Use agentremote namespace; add typed login errors

[batuhan]

Rename ai-bridge identifiers and artifacts to the agentremote namespace and introduce typed login/response errors. Key changes: rename applyAIBridgeInfo -> applyAgentRemoteBridgeInfo, update protocol/step IDs and temp dir/user-agent prefixes, change MCP client name, and replace generic errors with agentremote.NewLoginRespError / WrapLoginRespError across AI, Codex, OpenClaw and dummybridge. Adds unit tests for AI, Codex and OpenClaw login flows and error mapping, plus new login test files. Also updates LICENSE copyright holder to "agentremote contributors".

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Summary by CodeRabbit

• Rebranding

  • Replaced "ai-bridge" branding with "agentremote" across the product.

• Error Handling

  • Standardized error codes to the COM.BEEPER.AGENTREMOTE.* namespace and mapped them to HTTP status codes.

• Login Flows

  • Updated login flow identifiers and improved typed error responses for various login failure cases.

• Configuration & Paths

  • Updated default paths, temp‑dir naming, client IDs, and headers to use agentremote conventions.

• Tool Policy

  • Added an explicit agentremote tool group and adjusted policy tests.

• Tests & Docs

  • Extended and added unit tests to cover renamed identifiers and error mappings.

Walkthrough

Rebranding from "ai-bridge" to "agentremote" across code, adding standardized login error helpers and converting many login/error paths to HTTP-aware agentremote response errors; multiple identifiers, temp prefixes, error codes, tool-group names, and tests were updated accordingly.

Changes

Cohort / File(s)	Summary
License & core helpers LICENSE, helpers.go, helpers_test.go, connector_builder.go, sdk/connector.go	Updated LICENSE attribution; renamed ApplyAIBridgeInfo → ApplyAgentRemoteBridgeInfo and updated callers.
AI bridge surface bridges/ai/bridge_info.go, bridges/ai/bridge_info_test.go, bridges/ai/client.go, bridges/ai/constructors.go, bridges/ai/mcp_client.go	Renamed internal helper, switched OpenRouter Referer, updated MCP client name, and switched callers to agentremote variants.
AI login & auth flows bridges/ai/login.go, bridges/ai/login_test.go	Replaced plain errors with agentremote typed RespError values, changed login StepIDs to com.beeper.agentremote.openai.*, and added tests for new error mappings.
AI media & tools bridges/ai/media_understanding_cli.go, bridges/ai/media_understanding_runner.go, bridges/ai/tool_approvals_policy.go, bridges/ai/tool_policy_chain.go, bridges/ai/tool_policy_chain_test.go, bridges/ai/tools_beeper_feedback.go	Renamed temp-dir prefixes and feedback/user-agent strings to agentremote; updated comments.
Codex bridge bridges/codex/client.go, bridges/codex/constructors.go, bridges/codex/login.go, bridges/codex/login_test.go, bridges/codex/client_path_test.go	Replaced plain errors with typed agentremote RespErrors, changed login StepIDs and home/temp paths to agentremote, added path-check helper and tests for managed codex temp dirs.
Other connector logins bridges/dummybridge/login.go, bridges/openclaw/login.go, bridges/openclaw/login_test.go, bridges/opencode/connector.go, bridges/opencode/login.go, bridges/opencode/login_test.go	Converted error returns to agentremote RespErrors with HTTP codes, renamed StepIDs to com.beeper.agentremote.*, and added/updated tests validating typed errors and codes.
Centralized login errors & helpers agentremote/login_errors.go, agentremote/login_helpers.go, agentremote/login_helpers_test.go, agentremote/identifier_helpers.go	Added login error code helpers (LoginErrorCode, NewLoginRespError, WrapLoginRespError); updated validation helpers to return standardized RespErrors; added tests.
Tool policy & packaging pkg/agents/toolpolicy/policy.go, pkg/agents/toolpolicy/policy_test.go, pkg/connector/integrations_example-config.yaml	Introduced GroupAgentRemote, extracted shared agentRemoteExtras, updated tests and example config to reference group:agentremote.
Runtime & SDK metadata pkg/runtime/inbound_meta.go, sdk/connector.go	Updated inbound metadata schema ID and SDK FillBridgeInfo calls to use agentremote identifiers.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 3.28% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the two main objectives: renaming to agentremote namespace and adding typed login errors, which align with the substantial changes across the codebase.
Description check	✅ Passed	The description is directly related to the changeset, providing specific examples of key changes (renaming applyAIBridgeInfo, updating IDs/prefixes, introducing typed errors, and adding tests), matching the actual modifications shown in the raw summary.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch batuhan/rename

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

bridges/openclaw/login.go (1)

367-370: ⚠️ Potential issue | 🟠 Major

Wrap transport errors in the RespError contract.

preflightGatewayLogin returns errors from Connect() (websocket failures like fmt.Errorf("dial gateway websocket: %w", err)) and ListSessions() that are not *gatewayRPCError instances. These pass through mapOpenClawLoginError as raw errors because the errors.As(err, &rpcErr) check fails, breaking the typed bridgev2.RespError contract on a very common failure path (network/transport issues).

