Skip to content

feat(inference): cut wire-equivalent BYOK cloud slugs to crate-native (Motion B)#4780

Merged
senamakel merged 1 commit into
tinyhumansai:mainfrom
senamakel:feat/inference-byok-cloud-cutover
Jul 11, 2026
Merged

feat(inference): cut wire-equivalent BYOK cloud slugs to crate-native (Motion B)#4780
senamakel merged 1 commit into
tinyhumansai:mainfrom
senamakel:feat/inference-byok-cloud-cutover

Conversation

@senamakel

Copy link
Copy Markdown
Member

Summary

  • Extends the TinyAgents inference cutover (Motion B) from the managed backend + local runtimes to wire-equivalent BYOK cloud slugs: create_chat_model now routes DeepSeek / Groq / Mistral / xAI / Anthropic-auth / keyless cloud providers through a crate-native OpenAiModel instead of a ProviderModel-wrapped host provider.
  • Extracts a shared resolve_cloud_slug (entry + effective model + key + codex routing) and refactors the legacy make_cloud_provider_by_slug onto it, so eligible slugs resolve identically on both paths — only the wire client differs.
  • Conservatively gates eligibility: openai (Responses API + codex-OAuth), custom proxy slugs (may serve /v1/responses), and the managed OpenhumanJwt entry stay on the Provider path.

Problem

The inference migration (#4249) is moving provider construction off Box<dyn Provider> onto the crate ChatModel. The managed backend and local runtimes are already crate-native (#4769); the common non-OpenAI BYOK cloud providers were still built as host OpenAiCompatibleProviders.

Solution

try_create_cloud_slug_chat_model flips only the subset the crate OpenAiModel serves with byte-identical wire semantics — Anthropic/None auth (always; their endpoints have no /v1/responses) and plain-Bearer with no /v1/responses fallback and no codex-OAuth. It reuses the shared resolve_cloud_slug, runs the same enforce_local_only_inference + verify_session_active gate the Provider path applies, and builds via make_crate_openai_chat_model (temperature rides the per-call request; merge_system off, matching OpenAiCompatibleProvider::new). Everything uncertain returns None and falls through unchanged.

Submission Checklist

  • Tests added or updated (happy path + at least one failure / edge case) — bearer (DeepSeek) + Anthropic-auth slugs flip crate-native; openai / local / managed / unconfigured-slug all decline (the None fall-through cases). Plus the pre-existing make_cloud_provider_by_slug cloud-slug tests, which now also assert the shared-resolver refactor is behavior-preserving.
  • Diff coverage ≥ 80% — verified by this PR's rust-core-coverage job on the changed factory.rs lines.
  • Coverage matrix updated — N/A: structural cutover, no new user-facing feature rows.
  • All affected feature IDs from the matrix are listed under ## Related — N/A: none.
  • No new external network dependencies introduced — none; the crate wire client speaks the same OpenAI Chat Completions endpoints the host provider did (the managed backend already uses it in production).
  • Manual smoke checklist updated if this touches release-cut surfaces — N/A: no release-cut surface changed.
  • Linked issue — see ## Related.

Impact

  • Runtime: desktop/CLI Rust core. Eligible BYOK cloud roles change wire client (host OpenAiCompatibleProvider → crate OpenAiModel) with identical resolution. openai/codex, custom proxy slugs, and the managed entry are unchanged. Zero intended behavior change.
  • Migration: advances Phase 3 (provider consolidation); compatible*.rs remains (still serves openai/codex + create_chat_provider callers) until the crate /responses port.

Related


AI Authored PR Metadata

Linear Issue

  • Key: N/A
  • URL: N/A

Commit & Branch

  • Branch: feat/inference-byok-cloud-cutover
  • Commit SHA: 399710149

Validation Run

  • pnpm --filter openhuman-app format:check — N/A: no app/ changes.
  • pnpm typecheck — N/A: no app/ changes.
  • Focused tests: create_chat_model_routes_*_cloud_slug_to_crate_native, try_create_cloud_slug_declines_openai_and_non_cloud, + the existing make_cloud_provider_by_slug cloud-slug tests.
  • Rust fmt/check — cargo fmt clean; cargo check --lib reached 0 errors locally (OOM-killed before finishing on the contended dev box); full compile/test on CI.
  • Tauri fmt/check — N/A: no app/src-tauri changes.

Validation Blocked

  • command: full cargo test --lib / live per-provider wire-parity
  • error: shared dev box OOM-kills the full lib build; no live cloud test environment
  • impact: wire parity rests on the crate OpenAiModel being the same client the managed backend uses in production + the shared resolver keeping resolution identical; verified structurally + by the host cloud-slug regression tests on CI

Behavior Changes

  • Intended behavior change: none (wire-equivalent client swap for eligible slugs)
  • User-visible effect: none intended

Parity Contract

  • Legacy behavior preserved: eligible slugs resolve via the same resolve_cloud_slug; session/privacy gate preserved; temperature/merge-system parity
  • Guard/fallback/dispatch parity checks: conservative eligibility (openai/codex/responses-fallback/custom/OpenhumanJwt all decline → Provider path)

Duplicate / Superseded PR Handling

  • Duplicate PR(s): none
  • Canonical PR: this
  • Resolution: N/A

https://claude.ai/code/session_01U8NDGbt9tKj443VquzycLB

… (Motion B)

create_chat_model now routes the wire-equivalent BYOK cloud slugs through a
crate-native tinyagents OpenAiModel instead of a ProviderModel-wrapped host
provider, after the managed + local-runtime short-circuits.

Eligibility (conservative — anything uncertain stays on the Provider path):
- Anthropic / None auth → always eligible (their endpoints have no /v1/responses,
  so the host's dormant responses-fallback is behavior-neutral).
- Bearer → eligible only with no /v1/responses fallback, no openai-codex OAuth,
  and no codex account header — i.e. plain chat-completions Bearer providers
  (DeepSeek, Groq, Mistral, xAI, ...).
- openai (Responses API + codex-oauth), custom proxy slugs (may serve
  /v1/responses), and the managed OpenhumanJwt entry return None and stay
  host-side (deferred to the crate /responses port, Phase 3).

Shared resolution: extract resolve_cloud_slug (entry, effective model with
default_model fallback + abstract-tier remapping, key, codex routing) and refactor
make_cloud_provider_by_slug onto it — so eligible slugs resolve IDENTICALLY on
both paths and only the wire client differs. The existing cloud-slug tests verify
the legacy path is behavior-preserved.

Safety: the crate OpenAiModel wire is the same one the managed backend uses in
production. The same enforce_local_only_inference + verify_session_active gate the
Provider path applies runs before building. Temperature rides the per-call
ModelRequest (managed/local parity; @<temp> suffix still bakes an override); cloud
providers accept a system role so merge_system stays off (parity with
OpenAiCompatibleProvider::new).

Tests: bearer (deepseek) + anthropic-auth slugs flip crate-native; openai / local
/ managed / unconfigured decline. Lib compiles clean locally (OOM before finish);
full verification on CI, incl. the host cloud-slug regression tests.

Claude-Session: https://claude.ai/code/session_01U8NDGbt9tKj443VquzycLB
@senamakel senamakel requested a review from a team July 11, 2026 02:25
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 47 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a103c84d-fef1-4cae-afbb-2ae772531f82

📥 Commits

Reviewing files that changed from the base of the PR and between d5ce6aa and 3997101.

📒 Files selected for processing (3)
  • docs/tinyagents-drift-ledger.md
  • src/openhuman/inference/provider/factory.rs
  • src/openhuman/inference/provider/factory_tests.rs

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3997101499

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

// fallback, and the managed `OpenhumanJwt` entry stay on the `Provider` path.
let auth = match entry.auth_style {
AuthStyle::Anthropic => CompatAuthStyle::Anthropic,
AuthStyle::None => CompatAuthStyle::None,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep no-auth custom clouds on the provider path

For an AuthStyle::None cloud slug whose endpoint needs the legacy chat-completions-404 → /v1/responses retry, this arm now unconditionally builds the crate OpenAiModel, which the surrounding comment says has no responses fallback. The repo already guards that exact no-auth custom-cloud behavior in cloud_provider_falls_back_to_responses_on_404, so callers using create_chat_model(_with_model_id) with such a provider will now fail on the first /chat/completions 404 instead of retrying /responses; please apply the same fallback eligibility check used for Bearer or leave AuthStyle::None on the Provider path unless the endpoint is known chat-only.

Useful? React with 👍 / 👎.

@senamakel senamakel merged commit 8a6e780 into tinyhumansai:main Jul 11, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant