead of defaults, and improves the exhausted-budget error with the configured hourly limit and recovery guidance.
• Adds OPENHUMAN_MAX_ACTIONS_PER_HOUR env override documentation/defaults for local and deployment tuning.
• Removes duplicate German i18n object keys that blocked TypeScript compilation while adding the new settings copy.

Problem

• Refs OpenHuman 不执行命令和无反馈的分析 #2486.
• The local agent action budget was effectively fixed at the config default and hard to adjust during normal desktop use.
• When the budget was exhausted, the user-facing error did not explain the configured limit or where to change it.
• security_policy_info used default policy data, which could drift from the active runtime config.

Solution

• Introduced AutonomySettingsPatch and apply_autonomy_settings/load_and_apply_autonomy_settings so only supported autonomy settings are mutated and persisted.
• Registered config.update_autonomy_settings / openhuman.config_update_autonomy_settings through the controller path rather than adding adapter-specific logic.
• Added ActionBudgetPanel under Settings -> Advanced with validation, save state, localized copy, and focused tests.
• Updated rate-limit policy info and exhausted-budget messaging to use the active config-derived SecurityPolicy.
• Added env overlay support for OPENHUMAN_MAX_ACTIONS_PER_HOUR and documented it in .env.example plus the agent harness docs.
• Kept frontend/server legacy RPC aliases in sync for openhuman.update_autonomy_settings.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• Diff coverage >= 80% - changed lines (Vitest + cargo-llvm-cov merged via diff-cover) meet the gate enforced by .github/workflows/coverage.yml. Run pnpm test:coverage and pnpm test:rust locally; PRs below 80% on changed lines will not merge. Local pnpm test:coverage passed; Rust focused tests passed; CI diff coverage remains authoritative.
• Coverage matrix updated - N/A: existing settings/config/security behavior, no feature row added/removed/renamed in docs/TEST-COVERAGE-MATRIX.md.
• All affected feature IDs from the matrix are listed in the PR description under ## Related - N/A: no matrix feature ID changed.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• Manual smoke checklist updated if this touches release-cut surfaces - N/A: advanced local setting only, no release smoke surface changed.
• Linked issue closed via Closes #NNN in the ## Related section - N/A: OpenHuman 不执行命令和无反馈的分析 #2486 also covers backend auth/socket feedback issues; this PR addresses the configurable action-budget portion only.

Impact

• Desktop Settings gains a new Advanced action-budget panel.
• Core config gains one env override: OPENHUMAN_MAX_ACTIONS_PER_HOUR.
• Runtime security behavior is unchanged by default, but users can now raise/lower the action budget through RPC/UI or env config.
• No new network dependency and no migration required.

Related

• Refs OpenHuman 不执行命令和无反馈的分析 #2486
• Closes: N/A - OpenHuman 不执行命令和无反馈的分析 #2486 includes broader socket/auth feedback diagnostics beyond this scoped action-budget fix.
• Follow-up PR(s)/TODOs: consider a separate PR for command allowlist/approval UX and socket/auth feedback visibility from OpenHuman 不执行命令和无反馈的分析 #2486.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: feat/configurable-action-budget
• Commit SHA: 937fb4bbed877c631a4d1bf548895bce70489fb2

Validation Run

• pnpm --filter openhuman-app format:check via pnpm format:check
• pnpm typecheck via pnpm compile
• Focused tests: pnpm --filter openhuman-app exec vitest run --config test/vitest.config.ts src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx src/components/settings/panels/__tests__/DeveloperOptionsPanel.test.tsx
• Frontend coverage: pnpm test:coverage (319 test files passed, 3096 tests passed, 3 skipped)
• Rust fmt/check (if changed): pnpm format:check; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml frontend_legacy_aliases_match_server_alias_table; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml action_budget; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml env_overlay_autonomy_max_actions_per_hour_accepts_valid_u32; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml security_policy_info; GGML_NATIVE=OFF cargo check --manifest-path Cargo.toml
• Tauri fmt/check (if changed): GGML_NATIVE=OFF pnpm rust:check
• Additional validation: pnpm i18n:check; pnpm lint (passes with 44 existing warnings); git diff --check; latest pre-push hook passed with git push origin feat/configurable-action-budget on commit 937fb4bb.

