@gajae-code/coding-agent 0.7.2 → 0.7.4

package/src/slash-commands/builtin-registry.ts

@@ -6,6 +6,7 @@ import { getOAuthProviders } from "@gajae-code/ai/utils/oauth";
 import { Spacer, Text } from "@gajae-code/tui";
 import { setProjectDir } from "@gajae-code/utils";
 import { jobElapsedMs } from "../async";
+import { materializeActiveModelProfileAssignment } from "../config/model-profile-activation";
 import {
 	GJC_MODEL_ASSIGNMENT_TARGET_IDS,
 	GJC_MODEL_ASSIGNMENT_TARGETS,
@@ -298,6 +299,12 @@ const BUILTIN_SLASH_COMMAND_REGISTRY: ReadonlyArray<SlashCommandSpec> = [
 							selector: selection.selector,
 							thinkingLevel: selection.thinkingLevel,
 						});
+						materializeActiveModelProfileAssignment({
+							session: runtime.session,
+							settings: runtime.settings,
+							role: parsedArgs.targetId,
+							selector: persistedSelector,
+						});
 						if (selection.thinkingLevel) {
 							runtime.session.setThinkingLevel(selection.thinkingLevel);
 						}
@@ -316,10 +323,23 @@ const BUILTIN_SLASH_COMMAND_REGISTRY: ReadonlyArray<SlashCommandSpec> = [
 							selection.thinkingLevel ??
 							extractExplicitThinkingSelector(overrides[parsedArgs.targetId], runtime.settings);
 						const roleSelector = formatModelSelectorValue(selection.selector, thinkingLevel);
-						runtime.settings.set("task.agentModelOverrides", {
-							...overrides,
-							[parsedArgs.targetId]: roleSelector,
+						const materializedProfile = materializeActiveModelProfileAssignment({
+							session: runtime.session,
+							settings: runtime.settings,
+							role: parsedArgs.targetId,
+							selector: roleSelector,
 						});
+						if (!materializedProfile) {
+							const target = GJC_MODEL_ASSIGNMENT_TARGETS[parsedArgs.targetId];
+							if (target.settingsPath === "modelRoles") {
+								runtime.settings.setModelRole(parsedArgs.targetId, roleSelector);
+							} else {
+								runtime.settings.set("task.agentModelOverrides", {
+									...overrides,
+									[parsedArgs.targetId]: roleSelector,
+								});
+							}
+						}
 						runtime.settings.getStorage()?.recordModelUsage(`${selection.model.provider}/${selection.model.id}`);
 						await runtime.output(`${parsedArgs.targetId} agent model set to ${roleSelector}.`);
 					}

package/src/slash-commands/helpers/fast-status-report.ts

@@ -56,6 +56,12 @@ export interface FastStatusSessionLike {
 	readonly model?: Model;
 	/** Fast predicate against the main session tier (current model + `modelRoles`). */
 	isFastForProvider(provider?: string): boolean;
+	/**
+	 * Current-model EFFECTIVE fast state (intent minus any provider auto-disable).
+	 * Used for the current-model row so it matches what the next request does.
+	 * Optional so lightweight fakes can omit it; falls back to `isFastForProvider`.
+	 */
+	isFastModeActive?(): boolean;
 	/** Fast predicate against the effective subagent tier (`task.agentModelOverrides` roles). */
 	isFastForSubagentProvider(provider?: string): boolean;
 	resolveRoleModelWithThinking(role: string): { model?: Model };
@@ -95,9 +101,13 @@ export interface BuildFastStatusReportArgs {
  */
 export function buildFastStatusReport(args: BuildFastStatusReportArgs): string {
 	const { session, roleTargets, iconFast, formatInactive } = args;
-	const rows: FastStatusRow[] = [
-		{ label: "현재 모델", model: session.model, fast: session.isFastForProvider(session.model?.provider) },
-	];
+	// Current-model row uses the EFFECTIVE predicate (intent minus any provider
+	// auto-disable) so it matches the next request; `modelRoles` rows below stay
+	// on pure intent. Fall back to intent when a fake omits `isFastModeActive`.
+	const currentFast = session.isFastModeActive
+		? session.isFastModeActive()
+		: session.isFastForProvider(session.model?.provider);
+	const rows: FastStatusRow[] = [{ label: "현재 모델", model: session.model, fast: currentFast }];
 	for (const target of roleTargets) {
 		const resolved = session.resolveRoleModelWithThinking(target.id);
 		if (resolved.model) {

