Settings Connectivity Checks for API Providers / 设置页 API 连通性测试

[SivanCola]

Summary

• Add settings-page connection tests for DeepSeek credentials/base URL and web search providers.
• Wire the desktop RPC command to return success, failure, status, detail, and latency results.
• Add DeepSeek custom-endpoint credential policy warnings plus regression coverage.

Verification

• npm test -- desktop/src/App.test.ts tests/deepseek-endpoint-policy.test.ts
• HOME=/tmp/reasonix-verify-home.W2jJAp npm run verify
• Fork branch push pre-push hook reran npm run verify successfully.

Notes

• Extracts the connectivity-test work into an independent PR branch separate from feat(desktop): Native macOS Update Center｜原生 macOS 更新中心 #2231.
• Direct push to the upstream repository branch is not available for the current GitHub accounts, so this PR uses the verified fork head branch.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ca3245fd7e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[esengine]

Really solid PR — the security design here is exactly right, and I verified it against the source:

Credential safety (PASS): the connection test never reflects the API key back. Failure results emit fixed strings + HTTP <status> or the error message (desktop.ts), web-search errors are i18n templates interpolating only status/endpoint/protocol — the key only ever travels in the Authorization header / request body, and the result event type has no key field.

SSRF / endpoint policy (PASS — it gates, not just warns): resolveDeepSeekConnectionTestTarget attaches the saved DeepSeek key only when the requested base URL exactly equals the saved one — typing a custom https://attacker.example/v1 resolves the key to undefined and short-circuits with 'No API key configured', so the saved api.deepseek.com key can't be exfiltrated to an arbitrary endpoint. validateDeepSeekCredentialedEndpoint also rejects non-HTTPS (except loopback) and credential-embedding URLs. tests/deepseek-endpoint-policy.test.ts pins exactly this (incl. the 'does not combine a saved key with an unsaved custom endpoint' case). Nicely done.

No conflict with the search-timeout work: I just merged searchSignal() (15s timeout on every engine, #2252/#2259) into web.ts. Your branch predates it, so the 3-dot diff looks like a revert, but git merge origin/main auto-resolves cleanly — both the timeout and your opts.apiKey ?? load… plumbing survive on adjacent lines. The configPath fix for the Tavily/Perplexity/Exa key loaders is a legitimate in-scope bugfix.

One blocking issue — i18n parity will break the desktop release build:

• en.ts and zh-CN.ts each add 6 settings keys, but desktop/src/i18n/ja.ts only adds baseUrlCustomCredentialWarning — it's missing testConnection, testingConnection, connectionOk, connectionFailed, connectionPaidHint (5 keys).
• ja.ts's settings: block is a full literal (no ...en.settings spread), and it's typed ja: typeof en, so those 5 missing keys are a hard tsc error. Root CI stays green because ci.yml never compiles desktop/ (root tsc only covers src/ + dashboard), but desktop/package.json's tsc && vite build runs on desktop release tags — so this would break the next desktop release.
• de.ts is fine: it spreads ...en.settings, so it falls back to EN for the missing keys (per our de/ru convention). Only ja.ts needs the 5 keys added (translated). Please run tsc inside desktop/ to confirm 0 errors after.

Everything else LGTM and CI (build ubuntu+windows + CodeQL) is green. Add the 5 ja.ts keys and I'm happy to approve.

[SivanCola]

Addressed review #2263 (review) in 1d20a0e.

Root cause:

• desktop/src/i18n/ja.ts is typed as typeof en and does not spread ...en.settings, so the five new connection-test settings keys must exist explicitly in Japanese.

Solution:

• Added Japanese translations for testConnection, testingConnection, connectionOk, connectionFailed, and connectionPaidHint.
• Preserved the {latencyMs} placeholder in connectionOk.

Verified:

• npm --prefix desktop exec tsc -- --noEmit passed.
• npm --prefix desktop run build passed (tsc && vite build).
• DeepSeek Forge run_checks.sh passed with desktop tsc, root typecheck, lint, and focused tests.
• pre-push npm run verify passed: 315 test files, 4051 passed, 9 skipped.

Note: reviewDecision may remain CHANGES_REQUESTED until the owner submits a new approving review; there are no unresolved review threads left from the prior inline comments.

[SivanCola]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Breezy!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[esengine]

Connectivity checks are something users have been asking for — useful before you burn a request to find out the key is wrong. Implementation looks clean.