Add keyless web research tools#49
Conversation
agjs
changed the title
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces keyless web and package research capabilities to tsforge, adding new tools such as package_info and package_docs for npm registry and local documentation lookups, and web_browse for rendering JavaScript-heavy pages via local Playwright/Chromium. It also enhances the existing web_search tool with recency, domain scoping, and result limit options. The feedback highlights several robust improvements, including resolving semver ranges and major versions in package_info, supporting monorepo hoisting via require.resolve, adding optional chaining to prevent crashes on blank pages in web_browse, and gracefully skipping invalid domains in web_search instead of failing the entire query.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
…earch # Conflicts: # packages/core/tests/execute-tool.test.ts
The 'recent' versions list and the no-dist-tag 'latest' fallback derived from Object.keys(versions).sort() — a lexical sort that misorders semver (1.10.0 < 1.9.0 as strings). package_info exists to give the model current-version awareness, so a misordered recent list / wrong fallback latest undercuts its purpose. Add a numeric component-wise comparator (prerelease ranks below its release) used for version ordering only; dependency-name lists keep alphabetical order.
…po hoisting, secret-safe types read, null-body guard - package_info: resolve a requested dist-tag / major / range (react@19, ^19.0.0, ~19.1) to a concrete version key before lookup, so dependency and peerDependency lists are no longer empty for non-exact specs. - package_docs: walk up parent node_modules so hoisted monorepo deps resolve (was cwd/node_modules only); avoids require.resolve's exports-blocked package.json subpath pitfall. - package_docs: clamp the package.json `types` read to the package root so a hostile installed dep can't disclose ../../../etc/passwd. - web_browse: read body text via a nullable lookup so a blank/failed page yields "" instead of a TypeError. Tests cover major/caret resolution, ancestor-node_modules hoisting, and the types-escape refusal.
1 participant
What changed
TSFORGE_WEB=1fromweb_fetch/web_searchinto a keyless research surface:package_infofor npm registry metadata, dist-tags, versions, deprecation status, peer deps, homepage, and repository.package_docsfor localnode_modulespackage docs/types first, falling back to npm registry README.web_browsefor local Playwright/Chromium rendered page reads without a hosted browser service.web_searchwithrecency,domains,maxResults, public-result filtering, and optional SearXNG backend selection.Why
Agents need current package versions, package documentation, and browser-like web access without coupling tsforge users to paid search APIs, hosted browser backends, or required third-party service keys.
Validation
bun run validatebun test packages/core/tests/package-info.test.ts packages/core/tests/web-browse.test.ts packages/core/tests/web-search.test.ts packages/core/tests/tools-gating.test.ts packages/core/tests/execute-tool.test.ts packages/core/tests/policy-evaluation.test.ts packages/core/tests/prompt-conventions.test.tsbun run typecheckbun run lint