feat(tools): add generate_presentation tool (native rust engine, ppt-rs) (#2778)

[oxoxDev]

Summary

• Add a generate_presentation agent tool that converts a structured slide spec ({title, author?, theme?, slides: [{title?, body?, bullets?, speaker_notes?}]}) into a .pptx file via a pure-Rust engine (ppt-rs, Apache-2.0), persisted as a typed artifact in the workspace.
• No Python runtime at user runtime — no managed venv, no pip install on first use, no subprocess. Cold-call latency drops from ~2-5 s (Python venv setup) to <100 ms. User install footprint −50 MB+.
• New artifacts::store producer surface — create_artifact / finalize_artifact / fail_artifact — plus optional ArtifactMeta.error so failed builds surface a reason instead of an indefinite spinner.
• New runtime_python::venv + runtime_python::run general-purpose primitives ship in this PR as scaffolding for future Python-backed tools (OCR, data-science scratch, etc.). The presentation tool itself does not consume them after the engine refactor — they remain available, unused by the tool.
• Registers generate_presentation in tools/ops.rs (always-on; no Python gate) and on the orchestrator agent's named tool list so the web-chat path can drive it today; the broader agent-definition wiring + grounding rule lands in Wire PPT generation and file attachments into agent definitions and error handling #2780 (PR feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029).

This is sub-task 3 of 5 for parent #1535 ("Add multimodal support for files and PPT generation"). #2776 is merged (PR #2801); #2777 is in review (PR #2954); #2779 (React ArtifactCard, PR #3017), #3024 (Files-in-this-chat panel, PR #3026), and #2780 (orchestrator wiring + grounding, PR #3029) are stacked on top.

Problem

Users asking the agent to build slide decks today have no working path. The agent either guesses at shell snippets (python -c '…') that the sandbox blocks, or it falls back to text and apologises. Parent issue #1535 explicitly calls out a reliable PPT workflow as acceptance criterion #2, and #2776 already shipped the artifact storage layer (ArtifactMeta / ArtifactKind::Presentation / ai_*_artifact RPCs) waiting for a producer.

Structural gaps that block the tool:

1. No producer surface on artifacts. PR feat(artifacts): define artifact storage types, config, and persistence layer #2801 shipped read RPCs (ai_list_artifacts / ai_get_artifact / ai_delete_artifact) and the persistence layer (<workspace>/artifacts/<uuid>/meta.json + payload) but no create_artifact helper. Each generator would otherwise reimplement uuid + mkdir + write meta.json + flip status.
2. No native .pptx writer in the workspace dep graph. docx-rs covers Word, rust_xlsxwriter covers Excel — both deliberate native-Rust generators that drop external runtimes. The PowerPoint equivalent was missing.

Solution

artifacts::store producer helpers (new)

• create_artifact(workspace_dir, kind, title, extension) -> (ArtifactMeta, PathBuf): allocates a UUID-named dir, persists a Pending ArtifactMeta, returns the meta + the absolute path the producer writes bytes to. Filename stem is sanitized from the title (alphanumerics + dashes, ≤ 80 chars).
• finalize_artifact(workspace_dir, id, size_bytes): flips Pending → Ready + persists final size. Idempotent.
• fail_artifact(workspace_dir, id, reason): flips to Failed + persists reason via the new ArtifactMeta.error: Option<String> field (serde default + skip-if-none, so persisted records that predate the field round-trip fine).

tools/impl/presentation/ (new, native-Rust engine)

Module layout:

File	Purpose
mod.rs	PresentationTool struct + Tool trait impl. Router-rule description ("USE THIS … NOT for …"). Stateless ctor (new(workspace_dir)) — no Config arg needed, no runtime resolution. 30 s generation timeout.
types.rs	GeneratePresentationInput / SlideSpec / Output / PresentationError enum (InvalidInput, GenerationFailed, GenerationTimeout; plus MissingRuntime / MissingPackage reserved for downstream pattern-match stability and a possible future LibreOffice-headless format = "pdf" fallback). validate_input runs eagerly so the LLM gets a structured error it can self-correct on. truncate_stderr caps at 500 chars (UTF-8-safe).
engine.rs	ppt-rs wrapper. Synthesises a title slide from input.title (+ optional author byline) prepended to the content slides, so slide_count semantics match the original contract (excludes the synthetic title slide). Drives generation through tokio::task::spawn_blocking + tokio::time::timeout so the synchronous library work neither blocks the async executor nor can wedge the agent loop.
tests.rs	11 unit tests — schema contract, router-rule description, validation rejection branches (empty title / empty slides / empty slide / oversize body / too many slides), real end-to-end happy path driving the engine + artifact pipeline.

Engine unit tests live alongside in engine.rs::tests — 4 tests covering the SlideSpec → ppt-rs mapping (title-slide prepend, blank-entry filtering), the OOXML round-trip (re-opens the byte buffer as a zip, asserts all spec-required entries — [Content_Types].xml, _rels/.rels, ppt/presentation.xml, ppt/_rels/presentation.xml.rels, ppt/theme/theme1.xml, ppt/slideMasters/slideMaster1.xml, ppt/slideLayouts/slideLayout1.xml, docProps/core.xml, docProps/app.xml, ppt/slides/slide{1,2}.xml, ppt/notesSlides/notesSlide*.xml when notes set), and the timeout surface under a 1-ns deadline.

Input validation caps: ≤ 64 slides, ≤ 32 bullets/slide, ≤ 2000 chars per field. Tool returns the artifact id + absolute path so the agent can quote it.

runtime_python::venv + runtime_python::run (new, unused-by-this-tool)

Ship as general-purpose primitives for future Python-backed tools (OCR pipelines, data-science scratch executors, …). Not consumed by PresentationTool after the engine refactor. Kept in the PR rather than ripped out because they are reusable scaffolding the next Python-backed tool would otherwise re-add commit-for-commit.

• ensure_venv(name, requirements, config) -> Result<ResolvedPython> — lazy managed venv under <runtime_python.cache_dir>/venvs/<name>/. requirements.txt change detection short-circuits unchanged invocations.
• run_python_script_to_completion(resolved, spec, stdin, deadline) -> PythonRunOutput — one-shot stdin → wait → capture-output contract bounded by deadline; PythonRunTimeout is its own type so call sites can downcast.

Registration

• tools/ops.rs::all_tools_with_runtime always registers PresentationTool::new(workspace_dir.to_path_buf()). No runtime_python.enabled gate.
• agents/orchestrator/agent.toml adds "generate_presentation" to its named list so the orchestrator can drive the tool today. The companion grounding rule (orchestrator must call memory_tree / delegate_research / query_memory before generate_presentation for topical/factual decks) lands in Wire PPT generation and file attachments into agent definitions and error handling #2780 (PR feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029).

Engine refactor history (in-branch)

This PR originally shipped a python-pptx-based engine (subprocess + bundled generate_pptx.py + runtime_python::venv consumer). After a maintainer request to drop the Python dep, the final commit (refactor(presentation): swap python-pptx subprocess for native rust engine) replaces the engine with ppt-rs while preserving:

• tool name (generate_presentation)
• GeneratePresentationInput / Output JSON shape
• artifact pipeline + .pptx extension
• workspace artifact path layout
• socket events that feat(chat): ArtifactCard + Tauri download + backend artifact events (#2779) #3017 ArtifactCard / feat(chat): Files in this chat — persistent per-chat artifact panel (#3024) #3026 Files panel / feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029 orchestrator wiring consume

So downstream PRs in the #1535 chain need no rework — the engine is a sealed implementation detail behind the tool contract. The intermediate python-pptx commits remain in the branch history (one logical refactor at the end documents the swap); the rendered PR diff vs main shows the final shape only.

Sample 5-slide deck generated by the native engine: 14 673 bytes, opens cleanly in PowerPoint / Keynote / Google Slides.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy — 11 lib unit tests in tests.rs covering schema contract, router-rule description, all 5 validation rejection branches, real engine + artifact-pipeline end-to-end happy path. 4 engine unit tests in engine.rs::tests covering the SlideSpec → ppt-rs mapping, OOXML zip round-trip (re-opens output, asserts every spec-required OOXML entry exists), timeout surface. Plus the artifacts + runtime_python helper tests carried in from the earlier commits.
• Diff coverage ≥ 80% — every branch in engine.rs + mod.rs::execute + types.rs::validate_input is exercised by the 14 inline tests. Run locally: cargo test --lib openhuman::tools::implementations::presentation (14 pass) + cargo test --lib openhuman::runtime_python (existing suite, unchanged on this branch) + cargo test --lib openhuman::artifacts (existing suite).
• N/A: behaviour-only addition — no new public feature row in docs/TEST-COVERAGE-MATRIX.md. The tool is a new agent capability surface, not a release-cut feature; Surface artifact downloads and generation progress in the React UI #2779 (UI ArtifactCard) is the right place to add a user-facing row when uploads ship.
• All affected feature IDs from the matrix are listed in the PR description under ## Related
• No new external network dependencies introduced (mock backend used per Testing Strategy) — pure-Rust generation, no per-call network, no pip install.
• N/A: smoke surface unchanged — no release-cut surface touched (docs/RELEASE-MANUAL-SMOKE.md).
• Linked issue closed via Closes #NNN in the ## Related section

Impact

• Runtime/platform: desktop only. Tool is now always-on (no runtime_python.enabled gate). No mobile/web/CLI behaviour change.
• Performance: pure-Rust generation completes in well under a second even for the 64-slide cap. No first-call install latency. 30 s generation timeout is a defensive ceiling against pathological inputs slipping past validate_input.
• Disk footprint: ~10–15 MB binary bloat from ppt-rs transitive deps (pulldown-cmark + syntect are linked unconditionally by ppt-rs even though the markdown / code-highlighting paths are unused). Counterfactual: the python-pptx path added ~50 MB+ of managed Python interpreter + venv on first use at the user's runtime_python.cache_dir.
• Network: zero outbound traffic from the presentation tool at any call.
• Sandbox / security: no subprocess. No pip install. ppt-rs is pure Rust (no unsafe, Apache-2.0).
• Privacy: slide content stays in-process; final bytes land at <workspace>/artifacts/<uuid>/<title>.pptx. No data leaves the host.
• Migration / compatibility: zero. ArtifactMeta.error is additive with serde(default), so existing on-disk records parse unchanged. runtime_python::{venv, run} are new modules — no behaviour change for existing spawn_stdio users.
• Open follow-ups:
  • Surface artifact downloads and generation progress in the React UI #2779 (PR feat(chat): ArtifactCard + Tauri download + backend artifact events (#2779) #3017) — React ArtifactCard renders the generated deck in chat.
  • Files in this chat — persistent per-chat artifact registry #3024 (PR feat(chat): Files in this chat — persistent per-chat artifact panel (#3024) #3026) — "Files in this chat" panel surfaces every deck the agent generated in a thread.
  • Wire PPT generation and file attachments into agent definitions and error handling #2780 (PR feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029) — orchestrator wiring + grounding rule (agent must memory_tree / delegate_research / query_memory before generate_presentation on topical decks) + UnsupportedFileType error variant.
  • ppt-rs upstream issue: gate clap / pulldown-cmark / syntect behind a non-default feature so library consumers don't pay for the pptcli binary's deps. Would shave ~5-10 MB.
  • Image embedding in slides (Composio fetch / file marker → image placeholder) — future enhancement; ppt-rs supports it via add_image(Image).

Related

• Closes: Add PPT generation tool using python-pptx in the Python runtime #2778
• Parent: Add multimodal support for files and PPT generation #1535 (sub-task 3 of 5; Define artifact storage types, config, and persistence layer #2776 ✅ merged PR feat(artifacts): define artifact storage types, config, and persistence layer #2801; Extend multimodal input to accept document and file attachments beyond images #2777 OPEN PR feat(agent/multimodal): support [FILE:…] markers with text extraction (#2777) #2954)
• Follow-up PR(s)/TODOs:
  • Surface artifact downloads and generation progress in the React UI #2779 (PR feat(chat): ArtifactCard + Tauri download + backend artifact events (#2779) #3017) — React ArtifactCard (depends on this)
  • Files in this chat — persistent per-chat artifact registry #3024 (PR feat(chat): Files in this chat — persistent per-chat artifact panel (#3024) #3026) — Files-in-this-chat panel (depends on feat(chat): ArtifactCard + Tauri download + backend artifact events (#2779) #3017)
  • Wire PPT generation and file attachments into agent definitions and error handling #2780 (PR feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029) — orchestrator wiring + grounding rule (depends on this)

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A — GitHub-issue-driven workflow, no Linear ticket.
• URL: N/A

Commit & Branch

• Branch: feat/2778-presentation-tool
• Final commit: e0e2a2e5 refactor(presentation): swap python-pptx subprocess for native rust engine

Validation Run

• Focused tests: cargo test --lib openhuman::tools::implementations::presentation (14/14 ✓ — 11 tool + 4 engine including OOXML zip round-trip)
• cargo check --lib ✓
• cargo fmt --check ✓
• Visual verification: 5-slide sample deck opens cleanly in PowerPoint / Keynote / Google Slides

Behavior Changes

• Intended behavior change: when the agent decides to call generate_presentation with a valid slide spec, a .pptx file is written to the workspace artifacts directory via the native-Rust ppt-rs engine, an ArtifactMeta is persisted as Ready, and the tool returns the artifact id + absolute path. On any failure path the artifact is persisted as Failed with a reason.
• User-visible effect: orchestrator can now satisfy "create slides about X" / "build a deck" requests reliably, with no Python install, no first-call latency, no managed venv on disk.

Parity Contract

• Legacy behavior preserved: artifacts::store's existing public API (list / get / delete RPCs) is byte-identical. Existing on-disk meta.json records parse unchanged thanks to #[serde(default)] on the new error field. Tool name + input / output JSON schema unchanged across the python-pptx → native-rust engine swap, so downstream PRs in the Add multimodal support for files and PPT generation #1535 chain (feat(chat): ArtifactCard + Tauri download + backend artifact events (#2779) #3017, feat(chat): Files in this chat — persistent per-chat artifact panel (#3024) #3026, feat(orchestrator): wire generate_presentation + require grounding (#2780) #3029) need no rework.