Suggested fix

func mapOpenClawLoginError(err error) error {
 	var rpcErr *gatewayRPCError
 	if !errors.As(err, &rpcErr) {
-		return err
+		return agentremote.WrapLoginRespError(err, http.StatusInternalServerError, "OPENCLAW", "GATEWAY_REQUEST_FAILED")
 	}

🧹 Nitpick comments (2)

bridges/opencode/login.go (2)

157-157: Extract the completion step ID into a constant.

Line 157 and Line 176 repeat the same renamed identifier. Since this PR is largely a namespace migration, keeping that value in one constant will make the next rename safer.

♻️ Proposed refactor

 const (
 	FlowOpenCodeRemote  = "opencode_remote"
 	FlowOpenCodeManaged = "opencode_managed"

 	openCodeLoginStepRemoteCredentials  = "com.beeper.agentremote.opencode.enter_remote_credentials"
 	openCodeLoginStepManagedCredentials = "com.beeper.agentremote.opencode.enter_managed_credentials"
+	openCodeLoginStepComplete           = "com.beeper.agentremote.opencode.complete"
 	defaultOpenCodeUsername             = "opencode"
 )

-			"com.beeper.agentremote.opencode.complete",
+			openCodeLoginStepComplete,

-		"com.beeper.agentremote.opencode.complete",
+		openCodeLoginStepComplete,

Also applies to: 176-176

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bridges/opencode/login.go` at line 157, Extract the repeated literal
"com.beeper.agentremote.opencode.complete" into a single constant (e.g., const
OpencodeCompletionStep = "com.beeper.agentremote.opencode.complete") and replace
the two inline occurrences with that constant; update any usages in this file
(search for the string in bridges/opencode/login.go) to reference
OpencodeCompletionStep so future renames only need to change the constant.

---

188-188: Please add focused coverage for the new OPENCODE reason codes.

Line 188, Line 261, and Line 279-Line 295 change the user-visible login error contract. A small table test around invalid URL, bad binary path, missing default path, inaccessible default path, and non-directory default path would make these new mappings much harder to regress.

Also applies to: 261-261, 279-295

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bridges/opencode/login.go` at line 188, Add focused table-driven tests that
assert the new OPENCODE login error mappings produced via
agentremote.WrapLoginRespError return the correct HTTP status and reason/code
strings; cover scenarios: invalid URL (maps to "INVALID_URL"), bad binary path,
missing default path, inaccessible default path, and non-directory default path.
Locate the error-returning logic in the login handling function in login.go
where WrapLoginRespError("OPENCODE", ...) is used and write tests that call that
function (or its internal validation helpers) with inputs for each scenario,
then assert the wrapped error contains the expected status code and the OPENCODE
reason code string. Ensure tests are table-driven (name, input, expected status,
expected reason/code) and include assertions on both the HTTP status and the
agentremote error metadata to prevent regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bridges/codex/client.go`:
- Around line 361-363: The cleanup guard only checks filepath.Base(clean) for
"agentremote-codex-" and misses fallback dirs like "/tmp/agentremote-codex/…";
update the guard in the deletion loop to inspect all path components (split
clean by filepath.Separator) and allow deletion if any segment either equals
"agentremote-codex" or has the "agentremote-codex-" prefix (instead of only
checking filepath.Base(clean)). Modify the code that currently uses
filepath.Base(clean) and strings.HasPrefix to iterate segments and use
strings.HasPrefix(seg, "agentremote-codex-") || seg == "agentremote-codex" so
fallback paths created in bridges/codex/login.go are also purged.

In `@bridges/codex/login_test.go`:
- Around line 17-18: Replace the hard-coded "zsh" command in the test setup with
a guaranteed executable obtained via os.Executable() so exec.LookPath(cmd)
succeeds consistently; specifically update the test instance where Connector:
&CodexConnector{Config: Config{Codex: &CodexConfig{Command: "zsh"}}} is created
(and the similar instances at the other occurrences) to call os.Executable() and
use its returned path for CodexConfig.Command, handling the error from
os.Executable() in the test setup, so Start and SubmitUserInput exercise the
intended error paths reliably.

In `@bridges/codex/login.go`:
- Around line 503-506: The fast-timeout branch that returns errCodexTimedOut
when overallTimeout <= 0 should first cancel the pending login attempt to avoid
leaving the child codex process and CODEX_HOME behind; update the block around
overallTimeout/ cl.waitUntil to call cl.cancelLoginAttempt(true) (or the
appropriate cancelLoginAttempt method on the login object) before returning
errCodexTimedOut so the child process and temp directory are cleaned up.

In `@pkg/agents/toolpolicy/policy_test.go`:
- Around line 58-59: Add "beeper_send_feedback" to the test's assertions so the
GroupAgentRemote membership is fully covered: update the mustNotContain slice
(the negative assertion for group:openclaw) and the corresponding mustContain
slice (the positive assertion for group:agentremote) to include
"beeper_send_feedback", and ensure any other lists in the same test block
(around the mustContain/mustNotContain variables) are updated similarly so the
test fails if beeper_send_feedback is accidentally removed from GroupAgentRemote
or leaked into GroupOpenClaw; reference the mustNotContain and mustContain
variables and GroupAgentRemote in policy.go when making the change.

In `@pkg/agents/toolpolicy/policy.go`:
- Around line 38-39: The config rename removed the legacy key "group:ai-bridge",
causing ExpandToolGroups to not match older allow/deny configs; restore a
compatibility alias (e.g., add a GroupAIBridge constant or include
"group:ai-bridge" in the same map where GroupAgentRemote and GroupFS are
defined) so that ExpandToolGroups and ToolGroups will still expand legacy keys
until a migration/upgrader rewrites configs.

---

Nitpick comments:
In `@bridges/opencode/login.go`:
- Line 157: Extract the repeated literal
"com.beeper.agentremote.opencode.complete" into a single constant (e.g., const
OpencodeCompletionStep = "com.beeper.agentremote.opencode.complete") and replace
the two inline occurrences with that constant; update any usages in this file
(search for the string in bridges/opencode/login.go) to reference
OpencodeCompletionStep so future renames only need to change the constant.
- Line 188: Add focused table-driven tests that assert the new OPENCODE login
error mappings produced via agentremote.WrapLoginRespError return the correct
HTTP status and reason/code strings; cover scenarios: invalid URL (maps to
"INVALID_URL"), bad binary path, missing default path, inaccessible default
path, and non-directory default path. Locate the error-returning logic in the
login handling function in login.go where WrapLoginRespError("OPENCODE", ...) is
used and write tests that call that function (or its internal validation
helpers) with inputs for each scenario, then assert the wrapped error contains
the expected status code and the OPENCODE reason code string. Ensure tests are
table-driven (name, input, expected status, expected reason/code) and include
assertions on both the HTTP status and the agentremote error metadata to prevent
regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4ca02650-ba47-4f98-b895-195e0a344312

📥 Commits

Reviewing files that changed from the base of the PR and between dab7b83 and 4edb2f8.

📒 Files selected for processing (38)

• LICENSE
• bridges/ai/bridge_info.go
• bridges/ai/bridge_info_test.go
• bridges/ai/client.go
• bridges/ai/constructors.go
• bridges/ai/errors.go
• bridges/ai/errors_test.go
• bridges/ai/login.go
• bridges/ai/login_test.go
• bridges/ai/mcp_client.go
• bridges/ai/media_understanding_cli.go
• bridges/ai/media_understanding_runner.go
• bridges/ai/tool_approvals_policy.go
• bridges/ai/tool_policy_chain.go
• bridges/ai/tool_policy_chain_test.go
• bridges/ai/tools_beeper_feedback.go
• bridges/codex/client.go
• bridges/codex/constructors.go
• bridges/codex/login.go
• bridges/codex/login_test.go
• bridges/dummybridge/login.go
• bridges/openclaw/login.go
• bridges/openclaw/login_test.go
• bridges/opencode/connector.go
• bridges/opencode/login.go
• bridges/opencode/login_test.go
• connector_builder.go
• helpers.go
• helpers_test.go
• identifier_helpers.go
• login_errors.go
• login_helpers.go
• login_helpers_test.go
• pkg/agents/toolpolicy/policy.go
• pkg/agents/toolpolicy/policy_test.go
• pkg/connector/integrations_example-config.yaml
• pkg/runtime/inbound_meta.go
• sdk/connector.go

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-agentremote-docker (arm64)
• GitHub Check: build-agentremote-docker (amd64)
• GitHub Check: build-docker
• GitHub Check: Lint

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2026-03-16T09:01:24.464Z

Learnt from: batuhan
Repo: beeper/agentremote PR: 71
File: bridges/ai/connector.go:53-63
Timestamp: 2026-03-16T09:01:24.464Z
Learning: In package ai, the AI connector’s configuration type (Config) defines Bridge as a value field of type BridgeConfig (not a pointer). Therefore, accessing oc.Config.Bridge.CommandPrefix in OpenAIConnector.applyRuntimeDefaults (bridges/ai/connector.go) is safe and does not require a nil-check.

