fix: tool reliability improvements for sql-classify, edit, and webfetch

[anandgupta42]

What does this PR do?

Fixes 8 tool reliability issues found via 6-model consensus code review across sql-classify, edit, and webfetch tools.

sql-classify.ts:

• Fix computeSqlFingerprint referencing undefined core variable after safe-import refactor
• Invert fallback classifier to whitelist reads instead of blacklisting writes (security fix)
• Handle multi-statement SQL in fallback by splitting on semicolons
• Strip -- line comments in fallback
• Fix HARD_DENY_PATTERN trailing \s → \b

edit.ts:

• Add buildNotFoundMessage with Levenshtein nearest-match snippets for LLM self-correction
• Fix substring matching to prefer exact equality over short-line false matches

webfetch.ts:

• Add session-level URL failure cache (404/410/451) with 5-min TTL and 500-entry cap
• Add actionable status-specific error messages via buildFetchError
• Add sanitizeUrl to strip query strings from error messages (prevents token leakage)
• Add URL validation via new URL() constructor

Type of change

• Bug fix (non-breaking change which fixes an issue)

Issue for this PR

Closes #581

How did you verify your code works?

• 92 tests passing (12 new) across sql-classify, edit, and webfetch test suites
• TypeScript typecheck passing
• Marker guard check passing
• 6-model consensus code review (Claude, GPT 5.2 Codex, Gemini 3.1 Pro, Kimi K2.5, MiniMax M2.5, GLM-5)

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• New and existing unit tests pass locally with my changes
• I have added tests that prove my fix is effective

Summary by CodeRabbit

• Bug Fixes

  • Improved SQL classification reliability with enhanced fallback logic for multi-statement queries
  • Enhanced error messages when text replacement fails with suggestions of similar content
  • Strengthened URL validation and error handling in web fetching

• New Features

  • Added session-level caching for failed URLs (404/410/451) with 5-minute TTL to reduce redundant requests
  • Implemented status-specific HTTP error messages with actionable guidance for common failure scenarios

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e3a11c38-4b49-40df-bce3-11a1677385e6

📥 Commits

Reviewing files that changed from the base of the PR and between 382b5db and 36b7f3a.

📒 Files selected for processing (7)

• .github/meta/commit.txt
• packages/opencode/src/altimate/tools/sql-classify.ts
• packages/opencode/src/tool/edit.ts
• packages/opencode/src/tool/webfetch.ts
• packages/opencode/test/altimate/tools/sql-classify.test.ts
• packages/opencode/test/tool/edit.test.ts
• packages/opencode/test/tool/webfetch.test.ts

Disabled knowledge base sources:

• Jira integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

📝 Walkthrough

Walkthrough

This PR addresses reliability issues across three tools by adding safe imports with fallback logic to sql-classify, implementing error message self-correction in edit, and introducing URL failure caching with actionable error messages in webfetch.

Changes

Cohort / File(s)	Summary
SQL Classification Tool packages/opencode/src/altimate/tools/sql-classify.ts, packages/opencode/test/altimate/tools/sql-classify.test.ts	Added guarded optional imports for core module functions. Introduced classifyFallback() regex-based classifier that strips comments, splits multi-statement SQL, hard-blocks deny patterns, and defaults unknown statements to "write" (safety-first). Updated classify(), classifyAndCheck(), and computeSqlFingerprint() to fall back to regex classifier when native module unavailable or on exceptions. Expanded test coverage with four new cases for computeSqlFingerprint graceful degradation.
Edit Tool packages/opencode/src/tool/edit.ts, packages/opencode/test/tool/edit.test.ts	Added buildNotFoundMessage() helper that generates Levenshtein-based nearest-match suggestions with line numbers and context windows for self-correction. Updated replace() error path to throw detailed error messages with similar-line hints instead of static text. Added eight new test cases covering empty/whitespace inputs, exact matches, substring containment, and unrelated queries.
Webfetch Tool packages/opencode/src/tool/webfetch.ts, packages/opencode/test/tool/webfetch.test.ts	Added session-level failure cache (5-minute TTL, 500-URL max) for 404/410/451 responses with oldest-entry eviction. Implemented URL validation via new URL() parsing. Replaced generic error messages with status-specific, actionable messages (404/410/403/429/451/500 cases). Added sanitizeUrl() to strip query strings from error output. Updated test assertions for new HTTP 500 and 403 error message formats.
Metadata .github/meta/commit.txt	Updated commit message to reflect reliability improvements across three tools.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant WebFetch as WebFetch Tool
    participant Cache as URL Failure Cache
    participant Server as HTTP Server
    
    Client->>WebFetch: fetch(url)
    WebFetch->>WebFetch: validate URL
    WebFetch->>Cache: check if url failed before?
    
    alt Cached failure (404/410/451)
        Cache->>WebFetch: return cached error
        WebFetch->>Client: throw error immediately
    else Not in cache
        WebFetch->>Server: make HTTP request
        Server->>WebFetch: response (status, body)
        
        alt Success (200-299)
            WebFetch->>Client: return response
        else Error (404/410/451/403/429/500)
            WebFetch->>Cache: cache failure + TTL
            WebFetch->>WebFetch: build status-specific error message
            WebFetch->>Client: throw actionable error
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Remove phantom sql_validate tool and add comprehensive SQL validation tests #352: Adds comprehensive test coverage for sql-classify functions (classify, classifyAndCheck, computeSqlFingerprint) that directly exercise the new fallback logic and graceful degradation added in this PR.
• fix: replace npm glob/minimatch with Bun.Glob — fixes 52 CI test failures #460: Implements runtime guarding patterns for the native @altimateai/altimate-core dependency, which is the same guard-based approach used here across multiple files.
• fix: address multi-model code review findings for recent merges #307: Modifies webfetch.ts error handling and messaging behavior, with overlapping changes to HTTP status code handling and User-Agent error scenarios.

Suggested labels

contributor

Suggested reviewers

• mdesmet

Poem

🐰 Three tools now hop with grace and might,
SQL falls back with safety in sight,
Edit suggests what went astray,
While cached webfetches save the day! 🌟

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/tool-reliability-469-470-471

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}