1.7 KiB
| id | slug | title | status | kind | created_at | updated_at | reviewer |
|---|---|---|---|---|---|---|---|
| 20260528-152959-web-search-fetch-tools-review | web-search-fetch-tools | Review for WebSearch and WebFetch tools | reviewed | review | 2026-05-28T15:29:59Z | 2026-05-29T09:28:00Z | insomnia-system |
Review summary
Reviewed implementation branch work/web-search-fetch-tools in worktree /home/hare/Projects/insomnia/.worktree/web-search-fetch-tools.
The implementation adds normal built-in function tools WebSearch and WebFetch, not provider-hosted OpenAI/Codex tools. WebSearch uses Brave Search API with environment-variable API key configuration, query/limit/offset validation, and bounded JSON output. WebFetch uses an independent HTTP client with URL/scheme/host/IP policy, redirect revalidation, timeout and byte limits, content-type checks, and HTML/text/JSON/XML-ish rendering. Both tools are registered through the existing built-in tool path and fail closed when web access is disabled or search is unconfigured.
One blocking issue was found and fixed: Brave WebSearch initially had no request timeout and read the provider response body without a size bound. The amendment adds typed search timeout configuration and bounded response reading.
The implementation keeps Codex hosted web search out of scope, which matches the ticket decision.
Validation
Reviewer ran:
cargo fmt --checkcargo test -p tools --no-default-featurescargo test -p manifest --no-default-featurescargo check -p pod --no-default-featurescargo check -p tui --no-default-featuresgit diff --check develop...HEAD
All passed. The only compiler warnings observed were pre-existing dead-code warnings under no-default feature checks.
Judgment
Approved after amendment.