Skip to content

fix(planner): preserve web_fetch actions#382

Merged
ceilf6 merged 1 commit into
developfrom
fix/planner-web-fetch-action-379
Jul 1, 2026
Merged

fix(planner): preserve web_fetch actions#382
ceilf6 merged 1 commit into
developfrom
fix/planner-web-fetch-action-379

Conversation

@ceilf6

@ceilf6 ceilf6 commented Jul 1, 2026

Copy link
Copy Markdown
Owner

LLM-planned web_fetch steps were silently downgraded to read_file; this preserves them through Planner/shared action types while keeping security approval behavior unchanged.

Linked Issue Or Context

Summary

  • Add web_fetch to shared ActionType.
  • Preserve LLM-planned web_fetch in Planner.mapLLMAction().
  • Treat web_fetch as a read-only planning action for dependency scheduling.
  • Add planner regression tests for action/URL preservation and read-only dependency policy.
  • Add security regression coverage proving default web_fetch remains ask / unknown_tool_requires_approval.

Impact Scope

  • Planner LLM conversion only: mapLLMAction() now maps the already-advertised web_fetch action instead of falling through to read_file.
  • Planner scheduling only: isReadOnlyPlanningAction() now includes web_fetch for consecutive read-only step dependency handling.
  • Shared task contract only: ActionType now acknowledges web_fetch.
  • Security boundary unchanged: web_fetch was not added to READ_TOOLS.

GitNexus Impact Summary

  • Risk level: MEDIUM
  • Critical skeleton changes: packages/core/src/planner.ts
  • GitNexus impact: query found the relevant GeneratePlan → IsReadOnlyPlanningAction and security CallTool → Builtin flows; pre-edit impact(mapLLMAction, upstream) was LOW with direct caller convertLLMPlanToSteps and affected process generatePlan; pre-edit impact(isReadOnlyPlanningAction, upstream) was LOW with direct caller convertLLMPlanToSteps and affected process generatePlan; impact(convertLLMPlanToSteps, upstream) reported HIGH because planner output flows into generatePlan, planOnly, and execute; staged detect_changes reported 4 changed files, touched symbols Planner, isReadOnlyPlanningAction, mapLLMAction, affected processes GeneratePlan → MapLLMAction and GeneratePlan → IsReadOnlyPlanningAction, risk medium.
  • Verification: focused planner/security tests, pnpm quality:precommit, and pnpm quality:local passed.

Verification

  • pnpm agent:bootstrap passed.
  • pnpm quality:predev passed.
  • Red test confirmed planner dropped web_fetch before the fix.
  • pnpm --filter @frontagent/core exec vitest run src/planner.test.ts src/security.test.ts passed: 134 tests.
  • pnpm quality:precommit passed.
  • pnpm quality:local passed.
  • Push hook reran pnpm quality:local and passed.

Checklist

  • I have linked an issue or explained why this PR stands alone.
  • I have kept the diff focused on the stated change.
  • I have run pnpm quality:precommit, or explained why it could not run.
  • I have run pnpm quality:local for critical skeleton changes, or explained why it could not run.
  • I have updated docs or tests when behavior, public APIs, or Harness contracts changed.
  • For critical skeleton changes, I have filled the GitNexus impact summary with concrete results.

Copilot AI review requested due to automatic review settings July 1, 2026 10:41
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🛡️ ceilf6/repo-guard

代码评审报告: fix(planner): preserve web_fetch actions

风险等级:
处理建议: 批准
决策摘要: ** 变更精确对齐 issue #379 的全部验收标准,修复局限于最小的 action 映射/依赖分类/共享契约扩展,安全边界保持不变,可以合并。

级联分析

  • 变更符号: 原始模型未提供结构化级联字段。
  • 受影响流程: 原始模型未提供结构化级联字段。
  • 变更集外调用方: unknown
  • 置信度: degraded

问题发现

模型未返回可结构化的问题发现;已提取可用的决策字段,原始非契约内容未附在评论中。

行级发现

  • 无明确变更行归属。

Karpathy 评审

  • 假设: 模型输出需要归一化为固定 Markdown 契约。
  • 简洁性: 已提取 summary、finding、evidence 与 fix;原始 prose 不再附在评论中,避免占用下游解析与代理上下文。
  • 变更范围: 原始模型未提供结构化范围字段。
  • 验证: 需要查看 CI、测试或人工 CR 证据补强合并信心。

缺失覆盖

  • 输出未命中 Repo Guard Markdown 契约;建议补充真实模型质量评估覆盖。

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a planner contract mismatch where LLM-planned web_fetch steps were being downgraded to read_file, ensuring web_fetch is preserved end-to-end in shared action types and planner mapping while keeping the security approval boundary unchanged.

Changes:

  • Extend shared ActionType to include web_fetch.
  • Preserve web_fetch through Planner.mapLLMAction() and treat it as read-only for dependency scheduling via isReadOnlyPlanningAction().
  • Add regression coverage in planner and security tests to confirm action/URL preservation and default “ask approval” behavior for web_fetch.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
packages/shared/src/types/task.ts Adds web_fetch to the shared ActionType union so planner/runtime contracts can represent it.
packages/core/src/planner.ts Preserves web_fetch in LLM action mapping and includes it in read-only planning dependency policy.
packages/core/src/planner.test.ts Adds planner regression tests for web_fetch preservation and read-only dependency behavior.
packages/core/src/security.test.ts Adds a regression test confirming web_fetch defaults to approval-required (unknown tool) behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +198 to +206
const result = await planner.plan(createTask({ type: 'create' }), emptyContext(), []);

const webFetchStep = result.plan!.steps.find((s) => s.action === 'web_fetch');
expect(result.needsMoreContext).toBe(false);
expect(webFetchStep).toMatchObject({
action: 'web_fetch',
tool: 'web_fetch',
params: expect.objectContaining({ url: 'https://docs.example.com/api' }),
});
@ceilf6 ceilf6 merged commit 93637b4 into develop Jul 1, 2026
9 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(planner): preserve LLM-planned web_fetch actions through Planner/shared types

2 participants