Validation Blocked

• command: GGML_NATIVE=OFF pnpm test:rust
• error: Local full Rust suite ran 8530 passing tests before failing 6 tests. One real drift failure (frontend_legacy_aliases_match_server_alias_table) was fixed and revalidated. The remaining 5 failures are local network/runtime expectation mismatches where connection-refused tests received 502 Bad Gateway from local OpenAI/Ollama-style requests.
• impact: Changed-surface Rust tests, alias drift guard, frontend coverage, Tauri check, and pre-push passed locally; CI Rust/coverage jobs are the authoritative full-suite gate.

Notes:

• Local Node is v22.14.0 while the app declares >=24.0.0; pnpm emitted engine warnings but the commands above exited successfully unless noted in Validation Blocked.
• Initial Tauri check needed submodule initialization in the feature worktree.
• macOS/Apple Silicon whisper-rs needs the documented GGML_NATIVE=OFF workaround to avoid -mcpu=native failures.

Behavior Changes

• Intended behavior change: the local autonomy action budget can be read/updated through Settings/RPC/env and policy info/errors now use the active configured budget.
• User-visible effect: Settings -> Advanced includes an Action Budget panel; exhausted-budget errors tell users the configured limit and how to recover.

Parity Contract

• Legacy behavior preserved: default budget remains 20 actions/hour unless config/env/UI updates it.
• Guard/fallback/dispatch parity checks: controller registry exposes the new config update path; legacy RPC aliases are included on frontend and server; validation rejects zero/invalid budgets.

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: this PR
• Resolution (closed/superseded/updated): N/A

Summary by CodeRabbit

• New Features

  • Added action budget settings panel in Developer Options, allowing users to configure a rolling hourly limit for side-effecting tool actions.
  • Introduced OPENHUMAN_MAX_ACTIONS_PER_HOUR environment variable (default: 20) for server-side rate limiting configuration.
  • Enhanced error messaging when action budget limits are exceeded, including guidance on adjusting settings.

• Documentation

  • Updated architecture documentation to describe action budget policy and per-session configuration.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR implements a rolling-hour action budget feature that allows administrators to cap side-effecting tool operations. Changes span backend config/RPC/security updates, a new frontend settings panel with Tauri integration, routing wiring, comprehensive i18n additions across all language chunks, environment variable override support, and architecture documentation.

