Skip to content

Add feature-flagged Kagi web search#237

Merged
AnthonyRonning merged 7 commits into
masterfrom
codex-kagi-search-provider-opensecret
Jul 16, 2026
Merged

Add feature-flagged Kagi web search#237
AnthonyRonning merged 7 commits into
masterfrom
codex-kagi-search-provider-opensecret

Conversation

@AnthonyRonning

@AnthonyRonning AnthonyRonning commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add a bounded Kagi v1 Search and Extract client plus the KAGI_API_KEY enclave secret and configuration path
  • select the web-search provider per request with the user-scoped web-search.kagi flag while retaining Brave as the default
  • give Kagi a two-stage agent flow: web_search discovers candidate links, then the model chooses which allowlisted results to open with open_urls
  • strip Markdown image embeds and raw HTML from all Kagi search, extraction, error, and diagnostic text before content budgets; retain useful alt text and ordinary links
  • re-sanitize every truncated Kagi Markdown prefix so a cutoff cannot reactivate image syntax hidden inside code or another delimiter
  • preserve the existing Brave search path and request/response shape when the flag is off
  • sanitize provider errors and traces, bound response bodies and fields, and restrict extraction to URLs returned by the current Kagi search

Companion changes:

Rollout

  1. Deploy KAGI_API_KEY before enabling the flag.
  2. Create web-search.kagi with default false and 0% rollout.
  3. Override selected users during the gradual rollout.

Flag evaluations are cached per user for up to 10 minutes. A Kagi failure does not switch providers in the middle of an existing request; use the flag to roll subsequent requests back to Brave.

Validation

  • OpenSecret test suite: 253 passed, 17 ignored
  • focused Kagi tool tests: 14 passed, including remote/data/reference/raw-HTML images, pre-budget sanitization, and delimiter-cutoff regressions
  • cargo fmt check passed
  • all-target/all-feature Clippy with -D warnings passed
  • direct live Kagi Search and Extract probes passed
  • real macOS Maple app linked to the managed local stack:
    • Pro fixture evaluates web-search.kagi=true via override
    • live web_search displayed Kagi results and open_urls opened the relevant Polymarket pages
    • expanded page text contained no page-result image accessibility nodes and showed no broken image placeholders
    • the exact reported screenshot still rendered in the attachment preview and sent user message, and the model received it successfully
    • Free fixture with the default off previously completed through Brave with no open_urls tool exposed

The initial Powerful-model smoke attempt earlier in the provider work hit an unrelated 120-second Tinfoil first-byte timeout before any tool call. Subsequent runs completed the provider paths, including the final Powerful-model Kagi GUI test above.

Deployment handoff

Development PCR output is validated by CI on each head. Production PCR generation, signed PCR history and KMS signing, and any client trust-store rollout remain deployment-time operations for authorized release operators; this PR intentionally does not change those production artifacts.

Review

Independent reviews covered provider and tool flow, security boundaries, managed-workspace integration, Markdown sanitization, truncation safety, and Maple upload separation. Follow-up fixes retained Kagi untrusted-content guidance at the tool-turn limit, scoped output limits to Kagi, rejected 6to4 and well-known NAT64 encodings of private IPv4 addresses, documented the remote-extraction DNS trust boundary, hardened generated private files, stripped active image and HTML content before budgets, and added post-cut re-sanitization with regression coverage.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 44 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2f274226-5cb9-4161-9209-3d6968f915ee

📥 Commits

Reviewing files that changed from the base of the PR and between 090576f and cea4a9e.

⛔ Files ignored due to path filters (2)
  • Cargo.lock is excluded by !**/*.lock
  • pcrDev.json is excluded by !pcrDev.json
📒 Files selected for processing (2)
  • Cargo.toml
  • src/web/responses/tools.rs

Walkthrough

Adds Kagi Search and Extract API support, wires optional Kagi credentials into application state, and extends Responses SSE web search to select Brave or Kagi with provider-specific tools, prompts, URL allowlisting, and bounded untrusted output.

Changes

Kagi web-search integration

Layer / File(s) Summary
Bounded Kagi API client
src/kagi.rs
Adds authenticated search and extraction operations, typed responses, input validation, trace-aware errors, response-size limits, API-key redaction, and unit tests.
Application configuration and client wiring
.env.sample, src/main.rs, src/os_flags.rs, src/provider_routing.rs
Adds Kagi environment and secret loading, builder configuration, optional client initialization, application-state storage, and canonical feature-flag constants.
Provider-aware web-search tools
src/web/responses/tools.rs
Adds Brave/Kagi provider selection, Kagi search and open_urls execution, URL validation and allowlisting, untrusted extraction formatting, provider-specific schemas, output bounds, and tests.
SSE provider selection and orchestration
src/web/responses/handlers.rs
Selects providers with timeout fallback, carries provider state through prompts and assistant turns, and threads Kagi URL state through tool execution and prompt rebuilding.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant ResponsesSSE
  participant select_web_search_provider
  participant ToolRegistry
  participant KagiClient
  ResponsesSSE->>select_web_search_provider: evaluate flags and client availability
  select_web_search_provider-->>ResponsesSSE: select Brave, Kagi, or none
  ResponsesSSE->>ToolRegistry: build provider-specific tools
  ResponsesSSE->>KagiClient: execute Kagi search or extraction tool
  KagiClient-->>ResponsesSSE: return bounded response data
  ResponsesSSE->>ResponsesSSE: rebuild provider-aware prompt
Loading

Possibly related PRs

Poem

I’m a bunny with search in my paws,
Kagi hops through guarded URLs and laws.
Brave stays ready when flags say “no,”
Safe little snippets and extracts flow.
Prompts bloom softly, bounded and bright.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: feature-flagged Kagi web search support.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex-kagi-search-provider-opensecret

Comment @coderabbitai help to get the list of available commands.

devin-ai-integration[bot]

This comment was marked as resolved.

coderabbitai[bot]

This comment was marked as resolved.

@AnthonyRonning
AnthonyRonning merged commit 33b9d83 into master Jul 16, 2026
11 checks passed
@AnthonyRonning
AnthonyRonning deleted the codex-kagi-search-provider-opensecret branch July 16, 2026 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant