Skip to content

feat(web3): compile-time web3 feature gate for wallet/web3/x402 (#4802)#4855

Open
oxoxDev wants to merge 15 commits into
tinyhumansai:mainfrom
oxoxDev:feat/4802-web3-feature-gate
Open

feat(web3): compile-time web3 feature gate for wallet/web3/x402 (#4802)#4855
oxoxDev wants to merge 15 commits into
tinyhumansai:mainfrom
oxoxDev:feat/4802-web3-feature-gate

Conversation

@oxoxDev

@oxoxDev oxoxDev commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Adds a compile-time Cargo web3 feature (default-ON) that gates the openhuman::wallet + openhuman::web3 + openhuman::x402 domains, composing with the runtime DomainSet::Web3 flag from feat(core): DomainSet on CoreBuilder + DomainRegistration filter seam (feature-gate prerequisite) #4796.
  • Default build is byte-identical — the desktop/CLI app is unchanged. A slim build (--no-default-features without web3) drops all three domains and their exclusive crypto deps bitcoin + curve25519-dalek.
  • First gate that sheds real dependencies (voice/media were surface-only). Uses the feat(core): feature gate — voice #4803 voice facade+stub pattern: pub mod wallet/web3/x402 stay always-compiled, real submodules are #[cfg(feature = "web3")], and each domain's stub.rs re-exposes the always-on caller surface with disabled-error / empty bodies.

Problem

#4795 wants one compile-time feature gate per subsystem family so slim harness builds drop code + deps; #4796 shipped the runtime DomainSet axis. This PR adds the compile-time half for the crypto/web3 family. Two scope realities the issue over-stated, confirmed by a full dependency + call-graph sweep:

  • TokenJuice is NOT in scope. The issue bucketed tokenjuice under web3 on the word "token", but it is the LLM-context compression engine (adapter over the vendored tinyjuice crate — detection / compressors / CCR cache / token estimates), already classified DomainGroup::Platform (always-on) in src/core/all.rs. Its tokenjuice-treesitter Cargo feature is a separate, unrelated default. Gating it under web3 would break LLM compression in every slim non-crypto build. Left untouched.
  • The gate sheds only two deps, not the whole crypto stack. ethers-core / ethers-signers / coins-bip39 / bs58 / ed25519-dalek / ripemd are shared with the Polymarket trading tools (tools/impl/network/polymarket*, clob_auth), tinyplace on-chain payments, and orchestration — so they stay always-on. Only bitcoin (BTC P2WPKH PSBT) and curve25519-dalek (Solana off-curve ATA) are exclusive to the gated modules and are dropped.

The central constraint (from the issue owner): toggling the gate on or off must not break the core or the app. Always-on callers hard-depend on the wallet — tinyplace/payment.rs uses the wallet's Solana signing (prepare_transfer, execute_prepared, tinyplace_signer_seed, SolanaCluster, …) and polymarket.rs imports wallet::{secret_material, status, WalletChain}. Deleting the modules would break their compile; the stub facade is what keeps both builds compiling and degrades those paths to graceful "wallet disabled" errors at runtime.

Solution

  • Cargo.toml: new web3 = ["dep:bitcoin", "dep:curve25519-dalek"] feature added to default; those two crates made optional (verified exclusive to wallet/+x402/ by call-graph grep).
  • Facade+stub for all three modules (wallet/, web3/, x402/): real submodules + re-exports move behind #[cfg(feature = "web3")]; a #[cfg(not(feature = "web3"))] mod stub; mirrors the exact always-on caller surface with disabled-error / None / empty-Vec bodies. Aggregator entry points (all_*_registered_controllers / all_*_controller_schemas / all_web3_agent_tools) return empty, so core/all.rs + tools/ops.rs need no call-site cfg.
  • Two caller families still cfg-gated at the call site (they name concrete gated types, not a stubbable aggregator): the six Wallet*Tool + X402RequestTool registrations (tools/ops.rs) + the wallet::tools::* glob (tools/mod.rs), and the x402 402-retry path (tools/impl/network/http_request.rs) — with web3 off, a 402 passes through unpaid. Mirrors how the voice gate cfg's its concrete podcast tools.
  • Tests (src/core/all_tests.rs): wallet_web3_x402_controllers_registered_when_feature_on (default) and wallet_web3_x402_controllers_absent_when_feature_off (disabled) assert the on/off registration behavior — the compile-time stub-facade correctness gate.
  • CI: the existing rust-feature-gate-smoke lane already builds --no-default-features --features tokenjuice-treesitter (every default gate off), so it now also compiles the web3-off path — no new step needed.
  • Docs: AGENTS.md gains a web3 gate-table row + a facade note.