Changes

Action Budget Feature

Layer / File(s)	Summary
Backend configuration foundation src/openhuman/config/ops.rs, src/openhuman/config/ops_tests.rs, src/openhuman/config/schema/load_tests.rs, .env.example	AutonomySettingsPatch struct and apply_autonomy_settings / load_and_apply_autonomy_settings functions persist max_actions_per_hour to config and return refreshed snapshots; environment variable OPENHUMAN_MAX_ACTIONS_PER_HOUR (default 20) overrides at startup; tests validate parsing and persistence.
Backend RPC controller src/openhuman/config/schemas.rs	New update_autonomy_settings RPC with AutonomySettingsUpdate request struct registered in controller schemas and wired to handle_update_autonomy_settings handler that applies patches and returns updated config snapshot.
Backend security policy src/openhuman/security/ops.rs, src/openhuman/security/policy.rs, src/openhuman/security/policy_tests.rs, src/openhuman/security/schemas.rs	SecurityPolicy introspection now derives from runtime config instead of defaults; adds security_policy_info_for_config and async load_and_get_security_policy_info to support config-dependent policy info; rate-limit exceeded error for actions now includes configured limit and settings path guidance; handle_policy_info awaits the async loader.
Frontend RPC bindings app/src/services/rpcMethods.ts, app/src/utils/tauriCommands/config.ts, src/core/legacy_aliases.rs	CORE_RPC_METHODS.configUpdateAutonomySettings mapped to openhuman.config_update_autonomy_settings; AutonomySettingsUpdate TypeScript interface and openhumanUpdateAutonomySettings Tauri wrapper; legacy alias for openhuman.update_autonomy_settings.
Frontend ActionBudgetPanel app/src/components/settings/panels/ActionBudgetPanel.tsx, app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx	React component loads active budget via openhumanGetConfig, validates input within bounds (MIN_ACTION_BUDGET–MAX_ACTION_BUDGET), saves via openhumanUpdateAutonomySettings, and shows desktop-only error in non-Tauri environments; test suite covers load, save, validation, and platform availability.
Frontend routing & menu app/src/pages/Settings.tsx, app/src/components/settings/panels/DeveloperOptionsPanel.tsx	Adds action-budget leaf route and developer options menu entry with i18n-backed title/description and icon.
Internationalization app/src/lib/i18n/en.ts, app/src/lib/i18n/chunks/ar-5.ts, app/src/lib/i18n/chunks/bn-5.ts, app/src/lib/i18n/chunks/de-5.ts, app/src/lib/i18n/chunks/en-5.ts, app/src/lib/i18n/chunks/es-5.ts, app/src/lib/i18n/chunks/fr-5.ts, app/src/lib/i18n/chunks/hi-5.ts, app/src/lib/i18n/chunks/id-5.ts, app/src/lib/i18n/chunks/it-5.ts, app/src/lib/i18n/chunks/ko-5.ts, app/src/lib/i18n/chunks/pt-5.ts, app/src/lib/i18n/chunks/ru-5.ts, app/src/lib/i18n/chunks/zh-CN-5.ts	settings.developerMenu.actionBudget.* (title/description) and settings.actionBudget.* (active limit, actions-per-hour labels, desktop-only notice, load/save/validation messages) keys added across all language chunks in English; de-5.ts also removes obsolete MCP server entries.
Architecture documentation gitbooks/developing/architecture/agent-harness.md	Documents "Local action budget" session field as a rolling hourly cap sourced from config.autonomy.max_actions_per_hour, and "Action budget policy" in stop-hooks describing SecurityPolicy enforcement with user configuration and OPENHUMAN_MAX_ACTIONS_PER_HOUR override.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• tinyhumansai/openhuman#1705: Adds and synchronizes the legacy RPC alias openhuman.update_autonomy_settings → openhuman.config_update_autonomy_settings alongside existing legacy method tests.
• tinyhumansai/openhuman#2250: Modifies DeveloperOptionsPanel.tsx to render developer menu labels via i18n keys, aligning with the panel structure changes in this PR.
• tinyhumansai/openhuman#2258: Also modifies DeveloperOptionsPanel.tsx developerItems model with titleKey/descriptionKey i18n wiring directly overlapping this PR's changes.

Suggested reviewers

• graycyrus

Poem

🐰 A budget to reign in the actions so wild,
Per hour they're capped, every tool reconciled,
The frontend now shows where admins can adjust,
Security keeps the framework robust!
hops away with pride

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly summarizes the main objective: making the autonomy action budget configurable. The changeset comprehensively implements this feature across frontend, backend, and configuration.
Docstring Coverage	✅ Passed	Docstring coverage is 81.08% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/openhuman/config/schemas.rs (1)

1022-1030: ⚡ Quick win

Add RPC entry/exit/error logs to the new autonomy update handler.

This path mutates persisted config and currently has no diagnostic logs for enter/success/failure.

Suggested patch

 fn handle_update_autonomy_settings(params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async move {
-        let update = deserialize_params::<AutonomySettingsUpdate>(params)?;
+        log::debug!("[config][rpc] update_autonomy_settings enter");
+        let update = match deserialize_params::<AutonomySettingsUpdate>(params) {
+            Ok(u) => u,
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings invalid params: {err}");
+                return Err(err);
+            }
+        };
         let patch = config_rpc::AutonomySettingsPatch {
             max_actions_per_hour: update.max_actions_per_hour,
         };
-        to_json(config_rpc::load_and_apply_autonomy_settings(patch).await?)
+        match config_rpc::load_and_apply_autonomy_settings(patch).await {
+            Ok(outcome) => {
+                log::debug!("[config][rpc] update_autonomy_settings ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: Use log / tracing at debug or trace level on RPC entry and exit, error paths, state transitions....

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/config/schemas.rs` around lines 1022 - 1030, Add diagnostic
logs to handle_update_autonomy_settings: on RPC entry log the incoming
params/deserialized update (debug/trace), wrap the call to
config_rpc::load_and_apply_autonomy_settings(patch).await with a success log on
completion (debug) and an error log that captures the error context before
returning (error). Ensure logs include the function name
handle_update_autonomy_settings and the patch/max_actions_per_hour value and
propagate the original error unchanged after logging.

src/openhuman/security/schemas.rs (1)

42-45: ⚡ Quick win

Add diagnostic logging around policy_info RPC execution.