Duplicate / Superseded PR Handling

• Duplicate PR(s): none.
• Canonical PR: this is canonical.
• Resolution: N/A

Summary by CodeRabbit

• New Features
  • Added a presentation generation tool that creates PowerPoint files from structured slide specifications. Features include custom deck titles, author attribution, slides with formatted body text and bullet points, speaker notes for presentation reference, flexible theme options, and automatic artifact creation with downloadable output files.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR implements a native Rust PPTX generation tool using the ppt-rs library, extends artifact lifecycle management with create/finalize/fail state transitions, adds Python subprocess and virtual environment runtime support, strengthens Python version validation, and registers the tool in the orchestrator.

Changes

Artifact Lifecycle and State Management

Layer / File(s)	Summary
Artifact types, store lifecycle, and module re-exports src/openhuman/artifacts/types.rs, src/openhuman/artifacts/store.rs, src/openhuman/artifacts/store_tests.rs, src/openhuman/artifacts/mod.rs	ArtifactMeta gains optional error: Option<String> field; create_artifact validates and allocates artifacts with filename sanitization, finalize_artifact transitions to Ready idempotently, and fail_artifact transitions to Failed with reason; lifecycle APIs re-exported from module root; tests updated to initialize error field.

Python Runtime Infrastructure

Layer / File(s)	Summary
Python subprocess runner src/openhuman/runtime_python/run.rs	run_python_script_to_completion spawns subprocess, pipes optional stdin via async task, enforces deadline timeout, captures UTF-8 lossy stdout/stderr, and returns exit code; tests cover spawn errors, I/O round-trip, non-zero exits, and deadline enforcement.
Virtual environment manager src/openhuman/runtime_python/venv.rs	ensure_venv validates name, resolves cache root, reuses cached venv via lock comparison, creates venv via python -m venv under timeout, discovers venv python, installs requirements via pip install under timeout, and persists deterministic lock; tests validate lock rendering, name validation, cache-root honoring, and python discovery.
Python runtime public API and downloader validation src/openhuman/runtime_python/mod.rs, src/openhuman/runtime_python/downloader.rs, src/openhuman/runtime_python/downloader_tests.rs	Re-export subprocess runner types and venv setup from runtime_python/mod; parse_distribution_asset rejects prerelease Python versions (alpha, beta, rc) preventing selection of unreleased artifacts; new unit test validates rejection behavior.

Native PPTX Generation Tool

Layer / File(s)	Summary
Presentation types, bounds, and validation src/openhuman/tools/impl/presentation/types.rs	Define SlideSpec, GeneratePresentationInput, GeneratePresentationOutput with Serde configuration; hard bounds for slides/text/bullets; PresentationError enum covering InvalidInput, MissingRuntime, MissingPackage, GenerationFailed, GenerationTimeout; validate_input performs early, structured validation with per-field and per-slide checks.
PPTX generation engine src/openhuman/tools/impl/presentation/engine.rs	Async generate function runs ppt-rs inside spawn_blocking under deadline timeout; build_slides prepends synthetic title slide, collapses body into leading bullet, filters whitespace in bullets/notes; tests validate title-slide prepending, whitespace filtering, OOXML correctness, slide numbering, notes materialization, non-panic cancellation mapping, and deadline timeout.
Presentation tool execute pipeline and tests src/openhuman/tools/impl/presentation/mod.rs, src/openhuman/tools/impl/presentation/tests.rs	PresentationTool implements Tool trait with JSON schema for slide-deck spec, permission_level::Write, and markdown support; execute() deserializes/validates input, creates artifact, runs engine under 30s timeout, writes file, and finalizes artifact; on errors calls fail_artifact. Integration tests validate schema contract (bounds, required fields), permission/router rules, validation rejection (empty title, oversize text, max slides), happy-path execution with artifact file verification, and stderr truncation.
Tool registration and orchestrator wiring src/openhuman/tools/impl/mod.rs, src/openhuman/tools/ops.rs, src/openhuman/agent_registry/agents/orchestrator/agent.toml, Cargo.toml	Export PresentationTool from tools/impl/mod, register in all_tools_with_runtime with workspace_dir, add generate_presentation to orchestrator agent.toml under [tools].named, add ppt-rs 0.2.14 dependency.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• Wire PPT generation and file attachments into agent definitions and error handling #2780: Main changes implement requested wiring by adding generate_presentation to orchestrator agent definition, registering PresentationTool in tools/ops, and introducing PresentationError variants—directly addressing same files/functions and acceptance criteria.

Possibly related PRs

• tinyhumansai/openhuman#2801: Both PRs extend src/openhuman/artifacts module (types.rs, store.rs) by implementing artifact persistence layer and ArtifactMeta used for tool-generated files.

Suggested reviewers

• senamakel
• graycyrus

Poem

🐰 A PPTX tool hops into view,
Native Rust with ppt-rs true,
Artifact states track error and grace,
Python venvs find their place,
Presentations bloom—slides don't run away!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: adding a generate_presentation tool with a native Rust engine using ppt-rs, which is the primary objective of this PR.
Linked Issues check	✅ Passed	The PR implements all acceptance criteria from #2778: tool registered with JSON schema, slide specs with required fields, PPTX output to artifacts with metadata, artifact ID/path returns, input validation, end-to-end tests, and achieves diff coverage requirements.
Out of Scope Changes check	✅ Passed	The PR includes intentional scaffolding (runtime_python::run and venv modules) documented as reusable for future Python tools but not consumed here, and prerelease version filtering improvements; both are minor, well-justified enhancements supporting future work.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (2)

src/openhuman/tools/ops.rs (1)

264-266: ⚡ Quick win

Add structured correlation fields to the new registration-gate log.

At Line 264, the new debug log is grep-friendly but unstructured; add fields (for example tool = "generate_presentation" and runtime_python_enabled = false) so this branch is easier to aggregate/filter in diagnostics.

As per coding guidelines: "In Rust, default to verbose diagnostics on new/changed flows using log/tracing at debug/trace levels with stable grep-friendly prefixes and correlation fields".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/ops.rs` around lines 264 - 266, The tracing::debug! call
that logs "[tools::ops] runtime_python disabled — generate_presentation tool not
registered" should be converted to a structured tracing event by adding
correlation fields (e.g. tool = "generate_presentation" and
runtime_python_enabled = false) so it can be filtered/aggregated; modify the
tracing::debug! invocation in src/openhuman/tools/ops.rs to include those
key/value fields while keeping the same human-readable message prefix for
grep-friendliness.

src/openhuman/tools/impl/presentation/invoker.rs (1)

87-155: ⚡ Quick win

Add debug/trace diagnostics for the invocation lifecycle.

Line 87–155 currently logs only one warning branch; add start/outcome debug logs (script, output path, deadline, classified outcome/exit code) for consistent tool observability.

As per coding guidelines "In Rust, default to verbose diagnostics on new/changed flows using log/tracing at debug/trace levels with stable grep-friendly prefixes and correlation fields".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/impl/presentation/invoker.rs` around lines 87 - 155, Add
trace/debug diagnostics around the RealPythonInvoker::run flow: emit a trace at
method start with script_path, output_path, deadline and VENV_NAME; after
ensure_venv succeeds log the resolved venv (resolved) at debug; before calling
run_python_script_to_completion log the PythonLaunchSpec (spec.args) at trace;
on run error log outcome classification (Timeout vs MissingRuntime) with err
string at debug; and on completion log the final InvocationOutcome with
exit_code and short summaries of stdout/stderr (or their lengths) at debug/trace
so all branches of run (Success, NonZeroExit, Timeout, MissingRuntime,
PackageInstallFailed) are consistently observable. Reference symbols:
RealPythonInvoker::run, ensure_venv, VENV_NAME, PythonLaunchSpec,
run_python_script_to_completion, InvocationOutcome.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/runtime_python/run.rs`:
- Around line 65-89: The stdin write/close path can block indefinitely because
write_all/shutdown are awaited before the timeout is applied; wrap the write_all
and shutdown calls in the same deadline timeout used for process output (use the
existing deadline variable) so they fail if the deadline passes. Concretely,
when you take child.stdin (the block using child.stdin.take(),
stdin_handle.write_all(&payload), and stdin_handle.shutdown()), execute those
async operations via timeout(deadline, ...) and propagate the timeout error with
context similar to the existing output wait (include spec.script_path in the
context) so write and shutdown are bounded by the same deadline as the
output_future.