When off: wallet/web3_*/x402 RPCs become unknown-method (absent from /schema); the wallet + swap/bridge/dapp + x402 agent tools are absent; tinyplace on-chain payments + Polymarket writes return a graceful "wallet disabled" error (tinyplace comms + the core boot/serve path are unaffected); bitcoin + curve25519-dalek leave the build.

Submission Checklist

  • Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy — on/off registration gate tests, both feature configs.
  • N/A: no instrumented changed lines with coverage information — the diff is compile-config only (#[cfg] attrs, a web3 feature, stub facades, docs). diff-cover reports no lines; the two registration tests cover the on/off behavior. CI coverage-gate authoritative. — Diff coverage ≥ 80%
  • Coverage matrix updated — N/A: compile-time build-config change, no user-facing feature row
  • All affected feature IDs from the matrix are listed in the PR description under ## RelatedN/A: no matrix rows affected
  • No new external network dependencies introduced (mock backend used per Testing Strategy)
  • Manual smoke checklist — verified locally: both GGML_NATIVE=OFF cargo check (default, web3 ON) and --no-default-features --features tokenjuice-treesitter (web3 OFF) compile exit 0; both gate tests pass in their configs; cargo fmt --check + cargo clippy --lib clean (0 new warnings, both configs).
  • Linked issue closed via Closes #NNN in the ## Related section

Impact

  • Desktop / CLI / mobile / web: no behavior change — default build keeps web3 on and is byte-identical.
  • Slim builds: --no-default-features (without web3) drops the wallet/web3/x402 domains + the bitcoin + curve25519-dalek deps. tinyplace payments + Polymarket writes degrade to a graceful "wallet disabled" error; comms + core boot + /rpc are unaffected.
  • Security / migration: none. Additive, default-preserving. No change to signing, key storage, or the shared crypto crates.

Related


AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

  • Key: N/A
  • URL: N/A

Commit & Branch

  • Branch: feat/4802-web3-feature-gate
  • Commit SHA: 7a9cddc1ee2ba065b0eed49ae2d46d530a0ecd74

Validation Run

  • N/A: no app/ (frontend) changes — pnpm --filter openhuman-app format:check
  • N/A: no TypeScript changes — pnpm typecheck
  • Focused tests: core::all::tests::wallet_web3_x402_controllers_registered_when_feature_on (default, passed) + ..::wallet_web3_x402_controllers_absent_when_feature_off (disabled build, passed)
  • Rust fmt/check: cargo fmt --check clean · default GGML_NATIVE=OFF cargo check exit 0 · disabled cargo check --no-default-features --features tokenjuice-treesitter exit 0 · cargo clippy --lib 0 new warnings in changed files (both configs)
  • N/A: no app/src-tauri changes — Tauri fmt/check (pre-push pnpm rust:check on the shell passed)

Validation Blocked

  • command: cargo test --lib (full)
  • error: OOM on local machine (known)
  • impact: full matrix runs in CI; locally scoped to the two web3 gate tests + default/disabled cargo check — all green in both feature configs

Behavior Changes

  • Intended behavior change: new default-on web3 compile-time gate; default unchanged
  • User-visible effect: none by default; slim builds omit the wallet/web3/x402 domains + their agent tools + the bitcoin + curve25519-dalek deps

