fix(cli): resolve plugin web search SecretRefs for infer web search

[leno23]

Summary

Fixes #82621 — openclaw infer web search (and web fetch) read raw config and left plugin webSearch.apiKey as unresolved SecretRef objects.

Routes runWebSearch / runWebFetch through resolveCommandConfigWithSecrets + getAgentRuntimeCommandSecretTargetIds() so CLI commands materialize secrets before invoking web search runtime.

Real behavior proof

• Behavior or issue addressed: CLI infer web search must resolve plugins.entries.tavily.config.webSearch.apiKey SecretRefs before calling runWebSearch.
• Real environment tested: macOS, Node v22.x, local checkout fix/cli-web-search-secret-refs; TAVILY_API_KEY set in shell (no live Tavily HTTP call).
• Exact steps or command run after this patch:
  1. TAVILY_API_KEY=resolved-live-proof pnpm exec tsx scripts/repro/cli-web-search-secret-refs-live-proof.mjs
• Evidence after fix: Copied live terminal output:

$ TAVILY_API_KEY=resolved-live-proof pnpm exec tsx scripts/repro/cli-web-search-secret-refs-live-proof.mjs
unresolved apiKey is SecretRef object = true
resolveCommandConfigWithSecrets apiKey is string = true
resolved apiKey prefix = resolved…
diagnostics count = 1

• Observed result after fix: resolveCommandConfigWithSecrets returns a string API key from env; raw config still holds the SecretRef object.
• What was not tested: Live openclaw infer web search --provider tavily HTTP request against Tavily with a running gateway.

Test plan

• TAVILY_API_KEY=resolved-live-proof pnpm exec tsx scripts/repro/cli-web-search-secret-refs-live-proof.mjs
• node scripts/run-vitest.mjs src/cli/capability-cli.test.ts -t "resolves plugin web search"
• node scripts/run-vitest.mjs src/cli/command-secret-resolution.coverage.test.ts

Root Cause

• Root cause: runWebSearchCommand used getRuntimeConfig() directly, bypassing command-time secret resolution used elsewhere.
• Missing detection / guardrail: No CLI coverage asserting SecretRefs are resolved before runWebSearch.
• Contributing context: Plugin docs describe webSearch.apiKey as a SecretRef surface.

Regression Test Plan

• src/cli/capability-cli.test.ts — mocks assert resolveCommandConfigWithSecrets with commandName: "infer web search"
• src/cli/command-secret-resolution.coverage.test.ts — allowlist entry for capability-cli

Fixes #82621

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5230d268a9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Limit web command secret resolution to web targets

resolveCapabilityCommandConfig now resolves getAgentRuntimeCommandSecretTargetIds(), which includes unrelated surfaces like models.providers.*.apiKey. For infer web search / infer web fetch, that means an unresolved or unavailable model SecretRef can abort the web command before execution, even when web provider credentials are valid. This is a regression from the prior behavior where these commands only depended on web configuration, and it can break web workflows in configs that intentionally leave model secrets unresolved.

Useful? React with 👍 / 👎.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Summary
The PR routes CLI infer web search/fetch through command secret resolution, adds a capability-web target helper, focused tests, a coverage allowlist entry, and a repro script.

Reproducibility: yes. source-reproducible. Current main reads raw config for CLI web search/fetch while the docs require selected-provider SecretRef resolution; the remaining PR blockers are also source-reproducible from the new target helper.

Real behavior proof
Needs stronger real behavior proof before merge: The PR body includes copied live output, but it exercises a helper script with the old broad target helper rather than the actual openclaw infer web search or infer web fetch command after the final patch. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, ask a maintainer to comment @clawsweeper re-review.

Next step before merge
Contributor action is needed to narrow the secret targets and provide redacted real CLI proof; automation should not repair around an insufficient external proof gate.

Security
Needs attention: The diff still broadens local web commands to consider unrelated plugin secrets, which is an unnecessary secret exposure and failure surface.

Review findings

• [P1] Limit capability web targets to web credential ids — src/cli/command-secret-targets.ts:65
• [P2] Use command-specific web target sets — src/cli/capability-cli.ts:1539

Review details

Best possible solution:

Keep the PR open and narrow command secret resolution to command-specific web search/fetch credential ids, remove the broad plugin prefix, add non-web and cross-family SecretRef regression coverage, and require redacted real CLI proof.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible. Current main reads raw config for CLI web search/fetch while the docs require selected-provider SecretRef resolution; the remaining PR blockers are also source-reproducible from the new target helper.

Is this the best way to solve the issue?

No. Command-time secret resolution is the right fix direction, but this implementation must use narrower command-specific target sets and prove the actual CLI path after the change.

Full review comments:

• [P1] Limit capability web targets to web credential ids — src/cli/command-secret-targets.ts:65
  The new helper still returns every registry id under plugins.entries.. The registry includes configContracts.secretInputs from non-web plugins, so infer web search or infer web fetch can materialize or fail on voice-call Twilio/realtime/TTS SecretRefs before the selected web provider runs. Drop the broad prefix and keep only exact webSearch.apiKey/webFetch.apiKey ids.
  Confidence: 0.91
• [P2] Use command-specific web target sets — src/cli/capability-cli.ts:1539
  Both web search and web fetch call the same all-web target set. With an unresolved webFetch SecretRef, infer web search can fail before search runs; the inverse can happen for fetch. Split the helper or pass the desired family so each command resolves only its own credential surface.
  Confidence: 0.84

Overall correctness: patch is incorrect
Overall confidence: 0.9

Security concerns:

