harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

fix(web-search): harden config handling and trim unrelated CI edit

Browse source
This commit is contained in:
Chummy 2026-02-18 15:20:08 +08:00
parent 1757add64a
commit a0b277b21e
4 changed files with 164 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/pr-auto-response.yml vendored
View file

@ -40,8 +40,8 @@ jobs:
- name: Greet first-time contributors
uses: actions/first-interaction@a1db7729b356323c7988c20ed6f0d33fe31297be # v1
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
issue_message: |
repo-token: ${{ secrets.GITHUB_TOKEN }}
issue-message: |
Thanks for opening this issue.
Before maintainers triage it, please confirm:
@ -50,7 +50,7 @@ jobs:
- Sensitive values are redacted
This helps us keep issue throughput high and response latency low.
pr_message: |
pr-message: |
Thanks for contributing to ZeroClaw.
For faster review, please ensure:

1
src/config/mod.rs
View file

@ -9,7 +9,6 @@ pub use schema::{
LarkConfig, MatrixConfig, MemoryConfig, ModelRouteConfig, ObservabilityConfig,
PeripheralBoardConfig, PeripheralsConfig, QueryClassificationConfig, ReliabilityConfig,
ResourceLimitsConfig, RuntimeConfig, SandboxBackend, SandboxConfig, SchedulerConfig,
WebSearchConfig, WebhookConfig,
SecretsConfig, SecurityConfig, SlackConfig, TelegramConfig, TunnelConfig, WebSearchConfig,
WebhookConfig,
};

