#22505: Feature/clean grok search base url

Summary - Problem: The Grok web search provider hardcoded https://api.x.ai/v1 as its API endpoint, making it impossible to route requests through a proxy or an alternative xAI-compatible endpoint. - Why it matters: Users running self-hosted setups or needing to route traffic through a corporate proxy have no way to redirect Grok API calls without patching source code. - What changed: Added an optional tools.webSearch.grok.baseUrl config field (defaulting to https://api.x.ai/v1). runGrokSearch() now assembles the endpoint from this value at call time. Cache keys for both Grok and Perplexity now use trimmed, trailing-slash-stripped base URLs to prevent semantically identical URLs from producing different cache entries. - What did NOT change: Grok model selection, inline citations, API key resolution, and all Brave/Perplexity behavior are untouched. Change Type (select all) - Bug fix - Feature - Refactor - Docs - Security hardening - Chore/infra Scope (select all touched areas) - Gateway / orchestration - Skills / tool execution - Auth / tokens - Memory / storage - Integrations - API / contracts - UI / DX - CI/CD / infra Linked Issue/PR - Closes # - Related # User-visible / Behavior Changes - New optional config field tools.webSearch.grok.baseUrl (string). Default: https://api.x.ai/v1. When set, all Grok web search requests are sent to <baseUrl>/responses instead of the hardcoded endpoint. - No change for users who do not set this field. Security Impact (required) - New permissions/capabilities? No - Secrets/tokens handling changed? No - New/changed network calls? Yes — the Grok API endpoint URL is now configurable. If a user points baseUrl at an untrusted host, their xAI API key will be sent there. This is intentional (same pattern as Perplexity's existing baseUrl) and is the user's explicit choice. The field is not exposed to agents or external input; it is read from the operator-controlled config file only. - Command/tool execution surface changed? No - Data access scope changed? No Repro + Verification Environment - OS: macOS - Runtime/container: Node.js - Model/provider: xAI Grok (grok-4-1-fast) - Integration/channel: CLI / any channel using web_search tool - Relevant config (redacted): tools: webSearch: grok: apiKey: "xai-..." baseUrl: "https://your-proxy.example.com/v1" Steps 1. Configure tools.webSearch.grok.baseUrl to point at a proxy that forwards to xAI. 2. Trigger a web_search tool call with provider: "grok". 3. Observe the request arrives at the proxy endpoint. Expected - Request is sent to <baseUrl>/responses. Actual - Before this PR: request always goes to https://api.x.ai/v1/responses. - After this PR: request goes to the configured baseUrl. Evidence - Failing test/log before + passing after — E2E test added in src/agents/tools/web-search.e2e.test.ts covering custom baseUrl routing and cache key isolation. Human Verification (required) - Verified scenarios: default baseUrl continues to hit api.x.ai; custom baseUrl routes to the configured host; trailing slashes on baseUrl are normalized before use and before cache key generation. - Edge cases checked: baseUrl with trailing slash, baseUrl undefined (falls back to default), Perplexity and Brave providers unaffected. - What you did not verify: actual end-to-end traffic through a real proxy server in production. Compatibility / Migration - Backward compatible? Yes - Config/env changes? Yes — new optional field tools.webSearch.grok.baseUrl; no existing config breaks. - Migration needed? No Failure Recovery (if this breaks) - How to disable/revert this change quickly: remove baseUrl from tools.webSearch.grok config (or omit it entirely); behavior reverts to the hardcoded default. - Files/config to restore: src/agents/tools/web-search.ts, src/config/types.tools.ts, src/config/zod-schema.agent-runtime.ts - Known bad symptoms: Grok searches returning connection errors → check that baseUrl points to a valid xAI-compatible endpoint. Risks and Mitigations - Risk: User misconfigures baseUrl to a non-xAI host, causing API key to be sent to an unintended server. - Mitigation: This is an operator-only config field (not agent-controlled), same precedent as Perplexity's baseUrl. No additional validation beyond what the HTTP layer provides. <!-- greptile_comment --> <h3>Greptile Summary</h3> Added optional `tools.webSearch.grok.baseUrl` configuration to allow routing Grok web search requests through custom endpoints (proxies or xAI-compatible servers). The implementation follows the existing Perplexity `baseUrl` pattern with consistent base URL normalization (trim + trailing slash removal) applied to cache keys for both providers. Key changes: - Added `resolveGrokBaseUrl()` helper that defaults to `https://api.x.ai/v1` - Modified `runGrokSearch()` to construct endpoint from configurable base URL - Normalized both Grok and Perplexity base URLs in cache key generation to prevent duplicate cache entries - Added config schema and TypeScript types for new field - Added unit tests for base URL resolution and whitespace trimming The feature is backward compatible (defaults to original hardcoded URL) and follows established patterns in the codebase. <h3>Confidence Score: 4/5</h3> - This PR is safe to merge with minimal risk - Clean implementation that mirrors existing Perplexity baseUrl pattern. The changes are well-tested, backward compatible, and appropriately scoped. Security consideration (sending API key to custom endpoint) is documented and intentional. Minor improvements suggested for test coverage of trailing slash handling. - No files require special attention _{Last reviewed commit: a3adfd4} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->