Summary by CodeRabbit

  • New Features
    • Added a compile-time web3 feature gate covering wallet support, Web3 controller/tool registration, and x402 capabilities.
    • Updated default build to include web3, and made related crypto dependencies load only when web3 is enabled.
  • Bug Fixes
    • Prevented x402 402-response payment-and-retry behavior when web3 is disabled.
  • Tests
    • Added unit tests validating Web3-enabled vs Web3-disabled registration/tool discovery; expanded/adjusted Polymarket and x402 test coverage.
  • Documentation
    • Updated Web3 facade/stub behavior details and feature-gate guidance in AGENTS.md.

oxoxDev added 7 commits July 14, 2026 15:35
…tinyhumansai#4802)

Introduces the compile-time `web3` feature (default-ON, so the desktop
build is byte-identical). Makes the exclusive `bitcoin` (BTC P2WPKH PSBT)
and `curve25519-dalek` (Solana off-curve ATA) crates optional, dropped
when the gate is off. Shared crypto crates (ethers-*, coins-bip39, bs58,
ed25519-dalek, ripemd) stay always-on — Polymarket + tinyplace depend on
them.
Keeps `pub mod wallet` always-compiled as a facade; real submodules move
behind `#[cfg(feature = "web3")]`. A `stub.rs` mirrors the always-on
caller surface (WALLET_NOT_CONFIGURED_MESSAGE, status, secret_material,
WalletChain, prepare_transfer/execute_prepared + param/result types,
solana_cluster/SolanaCluster, tinyplace_solana_rpc_endpoints,
tinyplace_signer_seed, rpc::{redact_rpc_url, with_tinyplace_solana_endpoints},
prepared_quotes_for_test, controller-registration entry points) with
disabled-error / empty bodies so tinyplace payments + Polymarket writes
degrade gracefully instead of failing to compile.
…ansai#4802)

Real submodules gated behind `web3`; stub returns empty controllers,
schemas, and agent tools when off (swap/bridge/dapp RPCs become
unknown-method, the web3 agent tools are absent). No per-call-site cfg
needed — the aggregator entry points return empty.
…nsai#4802)

Real submodules gated behind `web3`; stub no-ops `init_ledger` and
returns empty controller/schema lists when off. The X402RequestTool
registration and the http_request 402-retry path are cfg-gated at their
call sites (concrete gated types).
…ansai#4802)

Concrete gated types can't be stubbed via return-empty, so the six
Wallet*Tool + X402RequestTool registrations, the wallet::tools::* glob,
and the http_request x402 402-retry path (+ its base64 import) are
`#[cfg(feature = "web3")]` — mirroring the voice gate. With web3 off a
402 passes through unpaid. Polymarket's wallet-signing tests are gated
too (they seed a real wallet); the tool itself compiles against the stub
in both configs.
)

Asserts wallet/web3/x402 controllers + web3 agent tools are present in
the default build and absent in the disabled build — the compile-time
stub-facade correctness gate.
Adds the web3 gate-table row (drops bitcoin + curve25519-dalek) and a
facade note: graceful tinyplace/Polymarket degradation, the shared crypto
deps kept always-on, and the two caller families still needing per-call
cfg.
@oxoxDev oxoxDev requested a review from a team July 14, 2026 10:07
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 70bf1524-5467-45b9-8f95-8e7fa9d8bbcf

📥 Commits

Reviewing files that changed from the base of the PR and between 3226ce2 and ae34b3d.

📒 Files selected for processing (4)
  • Cargo.toml
  • app/src-tauri/Cargo.toml
  • src/core/all_tests.rs
  • tests/raw_coverage/agent_session_round24_raw_coverage_e2e.rs
🚧 Files skipped from review as they are similar to previous changes (3)
  • Cargo.toml
  • app/src-tauri/Cargo.toml
  • src/core/all_tests.rs

📝 Walkthrough

Walkthrough

The PR adds a default-enabled web3 Cargo feature, makes selected crypto dependencies optional, and introduces disabled facades for wallet, web3, and x402. Registrations, payment retries, signing behavior, tests, and documentation now vary by feature state.