This RPC now depends on async config I/O but doesn’t log entry/success/failure, which makes field debugging harder.

Suggested patch

 fn handle_policy_info(_params: Map<String, Value>) -> ControllerFuture {
-    Box::pin(async {
-        to_json(crate::openhuman::security::rpc::load_and_get_security_policy_info().await?)
+    Box::pin(async {
+        log::debug!("[security][rpc] policy_info enter");
+        match crate::openhuman::security::rpc::load_and_get_security_policy_info().await {
+            Ok(outcome) => {
+                log::debug!("[security][rpc] policy_info ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[security][rpc] policy_info failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: Use log / tracing at debug or trace level on RPC entry and exit, error paths, state transitions....

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/security/schemas.rs` around lines 42 - 45, The RPC handler
handle_policy_info lacks diagnostics; add tracing/log calls around the async
call to crate::openhuman::security::rpc::load_and_get_security_policy_info() to
record entry, success, and failure: log at debug/trace when entering
handle_policy_info (include any incoming params or a brief marker), log
debug/trace on successful result before returning the JSON, and log error with
the error details if the await returns Err (include context string). Use the
existing logging/tracing crate conventions (e.g.,
tracing::debug!/tracing::error!) so callers can trace async config I/O and
failures in load_and_get_security_policy_info().

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/components/settings/panels/ActionBudgetPanel.tsx`:
- Around line 47-51: The panel currently shows a desktop-only error but still
allows Save to be clicked; prevent that by gating the save path and disabling
the Save button when not running in Tauri: add a runtime flag check (use
isTauri() or a local isTauriState set on mount) at the top of the save handler
(e.g., the component's save/handleSave function) to return early when not Tauri,
and set the Save button's disabled prop to true when !isTauri() (also update the
other occurrence referenced around lines 147-151). Ensure you use the same
isTauri/isTauriState used where setIsLoading and setError are called so UI state
and action gating remain consistent.

---

Nitpick comments:
In `@src/openhuman/config/schemas.rs`:
- Around line 1022-1030: Add diagnostic logs to handle_update_autonomy_settings:
on RPC entry log the incoming params/deserialized update (debug/trace), wrap the
call to config_rpc::load_and_apply_autonomy_settings(patch).await with a success
log on completion (debug) and an error log that captures the error context
before returning (error). Ensure logs include the function name
handle_update_autonomy_settings and the patch/max_actions_per_hour value and
propagate the original error unchanged after logging.

In `@src/openhuman/security/schemas.rs`:
- Around line 42-45: The RPC handler handle_policy_info lacks diagnostics; add
tracing/log calls around the async call to
crate::openhuman::security::rpc::load_and_get_security_policy_info() to record
entry, success, and failure: log at debug/trace when entering handle_policy_info
(include any incoming params or a brief marker), log debug/trace on successful
result before returning the JSON, and log error with the error details if the
await returns Err (include context string). Use the existing logging/tracing
crate conventions (e.g., tracing::debug!/tracing::error!) so callers can trace
async config I/O and failures in load_and_get_security_policy_info().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9f524bd5-1e23-415d-bda2-0e63ff611f21

📥 Commits

Reviewing files that changed from the base of the PR and between ed3e453 and 497d027.

📒 Files selected for processing (32)

• .env.example
• app/src/components/settings/panels/ActionBudgetPanel.tsx
• app/src/components/settings/panels/DeveloperOptionsPanel.tsx
• app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx
• app/src/lib/i18n/chunks/ar-5.ts
• app/src/lib/i18n/chunks/bn-5.ts
• app/src/lib/i18n/chunks/de-3.ts
• app/src/lib/i18n/chunks/de-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/fr-5.ts
• app/src/lib/i18n/chunks/hi-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/it-5.ts
• app/src/lib/i18n/chunks/ko-5.ts
• app/src/lib/i18n/chunks/pt-5.ts
• app/src/lib/i18n/chunks/ru-5.ts
• app/src/lib/i18n/chunks/zh-CN-5.ts
• app/src/lib/i18n/en.ts
• app/src/pages/Settings.tsx
• app/src/services/rpcMethods.ts
• app/src/utils/tauriCommands/config.ts
• gitbooks/developing/architecture/agent-harness.md
• src/openhuman/config/ops.rs
• src/openhuman/config/ops_tests.rs
• src/openhuman/config/schema/load.rs
• src/openhuman/config/schema/load_tests.rs
• src/openhuman/config/schemas.rs
• src/openhuman/security/ops.rs
• src/openhuman/security/policy.rs
• src/openhuman/security/policy_tests.rs
• src/openhuman/security/schemas.rs

💤 Files with no reviewable changes (1)

• app/src/lib/i18n/chunks/de-3.ts

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/openhuman/security/schemas.rs (1)

42-45: ⚡ Quick win

Instrument policy_info handler with debug/warn logs.

The new async path is good, but it currently has no explicit RPC entry/failure logs for observability.

Suggested update

 fn handle_policy_info(_params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async {
-        to_json(crate::openhuman::security::rpc::load_and_get_security_policy_info().await?)
+        log::debug!("[security][rpc] policy_info enter");
+        match crate::openhuman::security::rpc::load_and_get_security_policy_info().await {
+            Ok(outcome) => {
+                log::debug!("[security][rpc] policy_info ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[security][rpc] policy_info failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: `src/openhuman/**/*.rs` should log RPC entry/exit and error paths with structured, grep-friendly context.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/security/schemas.rs` around lines 42 - 45, Instrument the
handle_policy_info RPC handler to emit structured entry/exit and error logs: at
the start of handle_policy_info() log RPC entry with a context field like
{"rpc":"policy_info"}, then wrap the await call to
crate::openhuman::security::rpc::load_and_get_security_policy_info() so that on
success you log a debug/trace exit (include any lightweight result metadata) and
on failure you log a warn/error with the error details and same context; use the
project logging macros (e.g., tracing::debug!/warn!) and ensure logs reference
the function name handle_policy_info and the called function
load_and_get_security_policy_info for easy grepping.

src/openhuman/config/schemas.rs (1)

1022-1030: ⚡ Quick win

Add entry/success/failure logs to the new autonomy RPC handler.

This new RPC path currently has no debug/warn instrumentation, which makes runtime triage harder than adjacent handlers.

Proposed logging pattern

 fn handle_update_autonomy_settings(params: Map<String, Value>) -> ControllerFuture {
     Box::pin(async move {
-        let update = deserialize_params::<AutonomySettingsUpdate>(params)?;
+        log::debug!("[config][rpc] update_autonomy_settings enter");
+        let update = match deserialize_params::<AutonomySettingsUpdate>(params) {
+            Ok(u) => u,
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings invalid params: {err}");
+                return Err(err);
+            }
+        };
         let patch = config_rpc::AutonomySettingsPatch {
             max_actions_per_hour: update.max_actions_per_hour,
         };
-        to_json(config_rpc::load_and_apply_autonomy_settings(patch).await?)
+        match config_rpc::load_and_apply_autonomy_settings(patch).await {
+            Ok(outcome) => {
+                log::debug!("[config][rpc] update_autonomy_settings ok");
+                to_json(outcome)
+            }
+            Err(err) => {
+                log::warn!("[config][rpc] update_autonomy_settings failed: {err}");
+                Err(err)
+            }
+        }
     })
 }

As per coding guidelines: `src/openhuman/**/*.rs`: use `log` / `tracing` at `debug` or `trace` on RPC entry/exit and error paths with grep-friendly context.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/config/schemas.rs` around lines 1022 - 1030, The handler
handle_update_autonomy_settings lacks logging; add trace/debug logs on entry
(log the deserialized AutonomySettingsUpdate or its key fields), a success debug
log after to_json returns (including the applied patch or resulting state), and
an error/warn log around the await of
config_rpc::load_and_apply_autonomy_settings(patch).await? so any failure is
logged with the error details and a grep-friendly context string like
"handle_update_autonomy_settings". Use the project's logging crate (log or
tracing) consistent with nearby handlers and include the function name and
relevant identifiers (AutonomySettingsUpdate, AutonomySettingsPatch,
config_rpc::load_and_apply_autonomy_settings) in messages.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.env.example:
- Around line 75-76: Move the OPENHUMAN_MAX_ACTIONS_PER_HOUR entry so it appears
before the OPENHUMAN_MODEL entry in the .env example to satisfy dotenv key
ordering; update the block by cutting the line
"OPENHUMAN_MAX_ACTIONS_PER_HOUR=20" and pasting it above the existing
"OPENHUMAN_MODEL" key so dotenv-linter no longer reports UnorderedKey.

