🛡️ Harden restored session provider parsing against invalid DB values

[Robdel12]

Context

runtime/restored_sessions.rs still parses restored provider strings with unwrap() in two places:

• restored_session_to_handle
• prepare_restored_session_for_direct_resume

That means a malformed provider value in the database can panic session restoration instead of degrading gracefully.

Task

Harden restored provider parsing in runtime/restored_sessions.rs.

Please:

• extract a small helper so the parsing logic only lives in one place
• preserve normal behavior for valid provider values, including mixed-case input
• replace the unwrap() calls with a safe fallback
• log a warning when fallback is used so the bad stored value is visible
• add focused unit tests for valid and invalid provider strings

Use Provider::Claude as the fallback so restored read paths stay aligned with the other mission/provider hardening work.

Acceptance Criteria

• Restored session helpers no longer panic on invalid provider strings.
• Valid provider strings still restore correctly.
• Invalid provider strings fall back predictably and are logged.
• The new helper has direct unit test coverage.

Files

• orbitdock-server/crates/server/src/runtime/restored_sessions.rs

[Robdel12]

Workpad — #55 Harden restored session provider parsing

Observations

• restored_sessions.rs has three .unwrap() calls on provider.parse::<Provider>() (lines 88, 213, 329)
• Provider::FromStr is actually infallible (error type is Infallible, defaults to Provider::Claude for unknown values), so these can't panic today — but the intent isn't visible and bad values are silently swallowed
• The same to_ascii_lowercase().parse::<Provider>() pattern is copy-pasted in all three spots

Plan

1. Extract a parse_provider helper that:

   • Lowercases + parses the string
   • Returns Provider directly (no Result)
   • Logs tracing::warn! when the raw value doesn't match a known provider, so bad DB values are visible in logs

2. Replace all three .unwrap() sites with the new helper

3. Add unit tests covering:

   • Valid lowercase values ("claude", "codex")
   • Valid mixed-case values ("Claude", "CODEX")
   • Invalid/empty/garbage values → fallback to Provider::Claude

4. Run make rust-ci to verify everything passes

[Robdel12]

🛡️ Harden restored session provider parsing against invalid DB values: #111

[Robdel12]

Done — PR ready for review

PR: #111

What changed

• Extracted parse_provider helper in restored_sessions.rs — single place for lowercase + parse logic
• Replaced all three .unwrap() call sites with the new helper
• Invalid/unknown stored provider values now log tracing::warn! with the raw value and fall back to Provider::Claude
• Added 3 unit tests covering lowercase, mixed-case, and invalid/empty/garbage inputs

Verification

• make rust-ci passes (fmt, clippy, all tests including the 3 new ones)