Changes

Web3 feature gating

Layer / File(s) Summary
Feature contract and documentation
Cargo.toml, AGENTS.md, app/src-tauri/Cargo.toml
The web3 feature enables optional crypto dependencies, remains default-enabled, is forwarded by the desktop app, and documents facade behavior.
Disabled domain facades
src/openhuman/wallet/*, src/openhuman/web3/*, src/openhuman/x402/*
Wallet, Web3, and X402 use real implementations when enabled and signature-compatible stubs with empty or disabled behavior when disabled.
Tool wiring and runtime behavior
src/openhuman/tools/*
Wallet and X402 tools, exports, HTTP payment retries, and Polymarket signing paths follow the web3 feature state.
Feature-specific validation
src/core/all_tests.rs, tests/raw_coverage/*
Tests verify enabled and disabled registrations, stub contracts, feature-dependent signing, and deterministic checkpoint fallback behavior.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related issues

Possibly related PRs

Suggested labels: rust-core, feature

Suggested reviewers: senamakel

Poem

I’m a rabbit with a feature flag,
Web3 hops in—or leaves no tag.
Wallets sleep, payments pause,
Stubs preserve their signatures’ laws.
Tests check dusk and default noon.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning The PR covers web3 gating, docs, and stubs, but the requested CoreBuilder DomainSet web3 flag is not shown in the changes. Add the DomainSet web3 flag to CoreBuilder and verify disabled builds still omit gated controllers, tools, schemas, and RPC methods.
Out of Scope Changes check ⚠️ Warning The raw coverage test fix in tests/raw_coverage/agent_session_round24_raw_coverage_e2e.rs is unrelated to the web3 gate scope. Move the deterministic checkpoint test fix into a separate PR unless it is required to make this feature-gate change pass CI.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately summarizes the main change: adding a default-on web3 feature gate for wallet/web3/x402.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7a9cddc1ee

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.toml
@coderabbitai coderabbitai Bot added feature Net-new user-facing capability or product behavior. rust-core Core Rust runtime in src/: CLI, core_server, shared infrastructure. labels Jul 14, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
src/openhuman/wallet/stub.rs (2)

93-165: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add diagnostics to the disabled-path error returns.

secret_material, prepare_transfer, execute_prepared, and tinyplace_signer_seed all return Err(DISABLED_MSG) with no log statement, unlike status() at line 86. Per the repo's logging rule, these new/changed flows should log at entry/error so operators can grep why a tinyplace payment or Polymarket write silently degraded in a slim build.

🔎 Example for one of the affected functions
 pub(crate) async fn secret_material(_chain: WalletChain) -> Result<WalletSecretMaterial, String> {
+    log::debug!("[wallet-stub] secret_material requested (web3 disabled)");
     Err(DISABLED_MSG.to_string())
 }

As per coding guidelines, "New or changed flows should include verbose, grep-friendly diagnostics covering entry/exit, branches, external calls, retries/timeouts, state transitions, and errors" and "Changes lacking logging are incomplete."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/wallet/stub.rs` around lines 93 - 165, Add grep-friendly
diagnostics to the disabled error paths in secret_material, prepare_transfer,
execute_prepared, and tinyplace_signer_seed, matching the existing logging
approach used by status(). Log the function entry or disabled-branch reason
before returning DISABLED_MSG, while preserving each function’s current return
behavior and avoiding changes to prepared_quotes_for_test.

Source: Coding guidelines


1-256: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add unit tests for the stub's own behavior.

This new file has no #[cfg(test)] module verifying, e.g., that status() returns empty accounts, prepare_transfer/execute_prepared/secret_material/tinyplace_signer_seed return the disabled error, or that prepared_quotes_for_test/tinyplace_solana_rpc_endpoints are empty. core/all_tests.rs only checks registry-level emptiness, not these individual behaviors.

As per coding guidelines, "Add tests for new or changed Rust behavior using inline #[cfg(test)] mod tests or sibling *_tests.rs files."

