feat: implement agentic DuckDuckGo web-search fallback

[tejask011]

Adds fallback logic to the RAG service when local FAISS context fails, injecting DuckDuckGo search results as additional context. Updates the React UI to display web source citations with proper external links and visual differentiation.

Summary

This PR addresses the "insufficient context" limitation in the RAG pipeline by introducing an Agentic Web-Search Fallback.

Changes Made

Backend (rag-service/main.py)

• Added duckduckgo-search as a dependency.

• Implemented fallback logic that triggers when passes_evidence_gate() fails.

• Executes a DuckDuckGo search using the user's query when retrieved document context is insufficient.

• Injects top web search results into the LLM prompt as supplemental context.

• Opens external URLs in a new browser tab when a web citation is clicked.

Related issue

Closes #515

Testing

• I ran the relevant checks locally
• I verified the app still starts
• I tested the affected flow end-to-end

Test Scenarios

• Uploaded PDF and asked document-related questions.
• Asked questions outside the scope of the uploaded PDF.
• Verified fallback search triggers correctly when retrieval confidence is low.
• Verified web citations render correctly in the frontend.
• Verified external links open in a new tab.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas

Notes

Deployment Requirements

• The deployment environment must have internet access for DuckDuckGo search requests.

• requirements.txt has been updated with:

  • duckduckgo-search>=5.0.0

• Run:

pip install -r requirements.txt

during deployment to install the new dependency.

Security

• No sensitive data included

labels

GSSOC

Summary by CodeRabbit

• New Features

  • Automatic web-search fallback supplies web results to produce an overview response when internal sources lack context; when none found, existing insufficient-context responses (including streaming) are preserved.
  • Citations now include web link metadata and open in a new tab when available.

• Style

  • Web sources use a globe icon, are clickable (pointer cursor), open http/https links in a new tab, and omit page-number suffixes.

[vercel]

@tejask011 is attempting to deploy a commit to the firefistisdead's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Warning

Review limit reached

@tejask011, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 57 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: aae69dd2-0f37-4855-9292-44e1f8f81e8b

📥 Commits

Reviewing files that changed from the base of the PR and between 50894a1 and 547b8c3.

📒 Files selected for processing (1)

• rag-service/main.py

📝 Walkthrough

Walkthrough

Adds a DuckDuckGo web-search fallback used when RAG retrieval is insufficient, updates /ask and /ask/stream to attempt the fallback, enriches citation metadata with type and url, and updates the chat UI to render and open web sources distinctly.

Changes

Web Search Fallback for Insufficient Evidence

Layer / File(s)	Summary
Web search foundation and dependency rag-service/requirements.txt, rag-service/main.py	Adds duckduckgo-search>=5.0.0 dependency and implements perform_web_search helper that returns LangChain Document objects from DuckDuckGo results with fallback handling for missing dependency.
Source metadata enrichment rag-service/main.py	Updates citation_source_for_document to include type and url fields from Document metadata in citation payloads, enabling web vs. document source identification downstream.
/ask endpoint evidence gate fallback rag-service/main.py	Extends evidence gate rejection handling to attempt web search; on success replaces docs with web results and forces intent="overview", otherwise records refusal in session history and returns the refusal payload.
/ask/stream endpoint evidence gate fallback rag-service/main.py	Mirrors evidence gate fallback in streaming endpoint: on web search failure appends refusal to session history and streams the refusal SSE followed by [DONE].
Frontend web source citation rendering frontend/src/components/ChatPanel/MessageBubble.jsx	Updates citation chips to distinguish web sources: globe icon and URL-click navigation for web sources, pointer cursor for either web or openable sources, and page suffix suppressed for web sources.

sequenceDiagram
  participant Client
  participant RAGService
  participant perform_web_search
  participant DuckDuckGo
  participant SessionStore
  Client->>RAGService: POST /ask (query)
  RAGService->>RAGService: run evidence gate on retrieved docs
  alt evidence insufficient
    RAGService->>perform_web_search: perform_web_search(query)
    perform_web_search->>DuckDuckGo: DuckDuckGo search
    DuckDuckGo-->>perform_web_search: results (url, title, snippet)
    perform_web_search-->>RAGService: Documents with metadata {type, url}
    RAGService->>RAGService: replace docs, set intent="overview"
    RAGService-->>Client: overview response with web citations
  else no web results
    RAGService->>SessionStore: append refusal, mark session dirty
    RAGService-->>Client: insufficient-context refusal (or streamed SSE)
  end