• [medium] Overbroad plugin secret resolution — src/cli/command-secret-targets.ts:65
  The broad plugins.entries. prefix asks local web commands to consider non-web plugin SecretInputs from the registry, increasing unnecessary secret materialization and making unrelated plugin credentials fatal to the command.
  Confidence: 0.9

Acceptance criteria:

• node scripts/run-vitest.mjs src/cli/command-secret-targets.test.ts
• node scripts/run-vitest.mjs src/cli/capability-cli.test.ts -t "resolves plugin web search"
• Add or run coverage for non-web plugin SecretRefs and search-vs-fetch SecretRefs
• Provide redacted real openclaw infer web search --provider <provider> ... --json proof with a SecretRef-backed provider key

What I checked:

• Current-main raw config path: Current main still calls getRuntimeConfig() directly for infer web search and web fetch before invoking web runtime code, matching the linked bug's failure mode. (src/cli/capability-cli.ts:1529, 91f45d9c8a10)
• PR command-time resolution path: The PR changes both commands to call resolveCommandConfigWithSecrets with getCapabilityWebCommandSecretTargetIds(). (src/cli/capability-cli.ts:1539, febfe1d3f034)
• PR helper still has a broad plugin prefix: The new capability-web helper accepts every registry id under plugins.entries., even though it first has an exact web credential predicate. (src/cli/command-secret-targets.ts:65, febfe1d3f034)
• Registry includes plugin config SecretInputs: Current main builds secret target registry entries from bundled plugin configContracts.secretInputs, so broad plugins.entries. matching reaches plugin credentials outside web search/fetch. (src/secrets/target-registry-data.ts:68, 91f45d9c8a10)
• Concrete non-web plugin secret targets: The bundled voice-call plugin declares non-web SecretInputs such as Twilio auth, realtime, streaming, and TTS provider API keys. (extensions/voice-call/openclaw.plugin.json:909, 91f45d9c8a10)
• Strict unresolved-target behavior: Command secret resolution throws in enforcing mode when targeted refs remain unresolved, so unrelated targets can abort the command before web search/fetch runs. (src/cli/command-secret-gateway.ts:805, 91f45d9c8a10)

Likely related people:

• vincentkoc: Current-main blame for the affected CLI, command-secret target, gateway, registry, and SecretRef docs paths points to the broad QA repair commit that touched this surface. (role: recent area contributor; confidence: medium; commits: 8330582493eb; files: src/cli/capability-cli.ts, src/cli/command-secret-targets.ts, src/cli/command-secret-gateway.ts)
• Takhoffman: History shows the first-class infer CLI work in the central capability CLI file, which is the command path being fixed here. (role: introduced infer CLI surface; confidence: medium; commits: 97c031a8db48; files: src/cli/capability-cli.ts, src/cli/capability-cli.test.ts)
• steipete: History shows prior command secret target scoping work in src/cli/command-secret-targets.ts, the file where the overbroad helper is introduced. (role: command-secret target seam contributor; confidence: medium; commits: 1a7c3eb4fcc0; files: src/cli/command-secret-targets.ts)
• joshavant: History shows SecretRef inspect/strict behavior and credential surface work touching the registry/docs paths that define which targets are active and fatal. (role: SecretRef strict/runtime behavior contributor; confidence: medium; commits: 1769fb2aa1d6; files: src/secrets/target-registry-data.ts, docs/reference/secretref-credential-surface.md)

Remaining risk / open question:

• The branch can still resolve or fail on unrelated plugin SecretRefs before a web command runs.
• The current real-behavior proof is helper output, not an after-fix run of the actual CLI web command path.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 91f45d9c8a10.

[leno23]

@clawsweeper re-review — added live repro script + updated Real behavior proof section with copied terminal output.

[leno23]

@clawsweeper re-review — narrowed secret resolution to getCapabilityWebCommandSecretTargetIds() (web search/fetch + plugin webSearch/webFetch only; excludes model/memory/channel targets). Added regression in command-secret-targets.test.ts.

[leno23]

Status: CI green, proof: supplied, live repro in PR body (resolveCommandConfigWithSecrets + web-only secret targets). Ready for review when you have bandwidth — happy to adjust proof or scope. Thanks!

[joshavant]

Thanks for jumping on this, @leno23.

Your PR correctly identified the central failure mode from #82621: openclaw infer web search and related local web commands were reading raw config before plugin-scoped SecretRefs were materialized. The review on this PR also helped clarify the important fix shape: command secret resolution needed to be scoped narrowly by command/provider family, so web search would not resolve or fail on unrelated web fetch, model, memory, channel, or other plugin credentials.

We landed the fix in #82798 as a broader version of that approach. It resolves command SecretRefs before local provider-backed infer commands run, keeps selected-provider web search/fetch resolution scoped, and extends the repair to the other local provider-backed infer surfaces that had the same root cause.

Given that #82798 is merged, this PR is now superseded by the landed fix.

[steipete]

Thanks @leno23. I landed the replacement fix in #82819 as commit 9e67f53.

I could not update this PR branch directly because maintainer edits were disabled, so I recreated the fix locally, kept your co-author credit on the squash commit, added the missing tests/proof, and merged that replacement PR. For future PRs, enabling "Allow edits by maintainers" lets us push small fixups directly to your branch.

[steipete]

Thanks @leno23. I could not update this fork branch directly because maintainer edits are disabled, so I recreated the fix in maintainer PR #83020 and preserved contributor commit credit.

Landed as #83020 / 9616aa6 with the scoped SecretRef behavior, regression coverage, protocol refresh, and changelog credit. For future PRs, enabling "Allow edits by maintainers" lets us apply small fixups directly to the original branch.