fix(yuanbao): correct AuthBind plugin_version / bot_version mapping

[lrt4836]

Summary

Align Yuanbao provider's AuthBind / sign-header version semantics with yuanbao-openclaw-plugin's sendAuthBind:

• Swap DeviceInfo.app_version (server plugin_version) and bot_version (OpenHuman framework / CARGO_PKG_VERSION).
• Strip legacy openhuman/ prefix from configured bot_version; default plugin version is now 0.1.0.
• Sync X-AppVersion / X-Bot-Version sign headers and auth_bind_smoke test.
• Bump OPENHUMAN_INSTANCE_ID to 20 to match the instance id the sign endpoint mints.

Test plan

• cargo check -p openhuman
• cargo test -p openhuman auth_bind_smoke
• Gateway restart → confirm extra_info AuthBind shows swapped values.

Summary by CodeRabbit

• Bug Fixes

  • Corrected the provider instance ID and aligned authentication payloads and API headers to consistently send plugin and framework version values.

• Documentation

  • Clarified config docs to distinguish plugin (accepted under an alias) vs framework version fields.

• Chores

  • Updated the default plugin version and added normalization to strip redundant version prefixes.

• Tests

  • Extended smoke test to validate device info mapping for app/plugin and bot/framework versions.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Refactors Yuanbao provider version handling: adds DEFAULT_PLUGIN_VERSION and a prefix-stripping helper, accepts plugin_version alias for the config field, aligns auth-bind payload and sign-token headers to normalized plugin/framework versions, updates OPENHUMAN_INSTANCE_ID to "20", and adjusts a smoke test.

Changes

Yuanbao Version Alignment

Layer / File(s)	Summary
Version constants and normalization src/openhuman/channels/providers/yuanbao/config.rs	Adds pub(crate) const DEFAULT_PLUGIN_VERSION: &str = "0.1.0", a strip_version_prefix() helper, updates YuanbaoConfig.bot_version docs, adds serde(alias = "plugin_version"), and makes default_bot_version() return DEFAULT_PLUGIN_VERSION.
Auth payload and sign header alignment src/openhuman/channels/providers/yuanbao/connection.rs, src/openhuman/channels/providers/yuanbao/sign.rs	send_auth_bind derives plugin_version by stripping an openhuman/ prefix from cfg.bot_version and passes framework_version = env!("CARGO_PKG_VERSION") into encode_auth_bind. Sign-token headers now use DEFAULT_PLUGIN_VERSION for X-AppVersion and CARGO_PKG_VERSION for X-Bot-Version.
Protocol constants and test validation src/openhuman/channels/providers/yuanbao/proto_constants.rs, src/openhuman/channels/providers/yuanbao/proto.rs	OPENHUMAN_INSTANCE_ID updated from "16" to "20". auth_bind_smoke test doc and encode_auth_bind argument strings updated to match new app_version/bot_version mapping.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🐰 I nibbled prefixes, sharpened each line,
DEFAULT set neat — plugin and framework align.
Headers hop in step, instance id changed hue,
Tests follow the trail, all tidy and true. 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: correcting the AuthBind plugin_version/bot_version mapping in the Yuanbao provider, which is the primary objective across all modified files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/openhuman/channels/providers/yuanbao/proto_constants.rs (1)

67-72: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix stale protocol doc value (16 vs 20)

The comment still says OPENCLAW_ID = 16, but Line 72 now sets OPENHUMAN_INSTANCE_ID to 20. Please keep the inline reference aligned to avoid future regressions.

Suggested fix

-/// the `X-Instance-Id` HTTP header. Mirrors `OPENCLAW_ID = 16` used by
+/// the `X-Instance-Id` HTTP header. Mirrors `OPENCLAW_ID = 20` used by

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/channels/providers/yuanbao/proto_constants.rs` around lines 67
- 72, The inline comment is outdated: it references `OPENCLAW_ID = 16` while the
constant `OPENHUMAN_INSTANCE_ID` is set to "20"; update the comment to reflect
the current value (20) and ensure the reference to `yuanbao-openclaw-plugin`
(`OPENCLAW_ID`) matches this value so the documentation and
`OPENHUMAN_INSTANCE_ID` stay aligned.

🧹 Nitpick comments (1)

src/openhuman/channels/providers/yuanbao/proto.rs (1)

603-619: ⚡ Quick win

Assert version-field mapping in auth_bind_smoke

The test updates inputs (Lines 610/612) but never verifies they land in the expected DeviceInfo fields. Add assertions for field 1 (app_version) and field 24 (bot_version) to make this a real regression guard.

Suggested enhancement

     let frame = decode_conn_msg(&buf).unwrap();
     assert_eq!(frame.cmd, cmd::AUTH_BIND);
     assert_eq!(frame.module, module::CONN_ACCESS);
     assert!(!frame.data.is_empty());
+
+    let req_fields = parse_fields(&frame.data).unwrap();
+    let dev_buf = get_bytes(&req_fields, 3);
+    let dev_fields = parse_fields(&dev_buf).unwrap();
+    assert_eq!(get_string(&dev_fields, 1), "0.1.0"); // app_version
+    assert_eq!(get_string(&dev_fields, 24), "1.0");  // bot_version

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/channels/providers/yuanbao/proto.rs` around lines 603 - 619, In
auth_bind_smoke, add assertions that the DeviceInfo fields written by
encode_auth_bind actually contain the expected app and bot versions: after
calling decode_conn_msg(&buf).unwrap() and verifying cmd/module, extract the
decoded DeviceInfo (from frame.data or the structure returned by
decode_conn_msg) and assert that field 1 equals "0.1.0" (app_version) and field
24 equals "1.0" (bot_version); reference the existing helpers encode_auth_bind
and decode_conn_msg when locating where to read frame.data and use the field
keys 1 and 24 in your assertions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/channels/providers/yuanbao/config.rs`:
- Line 13: DEFAULT_PLUGIN_VERSION is set to "0.1.1" but must match the agreed
contract "0.1.0"; update the const DEFAULT_PLUGIN_VERSION to "0.1.0" in
config.rs and verify any code that relies on DEFAULT_PLUGIN_VERSION (e.g.,
AuthBind/sign flows) behaves the same with the corrected default to avoid
drifting from the intended openclaw compatibility.