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/wallet/stub.rs` around lines 1 - 256, Add an inline
#[cfg(test)] mod tests to the stub module covering its disabled behavior: verify
status returns an empty account list, prepare_transfer, execute_prepared,
secret_material, and tinyplace_signer_seed return DISABLED_MSG, and
prepared_quotes_for_test plus tinyplace_solana_rpc_endpoints return empty
collections. Include the relevant Solana cluster behavior if needed to exercise
the facade’s public contract, while keeping tests focused on these stub
functions.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/x402/mod.rs`:
- Around line 34-60: Add feature-off regression tests at
src/openhuman/x402/mod.rs lines 34-60 covering the disabled facade’s callable
no-op APIs and empty registration results; add a sibling test at
src/openhuman/tools/impl/network/polymarket.rs lines 1373-1381 verifying
wallet-dependent write operations return the expected disabled error. Keep the
tests gated for builds without the web3 feature and use the existing facade and
write-operation symbols.

---

Nitpick comments:
In `@src/openhuman/wallet/stub.rs`:
- Around line 93-165: Add grep-friendly diagnostics to the disabled error paths
in secret_material, prepare_transfer, execute_prepared, and
tinyplace_signer_seed, matching the existing logging approach used by status().
Log the function entry or disabled-branch reason before returning DISABLED_MSG,
while preserving each function’s current return behavior and avoiding changes to
prepared_quotes_for_test.
- Around line 1-256: Add an inline #[cfg(test)] mod tests to the stub module
covering its disabled behavior: verify status returns an empty account list,
prepare_transfer, execute_prepared, secret_material, and tinyplace_signer_seed
return DISABLED_MSG, and prepared_quotes_for_test plus
tinyplace_solana_rpc_endpoints return empty collections. Include the relevant
Solana cluster behavior if needed to exercise the facade’s public contract,
while keeping tests focused on these stub functions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1498bbf1-5352-49d9-9ac9-a884468a11c7

📥 Commits

Reviewing files that changed from the base of the PR and between 8c37dfd and 7a9cddc.

📒 Files selected for processing (13)
  • AGENTS.md
  • Cargo.toml
  • src/core/all_tests.rs
  • src/openhuman/tools/impl/network/http_request.rs
  • src/openhuman/tools/impl/network/polymarket.rs
  • src/openhuman/tools/mod.rs
  • src/openhuman/tools/ops.rs
  • src/openhuman/wallet/mod.rs
  • src/openhuman/wallet/stub.rs
  • src/openhuman/web3/mod.rs
  • src/openhuman/web3/stub.rs
  • src/openhuman/x402/mod.rs
  • src/openhuman/x402/stub.rs

Comment thread src/openhuman/x402/mod.rs
oxoxDev added 4 commits July 14, 2026 16:05
The Tauri host consumes `openhuman_core` with `default-features = false`,
so gating the wallet/web3/x402 domains behind the default-ON `web3` feature
would drop them + their agent tools from the shipped desktop app. Forward
`features = ["web3"]` to keep the desktop build byte-identical. Safe — web3
is default-ON; this only restores the pre-gate desktop surface.
…tub (tinyhumansai#4802)

Log entry on each disabled error path (secret_material, prepare_transfer,
execute_prepared, tinyplace_signer_seed) so a slim build's degraded
tinyplace/Polymarket flows are grep-visible, matching status(). Add a
#[cfg(test)] module (compiled only when web3 is off) pinning the degraded
contract: empty status, disabled errors, empty quote/endpoint lists, and
empty controller registration.
…inyhumansai#4802)

Pin the disabled facades' contract: empty controller/schema registration
(and empty web3 agent-tool list) plus x402 init_ledger as a callable no-op,
so a slim build's empty surface is locked in against drift.
…ff (tinyhumansai#4802)

The signing happy-path tests require a real wallet and stay web3-gated; add a
feature-off counterpart proving wallet-signed writes surface the wallet-stub
disabled error (via secret_material) instead of panicking or proceeding
without a signer.
@oxoxDev

oxoxDev commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator Author

Addressed the CodeRabbit nitpicks (both on wallet/stub.rs):

  • Diagnostics on disabled paths (765e8d8) — secret_material, prepare_transfer, execute_prepared, and tinyplace_signer_seed now log at entry like status() did, so a slim build's degraded tinyplace/Polymarket flows are grep-visible.
  • Stub unit tests (765e8d8) — added an inline #[cfg(test)] mod tests covering the stub's own behavior (empty status/quotes/endpoints, disabled errors, empty registration, stable Solana USDC mint), alongside the web3/x402 stub + polymarket feature-off tests (570983d, 82ff383).