package/src/slash-commands/helpers/parse.ts

@@ -1,3 +1,4 @@
+import { parseCommandArgs } from "../../utils/command-args";
 import type { ParsedSlashCommand, SlashCommandResult, SlashCommandRuntime } from "../types";
 
 export interface ParsedSubcommand {
@@ -65,7 +66,7 @@ export function errorMessage(error: unknown): string {
  * "name required" diagnostics with their own messaging.
  */
 export function parseNamedScopeArgs(rest: string, invalidScopeMessage: string): NamedScopeArgs {
-	const tokens = rest.split(/\s+/).filter(Boolean);
+	const tokens = parseCommandArgs(rest);
 	let name: string | undefined;
 	let scope: ConfigScope = "project";
 	let i = 0;

package/src/system-prompt.ts

@@ -336,6 +336,8 @@ export interface BuildSystemPromptOptions {
 	toolNames?: string[];
 	/** Text to append to system prompt. */
 	appendSystemPrompt?: string;
+	/** Rendered GJC plugin system-appendix blocks (lower-authority, appended last). */
+	pluginAppendices?: string;
 	/** Repeat full tool descriptions in system prompt. Default: false */
 	repeatToolDescriptions?: boolean;
 	/** Skills settings for discovery. */
@@ -380,6 +382,7 @@ export async function buildSystemPrompt(options: BuildSystemPromptOptions = {}):
 		customPrompt,
 		tools,
 		appendSystemPrompt,
+		pluginAppendices,
 		repeatToolDescriptions = false,
 		skillsSettings,
 		toolNames: providedToolNames,
@@ -579,5 +582,11 @@ export async function buildSystemPrompt(options: BuildSystemPromptOptions = {}):
 		systemPrompt.push(projectPrompt);
 	}
 
+	// Plugin system appendices are appended last as a lower-authority block; they
+	// can never override base/project/developer instructions above them.
+	if (pluginAppendices?.trim()) {
+		systemPrompt.push(pluginAppendices.trim());
+	}
+
 	return { systemPrompt };
 }

package/src/task/executor.ts

@@ -9,6 +9,7 @@ import * as fs from "node:fs/promises";
 import path from "node:path";
 import type { AgentEvent, AgentIdentity, AgentTelemetryConfig, ThinkingLevel } from "@gajae-code/agent-core";
 import { recordHandoff, resolveTelemetry } from "@gajae-code/agent-core";
+import type { ServiceTier } from "@gajae-code/ai";
 import { type JsonSchemaValidationIssue, validateJsonSchemaValue } from "@gajae-code/ai/utils/schema";
 import { logger, prompt, untilAborted } from "@gajae-code/utils";
 import { AsyncJobManager } from "../async";
@@ -19,7 +20,7 @@ import { Settings } from "../config/settings";
 import { SETTINGS_SCHEMA, type SettingPath } from "../config/settings-schema";
 import { runExtensionCompact, runExtensionSetModel } from "../extensibility/extensions/compact-handler";
 import { getSessionSlashCommands } from "../extensibility/extensions/get-commands-handler";
-import { buildAgentSubskillInjection } from "../extensibility/gjc-plugins";
+import { buildAgentSubskillInjection, renderAgentPromptAdditions } from "../extensibility/gjc-plugins";
 import { buildSkillPromptMessage, type Skill } from "../extensibility/skills";
 import type { HindsightSessionState } from "../hindsight/state";
 import type { LocalProtocolOptions } from "../internal-urls";
@@ -146,6 +147,13 @@ export interface ExecutorOptions {
 	authStorage?: AuthStorage;
 	modelRegistry?: ModelRegistry;
 	settings?: Settings;
+	/**
+	 * Live service-tier intent of the parent session (`AgentSession.serviceTier`),
+	 * used as the inherited tier when `task.serviceTier === "inherit"`. Passing the
+	 * live value (not the stale settings snapshot) lets a runtime `/fast on` reach
+	 * subagents, and a main-model fast-mode auto-disable does not clobber it.
+	 */
+	inheritedServiceTier?: ServiceTier;
 	/** Override local:// protocol options so subagent shares parent's local:// root */
 	localProtocolOptions?: LocalProtocolOptions;
 	/**
@@ -482,15 +490,19 @@ function getUsageTokens(usage: unknown): number {
 	return firstNumberField(record, ["totalTokens", "total_tokens"]) ?? 0;
 }
 