In `@src/openhuman/runtime_python/venv.rs`:
- Around line 73-79: The info log is emitting raw requirement strings (variable
requirements) which can contain sensitive URLs/credentials; update the
tracing::info! call in this module (the tracing::info! invocation inside the
venv setup function in venv.rs) to avoid printing full requirement values by
replacing requirements with a redacted representation (e.g., map each
requirement to a scrubbed/masked value or just log the count or package names
without URLs) before passing to tracing::info!, or introduce a small helper
(e.g., redact_requirements or scrub_requirements) to transform the requirements
variable and log that safe summary instead of the raw requirements.
- Around line 174-199: The create_venv function currently awaits cmd.output()
with no bound; wrap the output() future in tokio::time::timeout (e.g., a
reasonable Duration constant) so the venv creation cannot hang indefinitely,
then handle the Err(timeout) by returning an error (bail! or with_context)
indicating the timeout and allow kill_on_drop to clean up the child; on
Ok(inner) proceed as before checking inner.status and stderr. Ensure you import
tokio::time::timeout and use a named timeout Duration constant so the timeout
value is clear and adjustable.

In `@src/openhuman/tools/impl/presentation/generate_pptx.py`:
- Around line 63-71: The main function parses the --output argument but doesn't
enforce that it's an absolute path; after args = parser.parse_args() add a guard
using os.path.isabs(args.output) and call parser.error(" --output must be an
absolute path") or sys.exit(1) if it returns False so the program fails fast
when a non-absolute path is supplied; import os (and sys if using sys.exit) and
reference main, parser, args and the --output flag when making this change.

In `@src/openhuman/tools/impl/presentation/mod.rs`:
- Around line 181-186: The info log in the presentation generation path
currently emits user-supplied input.title directly via tracing::info (target:
"presentation"), which may leak PII; change the log to redact the title by
logging derived metadata instead (e.g., title length or a boolean has_title) and
keep slide_count and context ("[presentation] generation request accepted");
locate the tracing::info call in mod.rs and replace the title = %input.title
field with a safe metadata field such as title_length = input.title.len() or
title_present = !input.title.is_empty().
- Around line 197-209: When errors occur after create_artifact (e.g., in
script::materialise_script, serde_json::to_vec, or self.invoker.run inside
execute), catch those failures instead of propagating with ?, update the created
artifact to a failed state (call the artifact failure/update method used in this
module) with the error details, and then return the error; specifically wrap the
calls to script::materialise_script(), serde_json::to_vec(&input), and
self.invoker.run(...) so any Err triggers artifact.fail/update (or the
equivalent method on the object returned by create_artifact) before returning
the original error.

In `@src/openhuman/tools/impl/presentation/script.rs`:
- Around line 33-40: The code currently creates a deterministic temp directory
by joining std::env::temp_dir() with process id and then writes GENERATE_PPTX_PY
into it; replace that with a secure, unique temp dir and an atomic/new-file
write: use tempfile (e.g.
tempfile::Builder::new().prefix("openhuman-presentation-").tempdir() or
tempfile::TempDir::new_in(...)) to create an unpredictable TempDir (reference
the dir variable creation), then construct path =
dir.path().join("generate_pptx.py"), and open/write the file using a
create_new/open options approach
(tokio::fs::OpenOptions::new().write(true).create_new(true) or equivalent) so
the write fails if the file already exists and avoids symlink/toctou issues when
writing GENERATE_PPTX_PY; ensure you propagate the same with_context messages
for errors (the with_context calls around directory creation and file write).

In `@src/openhuman/tools/impl/presentation/types.rs`:
- Around line 136-155: The validate_input logic is missing a length check for
input.theme, allowing arbitrarily long themes; update the validate_input
function to check input.theme (e.g., if let Some(theme) =
input.theme.as_deref()) and return PresentationError::InvalidInput with field
"theme" and reason format!("must be ≤ {MAX_TEXT_CHARS} chars") when
theme.chars().count() > MAX_TEXT_CHARS, matching the existing title/author
validation pattern and using the same MAX_TEXT_CHARS cap.

In `@tests/presentation_tool.rs`:
- Around line 21-30: The two preflight checks call python_available() and
python_pptx_importable() separately and can end up using different Python
binaries; change the flow to resolve a single Python executable once (e.g. via a
new resolve_python_executable() or by altering python_available() to return the
resolved path) and pass that resolved path into the import check (call
python_pptx_importable(resolved_path) or similar) and into later code that
invokes Python (the code referenced around Line 59 and the similar block at
112-132), so both availability and import checks — and the runtime invocation —
use the same interpreter.

---

Nitpick comments:
In `@src/openhuman/tools/impl/presentation/invoker.rs`:
- Around line 87-155: Add trace/debug diagnostics around the
RealPythonInvoker::run flow: emit a trace at method start with script_path,
output_path, deadline and VENV_NAME; after ensure_venv succeeds log the resolved
venv (resolved) at debug; before calling run_python_script_to_completion log the
PythonLaunchSpec (spec.args) at trace; on run error log outcome classification
(Timeout vs MissingRuntime) with err string at debug; and on completion log the
final InvocationOutcome with exit_code and short summaries of stdout/stderr (or
their lengths) at debug/trace so all branches of run (Success, NonZeroExit,
Timeout, MissingRuntime, PackageInstallFailed) are consistently observable.
Reference symbols: RealPythonInvoker::run, ensure_venv, VENV_NAME,
PythonLaunchSpec, run_python_script_to_completion, InvocationOutcome.

In `@src/openhuman/tools/ops.rs`:
- Around line 264-266: The tracing::debug! call that logs "[tools::ops]
runtime_python disabled — generate_presentation tool not registered" should be
converted to a structured tracing event by adding correlation fields (e.g. tool
= "generate_presentation" and runtime_python_enabled = false) so it can be
filtered/aggregated; modify the tracing::debug! invocation in
src/openhuman/tools/ops.rs to include those key/value fields while keeping the
same human-readable message prefix for grep-friendliness.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 05501243-a797-4880-8cce-829b920ac1a5

📥 Commits

Reviewing files that changed from the base of the PR and between 3556842 and aa1469c.