One deviation from the suggested diff: WalletSecretMaterial intentionally does not derive Debug (mirrors the real type, which omits it so a mnemonic never lands in a log), so the secret_material test matches on the Err arm rather than expect_err.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/tools/impl/network/polymarket.rs`:
- Around line 1420-1422: Update the assertion in the disabled-wallet test to
require the stable marker “web3/wallet feature disabled at compile time”
exclusively, removing the broader “wallet secret material” alternative. Keep the
assertion’s failure message and surrounding test flow unchanged so it verifies
the intended stub path.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c672ca58-2720-49fc-bd40-98cdfe8fc663

📥 Commits

Reviewing files that changed from the base of the PR and between 7a9cddc and 82ff383.

📒 Files selected for processing (5)
  • app/src-tauri/Cargo.toml
  • src/openhuman/tools/impl/network/polymarket.rs
  • src/openhuman/wallet/stub.rs
  • src/openhuman/web3/stub.rs
  • src/openhuman/x402/stub.rs
🚧 Files skipped from review as they are similar to previous changes (3)
  • src/openhuman/x402/stub.rs
  • src/openhuman/web3/stub.rs
  • src/openhuman/wallet/stub.rs

Comment thread src/openhuman/tools/impl/network/polymarket.rs Outdated
…humansai#4802)

The disabled-wallet test matched `"wallet secret material"` (from the
`.context()` wrapper, present regardless of failure cause) OR the loose
`"feature disabled"`. Require the stable stub marker
`"web3/wallet feature disabled at compile time"` exclusively so the test
proves the disabled-stub path specifically. Per CodeRabbit review.
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 14, 2026
@M3gA-Mind

Copy link
Copy Markdown
Collaborator

Re @chatgpt-codex-connector's P1 "Forward web3 into the Tauri core dependency"already addressed in current HEAD. app/src-tauri/Cargo.toml:139 now reads:

openhuman_core = { path = "../..", package = "openhuman", default-features = false, features = ["web3"] }

so the shipped desktop in-process core keeps the wallet/web3/x402 controllers (registered over /rpc + /schema) and their agent tools, matching the intended default-on behavior. Verified the gate compiles both ways (Rust Feature-Gate Smoke gates off is green, and the Tauri build is green). Good catch — the fix landed before this pass.


Separate observation for a maintainer (out of scope for this PR, no change made here): that same Tauri dep forwards only web3, not the other two default-ON gates voice and tokenjuice-treesitter. By the principle this PR documents right above the line ("any domain moved behind a default-ON Cargo feature must be re-forwarded here or it silently vanishes from the shipped desktop app"), voice being unforwarded means the desktop in-process core compiles the voice stub — i.e. voice controllers/tools are absent from the shipped app's in-process core. This predates #4855 (the tauri dep already used default-features = false with nothing forwarded before this PR, so it's a gap from the earlier voice gate, not something #4855 introduced), so I'm not folding a fix into this web3 PR. Flagging it for a follow-up: the tauri dep likely wants features = ["web3", "voice"] (tokenjuice degrades gracefully to the brace-depth heuristic, so that one is tolerable to leave off). Happy to file it if useful.

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@senamakel senamakel mentioned this pull request Jul 14, 2026
max_iteration_checkpoint_uses_deterministic_fallback_and_hooks fed the wrap-up
call a non-empty response (tool-call XML text) plus a streamed delta, so
summarize_turn_wrapup returned that text as the checkpoint and the deterministic
fallback the test is named for never ran — the (1 steps) assertion failed under
the FULL instrumented suite. Make the wrap-up yield nothing (empty text, no
deltas) so build_deterministic_checkpoint is the answer, and assert no
iteration-2 wrap-up delta is streamed. Pre-existing drift (checkpoint-selection
predates tinyhumansai#4386); surfaced here because tinyhumansai#4802's Cargo.toml change forces the full
coverage suite.
@M3gA-Mind

