fix: apply CodeRabbit inline findings (5 issues)

jramirezhdez02 · jramirezhdez02 · commit 8dbd7de0e090 · 2026-03-25T05:19:23.000-03:00
- prompt_event: add #[serde(default)] to PromptPayload.content so
  legacy Bridge messages without the field deserialize as empty Vec;
  add regression test for the legacy payload format

- prompt_converter: ToolCallFinished status now treats exit_code=None +
  signal=None as Completed (covers built-in/MCP tools that don't set
  exit_code), not just exit_code=Some(0)

- agent_loop: run() and run_chat() now apply thinking_budget the same
  way run_chat_streaming() does — serialize to Value then inject the
  thinking block before sending, preventing divergence when thinking is
  enabled

- trogon-mcp: sanitize MCP server URLs before debug-logging them to
  strip userinfo, path, query and fragment (log only scheme+host)

- trogon-nats: add structured match arm for
  Event::ServerError(ServerError::AuthorizationViolation) before the
  ClientError substring-match fallback; add corresponding unit test

Signed-off-by: Jorge Gonzalez &lt;jgonzalez@straw-hat.co&gt;
Signed-off-by: Jorge &lt;jramirezhdez02@gmail.com&gt;
diff --git a/rsworkspace/crates/acp-nats/src/prompt_event.rs b/rsworkspace/crates/acp-nats/src/prompt_event.rs
@@ -29,6 +29,7 @@ pub struct PromptPayload {
     pub session_id: String,
     /// Rich content blocks from the ACP prompt (text, images, resources).
     /// Always populated by current Bridge versions.
+    #[serde(default)]
     pub content: Vec<UserContentBlock>,
     /// Plain-text fallback for backward compatibility.
     /// Used only when `content` is empty (old Bridge versions).
@@ -92,6 +93,16 @@ pub enum PromptEvent {
 mod tests {
     use super::*;
 
+    /// Legacy Bridge messages omit the `content` field; `#[serde(default)]` must
+    /// deserialize them as an empty Vec instead of returning an error.
+    #[test]
+    fn prompt_payload_legacy_without_content_deserializes() {
+        let legacy = r#"{"req_id":"r1","session_id":"s1","user_message":"hello"}"#;
+        let p: PromptPayload = serde_json::from_str(legacy).unwrap();
+        assert!(p.content.is_empty());
+        assert_eq!(p.user_message, "hello");
+    }
+
     #[test]
     fn prompt_payload_roundtrip() {
         let p = PromptPayload {
diff --git a/rsworkspace/crates/trogon-acp-runner/src/prompt_converter.rs b/rsworkspace/crates/trogon-acp-runner/src/prompt_converter.rs
@@ -173,7 +173,9 @@ impl PromptEventConverter {
                     return (vec![], None);
                 }
 
-                let status = if exit_code == Some(0) && signal.is_none() {
+                let status = if exit_code == Some(0)
+                    || (exit_code.is_none() && signal.is_none())
+                {
                     ToolCallStatus::Completed
                 } else {
                     ToolCallStatus::Failed
diff --git a/rsworkspace/crates/trogon-agent-core/src/agent_loop.rs b/rsworkspace/crates/trogon-agent-core/src/agent_loop.rs
@@ -335,6 +335,17 @@ impl AgentLoop {
                 messages: &messages,
             };
 
+            let mut body =
+                serde_json::to_value(&request).expect("request serialization is infallible");
+            if let Some(budget) = self.thinking_budget
+                && budget > 0
+            {
+                body["thinking"] = serde_json::json!({
+                    "type": "enabled",
+                    "budget_tokens": budget
+                });
+            }
+
             let mut req_builder = self
                 .http_client
                 .post(self.messages_url())
@@ -344,7 +355,7 @@ impl AgentLoop {
                 req_builder = req_builder.header(k.as_str(), v.as_str());
             }
             let response = req_builder
-                .json(&request)
+                .json(&body)
                 .send()
                 .await
                 .map_err(AgentError::Http)?
@@ -434,6 +445,17 @@ impl AgentLoop {
                 messages: &messages,
             };
 
+            let mut body =
+                serde_json::to_value(&request).expect("request serialization is infallible");
+            if let Some(budget) = self.thinking_budget
+                && budget > 0
+            {
+                body["thinking"] = serde_json::json!({
+                    "type": "enabled",
+                    "budget_tokens": budget
+                });
+            }
+
             let mut req_builder = self
                 .http_client
                 .post(self.messages_url())
@@ -443,7 +465,7 @@ impl AgentLoop {
                 req_builder = req_builder.header(k.as_str(), v.as_str());
             }
             let response = req_builder
-                .json(&request)
+                .json(&body)
                 .send()
                 .await
                 .map_err(AgentError::Http)?
diff --git a/rsworkspace/crates/trogon-mcp/src/client.rs b/rsworkspace/crates/trogon-mcp/src/client.rs
@@ -14,6 +14,27 @@ fn next_id() -> u64 {
     REQUEST_ID.fetch_add(1, Ordering::Relaxed)
 }
 
