fix(llc): ongoing call ringing fixes

[Brazol]

• Fixed an issue where ringing a member during an ongoing call could prematurely end the call if they declined.
• Fixed an issue where a failed call accept attempt left the CallKit call active on iOS.

Added option to add a call member and ring them during the ongoing call in Dogfooding app.

Summary by CodeRabbit

• New Features

  • Redesigned call participants screen: separate sections for participants/non-participants, live participant count, per-member "Ring" action, and "Share link" / "Add member" buttons.

• Bug Fixes

  • Fixed premature ringing termination when members decline.
  • Fixed iOS CallKit calls remaining active after failed accept attempts.
  • Improved handling when accepting incoming calls fails.

• Tests

  • Added tests for ringing and member-add behavior.

• Documentation

  • Updated changelog with upcoming fixes.

[coderabbitai]

Warning

Review limit reached

@Brazol, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 54 minutes and 51 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f6390970-dce1-4829-a8ff-1429c8cc3215

📥 Commits

Reviewing files that changed from the base of the PR and between 010eda3 and 7966644.

📒 Files selected for processing (2)

• .github/workflows/pana.yml
• packages/stream_video/lib/src/call/state/mixins/state_coordinator_mixin.dart

📝 Walkthrough

Walkthrough

Refactors the dogfooding call participants screen to separate participants and non-participants, adds Share/Add/Ring actions and tile widgets; scopes coordinator rejection auto-disconnect to the ringing flow; ends native push calls on accept failure; and adds tests, a models export, changelog updates, and CI threshold tweaks.

Changes

Call Participants Screen UI Redesign

Layer / File(s)	Summary
Data structure and participants list rendering dogfooding/lib/screens/call_participants_list.dart	Imports updated; participant IDs computed and membersNotInCall derived; app bar shows participants.length; participants and non-participants rendered in a sectioned ListView.
Share, add-member, and ring handlers dogfooding/lib/screens/call_participants_list.dart	Replaces bottom area with "Share link" and "Add member" StreamButtons; implements _shareLink (reads join URL, shows snackbar, calls SharePlus), _ringMember (calls call.ring and shows snackbars), and _showAddMemberDialog (prompts for user id, validates, calls call.addMembers).
Participant and member tile widgets dogfooding/lib/screens/call_participants_list.dart	Adds _ParticipantTile (avatar, name, roles, mic/video icons) and _MemberTile (avatar, name, roles, Ring button).

Call Accept Failure Cleanup & Exports

Layer / File(s)	Summary
End native push call on accept failure; models export packages/stream_video/lib/src/stream_video.dart, packages/stream_video/lib/src/models/models.dart	On call accept failures, log at warning level and call pushNotificationManager?.endCallByCid(...); add export 'call_member_state.dart'; to the models barrel.

Ringing Flow State Guard

Layer / File(s)	Summary
Guard auto-disconnect behind ringing flow check packages/stream_video/lib/src/call/state/mixins/state_coordinator_mixin.dart	coordinatorCallRejected now runs rejection-driven auto-disconnect logic only when state.isRingingFlow is true, preserving the previous disconnect branches and state updates.

Tests, Fixtures, Changelog, and CI

Layer / File(s)	Summary
Ongoing-call ring and add-members tests packages/stream_video/test/src/call/call_ring_test.dart	New test suite covering ringCall argument forwarding, video flag, failure propagation, addMembers payload mapping, and an add-then-ring end-to-end scenario.
Coordinator rejection tests updates packages/stream_video/test/src/call/call_coordinator_events_test.dart	Existing rejection tests updated to use ringing: true where applicable and a new test asserts rejection outside ringing flow doesn't disconnect the call.
Test fixtures adjustments packages/stream_video/test/src/call/fixtures/call_test_helpers.dart	Removes an unused import and stubs clientState.setOutgoingCall(...) to return a completed Future<void>.
Changelog and CI packages/stream_video/CHANGELOG.md, .github/workflows/pana.yml	Adds an "Upcoming" changelog section with two CallKit/ringing fixes; lowers Pana min_score thresholds for two workflow jobs.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• renefloor
• xsahil03x

Poem

🐰 I hopped to the call and split the crowd,

Tiles for the players, others bowed.
I shared a link, I rang a name,
Cleaned up pushes, kept flow tame.
A tiny rabbit, testing fame.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. It lists the bug fixes and feature additions but lacks several required template sections: Goal, Implementation details, Testing methodology, UI comparison table/video, and Contributor Checklist.	Add the missing template sections: structured Goal and Implementation details sections, Testing explanation, before/after UI comparison, and complete the Contributor and Reviewer checklists.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(llc): ongoing call ringing fixes' accurately describes the main changes: fixes for ringing behavior during ongoing calls and call accept issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/call-accept-fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/stream_video/lib/src/stream_video.dart (1)

779-804: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle native-call teardown on all post-accept failures and make teardown non-throwing.

Line 779 and Line 924 can still exit after native accept without ending the native call; teardown currently only runs on Line 802/Line 947. Also, endCallByCid should be wrapped so a platform error does not escape this failure path.

Suggested patch

@@
   Future<bool> consumeAndAcceptActiveCall({
@@
     if (callResult.isFailure) {
       _logger.d(
         () =>
             '[consumeAndAcceptActiveCall] error consuming incoming call: '
             '${callResult.getErrorOrNull()}',
       );
+      await _safeEndNativeCallByCid(
+        calls.first.callCid!,
+        context: 'consumeAndAcceptActiveCall',
+      );
       return false;
     }
@@
     final call = callResult.getDataOrNull();
-    if (call == null) return false;
+    if (call == null) {
+      await _safeEndNativeCallByCid(
+        calls.first.callCid!,
+        context: 'consumeAndAcceptActiveCall',
+      );
+      return false;
+    }
@@
-      await pushNotificationManager?.endCallByCid(call.callCid.value);
+      await _safeEndNativeCallByCid(
+        call.callCid.value,
+        context: 'consumeAndAcceptActiveCall',
+      );
       return false;
     }
@@
   Future<void> _onCallAccept(
@@
     if (consumeResult.isFailure) {
       _logger.w(
         () =>
             '[onCallAccept] error consuming incoming call: ${consumeResult.getErrorOrNull()}',
       );
+      await _safeEndNativeCallByCid(cid, context: 'onCallAccept');
       return;
     }
@@
     final callToJoin = consumeResult.getDataOrNull();
-    if (callToJoin == null) return;
+    if (callToJoin == null) {
+      await _safeEndNativeCallByCid(cid, context: 'onCallAccept');
+      return;
+    }
@@
-      await pushNotificationManager?.endCallByCid(cid);
+      await _safeEndNativeCallByCid(cid, context: 'onCallAccept');
       return;
     }
@@
+  Future<void> _safeEndNativeCallByCid(
+    String cid, {
+    required String context,
+  }) async {
+    try {
+      await pushNotificationManager?.endCallByCid(cid);
+    } catch (e, stk) {
+      _logger.w(
+        () => '[$context] failed to end native call for cid=$cid: $e',
+        e,
+        stk,
+      );
+    }
+  }

Also applies to: 924-949

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/stream_video/lib/src/stream_video.dart` around lines 779 - 804,
After accepting a native call, ensure native-call teardown always runs and
cannot throw: in consumeAndAcceptActiveCall (the code paths that check
callResult/isFailure and acceptResult/isFailure and any other early returns
after call.accept()), call
pushNotificationManager?.endCallByCid(call.callCid.value) before every return
that follows a successful native accept; wrap that endCallByCid invocation in a
try/catch (or otherwise swallow platform errors) so teardown failures do not
propagate and the function still returns false as intended.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@dogfooding/lib/screens/call_participants_list.dart`:
- Around line 273-276: The Text widget currently renders raw participant.name
which can be empty; change it to use the same fallback as the avatar by
rendering participant.name when non-empty otherwise participant.userId (e.g.
replace participant.name with something like participant.name?.isNotEmpty ==
true ? participant.name : participant.userId) so the label never appears blank
in the participant tile.
- Around line 132-140: The share sheet anchor is being taken from the
StreamBuilder's context instead of the actual "Share link" button, so change
_shareLink to use the button's RenderBox: add a GlobalKey (or wrap the "Share
link" button in a RepaintBoundary with a key) on the StreamButton widget, use
that key to get the RenderBox (key.currentContext!.findRenderObject() as
RenderBox) and compute origin = box.localToGlobal(Offset.zero) & box.size, then
pass that origin into ShareParams.sharePositionOrigin; update any callers of
_shareLink to reference the keyed widget if needed.

