From 4d35de172730d42d1528d96118e5205fe1c3365b Mon Sep 17 00:00:00 2001
From: Steven Enamakel <enamakel@tinyhumans.ai>
Date: Wed, 20 May 2026 02:11:35 -0700
Subject: [PATCH 1/2] fix(sentry): tag Tauri shell events with cached user uid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since the sidecar was removed (#1061) and the core runs in-process
inside the Tauri host, the shell's `before_send` is the filter that
fires for ~all desktop Sentry events. It was explicitly setting
`event.user = None`, so Sentry could not count unique users impacted
by an issue.

Mirror the standalone `openhuman-core` binary (`src/main.rs`) and
attach the cached account uid via `peek_cached_current_user_identity`.
Only `id` is carried — no email, name, or IP — keeping the privacy
contract aligned with `send_default_pii: false`.
---
 app/src-tauri/src/lib.rs | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/src-tauri/src/lib.rs b/app/src-tauri/src/lib.rs
index 602a74bf0..04adb0b06 100644
--- a/app/src-tauri/src/lib.rs
+++ b/app/src-tauri/src/lib.rs
@@ -1915,7 +1915,20 @@ pub fn run() {
             }
             // Strip server_name (hostname) to avoid leaking machine identity.
             event.server_name = None;
-            event.user = None;
+            // Attach the cached account uid so Sentry can count unique users
+            // affected by an issue. We only carry `id` — never email, name,
+            // or IP — so this stays consistent with `send_default_pii: false`.
+            // Since #1061 the core runs in-process inside this shell, so this
+            // is the surface that tags ~all desktop events. Mirrors the
+            // standalone `openhuman-core` binary's filter in `src/main.rs`.
+            // Empty/missing on early-startup events (cache populates after
+            // the first `auth_get_me` RPC); that's expected.
+            event.user = openhuman_core::openhuman::app_state::peek_cached_current_user_identity()
+                .and_then(|identity| identity.id)
+                .map(|id| sentry::User {
+                    id: Some(id),
+                    ..Default::default()
+                });
             Some(event)
         })),
         sample_rate: 1.0,

From 993ab7edf9e06fa63f14feb21a8fcc9a3277845a Mon Sep 17 00:00:00 2001
From: Steven Enamakel <enamakel@tinyhumans.ai>
Date: Wed, 20 May 2026 04:37:43 -0700
Subject: [PATCH 2/2] fix(core_process): widen readiness budget + recover from
 env-lock poison
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two pre-existing CI flakes in core_process tests:

1. `ensure_running` had a hardcoded 4s readiness budget (40 × 100ms).
   The embedded core's JSON-RPC controller registry has grown enough
   that cold-start under CI worker load occasionally exceeded 4s,
   producing "core process did not become ready" failures. Bumped to
   10s (100 × 100ms) — still well under any user-visible startup
   expectation, matches the upper end of observed cold-start times.

2. When `ensure_running_falls_back_for_unknown_listener_on_port`
   panicked while holding `env_lock()`, the next two tests
   (`..7789_when_7788_is_busy` and `..reuses_unknown_listener..`)
   cascade-failed with `expect("env lock poisoned")`, turning one
   real flake into three. The lock only serializes env-var mutation —
   the inner `()` has no state poisoning could corrupt — so recover
   via `into_inner()`.
---
 app/src-tauri/src/core_process.rs       | 9 ++++++++-
 app/src-tauri/src/core_process_tests.rs | 8 +++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/app/src-tauri/src/core_process.rs b/app/src-tauri/src/core_process.rs
index cd00c0246..5b31be033 100644
--- a/app/src-tauri/src/core_process.rs
+++ b/app/src-tauri/src/core_process.rs
@@ -276,7 +276,14 @@ impl CoreProcessHandle {
                 }
             }
 
-            for _ in 0..40 {
+            // Readiness budget: 100 iterations × 100ms = 10s. The embedded
+            // core's JSON-RPC controller registry has grown over time and
+            // the previous 4s budget started flaking under CI worker load
+            // (issue: core_process tests intermittently failing with
+            // "core process did not become ready"). 10s is still well
+            // under any user-visible startup expectation and matches the
+            // upper end of observed cold-start times.
+            for _ in 0..100 {
                 if !received_ready {
                     match ready_rx.try_recv() {
                         Ok(ready_signal) => {
diff --git a/app/src-tauri/src/core_process_tests.rs b/app/src-tauri/src/core_process_tests.rs
index 8d80b475c..85288ab50 100644
--- a/app/src-tauri/src/core_process_tests.rs
+++ b/app/src-tauri/src/core_process_tests.rs
@@ -6,10 +6,16 @@ use std::sync::{Mutex, MutexGuard, OnceLock};
 
 fn env_lock() -> MutexGuard<'static, ()> {
     static ENV_LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+    // Recover from poison: when one test panics while holding this lock
+    // (e.g. an embedded-core readiness timeout under CI load), every
+    // subsequent test in the suite would otherwise cascade-fail with
+    // "env lock poisoned" — turning one real flake into three. The lock
+    // only serializes process-wide env-var mutation; the inner `()`
+    // carries no state that poisoning could corrupt.
     ENV_LOCK
         .get_or_init(|| Mutex::new(()))
         .lock()
-        .expect("env lock poisoned")
+        .unwrap_or_else(|poisoned| poisoned.into_inner())
 }
 
 struct EnvGuard {