feat(tools): add Grok (xAI) as web_search provider#12419
feat(tools): add Grok (xAI) as web_search provider#12419clawdinator[bot] merged 4 commits intomainfrom
Conversation
Add xAI's Grok as a new web_search provider alongside Brave and Perplexity.
Uses the xAI /v1/responses API with tools: [{type: "web_search"}].
Configuration:
- tools.web.search.provider: "grok"
- tools.web.search.grok.apiKey or XAI_API_KEY env var
- tools.web.search.grok.model (default: grok-4-1-fast)
- tools.web.search.grok.inlineCitations (optional, embeds markdown links)
Returns AI-synthesized answers with citations similar to Perplexity.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| const payload = { | ||
| query: params.query, | ||
| provider: params.provider, | ||
| model: params.grokModel ?? DEFAULT_GROK_MODEL, | ||
| tookMs: Date.now() - start, | ||
| content, | ||
| citations, | ||
| inlineCitations, |
There was a problem hiding this comment.
Unwrapped Grok output content
For Brave and Perplexity results, the tool wraps returned text via wrapWebContent(...) before exposing it to the agent (web-search.ts:502-503 and web-search.ts:573-576). In the Grok branch, payload.content is returned as raw content (web-search.ts:523), so any untrusted/hostile content coming back from the provider bypasses the same external-content sanitization/gating the other providers get. This will produce inconsistent safety behavior across providers.
Consider applying wrapWebContent(content, "web_search") (or the same wrapper used for Perplexity) before returning/caching Grok content.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/agents/tools/web-search.ts
Line: 518:525
Comment:
**Unwrapped Grok output content**
For Brave and Perplexity results, the tool wraps returned text via `wrapWebContent(...)` before exposing it to the agent (`web-search.ts:502-503` and `web-search.ts:573-576`). In the Grok branch, `payload.content` is returned as raw `content` (`web-search.ts:523`), so any untrusted/hostile content coming back from the provider bypasses the same external-content sanitization/gating the other providers get. This will produce inconsistent safety behavior across providers.
Consider applying `wrapWebContent(content, "web_search")` (or the same wrapper used for Perplexity) before returning/caching Grok `content`.
How can I resolve this? If you propose a fix, please make it concise.
|
The
|
2 participants
Lands #5796 from upstream branch (fork push blocked by workflow permissions).
Original PR: #5796 by @tmchow
Co-authored-by: Trevin Chow [email protected]
Greptile Overview
Greptile Summary
This PR adds a new
web_searchprovider option, grok (xAI), including config/schema surface (tools.web.search.grok) and resolution helpers insrc/agents/tools/web-search.ts, plus unit tests for the new config resolution helpers. It also documents the addition inCHANGELOG.md.Within the tools system,
createWebSearchToolnow selects between Brave, Perplexity, and Grok at runtime, resolves the appropriate API key (config/env), and routes execution to a newrunGrokSearchimplementation that calls xAI’s/v1/responsesendpoint with theweb_searchtool enabled.Confidence Score: 4/5
wrapWebContent, which is used for other providers and likely expected for untrusted web-derived output.