Applied to files:

• bridges/ai/tool_policy_chain_test.go
• bridges/ai/tool_policy_chain.go
• bridges/ai/mcp_client.go
• bridges/ai/media_understanding_cli.go
• bridges/ai/bridge_info.go
• bridges/ai/bridge_info_test.go
• bridges/ai/constructors.go
• sdk/connector.go
• bridges/codex/constructors.go
• helpers_test.go
• helpers.go
• connector_builder.go

🔇 Additional comments (37)

LICENSE (1)

3-4: Copyright attribution update looks correct.

Line 3 and Line 4 align with the rebranding and preserve valid MIT license structure.

bridges/ai/mcp_client.go (1)

119-119: Namespace rename is correctly applied in MCP client metadata.

Name: "agentremote" aligns with the rebranding objective and keeps the MCP client identity consistent.

bridges/ai/media_understanding_cli.go (1)

29-29: Namespace prefix update looks correct and safe.

This temp-dir prefix rename is consistent with the PR’s agentremote rebranding and keeps existing cleanup behavior intact.

bridges/ai/media_understanding_runner.go (1)

603-603: Temp directory prefix rename is consistent.

Good update to the agentremote namespace while preserving the existing temp-dir lifecycle and behavior.

pkg/runtime/inbound_meta.go (2)

22-22: LGTM! Consistent rebranding.

The text change from "ai-bridge" to "agentremote" aligns with the schema identifier update and maintains consistency in the user-facing documentation.

---

11-11: The schema identifier migration is complete — no references to the old identifier remain in the codebase.

The change from ai-bridge.inbound_meta.v1 to com.beeper.agentremote.inbound_meta.v1 is a breaking change, but all internal code references have been updated. The new schema identifier is properly in place at line 11.

bridges/ai/tool_approvals_policy.go (1)

23-23: Comment update looks good

Line 23 is a clean terminology update and keeps approval behavior unchanged.

bridges/ai/tools_beeper_feedback.go (1)

31-32: Branding rename is consistent and safe

The agentremote text prefix and user_agent update align with the migration and preserve existing behavior.

Also applies to: 49-49

bridges/ai/client.go (1)

471-471: OpenRouter referer rename looks correct

Line 471 cleanly updates the app referer to the new namespace without affecting header construction logic.

helpers.go (1)

337-345: Helper rename is clean and behavior-preserving

ApplyAgentRemoteBridgeInfo keeps the same protocol/room-type mutation logic and matches the namespace migration.

helpers_test.go (1)

32-35: Test rename/update is correct

The test now targets ApplyAgentRemoteBridgeInfo and still validates the same behavior.

bridges/ai/errors.go (1)

33-33: ErrCode namespace migration is consistent

The updated COM.BEEPER.AGENTREMOTE.AI.* values are coherent and preserve the existing error payload shape.

Also applies to: 38-38, 43-43

bridges/ai/errors_test.go (1)

12-22: Good regression guard for ErrCode namespace

This test correctly protects the new COM.BEEPER.AGENTREMOTE.AI.* error-code contract.

identifier_helpers.go (1)

71-78: LGTM!

The refactored ValidateSingleLoginFlow now properly distinguishes between an invalid flow ID (returning the sentinel bridgev2.ErrInvalidLoginFlowID) and a disabled flow (returning a typed RespError with HTTP 403). This separation improves error handling clarity for consumers.

bridges/opencode/login_test.go (2)

58-68: LGTM!

Good test coverage for the invalid flow rejection path, correctly asserting bridgev2.ErrInvalidLoginFlowID using errors.Is.

---

70-106: LGTM!

Comprehensive test coverage for the error mapping in buildRemoteInstances and resolveManagedOpenCodeDirectory. The tests properly validate the typed RespError responses and their error codes.

login_errors.go (1)

1-52: LGTM!