-export function createSubagentSettings(baseSettings: Settings): Settings {
+export function createSubagentSettings(baseSettings: Settings, inheritedServiceTier?: ServiceTier): Settings {
 	const snapshot: Partial<Record<SettingPath, unknown>> = {};
 	for (const key of Object.keys(SETTINGS_SCHEMA) as SettingPath[]) {
 		snapshot[key] = baseSettings.get(key);
 	}
-	// Subagent-scoped service-tier override: "inherit" keeps the snapshotted main
-	// session tier; any explicit value applies only to subagent sessions.
+	// Subagent-scoped service-tier override: "inherit" uses the parent session's
+	// LIVE intent (so a runtime `/fast on` reaches subagents and a main-model
+	// fast-mode auto-disable never clobbers it); any explicit value applies only
+	// to subagent sessions and wins over inherited intent.
 	const taskServiceTier = baseSettings.get("task.serviceTier");
-	if (taskServiceTier !== "inherit") {
+	if (taskServiceTier === "inherit") {
+		snapshot.serviceTier = inheritedServiceTier ?? "none";
+	} else {
 		snapshot.serviceTier = taskServiceTier;
 	}
 	return Settings.isolated({
@@ -571,7 +583,7 @@ export async function runSubprocess(options: ExecutorOptions): Promise<SingleRes
 	}
 
 	const settings = options.settings ?? Settings.isolated();
-	const subagentSettings = createSubagentSettings(settings);
+	const subagentSettings = createSubagentSettings(settings, options.inheritedServiceTier);
 	const maxRecursionDepth = settings.get("task.maxRecursionDepth") ?? 2;
 	const maxRuntimeMs = Math.max(0, Math.trunc(Number(settings.get("task.maxRuntimeMs") ?? 0) || 0));
 	const parentDepth = options.taskDepth ?? 0;
@@ -1229,6 +1241,13 @@ export async function runSubprocess(options: ExecutorOptions): Promise<SingleRes
 				agentName: agent.name,
 			});
 
+			let agentPromptAdditions = { appendix: "", advertisement: "" };
+			try {
+				agentPromptAdditions = await renderAgentPromptAdditions({ cwd, agentName: agent.name });
+			} catch (error) {
+				logger.warn("Failed to render GJC plugin agent prompt additions", { error });
+			}
+
 			const { session } = await awaitAbortable(
 				createAgentSession({
 					cwd: worktree ?? cwd,
@@ -1259,7 +1278,12 @@ export async function runSubprocess(options: ExecutorOptions): Promise<SingleRes
 							ircSelfId: ircEnabled ? id : "",
 							forkContext: forkContextNotice,
 						});
-						const promptWithSubskills = `${subagentPrompt}${agentSubskillBlock}`;
+						// Order: base agent prompt -> agent appendix -> Tier-1 advertisement -> Tier-2 body.
+						const appendixPart = agentPromptAdditions.appendix ? `\n\n${agentPromptAdditions.appendix}` : "";
+						const advertPart = agentPromptAdditions.advertisement
+							? `\n\n${agentPromptAdditions.advertisement}`
+							: "";
+						const promptWithSubskills = `${subagentPrompt}${appendixPart}${advertPart}${agentSubskillBlock}`;
 						return defaultPrompt.length === 0
 							? [promptWithSubskills]
 							: [...defaultPrompt.slice(0, -1), promptWithSubskills, defaultPrompt[defaultPrompt.length - 1]];

