fix(cli): scope infer web search secret resolution to web targets only

leno23 · cursoragent · leno23 · commit febfe1d3f034 · 2026-05-17T05:36:55.000+08:00
Use getCapabilityWebCommandSecretTargetIds instead of the full agent
runtime target set so infer web search/fetch do not resolve unrelated
model, memory, or channel credentials.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/src/cli/capability-cli.test.ts b/src/cli/capability-cli.test.ts
@@ -2100,9 +2100,11 @@ describe("capability cli", () => {
       argv: ["infer", "web", "search", "--query", "ping", "--json"],
     });
 
+    const { getCapabilityWebCommandSecretTargetIds } = await import("./command-secret-targets.js");
     expect(mocks.resolveCommandConfigWithSecrets).toHaveBeenCalledWith(
       expect.objectContaining({
         commandName: "infer web search",
+        targetIds: getCapabilityWebCommandSecretTargetIds(),
       }),
     );
     expect(webSearchRuntime.runWebSearch).toHaveBeenCalledWith(
diff --git a/src/cli/capability-cli.ts b/src/cli/capability-cli.ts
@@ -88,7 +88,7 @@ import {
 } from "../web-search/runtime.js";
 import { runCommandWithRuntime } from "./cli-utils.js";
 import { resolveCommandConfigWithSecrets } from "./command-config-resolution.js";
-import { getAgentRuntimeCommandSecretTargetIds } from "./command-secret-targets.js";
+import { getCapabilityWebCommandSecretTargetIds } from "./command-secret-targets.js";
 import { removeCommandByName } from "./program/command-tree.js";
 import { collectOption } from "./program/helpers.js";
 
@@ -1536,7 +1536,7 @@ async function resolveCapabilityCommandConfig(params: {
   const { effectiveConfig } = await resolveCommandConfigWithSecrets({
     config: cfg,
     commandName: params.commandName,
-    targetIds: getAgentRuntimeCommandSecretTargetIds(),
+    targetIds: getCapabilityWebCommandSecretTargetIds(),
     runtime: params.runtime,
     autoEnable: true,
   });
diff --git a/src/cli/command-secret-resolution.coverage.test.ts b/src/cli/command-secret-resolution.coverage.test.ts
@@ -21,6 +21,7 @@ function hasSupportedTargetIdsWiring(source: string): boolean {
     source.includes("resolveAgentRuntimeConfig(") ||
     /targetIds:\s*get[A-Za-z0-9_]+\(\)/m.test(source) ||
     /targetIds:\s*getAgentRuntimeCommandSecretTargetIds\(/m.test(source) ||
+    /targetIds:\s*getCapabilityWebCommandSecretTargetIds\(/m.test(source) ||
     /targetIds:\s*scopedTargets\.targetIds/m.test(source) ||
     source.includes("collectStatusScanOverview({")
   );
diff --git a/src/cli/command-secret-targets.test.ts b/src/cli/command-secret-targets.test.ts
@@ -54,6 +54,7 @@ vi.mock("../secrets/target-registry.js", () => ({
 
 import {
   getAgentRuntimeCommandSecretTargetIds,
+  getCapabilityWebCommandSecretTargetIds,
   getModelsCommandSecretTargetIds,
   getQrRemoteCommandSecretTargetIds,
   getScopedChannelsCommandSecretTargets,
@@ -82,6 +83,18 @@ describe("command secret target ids", () => {
     expect(ids.has("channels.discord.token")).toBe(false);
   });
 
+  it("scopes capability web commands to web credential surfaces only", () => {
+    const ids = getCapabilityWebCommandSecretTargetIds();
+    expect(ids.has("tools.web.search.apiKey")).toBe(true);
+    expect(ids.has("plugins.entries.exa.config.webSearch.apiKey")).toBe(true);
+    expect(ids.has("plugins.entries.firecrawl.config.webFetch.apiKey")).toBe(true);
+    expect(ids.has("models.providers.openai.apiKey")).toBe(false);
+    expect(ids.has("agents.defaults.memorySearch.remote.apiKey")).toBe(false);
+    expect(ids.has("messages.tts.providers.openai.apiKey")).toBe(false);
+    expect(ids.has("skills.entries.demo.apiKey")).toBe(false);
+    expect(ids.has("channels.discord.token")).toBe(false);
+  });
+
   it("includes channel targets for agent runtime when delivery needs them", () => {
     const ids = getAgentRuntimeCommandSecretTargetIds({ includeChannelTargets: true });
     expect(ids.has("channels.discord.token")).toBe(true);
diff --git a/src/cli/command-secret-targets.ts b/src/cli/command-secret-targets.ts
@@ -58,8 +58,16 @@ type CommandSecretTargets = {
   securityAudit: string[];
 };
 
+const STATIC_CAPABILITY_WEB_TARGET_IDS = ["tools.web.search.apiKey"] as const;
+const CAPABILITY_WEB_TARGET_ID_PREFIXES = [
+  "tools.web.search",
+  "tools.web.fetch",
+  "plugins.entries.",
+] as const;
+
 let cachedCommandSecretTargets: CommandSecretTargets | undefined;
 let cachedAgentRuntimeBaseTargetIds: string[] | undefined;
+let cachedCapabilityWebTargetIds: string[] | undefined;
 let cachedChannelSecretTargetIds: string[] | undefined;
 
 function getChannelSecretTargetIds(): string[] {
@@ -76,6 +84,30 @@ function isPluginWebCredentialTargetId(id: string): boolean {
   return configPath === "webSearch.apiKey" || configPath === "webFetch.apiKey";
 }
 
+function isCapabilityWebSecretTargetId(id: string): boolean {
+  if ((STATIC_CAPABILITY_WEB_TARGET_IDS as readonly string[]).includes(id)) {
+    return true;
+  }
+  if (isPluginWebCredentialTargetId(id)) {
+    return true;
+  }
+  return CAPABILITY_WEB_TARGET_ID_PREFIXES.some(
+    (prefix) => id === prefix || id.startsWith(`${prefix}.`),
+  );
+}
+
+function getCapabilityWebTargetIds(): string[] {
+  cachedCapabilityWebTargetIds ??= [
+    ...new Set([
+      ...STATIC_CAPABILITY_WEB_TARGET_IDS,
+      ...listSecretTargetRegistryEntries()
+        .map((entry) => entry.id)
+        .filter(isCapabilityWebSecretTargetId),
+    ]),
+  ].toSorted();
+  return cachedCapabilityWebTargetIds;
+}
+
 function getAgentRuntimeBaseTargetIds(): string[] {
   cachedAgentRuntimeBaseTargetIds ??= [
     ...STATIC_AGENT_RUNTIME_BASE_TARGET_IDS,
@@ -245,6 +277,10 @@ export function getAgentRuntimeCommandSecretTargetIds(params?: {
   return toTargetIdSet(getCommandSecretTargets().agentRuntime);
 }
 
+export function getCapabilityWebCommandSecretTargetIds(): Set<string> {
+  return toTargetIdSet(getCapabilityWebTargetIds());
+}
+
 export function getStatusCommandSecretTargetIds(
   config?: OpenClawConfig,
   env?: NodeJS.ProcessEnv,
