Skip to content

fix(coding-agent): bound native web search fallbacks#203

Merged
code-yeongyu merged 8 commits into
mainfrom
code-yeongyu/fix-websearch-fallback-cascade
Jul 13, 2026
Merged

fix(coding-agent): bound native web search fallbacks#203
code-yeongyu merged 8 commits into
mainfrom
code-yeongyu/fix-websearch-fallback-cascade

Conversation

@code-yeongyu

@code-yeongyu code-yeongyu commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Vendor the bounded native web-search route discovery and endpoint hardening from code-yeongyu/pi-websearch merges ff6db5ccbd73522d683aada9f0a365205fd1c2c6 and 06e3ec457e86d299c20808954e18f20b23cc7a64, and make native authentication discovery honor search cancellation.

Before this change, aliases that reached the same native provider endpoint each became a serial fallback attempt. A search could spend minutes walking unavailable model aliases before reaching the configured provider. After this change, discovery emits at most one attempt per effective native route, keeps the active route first, preserves configured provider order, and aborts before or during native auth discovery.

Changes

  • Deduplicate discovered native candidates by provider and normalized endpoint URL.
  • Reserve a route before auth resolution, so unavailable aliases and a failed active route cannot retry the same endpoint.
  • Preserve distinct endpoints for the same provider as separate route candidates.
  • Generate stable opaque route IDs without leaking model, endpoint, query, or credential text.
  • Preserve URL query parameters while discarding fragments.
  • Forward the tool AbortSignal into native discovery and race pending auth resolution against cancellation while removing the listener afterward.
  • Reject dotted private-host spellings and ambiguous repeated-dot IPv4 forms before native auth or provider fetch, while preserving valid public absolute FQDNs.
  • Canonicalize one permitted terminal DNS dot in route identity so dotted and undotted public aliases share one candidate while the first candidate's request URL is preserved.
  • Split route-discovery and real-tool regressions so both test modules remain below 250 pure LOC.
  • Record the exact upstream merge SHA and update the coding-agent changelog.

QA / Evidence

  • RED cancellation regression: auto:true with a pre-aborted signal started six auth resolutions, and abort during pending auth timed out after 30 seconds. Artifact: .omo/evidence/pr203-abort-red.txt.
  • GREEN focused tests before the security follow-up passed 8/8. Artifact: .omo/evidence/pr203-review-followup-green.txt.
  • RED final-review regression: dotted and undotted public FQDN aliases produced two discovered entries and five real-tool provider labels instead of one route/four labels. Artifact: .omo/evidence/pr203-dotted-route-red.txt.
  • GREEN exact-head focused and vendored-builtin matrix: endpoint safety, route discovery, real-tool ordering/abort, and both builtin integration files passed 19/19. Artifact: .omo/evidence/pr203-dotted-route-green.txt.
  • Full coding-agent suite under Node 24.17.0, with provider credential variables stripped: 405 files passed, 3,582 tests passed, 31 skipped. Artifact: .omo/evidence/pr203-review-followup-coding-agent-full-corrected.txt.
  • Static and repository gates: changed-file Biome, no-excuse, root tsgo, exact-head npm run build, and exact-head npm run check including Neo exited 0. Artifacts: .omo/evidence/pr203-dotted-route-no-excuse.txt, .omo/evidence/pr203-dotted-route-build.txt, and .omo/evidence/pr203-dotted-route-full-check.txt plus the earlier targeted receipts.
  • Normal-path Senpi QA under Node 24.17.0: common isolation passed 9/9, direct-source RPC passed 4/4, and deterministic mock-loop passed 5/5 with zero real provider calls. Artifacts: local-ignore/qa-evidence/20260713-websearch-fallback-cascade-abort-followup/common.txt, rpc-direct.txt, and mock-loop-direct.txt in /Users/yeongyu/.codex/worktrees/senpi-pr203-final.
  • Manual real CLI web-search surface: fourteen aliases produced exactly three search requests, the two bounded native routes failed, the configured provider returned the result, the sandbox was removed, and the real auth hash was unchanged. Artifact: local-ignore/qa-evidence/20260713-websearch-fallback-cascade-abort-followup/manual-web-search-surface.txt in /Users/yeongyu/.codex/worktrees/senpi-pr203-final.
  • Final exact-head CLI rerun included a dotted OpenRouter alias mapping to the undotted Anthropic route; fourteen aliases still produced exactly two native requests followed by configured fallback, with real auth unchanged and sandbox removed. Artifact: .omo/evidence/pr203-dotted-route-manual-qa.txt.
  • The stock QA launcher targets the unchanged src/cli.ts coordinator and reproduces a pre-existing inherited-stdin timeout. The direct harness differs only by selecting the byte-identical-to-main src/cli-main.ts runtime entry; the one-line diff and baseline classification are retained with the QA evidence.
  • npm run check reports 45 pre-existing repository-wide Biome information diagnostics while exiting 0; none are in the task-changed files, whose targeted Biome and no-excuse checks are clean.

Risks

  • Route identity includes the normalized query string, so endpoints with different query-based credentials remain distinct. The generated ID hashes that identity and exposes none of its text.
  • Reserving a route before auth succeeds intentionally prevents retrying the same endpoint through another alias. Failed-active and unavailable-alias regressions cover this behavior.
  • Pending auth work that is already running may continue internally after cancellation because the registry API does not accept an AbortSignal; the web-search tool stops waiting immediately and never starts fetch or fallback work afterward.
  • DNS rebinding and redirect-target validation are pre-existing broader SSRF concerns outside this provider-base-URL canonicalization fix; dotted loopback/private spellings are now rejected before credentials are resolved.
  • CGNAT ranges such as 100.64.0.0/10 are also a pre-existing lexical allowlist gap present on origin/main; this PR does not expand that broader SSRF policy surface.
  • No dependency, package manifest, lockfile, shrinkwrap, or install-lock changes are included.

Secret safety

Evidence contains no raw tokens, auth headers, cookies, environment dumps, or credentials. It records synthetic routes, masked auth hashes, and unchanged-auth receipts only.

@code-yeongyu code-yeongyu merged commit 4d1ccc9 into main Jul 13, 2026
6 checks passed
@code-yeongyu code-yeongyu deleted the code-yeongyu/fix-websearch-fallback-cascade branch July 13, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant