Web search under ironclaw-reborn: not zero-config by default, and nearai.web_search re-prompts for NEAR AI auth even when chat works

[thisisjoshford]

Summary

Doing a web search under ironclaw-reborn serve prompts the user to enter a NEAR AI API key even though chat already works. Two distinct problems:

1. The bundled zero-config web-search capability (web-access, Exa MCP, no credential) ships inactive — nothing auto-activates it, so a new user has to manually "Activate Web Access."
2. The web search the agent actually reaches is nearai.web_search, whose credential is resolved from a separate product-auth account that is independent of the LLM-provider key powering chat. That account can be absent/stale while inference works, so the tool re-prompts for NEAR AI auth (auth_required). Reporter confirmed this case: chat was working when the prompt appeared.

Steps to reproduce

1. ironclaw-reborn serve on localhost with NEAR AI as the LLM provider; confirm normal chat replies work.
2. Ask the agent to do a web search.
3. Observe: an "auth required / add API key" prompt for NEAR AI, despite chat already working.

Expected

• Web search works out of the box with no manual key (keyless Exa web-access).
• A working NEAR AI provider (chat works) should not produce a second, separate NEAR AI auth prompt for nearai.web_search.

Problem 1 — web-access (zero-config Exa) ships inactive; nothing auto-activates it

• available_extensions.rs builds a catalog of installable extensions; "available" ≠ "active" (crates/ironclaw_reborn_composition/src/available_extensions.rs:308-319,439-443).
• Startup only restores previously-installed/enabled extensions — it never seeds a first-party extension as active (crates/ironclaw_reborn_composition/src/extension_lifecycle.rs:105-158; model-visible caps come only from list_enabled_installations(), :248-262). New user → empty installation store → nothing active.
• Activation requires an explicit user action (crates/ironclaw_product_workflow/src/reborn_services/extensions.rs:100-118). Onboarding copy: "Web Access does not need credentials… Activate Web Access to publish its tools" (available_extensions.rs:188-193).
• The executor needs no credential: manifest declares no runtime_credentials; call_exa_mcp injects no auth to https://mcp.exa.ai/mcp; provider:"brave" is explicitly rejected with UndeclaredCapability (crates/ironclaw_first_party_extensions/src/web_access.rs:140-145).

Because the keyless path is inactive, the agent instead reaches nearai.web_search (when NEAR AI is the provider) → Problem 2.

Problem 2 (confirmed) — nearai.web_search reads a different credential record than inference, so it re-prompts even when chat works

Inference (chat) credential comes from the LLM settings/secrets store:

• crates/ironclaw_llm/src/config.rs:465-519 — NearAiConfig.api_key from NEARAI_API_KEY or the Reborn settings service (crates/ironclaw_reborn_composition/src/llm_catalog.rs:235).
• or a session token: crates/ironclaw_llm/src/session.rs:178,446-462,536-560 (nearai.session_token / encrypted nearai_session_token).
• This path has no knowledge of the product-auth account store (grep of crates/ironclaw_llm/src/ for product_auth/CredentialAccount is empty).

nearai.web_search staging credential comes from a separate product-auth CredentialAccount:

• Manifest crates/ironclaw_first_party_extensions/assets/nearai-mcp/manifest.toml — capability nearai.web_search, default_permission = "ask", runtime_credentials = [{ handle = "llm_nearai_api_key", source = product_auth_account provider "nearai", target = header authorization "Bearer " }].
• Staging crates/ironclaw_reborn_composition/src/product_auth_runtime_credentials.rs:505-572 requires a NEAR AI account with status == Configured and an access_secret; otherwise CredentialStageError::AuthRequired (:558-559, map_account_error :654-659).

The bridge is a one-shot, boot-time copy (crates/ironclaw_reborn_composition/src/nearai_mcp.rs:104-129,201-357): bootstrap_nearai_mcp copies the LLM nearai.api_key/session token into the product-auth account via submit_manual_token (:291-322) at startup. It is skipped or goes stale in real cases:

• LLM credential not present in config at process start (interactive/late NEAR AI login or key set via WebUI after boot) → NotConfigured, account never created (nearai_mcp.rs:207-209).
• durable product-auth storage not compiled in → SkippedUnsupportedStorage (:210-215).
• transient unavailability at boot → non-Configured (:303-316).
• session-token rotation: inference transparently renews/persists a new session token (session.rs:277-…), but nothing re-runs the boot copy; the manual-token account's access_secret is never refreshed (refresher :383-385 is a no-op for ManualToken).

Activation vs. staging disagree: activation is a one-shot boot gate; model-visibility tracks only the Active phase and is never re-gated on live credential state (extension_lifecycle.rs:244-267), while staging re-checks live per call. So the tool stays offered to the model after boot even once its product-auth account is missing/stale → auth_required on use.

Net: chat works off the live settings credential while the product-auth nearai account is absent/non-Configured, so nearai.web_search prompts again. Reporter confirms chat was working — i.e. exactly this divergence.

Suggested direction

1. Auto-activate web-access (Exa) by default in the Reborn lifecycle — seed it enabled on first run (e.g. in restore_extension_lifecycle_state or a first-run seeding step). This makes web search keyless out of the box and avoids routing it through NEAR AI product auth at all. Primary fix for the original report ("shouldn't web search be auto-configured?").
2. Make nearai.web_search credential track the live inference credential rather than a one-shot boot copy: re-run/refresh the bootstrap_nearai_mcp bridge when the NEAR AI key/session token is set or rotated after boot (settings change, interactive login, token renewal), so a working chat provider implies a working nearai.web_search. Alternatively, resolve the tool credential from the same source inference uses instead of a separate product-auth account.
3. Don't keep a credential-backed tool model-visible when its credential is missing/stale — re-gate model visibility (or surface the gate proactively) so the user isn't offered a tool that will always auth_required until re-auth.

Resolution of the earlier open question

Confirmed by reporter: chat was working when the prompt appeared → this is the nearai.web_search product-auth staging gate (Problem 2), not the LLM-inference onboarding gate.