---

Nitpick comments:
In `@src/openhuman/config/schemas.rs`:
- Around line 1022-1030: The handler handle_update_autonomy_settings lacks
logging; add trace/debug logs on entry (log the deserialized
AutonomySettingsUpdate or its key fields), a success debug log after to_json
returns (including the applied patch or resulting state), and an error/warn log
around the await of config_rpc::load_and_apply_autonomy_settings(patch).await?
so any failure is logged with the error details and a grep-friendly context
string like "handle_update_autonomy_settings". Use the project's logging crate
(log or tracing) consistent with nearby handlers and include the function name
and relevant identifiers (AutonomySettingsUpdate, AutonomySettingsPatch,
config_rpc::load_and_apply_autonomy_settings) in messages.

In `@src/openhuman/security/schemas.rs`:
- Around line 42-45: Instrument the handle_policy_info RPC handler to emit
structured entry/exit and error logs: at the start of handle_policy_info() log
RPC entry with a context field like {"rpc":"policy_info"}, then wrap the await
call to crate::openhuman::security::rpc::load_and_get_security_policy_info() so
that on success you log a debug/trace exit (include any lightweight result
metadata) and on failure you log a warn/error with the error details and same
context; use the project logging macros (e.g., tracing::debug!/warn!) and ensure
logs reference the function name handle_policy_info and the called function
load_and_get_security_policy_info for easy grepping.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5edfbc0e-0f78-4a08-a028-7fc9db5cfde4

📥 Commits

Reviewing files that changed from the base of the PR and between 497d027 and 2dac605.

📒 Files selected for processing (33)

• .env.example
• app/src/components/settings/panels/ActionBudgetPanel.tsx
• app/src/components/settings/panels/DeveloperOptionsPanel.tsx
• app/src/components/settings/panels/__tests__/ActionBudgetPanel.test.tsx
• app/src/lib/i18n/chunks/ar-5.ts
• app/src/lib/i18n/chunks/bn-5.ts
• app/src/lib/i18n/chunks/de-3.ts
• app/src/lib/i18n/chunks/de-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/fr-5.ts
• app/src/lib/i18n/chunks/hi-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/it-5.ts
• app/src/lib/i18n/chunks/ko-5.ts
• app/src/lib/i18n/chunks/pt-5.ts
• app/src/lib/i18n/chunks/ru-5.ts
• app/src/lib/i18n/chunks/zh-CN-5.ts
• app/src/lib/i18n/en.ts
• app/src/pages/Settings.tsx
• app/src/services/rpcMethods.ts
• app/src/utils/tauriCommands/config.ts
• gitbooks/developing/architecture/agent-harness.md
• src/core/legacy_aliases.rs
• src/openhuman/config/ops.rs
• src/openhuman/config/ops_tests.rs
• src/openhuman/config/schema/load.rs
• src/openhuman/config/schema/load_tests.rs
• src/openhuman/config/schemas.rs
• src/openhuman/security/ops.rs
• src/openhuman/security/policy.rs
• src/openhuman/security/policy_tests.rs
• src/openhuman/security/schemas.rs

💤 Files with no reviewable changes (1)

• app/src/lib/i18n/chunks/de-3.ts

✅ Files skipped from review due to trivial changes (5)

• src/openhuman/security/policy.rs
• app/src/lib/i18n/chunks/es-5.ts
• app/src/lib/i18n/chunks/id-5.ts
• app/src/lib/i18n/chunks/en-5.ts
• app/src/lib/i18n/chunks/fr-5.ts

[YOMXXX]

@graycyrus CI is green and CodeRabbit is approved. Could you take a look when you have a chance?

[YOMXXX]

@graycyrus Ready for review again.

Latest state on cb92e1c8:

• all required checks are green, including the rerun test / Rust Core Tests + Quality
• CodeRabbit is approved
• no unresolved review threads remain
• the extra commit is an empty chore: rerun cancelled CI commit to replace the prior cancelled GitHub Actions run, after rerun was unavailable without repository admin rights

[YOMXXX]

@graycyrus Ready for review again.

Latest state after syncing current upstream/main in 06f9ab01:

• merge conflicts are resolved
• all required checks are green, including Coverage Gate and Linux Appium E2E
• no unresolved review threads remain
• CodeRabbit has no active actionable blocker