---

Outside diff comments:
In `@packages/stream_video/lib/src/stream_video.dart`:
- Around line 779-804: After accepting a native call, ensure native-call
teardown always runs and cannot throw: in consumeAndAcceptActiveCall (the code
paths that check callResult/isFailure and acceptResult/isFailure and any other
early returns after call.accept()), call
pushNotificationManager?.endCallByCid(call.callCid.value) before every return
that follows a successful native accept; wrap that endCallByCid invocation in a
try/catch (or otherwise swallow platform errors) so teardown failures do not
propagate and the function still returns false as intended.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 32d1325b-c27d-43ea-9beb-d754bf661137

📥 Commits

Reviewing files that changed from the base of the PR and between 879ee25 and 2ef6ceb.

📒 Files selected for processing (5)

• dogfooding/lib/screens/call_participants_list.dart
• packages/stream_video/CHANGELOG.md
• packages/stream_video/lib/src/call/state/mixins/state_coordinator_mixin.dart
• packages/stream_video/lib/src/models/models.dart
• packages/stream_video/lib/src/stream_video.dart

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 9.71%. Comparing base (7cb5125) to head (7966644).

Files with missing lines	Patch %	Lines
packages/stream_video/lib/src/stream_video.dart	0.00%	6 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##            main   #1250      +/-   ##
========================================
+ Coverage   9.68%   9.71%   +0.03%     
========================================
  Files        676     676              
  Lines      49689   49695       +6     
========================================
+ Hits        4810    4826      +16     
+ Misses     44879   44869      -10     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/pana.yml (1)

27-36: ⚡ Quick win

Consider adding explicit permissions blocks for security hardening.

The static analysis tool flags these jobs for using default permissions. Following GitHub Actions security best practices, explicitly declare minimum required permissions:

🔒 Recommended permissions blocks

For both stream_video_flutter and stream_video_push_notification jobs, add:

 stream_video_flutter:
   runs-on: ubuntu-latest
+  permissions:
+    contents: read
   steps:

 stream_video_push_notification:
   runs-on: ubuntu-latest
+  permissions:
+    contents: read
   steps:

This makes the security posture explicit and follows the principle of least privilege. Consider applying this pattern to all jobs in the workflow.

As per static analysis hints: zizmor flags "overly broad permissions (excessive-permissions): default permissions used due to no permissions: block" for these job definitions.

Also applies to: 38-47

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pana.yml around lines 27 - 36, Add explicit minimal
permissions blocks to the job definitions (e.g., stream_video_flutter and
stream_video_push_notification) to avoid using default workspace permissions;
update each job (the job blocks named stream_video_flutter and
stream_video_push_notification) to declare only the required GitHub Actions
permissions (for example, at minimum contents: read and actions: read, plus any
additional scopes the custom ./.github/actions/pana action actually needs)
instead of relying on defaults so the workflow follows least-privilege security
best practices.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/pana.yml:
- Around line 27-36: Add explicit minimal permissions blocks to the job
definitions (e.g., stream_video_flutter and stream_video_push_notification) to
avoid using default workspace permissions; update each job (the job blocks named
stream_video_flutter and stream_video_push_notification) to declare only the
required GitHub Actions permissions (for example, at minimum contents: read and
actions: read, plus any additional scopes the custom ./.github/actions/pana
action actually needs) instead of relying on defaults so the workflow follows
least-privilege security best practices.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b54c27c-1c7e-4aab-942a-bfe08f7096b2

📥 Commits

Reviewing files that changed from the base of the PR and between 5be02c5 and 010eda3.

📒 Files selected for processing (3)

• .github/workflows/pana.yml
• dogfooding/lib/screens/call_participants_list.dart
• packages/stream_video/test/src/call/call_ring_test.dart

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/stream_video/test/src/call/call_ring_test.dart
• dogfooding/lib/screens/call_participants_list.dart

[xsahil03x]

Added some comments, but LGTM ✅