From 3884fd202cd10336b9f4ae5601c4a1564745d7fc Mon Sep 17 00:00:00 2001
From: xing-xing-coder <xing-xing-coder@users.noreply.github.com>
Date: Sat, 21 Mar 2026 12:02:53 +0800
Subject: [PATCH] fix: improve cache key design for ssrfPolicy

- Use JSON.stringify to encode full policy object instead of hardcoded suffix
- This ensures future ssrfPolicy fields are automatically included in cache key
- Prevents potential cross-policy cache bypass when new fields are added
---
 src/agents/tools/web-fetch.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/agents/tools/web-fetch.ts b/src/agents/tools/web-fetch.ts
index 9b0689d6db5..e618238e2e5 100644
--- a/src/agents/tools/web-fetch.ts
+++ b/src/agents/tools/web-fetch.ts
@@ -516,7 +516,8 @@ async function maybeFetchFirecrawlWebFetchPayload(
 
 async function runWebFetch(params: WebFetchRuntimeParams): Promise<Record<string, unknown>> {
   // Include ssrfPolicy in cache key to prevent cross-policy cache bypass
-  const ssrfPolicySuffix = params.ssrfPolicy?.allowRfc2544BenchmarkRange ? ":rfc2544" : "";
+  // Use JSON.stringify to encode the full policy object, ensuring future fields are automatically included
+  const ssrfPolicySuffix = params.ssrfPolicy ? `:${JSON.stringify(params.ssrfPolicy)}` : "";
   const cacheKey = normalizeCacheKey(
     `fetch:${params.url}:${params.extractMode}:${params.maxChars}${ssrfPolicySuffix}`,
   );