📒 Files selected for processing (18)

• .github/workflows/coverage.yml
• src/openhuman/agent_registry/agents/orchestrator/agent.toml
• src/openhuman/artifacts/mod.rs
• src/openhuman/artifacts/store.rs
• src/openhuman/artifacts/store_tests.rs
• src/openhuman/artifacts/types.rs
• src/openhuman/runtime_python/mod.rs
• src/openhuman/runtime_python/run.rs
• src/openhuman/runtime_python/venv.rs
• src/openhuman/tools/impl/mod.rs
• src/openhuman/tools/impl/presentation/generate_pptx.py
• src/openhuman/tools/impl/presentation/invoker.rs
• src/openhuman/tools/impl/presentation/mod.rs
• src/openhuman/tools/impl/presentation/script.rs
• src/openhuman/tools/impl/presentation/tests.rs
• src/openhuman/tools/impl/presentation/types.rs
• src/openhuman/tools/ops.rs
• tests/presentation_tool.rs

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/openhuman/tools/impl/presentation/generate_pptx.py (1)

80-84: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Decode stdin as UTF-8 explicitly in generate_pptx.py

src/openhuman/tools/impl/presentation/generate_pptx.py reads raw = sys.stdin.read() and only catches OSError; a UTF-8 decode failure raises UnicodeDecodeError (a ValueError) and will escape, producing an uncaught traceback (exit 1) despite the script contract stating exit 2 on input/runtime errors. The Rust caller passes UTF-8 JSON bytes via serde_json::to_vec(&input) and does not set any UTF-8-forcing env vars for the Python child (spawn_stdio_process only applies spec.env, and invoker.rs doesn’t populate it), so decoding remains locale-dependent.

Suggested fix

     try:
-        raw = sys.stdin.read()
+        raw = sys.stdin.buffer.read().decode("utf-8")
     except OSError as err:
         _exit_error(f"failed to read stdin: {err}")
         return
+    except UnicodeDecodeError as err:
+        _exit_error(f"stdin payload was not valid UTF-8: {err}")
+        return

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/impl/presentation/generate_pptx.py` around lines 80 - 84,
The stdin read in generate_pptx.py currently uses raw = sys.stdin.read() and
only catches OSError, which misses UTF-8 decode errors; change to read bytes
from sys.stdin.buffer (or decode the read explicitly) and decode using 'utf-8'
inside the try block, and expand the except to catch UnicodeDecodeError (and
ValueError if needed) so any decode failure calls _exit_error(...) and returns
the proper exit code; locate the read/except around raw and update the handling
to ensure _exit_error is used for decode failures.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@src/openhuman/tools/impl/presentation/generate_pptx.py`:
- Around line 80-84: The stdin read in generate_pptx.py currently uses raw =
sys.stdin.read() and only catches OSError, which misses UTF-8 decode errors;
change to read bytes from sys.stdin.buffer (or decode the read explicitly) and
decode using 'utf-8' inside the try block, and expand the except to catch
UnicodeDecodeError (and ValueError if needed) so any decode failure calls
_exit_error(...) and returns the proper exit code; locate the read/except around
raw and update the handling to ensure _exit_error is used for decode failures.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 555dcecf-b5f5-4b59-8180-3d52982430d8

📥 Commits

Reviewing files that changed from the base of the PR and between aa1469c and 69c5e5a.

📒 Files selected for processing (7)

• src/openhuman/runtime_python/run.rs
• src/openhuman/runtime_python/venv.rs
• src/openhuman/tools/impl/presentation/generate_pptx.py
• src/openhuman/tools/impl/presentation/mod.rs
• src/openhuman/tools/impl/presentation/script.rs
• src/openhuman/tools/impl/presentation/types.rs
• tests/presentation_tool.rs

🚧 Files skipped from review as they are similar to previous changes (5)

• tests/presentation_tool.rs
• src/openhuman/tools/impl/presentation/mod.rs
• src/openhuman/tools/impl/presentation/types.rs
• src/openhuman/runtime_python/venv.rs
• src/openhuman/runtime_python/run.rs

[oxoxDev]

@senamakel @graycyrus need reviews

[oxoxDev]

@coderabbitai full review — all 12 inline threads were resolved against the original python-pptx implementation. The PR has since been rewritten in commit e0e2a2e5 (native Rust ppt-rs engine, no subprocess, no python venv) and rebased on top of post-#3147 main in commit c9d6c551. Please re-evaluate the current diff and update the review state.

[coderabbitai]

@oxoxDev Understood — triggering a full re-review against the current diff. I'll re-evaluate the native ppt-rs engine path, the artifact store helpers, the runtime_python::venv/run scaffolding, the test coverage, and the CI workflow changes from scratch.

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

src/openhuman/artifacts/store_tests.rs (1)

16-16: ⚡ Quick win

Assert the new error field in the round-trip test.

make_meta() now seeds error: None, but save_and_get_roundtrip() never checks it, so a regression in ArtifactMeta.error serialization would still pass. Add at least a None assertion here, and ideally one Some(...) case too.

Also applies to: 20-36

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/artifacts/store_tests.rs` at line 16, The round-trip test omits
asserting the new ArtifactMeta.error field, so update the tests that call
make_meta() and save_and_get_roundtrip() to assert the error field is preserved:
add an assertion that meta.error is None for the existing make_meta() case, and
add a separate test case that constructs a meta with error = Some("...") and
verifies save_and_get_roundtrip() returns the same Some(...) value; target the
test helpers and assertions around make_meta(), save_and_get_roundtrip(), and
the ArtifactMeta.error field to ensure both None and Some(...) are covered.

src/openhuman/artifacts/store.rs (1)

247-275: 💤 Low value

Optional: replace out.chars().count() with out.len().

Every pushed char is ASCII (a-z/0-9/-/_), so out.len() equals the char count but is O(1) instead of re-scanning the buffer each iteration (currently O(n²)). Bounded by the 80-char cap, so impact is small.

♻️ Proposed tweak

         out.push(mapped);
-        if out.chars().count() >= MAX_SANITIZED_FILENAME_LEN {
+        if out.len() >= MAX_SANITIZED_FILENAME_LEN {
             break;
         }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/artifacts/store.rs` around lines 247 - 275, The loop in
sanitize_filename_stem currently checks out.chars().count() to enforce
MAX_SANITIZED_FILENAME_LEN, which rescans the buffer each iteration; change that
check to use out.len() for O(1) length checking. Update the conditional inside
sanitize_filename_stem that reads "if out.chars().count() >=
MAX_SANITIZED_FILENAME_LEN" to "if out.len() >= MAX_SANITIZED_FILENAME_LEN"
(keeping the same MAX_SANITIZED_FILENAME_LEN symbol and all other logic intact).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/coverage.yml:
- Around line 96-105: Remove the now-stale GitHub Actions step that installs
python-pptx and its explanatory comment block from the coverage workflow: delete
the entire step that runs "python3 -m pip install --user --quiet
python-pptx==1.0.2" along with the surrounding comment lines about the
generate_presentation tool and runtime_python; the presentation tests
(tests/presentation_tool.rs) now use the Rust ppt-rs engine only so the
networked pip install is unnecessary.

In `@src/openhuman/agent_registry/agents/orchestrator/agent.toml`:
- Around line 163-171: The TOML comment above the "generate_presentation" agent
entry is stale (mentions a python-pptx helper and subprocess) — update the
comment to reflect the current implementation using the native Rust ppt-rs
engine, remove references to Python runtime/subprocess, and clarify that output
still lands in the workspace artifacts directory and the tool returns the
artifact id + absolute path so the orchestrator can quote it.

In `@src/openhuman/runtime_python/venv.rs`:
- Around line 50-107: ensure_venv can race when two callers for the same name
miss the cache; wrap the entire cache-check-and-rebuild sequence in a per-venv
lock so only one task/process builds the venv at a time. Specifically, in
ensure_venv around the call to try_cached_venv(...) and all subsequent
operations that mutate venv_dir/lock_path (remove_dir_all, create_dir_all,
create_venv, pip_install, and writing lock_path), acquire a unique lock keyed by
name or venv_dir; if cross-process races are possible use an on-disk advisory
lock (e.g., open a lock file next to venv_dir and flock it) otherwise use an
in-process async Mutex keyed by name; release the lock after the requirements
lock is written so subsequent callers re-check try_cached_venv and reuse the
completed venv.
- Around line 56-62: The cache lookup in try_cached_venv only compares
REQUIREMENTS_LOCK/want_lock and ignores the resolved interpreter, allowing reuse
across different resolved Python/runtime config; update the cache scheme so the
resolved interpreter identity (e.g., resolved Python path/version/source string)
is persisted alongside the venv metadata and used in try_cached_venv validation
(or include the interpreter id in the venv_dir cache key), ensure callers no
longer return version: String::new() but populate the saved version, and apply
the same check/persistence to the other cached-venv check sites (the alternate
cache lookup around render_requirements_lock/venv_dir/lock_path) so mismatched
interpreter resolutions invalidate the cache.

---

Nitpick comments:
In `@src/openhuman/artifacts/store_tests.rs`:
- Line 16: The round-trip test omits asserting the new ArtifactMeta.error field,
so update the tests that call make_meta() and save_and_get_roundtrip() to assert
the error field is preserved: add an assertion that meta.error is None for the
existing make_meta() case, and add a separate test case that constructs a meta
with error = Some("...") and verifies save_and_get_roundtrip() returns the same
Some(...) value; target the test helpers and assertions around make_meta(),
save_and_get_roundtrip(), and the ArtifactMeta.error field to ensure both None
and Some(...) are covered.

In `@src/openhuman/artifacts/store.rs`:
- Around line 247-275: The loop in sanitize_filename_stem currently checks
out.chars().count() to enforce MAX_SANITIZED_FILENAME_LEN, which rescans the
buffer each iteration; change that check to use out.len() for O(1) length
checking. Update the conditional inside sanitize_filename_stem that reads "if
out.chars().count() >= MAX_SANITIZED_FILENAME_LEN" to "if out.len() >=
MAX_SANITIZED_FILENAME_LEN" (keeping the same MAX_SANITIZED_FILENAME_LEN symbol
and all other logic intact).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f6897a7b-a425-442a-993a-98e09a01934b

📥 Commits

Reviewing files that changed from the base of the PR and between a40cd7e and c9d6c55.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (19)

• .github/workflows/coverage.yml
• Cargo.toml
• app/test/playwright/helpers/core-rpc.ts
• src/openhuman/agent_registry/agents/orchestrator/agent.toml
• src/openhuman/artifacts/mod.rs
• src/openhuman/artifacts/store.rs
• src/openhuman/artifacts/store_tests.rs
• src/openhuman/artifacts/types.rs
• src/openhuman/runtime_python/downloader.rs
• src/openhuman/runtime_python/downloader_tests.rs
• src/openhuman/runtime_python/mod.rs
• src/openhuman/runtime_python/run.rs
• src/openhuman/runtime_python/venv.rs
• src/openhuman/tools/impl/mod.rs
• src/openhuman/tools/impl/presentation/engine.rs
• src/openhuman/tools/impl/presentation/mod.rs
• src/openhuman/tools/impl/presentation/tests.rs
• src/openhuman/tools/impl/presentation/types.rs
• src/openhuman/tools/ops.rs

[graycyrus]

@oxoxDev hey! solid work on this — the native-Rust pivot is the right call and the artifact lifecycle helpers are well-designed. a few things are blocking clean CI before i can approve:

CI failures:

• "Rust Core Coverage" is failing, and i'm pretty sure the culprit is the step you added to coverage.yml. it installs python-pptx==1.0.2 and its comment still says "The presentation tool (#2778) bundles a python-pptx-backed script" — but after the engine refactor the tool uses ppt-rs and has no Python path at all. if tests/presentation_tool.rs still references the Python venv path, it'll fail here. either remove the pip install step or update it to match what the coverage run actually needs.
• "E2E / web lane 1/4" is failing — unrelated to this PR possibly, but worth checking if any of your walkthrough changes in core-rpc.ts are implicated.

Stale comment in agent.toml:

The comment you added alongside "generate_presentation" says "Synthesises a .pptx from a structured slide spec via a bundled python-pptx helper." Should say ppt-rs / native Rust engine after the refactor. Minor but someone reading the TOML will be confused.

Open CodeRabbit findings (not yet addressed):

1. engine.rs:130 — tokio::time::timeout wrapping spawn_blocking does not cancel the blocking thread. After the 30s deadline fires, ppt-rs keeps running in the blocking thread pool until it finishes or panics. For desktop-only use the blast radius is small, but if a pathological input slips past validate_input and wedges ppt-rs, you'll leak a blocking thread for the full duration of every concurrent request. Worth addressing before merge.

2. presentation/mod.rs (finalize) — if finalize_artifact fails (e.g. disk full when writing meta.json after the .pptx bytes are already on disk), the artifact stays Pending and the user gets a stuck spinner with no error message. CodeRabbit's suggested fix — catch the error, call fail_artifact, then propagate — is the right shape.

fix the CI + those two items and i'll approve.

[graycyrus]

@oxoxDev thanks for the follow-up — the stale pip install python-pptx==1.0.2 step in coverage.yml and the stale comment in agent.toml are both cleaned up, appreciate it. marking those threads resolved.

CI is still failing (Rust Core Coverage + E2E lane 1/4), so holding off on approval. one new issue to flag before you close out:

venv.rs is still present in this PR. The two CodeRabbit threads on runtime_python/venv.rs that you closed as "obsolete after engine swap" are not obsolete — venv.rs (353 lines) still ships as a new file in this PR. Commit e0e2a2e5 removed generate_pptx.py, invoker.rs, and script.rs, but did not touch venv.rs. Those two findings — the concurrent first-call race at line 107 (ensure_venv can be entered by two callers simultaneously, both miss cache, and race through remove_dir_all + create_venv + pip install) and the cache invalidation gap at line 62 (lock file only records requirement strings, not interpreter version, so a Python upgrade won't trigger a venv rebuild) — both need to be addressed before merge. The race in particular will produce a corrupted venv under concurrent load when two tools request the same named env for the first time.

fix CI and address the two venv.rs CodeRabbit threads and i'll approve.

[oxoxDev]

@coderabbitai full review — all inline threads now resolved (two stale runtime_python/venv.rs threads marked resolved since that file was deleted in engine swap commit e0e2a2e5). Current state: 18/18 CI green incl. Coverage Gate, graycyrus's python-pptx scrubs both addressed in 9c5a2178. The stale CHANGES_REQUESTED review from 2026-05-30 was on the original python-pptx implementation that no longer exists. Please re-evaluate and update review state.

[coderabbitai]

@oxoxDev Understood — triggering a full re-review against the current diff. I'll evaluate the native ppt-rs engine path, artifact store helpers (create_artifact, finalize_artifact, fail_artifact), the runtime_python::venv/run scaffolding retained as scaffolding, validation logic, test coverage, and the CI workflow changes from a clean slate — independent of the previous CHANGES_REQUESTED review on the python-pptx implementation.