+/// Return `scheme://host[:port]` from `url`, stripping userinfo, path, query, and fragment.
+/// Falls back to the original string if parsing fails.
+fn safe_url(url: &str) -> String {
+    // Locate "://" to split scheme from the rest.
+    let Some(scheme_end) = url.find("://") else {
+        return url.to_string();
+    };
+    let scheme = &url[..scheme_end];
+    let after_scheme = &url[scheme_end + 3..];
+    // Strip userinfo (user:pass@).
+    let authority = match after_scheme.rfind('@') {
+        Some(at) => &after_scheme[at + 1..],
+        None => after_scheme,
+    };
+    // Keep only host[:port] — stop at first '/', '?', or '#'.
+    let host_end = authority
+        .find(['/', '?', '#'])
+        .unwrap_or(authority.len());
+    format!("{}://{}", scheme, &authority[..host_end])
+}
+
 // ── Public types ──────────────────────────────────────────────────────────────
 
 /// A tool advertised by an MCP server.
@@ -86,7 +107,7 @@ impl McpClient {
         if let Some(err) = resp.get("error") {
             return Err(format!("MCP initialize error: {err}"));
         }
-        debug!(url = %self.url, "MCP server initialized");
+        debug!(url = %safe_url(&self.url), "MCP server initialized");
         Ok(())
     }
 
@@ -105,7 +126,7 @@ impl McpClient {
         }
         let result: ListToolsResult = serde_json::from_value(resp["result"].take())
             .map_err(|e| format!("MCP tools/list deserialize error: {e}"))?;
-        debug!(url = %self.url, count = result.tools.len(), "MCP tools listed");
+        debug!(url = %safe_url(&self.url), count = result.tools.len(), "MCP tools listed");
         Ok(result.tools)
     }
 
diff --git a/rsworkspace/crates/trogon-nats/src/connect.rs b/rsworkspace/crates/trogon-nats/src/connect.rs
@@ -1,5 +1,5 @@
 use crate::auth::{NatsAuth, NatsConfig};
-use async_nats::{Client, ClientError, ConnectOptions, Event};
+use async_nats::{Client, ClientError, ConnectOptions, Event, ServerError};
 use std::sync::{Arc, Mutex};
 use std::time::Duration;
 use tokio::sync::oneshot;
@@ -103,6 +103,7 @@ fn apply_reconnect_options(
             async move {
                 let signal: Option<bool> = match &event {
                     Event::Connected => Some(true),
+                    Event::ServerError(ServerError::AuthorizationViolation) => Some(false),
                     Event::ClientError(ClientError::Other(msg))
                         if msg.contains("authorization violation") =>
                     {
@@ -384,7 +385,7 @@ mod tests {
     }
 
     /// When `Event::ClientError(ClientError::Other("authorization violation"))` fires,
-    /// the outcome sender receives `false`.
+    /// the outcome sender receives `false` (unstructured fallback path).
     #[cfg_attr(coverage, coverage(off))]
     #[tokio::test]
     async fn apply_reconnect_options_signals_auth_violation() {
@@ -395,6 +396,7 @@ mod tests {
         let event = Event::ClientError(ClientError::Other("authorization violation".to_string()));
         let signal: Option<bool> = match &event {
             Event::Connected => Some(true),
+            Event::ServerError(ServerError::AuthorizationViolation) => Some(false),
             Event::ClientError(ClientError::Other(msg))
                 if msg.contains("authorization violation") =>
             {
@@ -413,6 +415,36 @@ mod tests {
         assert!(!result, "authorization violation should send false");
     }
 
+    /// When `Event::ServerError(ServerError::AuthorizationViolation)` fires (structured variant),
+    /// the outcome sender receives `false`.
+    #[cfg_attr(coverage, coverage(off))]
+    #[tokio::test]
+    async fn apply_reconnect_options_signals_server_auth_violation() {
+        let (tx, rx) = oneshot::channel::<bool>();
+        let tx_arc = Arc::new(Mutex::new(Some(tx)));
+
+        let event = Event::ServerError(ServerError::AuthorizationViolation);
+        let signal: Option<bool> = match &event {
+            Event::Connected => Some(true),
+            Event::ServerError(ServerError::AuthorizationViolation) => Some(false),
+            Event::ClientError(ClientError::Other(msg))
+                if msg.contains("authorization violation") =>
+            {
+                Some(false)
+            }
+            _ => None,
+        };
+        if let Some(ok) = signal
+            && let Ok(mut guard) = tx_arc.lock()
+            && let Some(sender) = guard.take()
+        {
+            let _ = sender.send(ok);
+        }
+
+        let result = rx.await.expect("sender must have fired");
+        assert!(!result, "ServerError::AuthorizationViolation should send false");
+    }
+
     /// Covers the `Err(_)` arm in the `select!` inside `connect()`:
     /// when the outcome sender is dropped before sending, the receiver
     /// returns `Err(RecvError)` and the connect() function continues normally.
