github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 07:31:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(web): split trusted and strict web tool fetch paths

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 01:13:57 +00:00
parent e07c51b045
commit e7cd4bf1bd
5 changed files with 61 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/agents/tools/web-search.ts
View File

@@ -6,10 +6,8 @@ import { wrapWebContent } from "../../security/external-content.js";
import { normalizeSecretInput } from "../../utils/normalize-secret-input.js";
import type { AnyAgentTool } from "./common.js";
import { jsonResult, readNumberParam, readStringParam } from "./common.js";
import {
WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY,
withWebToolsNetworkGuard,
} from "./web-guarded-fetch.js";
import { withTrustedWebToolsEndpoint } from "./web-guarded-fetch.js";
import { resolveCitationRedirectUrl } from "./web-search-citation-redirect.js";
import {
CacheEntry,
DEFAULT_CACHE_TTL_MINUTES,
@@ -609,12 +607,11 @@ async function withTrustedWebSearchEndpoint<T>(
},
run: (response: Response) => Promise<T>,
): Promise<T> {
return withWebToolsNetworkGuard(
return withTrustedWebToolsEndpoint(
{
url: params.url,
init: params.init,
timeoutSeconds: params.timeoutSeconds,
policy: WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY,
},
async ({ response }) => run(response),
);
@@ -696,7 +693,7 @@ async function runGeminiSearch(params: {
const batch = rawCitations.slice(i, i + MAX_CONCURRENT_REDIRECTS);
const resolved = await Promise.all(
batch.map(async (citation) => {
const resolvedUrl = await resolveRedirectUrl(citation.url);
const resolvedUrl = await resolveCitationRedirectUrl(citation.url);
return { ...citation, url: resolvedUrl };
}),
);
@@ -708,27 +705,6 @@ async function runGeminiSearch(params: {
);
}
const REDIRECT_TIMEOUT_MS = 5000;
/**
* Resolve a redirect URL to its final destination using a HEAD request.
* Returns the original URL if resolution fails or times out.
*/
async function resolveRedirectUrl(url: string): Promise<string> {
try {
return await withWebToolsNetworkGuard(
{
url,
init: { method: "HEAD" },
timeoutMs: REDIRECT_TIMEOUT_MS,
},
async ({ finalUrl }) => finalUrl || url,
);
} catch {
return url;
}
}
function resolveSearchCount(value: unknown, fallback: number): number {
const parsed = typeof value === "number" && Number.isFinite(value) ? value : fallback;
const clamped = Math.max(1, Math.min(MAX_SEARCH_COUNT, Math.floor(parsed)));
@@ -1492,5 +1468,5 @@ export const __testing = {
resolveKimiModel,
resolveKimiBaseUrl,
extractKimiCitations,
resolveRedirectUrl,
resolveRedirectUrl: resolveCitationRedirectUrl,
} as const;