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

src/openhuman/runtime_python/venv.rs (2)

50-107: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Concurrent first-calls for the same name can race.

Two concurrent callers that both miss the cache check at line 61 will race through remove_dir_all → create_venv → pip_install → lock write, potentially leaving a half-installed venv or deleting each other's work mid-bootstrap. Consider adding a per-name lock (in-process Mutex keyed by name, or an on-disk advisory lock if cross-process races are possible).

Since this is scaffolding for future tools rather than code exercised today, this can be addressed before the first consumer is wired up.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/runtime_python/venv.rs` around lines 50 - 107, Concurrent
callers can race in ensure_venv (between try_cached_venv and writing
REQUIREMENTS_LOCK), leading to torn or deleted venvs; fix by serializing
per-name bootstrap: introduce a global per-name lock map (e.g., Lazy static
HashMap/DashMap from name -> Arc<tokio::sync::Mutex<()>>) and acquire the mutex
for the given name at the start of ensure_venv before re-checking
try_cached_venv, then perform remove_dir_all/create_venv/pip_install/write lock
while holding it; release afterward. Reference symbols: ensure_venv,
try_cached_venv, venv_dir, lock_path, create_venv, pip_install.

---

144-166: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Cached venv reuse ignores interpreter version drift.

try_cached_venv compares only the requirements lock, not the base interpreter identity. If RuntimePythonConfig later resolves a different Python version, the stale venv will still be returned. Additionally, version: String::new() is returned for cached hits, so callers cannot detect drift. Consider persisting the interpreter path/version alongside the lock, or encoding the interpreter identity into the cache key.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/runtime_python/venv.rs` around lines 144 - 166, try_cached_venv
currently only checks the requirements lock and returns ResolvedPython with an
empty version, which allows reuse of a venv created by a different base
interpreter; update the caching logic to include the base interpreter identity
(path and/or version) in the cache key or persist it alongside the lock (e.g.
write interpreter path/version into the same lock file), then in try_cached_venv
read that stored interpreter identity and compare it against the currently
resolved interpreter from RuntimePythonConfig (or whatever caller-provided want
identity) before returning; also populate ResolvedPython.version from the stored
metadata (instead of String::new()) so callers can detect drift. Ensure you use
locate_venv_python and ResolvedPython as the return path and update any code
that writes the cache to include the interpreter metadata.

🧹 Nitpick comments (2)

src/openhuman/runtime_python/venv.rs (1)

250-265: 💤 Low value

Simplify run_pip_install parameter handling.

The function accepts spec: &PythonLaunchSpec but only uses spec.args.clone() (line 264), and line 262 (let _ = spec;) explicitly suppresses the unused-variable warning. Consider either:

• Passing args: &[String] directly, or
• Removing the intermediate launch and using spec directly if the contract allows.

♻️ Proposed simplification

-async fn run_pip_install(
-    resolved: &ResolvedPython,
-    spec: &PythonLaunchSpec,
-) -> Result<super::run::PythonRunOutput> {
+async fn run_pip_install(
+    resolved: &ResolvedPython,
+    args: &[String],
+) -> Result<super::run::PythonRunOutput> {
     // pip install is the heavy-weight first-call path; reuse the
     // generic run helper but with the venv-install timeout instead of
     // the per-tool default.
-    //
-    // We rebuild spec as a positional one to satisfy
-    // spawn_stdio_process's contract: script_path -> first arg after
-    // `python`. We pass `-m` as the "script" and `pip install …` as
-    // args, matching the `python -m pip install …` form.
-    let _ = spec; // placeholder — actually consumed below
     let mut launch = PythonLaunchSpec::new(std::path::PathBuf::from("-m"));
-    launch.args = spec.args.clone();
+    launch.args = args.to_vec();
     launch.unbuffered = false;

And update the call site (line 239):

-    let output = run_pip_install(&resolved, &spec).await?;
+    let output = run_pip_install(&resolved, &spec.args).await?;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/runtime_python/venv.rs` around lines 250 - 265, The
run_pip_install function currently takes spec: &PythonLaunchSpec but only uses
spec.args.clone() and creates a new PythonLaunchSpec named launch; change the
API to accept only the arguments (e.g., args: &[String] or Vec<String>) and
eliminate the unused spec and the intermediate launch, or alternatively use the
provided spec directly and remove the new PythonLaunchSpec creation; update
references to spec.args.clone() (and the call site that invokes run_pip_install)
to pass the args parameter (or the original spec) and remove the let _ = spec;
placeholder and the launch variable if no longer needed (symbols:
run_pip_install, PythonLaunchSpec, launch, spec.args).

src/openhuman/tools/impl/presentation/types.rs (1)

10-12: ⚡ Quick win

Update the stale Python-era Rustdoc/comments.

These comments still describe the removed python-pptx/Python-helper path, which now contradicts the native ppt-rs implementation and makes the validation/output contract harder to follow.

As per coding guidelines: "Ship rustdoc / code comments with new/changed Rust behavior; update AGENTS.md or architecture docs when rules or user-visible behavior change".

Also applies to: 28-29, 50-52, 60-62, 132-134

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/tools/impl/presentation/types.rs` around lines 10 - 12, Update
the stale Rustdoc in src/openhuman/tools/impl/presentation/types.rs to remove
references to "python-pptx" and the Python-helper path and instead describe the
native ppt-rs behavior and exact validation/output contract; locate the comment
blocks around the "Maximum length of a single text field (title, body,
individual bullet, speaker notes)" and the other ranges noted (lines covering
bullets and validation) and rewrite them to state the current max-length rule,
which fields it applies to, and how ppt-rs handles
truncation/encoding/validation; ensure the docstrings reference the relevant
types/constants in the file (e.g., the max-length constant and any validation
functions/methods) and, if this is a user-visible behavior change, update
AGENTS.md or architecture docs accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/tools/impl/presentation/mod.rs`:
- Around line 197-208: The code logs the absolute artifact path
(output_path.display()) both in the failure reason and in tracing::warn, which
may leak PII; change both usages to avoid full paths by using the artifact id
(meta.id) or a redacted filename-only value (e.g., output_path.file_name())
instead, update the reason passed to fail_artifact(&self.workspace_dir,
&meta.id, &reason).await to not include output_path.display(), and replace the
tracing::warn path field with a non-sensitive identifier (meta.id or
filename-only) while retaining the existing err and target fields.

In `@src/openhuman/tools/impl/presentation/types.rs`:
- Around line 176-217: The validation treats slides with bullets like ["   "] as
non-empty because has_bullets is set from slide.bullets.is_empty(); change the
has_bullets computation in the input.slides iteration to consider only bullets
with non-whitespace content (e.g., set has_bullets =
slide.bullets.iter().any(|b| !b.trim().is_empty())), so slides with only
whitespace bullets fail the "must have at least one of title / body / bullets"
check (keep other length/bullets checks as-is).