package/src/task/index.ts

@@ -1311,6 +1311,7 @@ export class TaskTool implements AgentTool<TaskToolSchemaInstance, TaskToolDetai
 						authStorage: this.session.authStorage,
 						modelRegistry: this.session.modelRegistry,
 						settings: this.session.settings,
+						inheritedServiceTier: this.session.serviceTier,
 						contextFiles,
 						skills: availableSkills,
 						autoloadSkills: resolvedAutoloadSkills,
@@ -1372,6 +1373,7 @@ export class TaskTool implements AgentTool<TaskToolSchemaInstance, TaskToolDetai
 						authStorage: this.session.authStorage,
 						modelRegistry: this.session.modelRegistry,
 						settings: this.session.settings,
+						inheritedServiceTier: this.session.serviceTier,
 						contextFiles,
 						skills: availableSkills,
 						autoloadSkills: resolvedAutoloadSkills,

package/src/tools/ask.ts

@@ -260,7 +260,11 @@ async function askSingleQuestion(
 			? "up/down navigate  enter select  ←/→ question  esc cancel"
 			: "up/down navigate  enter select  esc cancel";
 		const helpText =
-			scrollTitleRows === undefined ? baseHelpText : `${baseHelpText}  wheel/PgUp/PgDn scroll question`;
+			scrollTitleRows === undefined
+				? baseHelpText
+				: navigation
+					? "↑/↓ select  enter  ←/→ question  esc  PgUp/PgDn/Ctrl+u/d: question · Wheel: transcript"
+					: "↑/↓ select  enter  esc  PgUp/PgDn/Ctrl+u/d: question · Wheel: transcript";
 		const dialogOptions = {
 			initialIndex,
 			timeout,

package/src/tools/bash.ts

@@ -25,6 +25,7 @@ import { type BashInteractiveResult, runInteractiveBashPty } from "./bash-intera
 import { checkBashInterception } from "./bash-interceptor";
 import { canUseInteractiveBashPty } from "./bash-pty-selection";
 import { expandInternalUrls, type InternalUrlExpansionOptions } from "./bash-skill-urls";
+import { checkComposerBashPolicy } from "./composer-bash-policy";
 import { formatStyledTruncationWarning, type OutputMeta, stripOutputNotice } from "./output-meta";
 import { resolveToCwd } from "./path-utils";
 import { formatToolWorkingDirectory, replaceTabs } from "./render-utils";
@@ -570,6 +571,14 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			}
 		}
 
+		const composerPolicy = checkComposerBashPolicy({
+			modelId: this.session.getActiveModelString?.() ?? this.session.getModelString?.() ?? this.session.model?.id,
+			commands: rawCommand === command ? [command] : [rawCommand, command],
+		});
+		if (!composerPolicy.allowed) {
+			throw new ToolError(composerPolicy.message);
+		}
+
 		const internalUrlOptions: InternalUrlExpansionOptions = {
 			skills: this.session.skills ?? [],
 			internalRouter: InternalUrlRouter.instance(),