Copy link
Copy Markdown
Collaborator

Maintainer fix pass (pushed 35bb08dc4):

CI — Rust Core Coverage was RED (and PR CI Gate red as its aggregator). Root cause was a stale, pre-existing test unrelated to this web3 gate: agent_session_round24_raw_coverage_e2e::max_iteration_checkpoint_uses_deterministic_fallback_and_hooks (:456). It fed the tool-call-cap wrap-up call a non-empty response (tool-call XML text) plus a streamed "checkpoint delta", so summarize_turn_wrapup returned that text as the checkpoint and the deterministic fallback the test is named for never executed — the (1 steps) assertion failed. The checkpoint-selection logic (response.text() non-empty wins → else streamed → else empty→fallback) predates #4386, so this only fails in the FULL instrumented suite, which this PR triggers via its Cargo.toml change (web3 feature); it doesn't gate normal main pushes, so the drift went unnoticed.

Fix (tests/raw_coverage/agent_session_round24_raw_coverage_e2e.rs, test-only): make the wrap-up genuinely empty (text_response("", None), no stream deltas) so build_deterministic_checkpoint becomes the answer — restoring the path the test name promises. Updated the trailing progress assertion to expect no iteration-2 wrap-up delta, and refreshed a stale digest-format comment. Robust by construction: an empty summary always routes to the deterministic fallback regardless of stream plumbing. All other assertions (hooks, requests.len()==2, stream_was_requested, tools-disabled) unchanged. No production code touched — the web3 gate itself is untouched. (Same unrelated failure also affects other Cargo.toml-changing PRs; whichever merges first fixes it on main.)

Review feedback: none outstanding — reviewDecision unblocked, CodeRabbit's latest review is APPROVED, and both earlier CodeRabbit items (x402 feature-off coverage; polymarket specific disabled-error assertion) were already addressed and acknowledged.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 14, 2026
@Coding-Dev-Tools

Copy link
Copy Markdown

🤖 Council Merge Gate — APPROVE (merge blocked by branch protection)

The model council review gate returned APPROVE (session council-f79dd637-b1e1-4404-a02d-35a9151a734f), so the change is council-cleared.

However, gh pr merge was rejected by GitHub branch protection: the base branch policy prohibits the merge. This repo requires passing status checks and/or an approving review before merge, and those requirements are not currently satisfied (e.g. failing required CI checks).

Action needed (human): resolve the failing required checks / obtain the required review, then merge. A maintainer with admin rights may also merge explicitly. The PR is left OPEN.

Posted automatically by the council_gate_merge cron job.

@Coding-Dev-Tools

Copy link
Copy Markdown

🤖 Council Merge Gate — APPROVE (merge blocked by branch protection)

The model council review gate returned APPROVE (session council-125cc2a4-8df9-47a5-9379-60f99d6dbaa6), so the change is council-cleared.

However, gh pr merge was rejected by GitHub branch protection: the base branch policy prohibits the merge. This repo requires passing status checks and/or an approving review before merge, and those requirements are not currently satisfied (e.g. failing required CI checks).

Action needed (human): resolve the failing required checks / obtain the required review, then merge. A maintainer with admin rights may also merge explicitly. The PR is left OPEN.

Posted automatically by the council_gate_merge cron job.

…inyhumansai#4802)

group_mapping_smoke asserted group_for_namespace("wallet") == Some(Web3)
unconditionally. group_for_namespace resolves against the live controller
registry, so with the web3 gate off the wallet controllers are unregistered
and the lookup returns None, failing the test in the disabled config.

The CI feature-gate-smoke lane only runs `cargo check`, which never compiles
test code, so this could not surface there.

Verified: `cargo test --lib --no-default-features --features
tokenjuice-treesitter core::all::tests` no longer fails on the wallet
assertion. The two remaining failures in that config assert the voice
namespace and pre-date this branch (tinyhumansai#4803's gate); they are out of scope here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature Net-new user-facing capability or product behavior. rust-core Core Rust runtime in src/: CLI, core_server, shared infrastructure.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(core): feature gate — web3

4 participants