Add feature-flagged Kagi web search#237
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 44 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (2)
WalkthroughAdds Kagi Search and Extract API support, wires optional Kagi credentials into application state, and extends Responses SSE web search to select Brave or Kagi with provider-specific tools, prompts, URL allowlisting, and bounded untrusted output. ChangesKagi web-search integration
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant ResponsesSSE
participant select_web_search_provider
participant ToolRegistry
participant KagiClient
ResponsesSSE->>select_web_search_provider: evaluate flags and client availability
select_web_search_provider-->>ResponsesSSE: select Brave, Kagi, or none
ResponsesSSE->>ToolRegistry: build provider-specific tools
ResponsesSSE->>KagiClient: execute Kagi search or extraction tool
KagiClient-->>ResponsesSSE: return bounded response data
ResponsesSSE->>ResponsesSSE: rebuild provider-aware prompt
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Summary
Companion changes:
Rollout
Flag evaluations are cached per user for up to 10 minutes. A Kagi failure does not switch providers in the middle of an existing request; use the flag to roll subsequent requests back to Brave.
Validation
The initial Powerful-model smoke attempt earlier in the provider work hit an unrelated 120-second Tinfoil first-byte timeout before any tool call. Subsequent runs completed the provider paths, including the final Powerful-model Kagi GUI test above.
Deployment handoff
Development PCR output is validated by CI on each head. Production PCR generation, signed PCR history and KMS signing, and any client trust-store rollout remain deployment-time operations for authorized release operators; this PR intentionally does not change those production artifacts.
Review
Independent reviews covered provider and tool flow, security boundaries, managed-workspace integration, Markdown sanitization, truncation safety, and Maple upload separation. Follow-up fixes retained Kagi untrusted-content guidance at the tool-turn limit, scoped output limits to Kagi, rejected 6to4 and well-known NAT64 encodings of private IPv4 addresses, documented the remote-extraction DNS trust boundary, hardened generated private files, stripped active image and HTML content before budgets, and added post-cut re-sanitization with regression coverage.