Add trusted external capability provider registry

[vaddisrinivas]

Summary

• Add a generic external capability provider registry for trusted runtime layers.
• Add config schema support for provider records with trust, enabled state, source URI, and source digest metadata.
• Expose normalized provider lookup and registration eligibility checks for later admission, policy, and diagnostics code.

Problem

• OpenHuman has generic policy and generated-tool hooks, but no neutral place to declare which external capability providers are trusted to register capability-backed tools.
• Without a provider registry, admission and diagnostics code has to duplicate trust metadata or rely on raw strings.

Solution

• Introduce openhuman::external_capabilities with provider config, normalization, registry construction, and error reporting.
• Wire external_capability_providers into the top-level config schema with a default-empty configuration.
• Keep the module generic: it does not load bundles, execute tools, or depend on a provider packaging format.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy: provider normalization, trusted/enabled checks, duplicate records, invalid IDs, and missing names.
• Diff coverage ≥ 80% — local full coverage not run; focused Rust tests cover the changed module and CI coverage gate will enforce final diff coverage.
• Coverage matrix updated — N/A: generic config/registry capability, no existing feature row added/removed/renamed.
• All affected feature IDs from the matrix are listed in the PR description under ## Related: N/A, no coverage-matrix feature ID applies.
• No new external network dependencies introduced (mock backend used per Testing Strategy): no network dependency added.
• Manual smoke checklist updated if this touches release-cut surfaces (docs/RELEASE-MANUAL-SMOKE.md): N/A, no release-cut UI/runtime smoke surface changed.
• Linked issue closed via Closes #NNN in the ## Related section.

Impact

• Runtime/platform impact: new default-empty config and registry API only.
• Security impact: establishes explicit trust and enablement metadata for external capability providers.
• Compatibility: existing configs deserialize with defaults.

Related

• Closes Add trusted external capability provider registry #2541
• Follow-up PR(s)/TODOs: Companion PRs add generated-tool admission checks and runtime policy hooks.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A - GitHub issue Add trusted external capability provider registry #2541
• URL: Add trusted external capability provider registry #2541

Commit & Branch

• Branch: codex/oh-2541-external-capability-providers
• Commit SHA: cc862fbc9f3443fe130366e6f27e9838b29863a6

Validation Run

• pnpm --filter openhuman-app format:check: N/A, Rust-only backend schema/module change.
• pnpm typecheck: N/A, Rust-only backend schema/module change.
• Focused tests: cargo test --manifest-path Cargo.toml external_capabilities --lib
• Rust fmt/check (if changed): cargo fmt --manifest-path Cargo.toml --all --check; git diff --check
• Tauri fmt/check (if changed): N/A, no Tauri code changed.
• PR checklist: node scripts/check-pr-checklist.mjs /tmp/openhuman-pr-body-2541.md

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: OpenHuman config can now declare trusted external capability providers.
• User-visible effect: None by default; registry is empty unless configured.

Parity Contract

• Legacy behavior preserved: yes, defaults keep existing runtime behavior unchanged.
• Guard/fallback/dispatch parity checks: invalid or duplicate provider records are reported through registry errors, not silently trusted.

Duplicate / Superseded PR Handling

• Duplicate PR(s): None found for vaddisrinivas:codex/oh-2541-external-capability-providers.
• Canonical PR: this PR.
• Resolution (closed/superseded/updated): N/A.

Summary by CodeRabbit

• New Features

  • New configuration section to manage external capability providers (with sensible defaults).
  • Provider registry for lookup, listing, validation, normalization, duplicate/error reporting.
  • Providers include a flag controlling whether they may register tools.

• Tests

  • Unit tests for id normalization, validation, registry loading, and error/duplicate cases.

• Documentation

  • Added module-level documentation for external capability provider APIs.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds configurable external capability providers: new config and runtime types, provider ID normalization/validation, a config-backed registry exposing list/get/can_register_tools/errors, unit tests, and integration into the top-level Config and schema re-exports.

Changes

External Capability Provider Registry

Layer / File(s)	Summary
Provider types and defaults src/openhuman/external_capabilities/types.rs	Adds ExternalCapabilityProviderConfig (serde/schemars) with Default, ExternalCapabilityProvidersConfig, runtime ExternalCapabilityProvider, and can_register_tools().
Registry, normalization, and tests src/openhuman/external_capabilities/registry.rs	Implements ExternalCapabilityProvider::from_config, normalize_provider_id, and ExternalCapabilityProviderRegistry::from_config that builds an ordered BTreeMap, records errors for invalid/duplicate entries, and exposes is_empty, list, get, can_register_tools, and errors. Includes unit tests for normalization, trimming, gating, duplicates, and invalid records.
Module facade and re-exports src/openhuman/external_capabilities/mod.rs, src/openhuman/mod.rs	Adds the external_capabilities public module and re-exports normalize_provider_id, ExternalCapabilityProviderRegistry, and provider types.
Schema re-exports and Config integration src/openhuman/config/schema/tools.rs, src/openhuman/config/schema/types.rs, src/openhuman/config/schema/mod.rs	Re-exports provider config types through the schema tools module, adds external_capability_providers: ExternalCapabilityProvidersConfig to top-level Config with #[serde(default)], initializes it in Config::default(), and reformats the pub use list in schema mod.