Well-designed error code generation utilities. The sanitizeLoginErrorCodePart function properly normalizes input by uppercasing and converting various separators to underscores. The LoginErrorCode function correctly filters empty parts, ensuring clean error codes. Both NewLoginRespError and WrapLoginRespError provide consistent error construction.

login_helpers.go (1)

13-21: LGTM!

The ValidateLoginState function now returns typed RespError values with HTTP 500 status for internal configuration issues. This aligns well with the new error handling pattern and provides clear, structured error codes for debugging.

bridges/dummybridge/login.go (2)

14-14: LGTM!

The step ID constants are correctly migrated to the com.beeper.agentremote.dummybridge.* namespace, consistent with the PR's broader renaming effort.

Also applies to: 76-76

---

79-81: LGTM!

The error handling now uses agentremote.WrapLoginRespError to return a typed RespError with a structured error code. The fmt.Errorf wrapper preserves the original error context in the message.

login_helpers_test.go (1)

10-47: LGTM!

Comprehensive unit tests that validate both ValidateLoginState and ValidateSingleLoginFlow return the expected typed errors with correct HTTP status codes and error codes. The use of errors.As and errors.Is follows Go best practices for error assertion.

bridges/ai/login.go (4)

43-47: LGTM!

Well-defined package-level error variables using agentremote.NewLoginRespError. This pattern allows for reusable error definitions with appropriate HTTP status codes and structured error codes.

---

97-97: LGTM!

Correctly returns bridgev2.ErrInvalidLoginFlowID for unrecognized flow IDs in both Start and SubmitUserInput, replacing the previous formatted error message.

Also applies to: 165-165

---

232-232: LGTM!

Step IDs successfully migrated from io.ai-bridge.openai.* to com.beeper.agentremote.openai.* namespace.

Also applies to: 307-307

---

240-299: LGTM!

The finishLogin method now uses typed errors consistently:

• Returns pre-defined errors for missing user context and relogin metadata
• Creates new RespError for provider mismatch with a descriptive message
• Uses WrapLoginRespError for clone and create failures, preserving the underlying error context

The HTTP status codes are semantically appropriate (400 for client errors, 500 for server errors).

bridges/ai/login_test.go (1)

13-68: LGTM!

Comprehensive unit tests covering the key error paths in the OpenAILogin flow:

• Invalid flow ID returns bridgev2.ErrInvalidLoginFlowID
• Relogin target mismatch and managed Beeper relogin return appropriate typed errors
• Provider mismatch during finish returns PROVIDER_MISMATCH error

The tests properly validate both error types and error codes.

bridges/ai/tool_policy_chain_test.go (1)

9-9: Namespace comment update is correct.

Comment wording now matches the agentremote naming, and test behavior remains unchanged.

bridges/ai/tool_policy_chain.go (1)

103-103: Tool-policy comment rename looks good.

The updated agentremote wording is consistent with the policy-group migration and does not alter behavior.

connector_builder.go (1)

140-140: Bridge-info helper rename is correctly wired.

Guard conditions are unchanged, and the new helper name aligns with the namespace migration.

sdk/connector.go (1)

141-141: SDK bridge-info call update is consistent.

The call-site now uses the renamed API while keeping the same safety checks and semantics.

pkg/connector/integrations_example-config.yaml (1)

216-217: Example tool-policy group rename is accurate.

The sample now matches the group:agentremote naming used by current tool-policy groups.

bridges/opencode/connector.go (1)

89-89: Typed disabled-login response is a solid improvement.

Returning a structured login response error here is consistent with the new error model and keeps behavior clear for clients.

bridges/ai/bridge_info.go (1)

30-35: Bridge-info helper rename is correctly applied.

The local helper and downstream call now use agentremote naming with unchanged logic flow.

bridges/ai/constructors.go (1)

75-75: Constructor call-site rename is consistent.

FillBridgeInfo now routes through the renamed helper correctly, preserving existing behavior.

bridges/opencode/login.go (3)

6-6: Typed OPENCODE errors and renamed step IDs look consistent.

The net/http import, the new agentremote.NewLoginRespError(...) sentinels, and the com.beeper.agentremote.* step IDs fit together cleanly in this file.

Also applies to: 23-24, 31-32

---

111-111: Using the shared invalid-flow sentinel here is a good change.

Returning bridgev2.ErrInvalidLoginFlowID at Line 111 and Line 132 keeps OpenCodeLogin.Start and OpenCodeLogin.SubmitUserInput aligned with shared upstream error handling.

Also applies to: 132-132

---

161-161: Wrapping create/update failures as typed 500s is a solid improvement.

Line 161 and Line 180 now return a stable login-response shape instead of bubbling raw persistence or bridge errors to callers.

Also applies to: 180-180