121
src/config/schema.rs
View file

@ -2078,6 +2078,12 @@ impl Config {
"config.browser.computer_use.api_key",
)?;
decrypt_optional_secret(
&store,
&mut config.web_search.brave_api_key,
"config.web_search.brave_api_key",
)?;
for agent in config.agents.values_mut() {
decrypt_optional_secret(&store, &mut agent.api_key, "config.agents.*.api_key")?;
}
@ -2182,6 +2188,55 @@ impl Config {
}
}
}
// Web search enabled: ZEROCLAW_WEB_SEARCH_ENABLED or WEB_SEARCH_ENABLED
if let Ok(enabled) = std::env::var("ZEROCLAW_WEB_SEARCH_ENABLED")
.or_else(|_| std::env::var("WEB_SEARCH_ENABLED"))
{
self.web_search.enabled = enabled == "1" || enabled.eq_ignore_ascii_case("true");
}
// Web search provider: ZEROCLAW_WEB_SEARCH_PROVIDER or WEB_SEARCH_PROVIDER
if let Ok(provider) = std::env::var("ZEROCLAW_WEB_SEARCH_PROVIDER")
.or_else(|_| std::env::var("WEB_SEARCH_PROVIDER"))
{
let provider = provider.trim();
if !provider.is_empty() {
self.web_search.provider = provider.to_string();
}
}
// Brave API key: ZEROCLAW_BRAVE_API_KEY or BRAVE_API_KEY
if let Ok(api_key) =
std::env::var("ZEROCLAW_BRAVE_API_KEY").or_else(|_| std::env::var("BRAVE_API_KEY"))
{
let api_key = api_key.trim();
if !api_key.is_empty() {
self.web_search.brave_api_key = Some(api_key.to_string());
}
}
// Web search max results: ZEROCLAW_WEB_SEARCH_MAX_RESULTS or WEB_SEARCH_MAX_RESULTS
if let Ok(max_results) = std::env::var("ZEROCLAW_WEB_SEARCH_MAX_RESULTS")
.or_else(|_| std::env::var("WEB_SEARCH_MAX_RESULTS"))
{
if let Ok(max_results) = max_results.parse::<usize>() {
if (1..=10).contains(&max_results) {
self.web_search.max_results = max_results;
}
}
}
// Web search timeout: ZEROCLAW_WEB_SEARCH_TIMEOUT_SECS or WEB_SEARCH_TIMEOUT_SECS
if let Ok(timeout_secs) = std::env::var("ZEROCLAW_WEB_SEARCH_TIMEOUT_SECS")
.or_else(|_| std::env::var("WEB_SEARCH_TIMEOUT_SECS"))
{
if let Ok(timeout_secs) = timeout_secs.parse::<u64>() {
if timeout_secs > 0 {
self.web_search.timeout_secs = timeout_secs;
}
}
}
}
pub fn save(&self) -> Result<()> {
@ -2206,6 +2261,12 @@ impl Config {
"config.browser.computer_use.api_key",
)?;
encrypt_optional_secret(
&store,
&mut config_to_save.web_search.brave_api_key,
"config.web_search.brave_api_key",
)?;
for agent in config_to_save.agents.values_mut() {
encrypt_optional_secret(&store, &mut agent.api_key, "config.agents.*.api_key")?;
}
@ -2469,6 +2530,7 @@ default_temperature = 0.7
secrets: SecretsConfig::default(),
browser: BrowserConfig::default(),
http_request: HttpRequestConfig::default(),
web_search: WebSearchConfig::default(),
agent: AgentConfig::default(),
identity: IdentityConfig::default(),
cost: CostConfig::default(),
@ -2579,6 +2641,7 @@ tool_dispatcher = "xml"
secrets: SecretsConfig::default(),
browser: BrowserConfig::default(),
http_request: HttpRequestConfig::default(),
web_search: WebSearchConfig::default(),
agent: AgentConfig::default(),
identity: IdentityConfig::default(),
cost: CostConfig::default(),
@ -2619,6 +2682,7 @@ tool_dispatcher = "xml"
config.api_key = Some("root-credential".into());
config.composio.api_key = Some("composio-credential".into());
config.browser.computer_use.api_key = Some("browser-credential".into());
config.web_search.brave_api_key = Some("brave-credential".into());
config.agents.insert(
"worker".into(),
@ -2660,6 +2724,15 @@ tool_dispatcher = "xml"
"browser-credential"
);
let web_search_encrypted = stored.web_search.brave_api_key.as_deref().unwrap();
assert!(crate::security::SecretStore::is_encrypted(
web_search_encrypted
));
assert_eq!(
store.decrypt(web_search_encrypted).unwrap(),
"brave-credential"
);
let worker = stored.agents.get("worker").unwrap();
let worker_encrypted = worker.api_key.as_deref().unwrap();
assert!(crate::security::SecretStore::is_encrypted(worker_encrypted));
@ -3761,6 +3834,54 @@ default_model = "legacy-model"
std::env::remove_var("PORT");
}
#[test]
fn env_override_web_search_config() {
let _env_guard = env_override_test_guard();
let mut config = Config::default();
std::env::set_var("WEB_SEARCH_ENABLED", "false");
std::env::set_var("WEB_SEARCH_PROVIDER", "brave");
std::env::set_var("WEB_SEARCH_MAX_RESULTS", "7");
std::env::set_var("WEB_SEARCH_TIMEOUT_SECS", "20");
std::env::set_var("BRAVE_API_KEY", "brave-test-key");
config.apply_env_overrides();
assert!(!config.web_search.enabled);
assert_eq!(config.web_search.provider, "brave");
assert_eq!(config.web_search.max_results, 7);
assert_eq!(config.web_search.timeout_secs, 20);
assert_eq!(
config.web_search.brave_api_key.as_deref(),
Some("brave-test-key")
);
std::env::remove_var("WEB_SEARCH_ENABLED");
std::env::remove_var("WEB_SEARCH_PROVIDER");
std::env::remove_var("WEB_SEARCH_MAX_RESULTS");
std::env::remove_var("WEB_SEARCH_TIMEOUT_SECS");
std::env::remove_var("BRAVE_API_KEY");
}
#[test]
fn env_override_web_search_invalid_values_ignored() {
let _env_guard = env_override_test_guard();
let mut config = Config::default();
let original_max_results = config.web_search.max_results;
let original_timeout = config.web_search.timeout_secs;
std::env::set_var("WEB_SEARCH_MAX_RESULTS", "99");
std::env::set_var("WEB_SEARCH_TIMEOUT_SECS", "0");
config.apply_env_overrides();
assert_eq!(config.web_search.max_results, original_max_results);
assert_eq!(config.web_search.timeout_secs, original_timeout);
std::env::remove_var("WEB_SEARCH_MAX_RESULTS");
std::env::remove_var("WEB_SEARCH_TIMEOUT_SECS");
}
#[test]
fn gateway_config_default_values() {
let g = GatewayConfig::default();