package/src/tools/composer-bash-policy.ts

@@ -0,0 +1,96 @@
+import { isComposerHarnessModel } from "@gajae-code/ai/providers/composer-discipline";
+
+export const COMPOSER_BASH_POLICY_ERROR =
+	"Composer bash policy blocked repository file I/O. Use find, search, read, and edit tools for file discovery, file inspection, and file mutation.";
+
+type ComposerBashPolicyResult =
+	| { allowed: true }
+	| {
+			allowed: false;
+			reason: string;
+			message: string;
+	  };
+
+const BLOCK_PATTERNS: Array<{ id: string; pattern: RegExp }> = [
+	{ id: "pipe", pattern: /\|/ },
+	{ id: "process-substitution", pattern: /<[>(]/ },
+	{ id: "heredoc", pattern: /<<[-~]?/ },
+	{ id: "command-substitution", pattern: /\$\(|`/ },
+	{ id: "redirection", pattern: /(^|[^<>])(?:>>?|<)(?!=)/ },
+	{ id: "tee", pattern: /(?:^|[;&|\s])tee(?:\s|$)/ },
+	{
+		id: "shell-file-read-discovery",
+		pattern: /(?:^|[;&|()\s])(?:\S*\/)?(?:cat|head|tail|less|more|grep|rg|find|fd|tree|ls)\b/,
+	},
+	{
+		id: "shell-file-mutation",
+		pattern: /(?:^|[;&|()\s])(?:\S*\/)?(?:cp|mv|rm|touch|mkdir|chmod|chown|ln)\b/,
+	},
+	{ id: "sed-print", pattern: /(?:^|[;&|()\s])sed\s+(?:-[^\s]*n\b|.*\bp\b)/ },
+	{ id: "awk-print", pattern: /(?:^|[;&|()\s])awk\b/ },
+	{ id: "git-ls-files", pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+ls-files\b/ },
+	{ id: "git-grep", pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+grep\b/ },
+	{ id: "git-show-path", pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+show\s+\S+:\S+/ },
+	{ id: "git-diff", pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+diff(?:\s|$)/ },
+	{ id: "git-cat-file", pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+cat-file\b/ },
+	{
+		id: "git-show-discovery",
+		pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+show\b.*(?:--name-only|--name-status|--stat)/,
+	},
+	{
+		id: "git-log-path-discovery",
+		pattern: /(?:^|[;&|()\s])git(?:\s+-C\s+\S+)?\s+log\b.*(?:--name-only|--name-status|--stat)/,
+	},
+	{ id: "sed-in-place", pattern: /(?:^|[;&|()\s])sed\s+-[^\s]*i\b/ },
+	{ id: "perl-in-place", pattern: /(?:^|[;&|()\s])perl\s+-[^\s]*p[^\s]*i\b/ },
+	{
+		id: "script-file-io",
+		pattern:
+			/(?:^|[;&|()\s])(?:python3?|node|bun)\s+(?:-\s*<<|-c\b|-e\b|--eval\b).*?(?:read_text|read_bytes|write_text|iterdir|listdir|glob\.glob|readFile|readFileSync|writeFile|writeFileSync|readdir|readdirSync|stat|statSync|cpSync|rmSync|mkdirSync|createReadStream|createWriteStream|Bun\.file|Bun\.write|fs\.readFile|fs\.writeFile|fs\.readdir|fs\.stat|fs\.cp|fs\.rm|fs\.mkdir|open\s*\()/s,
+	},
+	{
+		id: "contaminated-command",
+		pattern: /```|^\s*(?:I\s+(?:will|need|am going)|We\s+(?:need|will)|First[, ]|Now[, ]|Let's)\b/im,
+	},
+];
+
+const ALLOWED_TERMINAL_PATTERNS: RegExp[] = [
+	/^bun\s+test(?:\s+[\w./:@=-]+)*$/,
+	/^bun\s+run\s+(?:check(?::[\w-]+)?|test(?::[\w-]+)?|build(?::[\w-]+)?)(?:\s+[\w./:@=-]+)*$/,
+	/^bun\s+--version$/,
+	/^mise\s+x\s+bun@\d+\.\d+\.\d+\s+--\s+bun\s+test(?:\s+[\w./:@=-]+)*$/,
+	/^mise\s+x\s+bun@\d+\.\d+\.\d+\s+--\s+bun\s+run\s+(?:check(?::[\w-]+)?|test(?::[\w-]+)?|build(?::[\w-]+)?)(?:\s+[\w./:@=-]+)*$/,
+	/^cargo\s+(?:test|check|build)(?:\s+[\w./:@=-]+)*$/,
+	/^git\s+status(?:\s+--short)?(?:\s+--branch)?$/,
+	/^git\s+rev-parse\s+HEAD$/,
+	/^npm\s+--version$/,
+	/^pnpm\s+--version$/,
+	/^yarn\s+--version$/,
+];
+
+function isAllowedComposerTerminalCommand(command: string): boolean {
+	const normalized = command.trim().replace(/\s+/g, " ");
+	return ALLOWED_TERMINAL_PATTERNS.some(pattern => pattern.test(normalized));
+}
+
+export function isComposerBashPolicyModel(modelId: string | undefined): boolean {
+	return Boolean(modelId && isComposerHarnessModel(modelId));
+}
+
+export function checkComposerBashPolicy(input: {
+	modelId?: string;
+	commands: readonly string[];
+}): ComposerBashPolicyResult {
+	if (!isComposerBashPolicyModel(input.modelId)) return { allowed: true };
+	for (const command of input.commands) {
+		for (const block of BLOCK_PATTERNS) {
+			if (block.pattern.test(command)) {
+				return { allowed: false, reason: block.id, message: COMPOSER_BASH_POLICY_ERROR };
+			}
+		}
+		if (!isAllowedComposerTerminalCommand(command)) {
+			return { allowed: false, reason: "not-allowlisted", message: COMPOSER_BASH_POLICY_ERROR };
+		}
+	}
+	return { allowed: true };
+}