---

Duplicate comments:
In `@src/openhuman/runtime_python/venv.rs`:
- Around line 50-107: Concurrent callers can race in ensure_venv (between
try_cached_venv and writing REQUIREMENTS_LOCK), leading to torn or deleted
venvs; fix by serializing per-name bootstrap: introduce a global per-name lock
map (e.g., Lazy static HashMap/DashMap from name -> Arc<tokio::sync::Mutex<()>>)
and acquire the mutex for the given name at the start of ensure_venv before
re-checking try_cached_venv, then perform
remove_dir_all/create_venv/pip_install/write lock while holding it; release
afterward. Reference symbols: ensure_venv, try_cached_venv, venv_dir, lock_path,
create_venv, pip_install.
- Around line 144-166: try_cached_venv currently only checks the requirements
lock and returns ResolvedPython with an empty version, which allows reuse of a
venv created by a different base interpreter; update the caching logic to
include the base interpreter identity (path and/or version) in the cache key or
persist it alongside the lock (e.g. write interpreter path/version into the same
lock file), then in try_cached_venv read that stored interpreter identity and
compare it against the currently resolved interpreter from RuntimePythonConfig
(or whatever caller-provided want identity) before returning; also populate
ResolvedPython.version from the stored metadata (instead of String::new()) so
callers can detect drift. Ensure you use locate_venv_python and ResolvedPython
as the return path and update any code that writes the cache to include the
interpreter metadata.

---

Nitpick comments:
In `@src/openhuman/runtime_python/venv.rs`:
- Around line 250-265: The run_pip_install function currently takes spec:
&PythonLaunchSpec but only uses spec.args.clone() and creates a new
PythonLaunchSpec named launch; change the API to accept only the arguments
(e.g., args: &[String] or Vec<String>) and eliminate the unused spec and the
intermediate launch, or alternatively use the provided spec directly and remove
the new PythonLaunchSpec creation; update references to spec.args.clone() (and
the call site that invokes run_pip_install) to pass the args parameter (or the
original spec) and remove the let _ = spec; placeholder and the launch variable
if no longer needed (symbols: run_pip_install, PythonLaunchSpec, launch,
spec.args).

In `@src/openhuman/tools/impl/presentation/types.rs`:
- Around line 10-12: Update the stale Rustdoc in
src/openhuman/tools/impl/presentation/types.rs to remove references to
"python-pptx" and the Python-helper path and instead describe the native ppt-rs
behavior and exact validation/output contract; locate the comment blocks around
the "Maximum length of a single text field (title, body, individual bullet,
speaker notes)" and the other ranges noted (lines covering bullets and
validation) and rewrite them to state the current max-length rule, which fields
it applies to, and how ppt-rs handles truncation/encoding/validation; ensure the
docstrings reference the relevant types/constants in the file (e.g., the
max-length constant and any validation functions/methods) and, if this is a
user-visible behavior change, update AGENTS.md or architecture docs accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1c7d955c-83c4-4cfd-955d-84afb582f1b0

📥 Commits

Reviewing files that changed from the base of the PR and between 1e03dd2 and 45ba517.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• Cargo.toml
• src/openhuman/agent_registry/agents/orchestrator/agent.toml
• src/openhuman/artifacts/mod.rs
• src/openhuman/artifacts/store.rs
• src/openhuman/artifacts/store_tests.rs
• src/openhuman/artifacts/types.rs
• src/openhuman/runtime_python/downloader.rs
• src/openhuman/runtime_python/downloader_tests.rs
• src/openhuman/runtime_python/mod.rs
• src/openhuman/runtime_python/run.rs
• src/openhuman/runtime_python/venv.rs
• src/openhuman/tools/impl/mod.rs
• src/openhuman/tools/impl/presentation/engine.rs
• src/openhuman/tools/impl/presentation/mod.rs
• src/openhuman/tools/impl/presentation/tests.rs
• src/openhuman/tools/impl/presentation/types.rs
• src/openhuman/tools/ops.rs

[graycyrus]

High-level review (base of the #1535 stack). The native-Rust ppt-rs engine is a clean call — dropping the Python runtime removes the cold-start latency and the ~50MB venv footprint, and keeps generation fully in-process with no subprocess/sandbox surface. Tool contract + artifact JSON shape are preserved across the engine swap, so the downstream UI PR (#3017) shouldn't need rework.

Two notes inline, plus a coordination point: this is the base of the stack and should merge first. #3017 is branched off this branch (pre-refactor), so until it rebases onto a merged main it still carries the old python-pptx engine — worth merging this one first and asking #3017 to rebase clean.

Nothing blocking here from a high-level pass.

[graycyrus]

ppt-rs links pulldown-cmark + syntect unconditionally (for its markdown/code-highlight paths, which this tool never exercises), so we pay ~10-15MB of binary bloat for code we don't call. The PR body already notes this. Could be worth filing the upstream issue to gate clap/pulldown-cmark/syntect behind a non-default feature, and tracking it so we can shrink the binary later. Not blocking — just flagging so it doesn't get lost.

[oxoxDev]

Not blocking, confirmed. Tracking the upstream ppt-rs feature-gating ask as a follow-up — the unused clap/pulldown-cmark/syntect paths cost ~10-15MB and a default-features-off + opt-in markdown/highlight features would let us shrink the binary later. Will open an issue against the ppt-rs repo before this PR lands and link the tracking URL here.

[graycyrus]

runtime_python::{run, venv} ship here but, after the native-Rust engine refactor, are not consumed by PresentationTool (the PR body confirms this). They're scaffolding for future Python-backed tools. That's a reasonable call, but unused public modules tend to bit-rot and confuse readers — please make sure the "intentionally unused, reserved for future Python tools" rationale is captured in the module docstring here (not just the PR description), or consider deferring these two modules to the PR that actually needs them.

[oxoxDev]

Addressed in f64a439. Added a module rustdoc on runtime_python/mod.rs that calls out the engine-swap commit (e0e2a2e5), enumerates current consumers (stdio MCP servers), captures the "intentionally retained as scaffolding for the next Python-backed tool" rationale, and notes the fallback (delete in a standalone cleanup PR if no consumer materialises). Future readers won't waste cycles wiring it back into the presentation path.

[oxoxDev]

@graycyrus per your nudge — pushed a0459fb29 purging the python-pptx scaffolding that survived the engine swap.

Net -770 lines of dead code removed from this PR:

• src/openhuman/runtime_python/run.rs (295 lines) — deleted, zero external consumers (only invoker.rs from the old python-pptx engine called it, that file's already gone in commit e0e2a2e5).
• src/openhuman/runtime_python/venv.rs (353 lines) — deleted, zero consumers (same story).
• src/openhuman/runtime_python/mod.rs reverted to upstream/main — drops the pub mod run; pub mod venv; re-exports and the rustdoc that previously justified keeping them.
• src/openhuman/runtime_python/downloader.rs reverted to upstream/main — drops the pre-release Python guard I'd added (was a fix for python-pptx wheel issues; not the responsibility of the remaining runtime_python module which only serves stdio MCP servers).
• src/openhuman/runtime_python/downloader_tests.rs reverted — corresponding tests.
• src/openhuman/tools/impl/presentation/types.rs — three field rustdocs swapped python-pptx → ppt-rs; removed the PresentationError::MissingRuntime + MissingPackage dead variants (both #[allow(dead_code)], zero construction sites, kept speculatively for an external pattern-match stability that doesn't apply since the enum isn't serialized or exposed cross-module).

15 scoped presentation tests still pass. Compile clean. Module rustdoc historical notes about the engine swap remain (they document the cross-PR contract that #3017 / #3026 / #3029 rely on; not python residue).