54
src/tools/web_search_tool.rs
View file

@ -21,10 +21,10 @@ impl WebSearchTool {
timeout_secs: u64,
) -> Self {
Self {
provider,
provider: provider.trim().to_lowercase(),
brave_api_key,
max_results,
timeout_secs,
max_results: max_results.clamp(1, 10),
timeout_secs: timeout_secs.max(1),
}
}
@ -79,18 +79,9 @@ impl WebSearchTool {
for i in 0..count {
let caps = &link_matches[i];
let mut url_str = caps[1].to_string();
let url_str = decode_ddg_redirect_url(&caps[1]);
let title = strip_tags(&caps[2]);
// Decode DDG redirect URL
if url_str.contains("uddg=") {
if let Ok(decoded) = urlencoding::decode(&url_str) {
if let Some(idx) = decoded.find("uddg=") {
url_str = decoded[idx + 5..].to_string();
}
}
}
lines.push(format!("{}. {}", i + 1, title.trim()));
lines.push(format!(" {}", url_str.trim()));
@ -173,6 +164,18 @@ impl WebSearchTool {
}
}
fn decode_ddg_redirect_url(raw_url: &str) -> String {
if let Some(index) = raw_url.find("uddg=") {
let encoded = &raw_url[index + 5..];
let encoded = encoded.split('&').next().unwrap_or(encoded);
if let Ok(decoded) = urlencoding::decode(encoded) {
return decoded.into_owned();
}
}
raw_url.to_string()
}
fn strip_tags(content: &str) -> String {
let re = Regex::new(r"<[^>]+>").unwrap();
re.replace_all(content, "").to_string()
@ -213,7 +216,7 @@ impl Tool for WebSearchTool {
tracing::info!("Searching web for: {}", query);
let result = match self.provider.to_lowercase().as_str() {
let result = match self.provider.as_str() {
"duckduckgo" | "ddg" => self.search_duckduckgo(query).await?,
"brave" => self.search_brave(query).await?,
_ => anyhow::bail!("Unknown search provider: {}", self.provider),
@ -278,6 +281,29 @@ mod tests {
assert!(result.contains("https://example.com"));
}
#[test]
fn test_parse_duckduckgo_results_decodes_redirect_url() {
let tool = WebSearchTool::new("duckduckgo".to_string(), None, 5, 15);
let html = r#"
<a class="result__a" href="https://duckduckgo.com/l/?uddg=https%3A%2F%2Fexample.com%2Fpath%3Fa%3D1&amp;rut=test">Example Title</a>
<a class="result__snippet">This is a description</a>
"#;
let result = tool.parse_duckduckgo_results(html, "test").unwrap();
assert!(result.contains("https://example.com/path?a=1"));
assert!(!result.contains("rut=test"));
}
#[test]
fn test_constructor_clamps_web_search_limits() {
let tool = WebSearchTool::new("duckduckgo".to_string(), None, 0, 0);
let html = r#"
<a class="result__a" href="https://example.com">Example Title</a>
<a class="result__snippet">This is a description</a>
"#;
let result = tool.parse_duckduckgo_results(html, "test").unwrap();
assert!(result.contains("Example Title"));
}
#[tokio::test]
async fn test_execute_missing_query() {
let tool = WebSearchTool::new("duckduckgo".to_string(), None, 5, 15);