package/src/tools/fetch.ts

@@ -17,7 +17,7 @@ import { CachedOutputBlock } from "../tui/output-block";
 import { formatDimensionNote, resizeImage } from "../utils/image-resize";
 import { ensureTool } from "../utils/tools-manager";
 import { INSANE_NOTES, tryInsaneFetch } from "../web/insane/bridge";
-import { validatePublicHttpUrlForInsane } from "../web/insane/url-guard";
+import { validatePublicHttpUrl, validatePublicHttpUrlForInsane } from "../web/insane/url-guard";
 import { extractWithParallel, findParallelApiKey, getParallelExtractContent } from "../web/parallel";
 import { specialHandlers } from "../web/scrapers";
 import type { RenderResult } from "../web/scrapers/types";
@@ -789,6 +789,21 @@ async function renderUrl(
 
 	// Step 0: Normalize URL (ensure scheme for special handlers)
 	url = normalizeUrl(url);
+	const publicUrl = await validatePublicHttpUrl(url);
+	if (!publicUrl.ok) {
+		notes.push(`Blocked URL fetch: target URL is not public HTTP(S): ${publicUrl.reason}`);
+		return {
+			url,
+			finalUrl: url,
+			contentType: "unknown",
+			method: "failed",
+			content: "",
+			fetchedAt,
+			truncated: false,
+			notes,
+		};
+	}
+	url = publicUrl.url.toString();
 
 	// Step 1: Try special handlers for known sites (unless raw mode)
 	if (!raw) {
@@ -802,7 +817,8 @@ async function renderUrl(
 		throw new ToolAbortError();
 	}
 	if (!response.ok) {
-		const failureNote = response.status ? `Failed to fetch URL (HTTP ${response.status})` : "Failed to fetch URL";
+		const failureNote =
+			response.error ?? (response.status ? `Failed to fetch URL (HTTP ${response.status})` : "Failed to fetch URL");
 		notes.push(failureNote);
 		const insane = await tryInsaneFallback({
 			url,

package/src/tools/index.ts

@@ -1,5 +1,5 @@
 import type { AgentTelemetryConfig, AgentTool } from "@gajae-code/agent-core";
-import type { Model, ToolChoice } from "@gajae-code/ai";
+import type { Model, ServiceTier, ToolChoice } from "@gajae-code/ai";
 import { $env, $flag, logger } from "@gajae-code/utils";
 import type { PromptTemplate } from "../config/prompt-templates";
 import type { Settings } from "../config/settings";
@@ -222,6 +222,8 @@ export interface ToolSession {
 	agentOutputManager?: AgentOutputManager;
 	/** Settings instance for passing to subagents */
 	settings: Settings;
+	/** Live service-tier intent of the parent session, inherited by `inherit` subagents. */
+	serviceTier?: ServiceTier;
 	/** Plan mode state (if active) */
 	getPlanModeState?: () => PlanModeState | undefined;
 	/** Goal mode state (if active or paused) */

package/src/utils/changelog.ts

@@ -92,6 +92,14 @@ export function getDisplayChangelogEntries(): ChangelogEntry[] {
 	return parseChangelogContent(CHANGELOG_TEXT);
 }
 
+export function getInstalledVersionChangelogEntry(
+	entries: readonly ChangelogEntry[],
+	installedVersion: string,
+): ChangelogEntry | undefined {
+	const [major = 0, minor = 0, patch = 0] = installedVersion.split(".").map(Number);
+	return entries.find(entry => entry.major === major && entry.minor === minor && entry.patch === patch) ?? entries[0];
+}
+
 /**
  * Compare versions. Returns: -1 if v1 < v2, 0 if v1 === v2, 1 if v1 > v2
  */

package/src/web/insane/url-guard.ts

@@ -1,16 +1,13 @@
 /**
- * Public HTTP(S) URL guard for the insane-search read fallback.
+ * Public HTTP(S) URL guard for user-supplied web fetch targets.
  *
- * The vendored insane-search engine performs its own network requests (curl_cffi,
- * a real browser) entirely outside the TypeScript fetch path, so the normal
- * `loadPage()` flow cannot protect against SSRF. This guard MUST run before any
- * dependency probe or engine subprocess is spawned. It is fail-closed: anything
- * it cannot prove is a public, non-credentialed http/https target is rejected.
+ * Network-capable URL readers MUST run this guard before the first request and
+ * before following any redirect target. It is fail-closed: anything it cannot
+ * prove is a public, non-credentialed http/https target is rejected.
  *
- * It does NOT follow or re-validate redirects — the engine may follow redirects
- * internally that this guard never sees. That residual risk is documented in the
- * plan and mitigated by validating the input target and keeping the feature
- * opt-in (default off).
+ * The vendored insane-search engine performs its own redirects outside the
+ * TypeScript fetch path, so its fallback remains opt-in and is guarded before
+ * any dependency probe or engine subprocess is spawned.
  */
 import * as dns from "node:dns/promises";
 import * as net from "node:net";
@@ -105,11 +102,11 @@ export function isPrivateOrSpecialAddress(address: string): boolean {
 }
 
 /**
- * Validate that `rawUrl` is a public http/https target safe to hand to the
- * insane-search engine. Resolves DNS names and rejects any that map to a
- * private/special address. Never throws; returns a discriminated result.
+ * Validate that `rawUrl` is a public http/https target. Resolves DNS names and
+ * rejects any that map to a private/special address. Never throws; returns a
+ * discriminated result.
  */
-export async function validatePublicHttpUrlForInsane(
+export async function validatePublicHttpUrl(
 	rawUrl: string,
 	options: { resolver?: AddressResolver } = {},
 ): Promise<PublicUrlResult> {
@@ -153,3 +150,10 @@ export async function validatePublicHttpUrlForInsane(
 	}
 	return { ok: true, url, addresses };
 }
+
+export async function validatePublicHttpUrlForInsane(
+	rawUrl: string,
+	options: { resolver?: AddressResolver } = {},
+): Promise<PublicUrlResult> {
+	return validatePublicHttpUrl(rawUrl, options);
+}