refactor(web): extract useDraftOverride + useStoredCredentialPresence shared hooks (LUM-2222, LUM-2223)

[devin-ai-integration]

Prompt / plan

Phase 1 of LUM-2072 remaining scope: extract shared hooks from the settings/AI domain to DRY up duplicate patterns across multiple consumer files.

Closes LUM-2222 (useDraftOverride), closes LUM-2223 (useStoredCredentialPresence).

What changed

useDraftOverride<T> — generic hook that manages a local draft overlaying a server-derived value, with auto-clear when the server value converges after save + cache refetch. Replaces 4 duplicate draft-state patterns (2× web-search-card, 1× image-gen-card, 1× language-model-card).

useStoredCredentialPresence — TanStack Query hook that checks whether a stored credential exists on the daemon. Centralizes org-readiness gating, retry logic for transient daemon errors, and Sentry error reporting. Replaces 2 identical inline query patterns (web-search-card, provider-editor-modal).

Audit findings (fixed)

1. Null sentinel in useDraftOverride — The original implementation used null as both "no draft" sentinel and a potential valid value for nullable T. Fixed by wrapping internal state in { value: T } | undefined so null is a valid draft value and undefined is the clear signal.

2. Redundant isLoading conditions in useStoredCredentialPresence — query.isLoading && !!assistantId && enabled && isOrgReady had 3 redundant guards. TanStack Query v5's isLoading = isPending && isFetching already returns false when enabled is false. Simplified to query.isLoading.

3. Redundant manual draft clear in language-model-card — setDraftActiveProfile(null) in the save handler was redundant because optimistic onMutate updates the cache, which triggers the auto-clear useEffect in useDraftOverride. Removed for consistency with web-search-card and image-gen-card (which rely entirely on auto-clear).

4. Dual reconcileFromDaemonConfig memos in web-search-card — Two separate useMemo calls both calling reconcileFromDaemonConfig(daemonConfig) with identical deps. Consolidated into a single memo returning both serverWebSearchMode and serverWebSearchProvider.

Test plan

• bun test src/domains/settings/ai/ — 57/57 passing
• bun run lint — clean (no new warnings)
• bunx tsc --noEmit — clean
• CI: 7/7 checks expected green

Link to Devin session: https://app.devin.ai/sessions/4b3b130bbf274e5487da3b4992883093
Requested by: @ashleeradka

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring

[linear]

LUM-2222

LUM-2223

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a68d4bcd07

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Preserve null as a valid profile draft

When the saved activeProfile is non-null, this hook treats null as “no draft”, but the dropdown also uses null to mean “clear the default profile” (val === "" ? null : val). As a result, selecting the blank/default option immediately falls back to the saved profile, isProfileDirty stays false, and the user cannot save activeProfile: null; the previous draftInitialized flag kept those two states distinct.

Useful? React with 👍 / 👎.

[devin-ai-integration]

False positive — the old code had the same behavior for null.

Old code path (when val === "" triggers setDraftActiveProfile(null) + setDraftInitialized(true)):

draftInitialized = true → return draftActiveProfile ?? activeProfile → null ?? activeProfile → activeProfile

New code path (same trigger):

draft = null → effective = draft ?? serverValue → null ?? activeProfile → activeProfile

Both fall back to activeProfile identically. The draftInitialized flag only controlled the initial render path (!draftInitialized && activeProfile !== null), not the null-draft case — once initialized, draftActiveProfile ?? activeProfile already collapses null into activeProfile, exactly like useDraftOverride does.

Also, the dropdown options are all non-empty profile name strings — val === "" can't be triggered from the options list. The val === "" ? null : val guard is defensive.

Resolved — no behavioral regression.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

[ashleeradka]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[vex-assistant-bot]

✦ APPROVE at HEAD ec9daee3

Both prior REQUEST_CHANGES findings cleanly resolved in 0866de5c:

1. contacts-page.tsx:213 — as ChannelsAvailableGetResponse → satisfies ChannelsAvailableGetResponse. Same compile-time check, no cast. If DEFAULT_CHANNELS ever drifts from the wire shape, TS now errors at the synthesis site instead of silently passing.

2. contact-channels-section.tsx — replaced as ChannelInfo["id"] with a proper type-predicate pattern: KNOWN_CHANNEL_IDS: ReadonlySet<string> populated from the literal union, isKnownChannelId(value): value is ChannelInfo["id"], then guard-and-narrow (if (!isKnownChannelId(ch.type)) continue; followed by bare id: ch.type). Unknown channel kinds from the daemon now fall through the early-continue branch instead of being asserted into a lying type. Exactly the shape I suggested.

No new as casts on runtime-boundary shapes anywhere in the diff. contacts-gateway.ts (return data.contact; etc.) uses the unwrapped typed SDK response shape via the { 200: ResponseType } generic map — properly typed, not asserted.

Merge gate check:

• ✅ Vex APPROVED at HEAD
• ✅ Codex 👍 on PR description
• ✅ CI green (Lint, Type Check, Build, Test, OpenAPI Spec Check, FlexFrame Lint, Socket Security)
• Nighttime — merging per the May 26 rule.

Vellum Constitution — Trust-seeking: the schema-first migration now actually pays off because the runtime boundary stays earned. Generated types, predicate guards, satisfies — no shortcuts that hide drift.