---

Outside diff comments:
In `@src/openhuman/channels/providers/yuanbao/proto_constants.rs`:
- Around line 67-72: The inline comment is outdated: it references `OPENCLAW_ID
= 16` while the constant `OPENHUMAN_INSTANCE_ID` is set to "20"; update the
comment to reflect the current value (20) and ensure the reference to
`yuanbao-openclaw-plugin` (`OPENCLAW_ID`) matches this value so the
documentation and `OPENHUMAN_INSTANCE_ID` stay aligned.

---

Nitpick comments:
In `@src/openhuman/channels/providers/yuanbao/proto.rs`:
- Around line 603-619: In auth_bind_smoke, add assertions that the DeviceInfo
fields written by encode_auth_bind actually contain the expected app and bot
versions: after calling decode_conn_msg(&buf).unwrap() and verifying cmd/module,
extract the decoded DeviceInfo (from frame.data or the structure returned by
decode_conn_msg) and assert that field 1 equals "0.1.0" (app_version) and field
24 equals "1.0" (bot_version); reference the existing helpers encode_auth_bind
and decode_conn_msg when locating where to read frame.data and use the field
keys 1 and 24 in your assertions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 07c0468a-b865-434c-be1f-f5be0ec81241

📥 Commits

Reviewing files that changed from the base of the PR and between 3f2e2f2 and ab178ce.

📒 Files selected for processing (5)

• src/openhuman/channels/providers/yuanbao/config.rs
• src/openhuman/channels/providers/yuanbao/connection.rs
• src/openhuman/channels/providers/yuanbao/proto.rs
• src/openhuman/channels/providers/yuanbao/proto_constants.rs
• src/openhuman/channels/providers/yuanbao/sign.rs

[graycyrus]

@lrt4836 heads up — CI is failing on this PR (Rust Quality fmt+clippy, TypeScript type check, and PR Submission Checklist), so i'll hold off on a full review until those are sorted. i did spot a couple things while skimming:

1. DEFAULT_PLUGIN_VERSION is "0.1.1" but the commit message and the test in proto.rs both target "0.1.0" — that inconsistency needs to be resolved.
2. The TOML config field bot_version now routes to app_version (plugin_version) in the protocol after this swap, but the key name still says bot_version. Existing deployments that configured this field will silently see their value used as the plugin version rather than the framework version. Worth a note in the changelog or at minimum a deprecation comment on the field, so operators aren't surprised.

Fix the CI failures first and i'll do a proper review after!

[graycyrus]

Previous changes are addressed. The four follow-up commits resolve both the CodeRabbit flag (DEFAULT_PLUGIN_VERSION 0.1.1 -> 0.1.0) and my bot_version semantic concern.

The doc comment on bot_version now clearly explains the wire-slot mapping, and the plugin_version serde alias gives new configs a clean path forward. The auth_bind_smoke test now validates field-level placement (DeviceInfo fields 1 and 24), which is a solid regression guard for the swap.

CI is fully green. Good to go.

[oxoxDev]

LGTM as 2nd maintainer pass. Clean field-mapping fix, comprehensive regression-guard test, serde alias preserves migration path. graycyrus's bot_version semantic concern + CodeRabbit's 0.1.1 → 0.1.0 flag both addressed by the 4 follow-up commits.

Verified

• Field swap consistency — connection.rs:404-417 extracts plugin_version = strip_version_prefix(&cfg.bot_version) + framework_version = env!("CARGO_PKG_VERSION") and passes them in the right positions (6th = plugin, 8th = bot) to encode_auth_bind. Matches the order the updated auth_bind_smoke asserts.
• Regression-guard test (proto.rs:602-622) does FIELD-LEVEL placement verification via parse_fields → get_bytes(req, 3) → parse_fields → get_string(dev, 1)/get_string(dev, 24). Catches any future re-swap regression — solid lock-in.
• Serde alias (config.rs:71) — #[serde(default = "default_bot_version", alias = "plugin_version")] lets new configs use the clearer key name while preserving backward-compat with the legacy bot_version key. Good migration pattern.
• Legacy prefix strip — strip_version_prefix applied at the connection boundary, not in config struct — keeps stored value verbatim, normalizes at use site.
• DEFAULT_PLUGIN_VERSION constant — single source of truth at config.rs:20, reused in default_bot_version() AND sign.rs:214 X-AppVersion header. Bump-once propagates everywhere.
• OPENHUMAN_INSTANCE_ID 16→20 — comment explicitly pins to OPENCLAW_ID = 20 in yuanbao-openclaw-plugin/src/access/ws/conn-codec.ts. Trusting the cross-repo pin (graycyrus + CodeRabbit confirmed).
• Doc comments on DEFAULT_PLUGIN_VERSION, YuanbaoConfig.bot_version, default_bot_version, and auth_bind_smoke thoroughly explain wire-slot semantics + operator migration note for the legacy bot_version TOML key.

Ready to ship.