Sequence Diagram

sequenceDiagram
  participant ConfigFile as ExternalCapabilityProvidersConfig
  participant Registry as ExternalCapabilityProviderRegistry
  participant Provider as ExternalCapabilityProvider
  ConfigFile->>Registry: from_config(config)
  Registry->>Provider: ExternalCapabilityProvider::from_config(cfg)
  Provider-->>Registry: validated provider or error
  Registry-->>ConfigFile: registry (providers + errors)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• graycyrus

"🐰 I trimmed the ids and made them neat,
Trusted gates keep tool lists sweet,
Providers lined in ordered trees,
Errors logged on gentle breeze,
Tests hop by with tiny feet."

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 48.65% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and specifically summarizes the main change: adding a trusted external capability provider registry, which is the core feature introduced across all modified files.
Linked Issues check	✅ Passed	All coding requirements from #2541 are met: generic provider metadata type with required fields, config-backed registry with normalization, lookup/list helpers, registration-eligibility checks, backward compatibility via defaults, and comprehensive unit tests covering acceptance criteria.
Out of Scope Changes check	✅ Passed	All changes align with #2541 objectives: config schema updates, type definitions, registry implementation, normalization logic, and tests. No unrelated functionality like runtime execution, bundle formats, or UI features are introduced.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/openhuman/external_capabilities/mod.rs (1)

93-111: ⚡ Quick win

Add structured debug/trace logs on registry load error branches

from_config has duplicate/error/state-transition branches but no instrumentation. Add structured debug/trace logs (stable prefix + provider id) for invalid records and duplicates so config diagnosis is grep-friendly.

As per coding guidelines: “Use log / tracing at debug or trace level on RPC entry and exit, error paths, state transitions, and any branch that is hard to infer from tests alone.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/external_capabilities/mod.rs` around lines 93 - 111, The
from_config function currently swallows error and duplicate branches without
instrumentation; update ExternalCapabilityProviders::from_config to emit
structured debug/trace logs: on the Err(err) branch of
ExternalCapabilityProvider::from_config log a trace/debug with a stable prefix
(e.g. "external_capability:invalid") plus the provider config id and the error
string, and on the duplicate branch where providers.contains_key(&provider.id)
is true log a trace/debug with a stable prefix (e.g.
"external_capability:duplicate") plus the conflicting provider.id; use the
project logging crate (log or tracing) consistently and keep messages
machine-grep-friendly and concise to aid config diagnosis.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/external_capabilities/mod.rs`:
- Around line 13-254: The file mixes domain exports, operational logic and tests
— split into focused modules: move the plain data types
(ExternalCapabilityProviderConfig, ExternalCapabilityProvidersConfig,
ExternalCapabilityProvider) into a new types.rs, move the operational code and
registry (ExternalCapabilityProvider::from_config,
ExternalCapabilityProvider::can_register_tools,
ExternalCapabilityProviderRegistry and its impls, normalize_provider_id,
is_separator, trim_optional) into an ops.rs (or registry.rs), and move the
#[cfg(test)] tests into the corresponding sibling (or keep them in
types.rs/ops.rs guarded by cfg(test)); then update mod.rs to only pub mod types;
pub mod ops; and re-export the key symbols (pub use
types::{ExternalCapabilityProviderConfig, ExternalCapabilityProvidersConfig,
ExternalCapabilityProvider}; pub use ops::{ExternalCapabilityProviderRegistry,
normalize_provider_id};) so external callers and tests continue to work.

---

Nitpick comments:
In `@src/openhuman/external_capabilities/mod.rs`:
- Around line 93-111: The from_config function currently swallows error and
duplicate branches without instrumentation; update
ExternalCapabilityProviders::from_config to emit structured debug/trace logs: on
the Err(err) branch of ExternalCapabilityProvider::from_config log a trace/debug
with a stable prefix (e.g. "external_capability:invalid") plus the provider
config id and the error string, and on the duplicate branch where
providers.contains_key(&provider.id) is true log a trace/debug with a stable
prefix (e.g. "external_capability:duplicate") plus the conflicting provider.id;
use the project logging crate (log or tracing) consistently and keep messages
machine-grep-friendly and concise to aid config diagnosis.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1b8c244e-2125-4803-add9-d54f121ccb9e

📥 Commits

Reviewing files that changed from the base of the PR and between f8c9698 and 13f8af8.

📒 Files selected for processing (5)

• src/openhuman/config/schema/mod.rs
• src/openhuman/config/schema/tools.rs
• src/openhuman/config/schema/types.rs
• src/openhuman/external_capabilities/mod.rs
• src/openhuman/mod.rs

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/external_capabilities/registry.rs`:
- Around line 38-70: Update ExternalCapabilityRegistry::from_config to emit
flow-level debug diagnostics: add an entry log at start and an exit log before
returning, and log branch outcomes each time
ExternalCapabilityProvider::from_config succeeds or fails and when a duplicate
is detected; include stable prefixes like "[external_capability][registry]" and
correlation fields such as total_providers (config.providers.len()),
accepted_count, rejected_count, duplicate_count, and a normalized provider id
list or the provider.id for each processed item. Ensure the existing debug calls
are augmented (or replaced) to follow this pattern and increment the
accepted/rejected/duplicate counters as you process providers so the exit log
reports the final counts and any aggregated errors in Self { providers, errors
}.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7c109b51-9f04-412f-babb-6d7afcbcb5d2

📥 Commits

Reviewing files that changed from the base of the PR and between 13f8af8 and d91b5ef.

📒 Files selected for processing (3)

• src/openhuman/external_capabilities/mod.rs
• src/openhuman/external_capabilities/registry.rs
• src/openhuman/external_capabilities/types.rs

✅ Files skipped from review due to trivial changes (1)

• src/openhuman/external_capabilities/mod.rs