Loading

---

🎯 3 (Moderate) | ⏱️ ~25 minutes

---

🐰 When evidence runs dry, the web becomes the guide,
With globe icons bright and URLs open wide,
No more "I don't know"—just search and provide,
Agentic whiskers twitching with backend pride! 🌐✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 28.57% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Linked Issues check	❓ Inconclusive	The PR implements core objectives from #515: web search fallback triggering on low confidence [#515], web search result injection into LLM context [#515], clear UI distinction between web and document sources [#515], and external link handling [#515]. However, similarity score-based confidence detection with configurable threshold is not explicitly implemented.	Clarify whether similarity score-based confidence detection with a configurable threshold (mentioned in #515) is implemented, or if fallback triggers on a different mechanism. If not implemented, consider this a potential gap in meeting #515 requirements.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: implementing a DuckDuckGo web-search fallback feature as the primary objective of the PR.
Description check	✅ Passed	The PR description covers all required sections: Summary, Related Issue, Testing with test scenarios, Checklist items, Deployment Requirements, and Security confirmation. All sections are substantially completed.
Out of Scope Changes check	✅ Passed	All code changes are directly aligned with PR objectives: frontend UI updates for web citations, backend web search fallback logic, and dependency additions. No extraneous or out-of-scope changes detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@frontend/src/components/ChatPanel/MessageBubble.jsx`:
- Around line 366-369: The onClick handler in MessageBubble.jsx opens
third-party URLs directly (window.open(source.url, '_blank')) without validating
the URL or preventing tabnabbing; update the handler (the branch using
isWebSource and source.url) to first parse and validate source.url (e.g., try
new URL(source.url) and ensure protocol is http: or https:, or prepend https://
if appropriate), then open it using window.open with noopener/noreferrer (e.g.,
window.open(validUrl, '_blank', 'noopener,noreferrer')), and as a fallback set
the returned window's opener to null (const w = window.open(...); if (w)
w.opener = null) to ensure window.opener is not exposed.

In `@rag-service/main.py`:
- Around line 3479-3484: The code replaces PDF docs with web_docs in the
evidence fallback (see logger.info, perform_web_search, docs, intent) but
doesn't propagate retrieval origin; update the flow to set and carry a
retrieval_origin flag (e.g., retrieval_origin = "web" or "pdf") whenever you
assign docs = web_docs and when original PDF retrieval succeeds, and thread that
flag through the answer-building and prompt-construction functions (including
the streaming prompt path and any functions that generate headers or extractive
intro text) so they switch wording/instructions when any doc.metadata.type ==
"web" (or retrieval_origin == "web"); ensure code paths that synthesize overview
vs PDF-specific language read the flag and produce web-appropriate provenance
statements.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 890edd76-693e-4451-aeac-9824130bba60

📥 Commits

Reviewing files that changed from the base of the PR and between ba82aa9 and 8e9f8cd.

📒 Files selected for processing (3)

• frontend/src/components/ChatPanel/MessageBubble.jsx
• rag-service/main.py
• rag-service/requirements.txt

[FireFistisDead]

@tejask011 check the tests as they are not passi

[tejask011]

@tejask011 check the tests as they are not passi

please review it now

[FireFistisDead]

@tejask011 there are merge conflicts

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

rag-service/main.py (1)

3410-3416: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Route handlers are shadowed, so /ask and /summarize never execute their full logic.

Both decorated handlers currently stop after cleanup_expired_sessions(). The later same-named def blocks are not the registered FastAPI endpoints, so these routes return null instead of running retrieval/generation logic.

✅ Minimal patch

 `@app.post`("/ask")
 def ask_question(data: Question, _ready: None = Depends(require_models_ready)):
     cleanup_expired_sessions()
-
-
-def ask_question(data: Question):
     question = (data.question or "").strip()
     ...

 `@app.post`("/summarize")
 def summarize_pdf(data: SummarizeRequest, _ready: None = Depends(require_models_ready)):
     cleanup_expired_sessions()
-def summarize_pdf(data: SummarizeRequest):
     session_id = str(data.session_id)
     ...

Also applies to: 4211-4215

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rag-service/main.py` around lines 3410 - 3416, The FastAPI route handlers are
shadowed by duplicate function definitions (e.g., the decorated
`@app.post`("/ask") def ask_question(...) currently only calls
cleanup_expired_sessions() while a later def ask_question(data: Question):
contains the real logic); remove the duplicate/unregistered function and move
the full handler logic into the decorated function (keep the dependency
require_models_ready in the signature and call cleanup_expired_sessions() before
running the question processing), and apply the same fix for the /summarize
handler so the registered endpoints execute the retrieval/generation code
instead of returning null.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@rag-service/main.py`:
- Around line 3988-3991: The merged list keeps per-session local rank values
which distort cross-session ranking used by diversify_retrieved_documents();
after sorting all_scored_candidates and slicing scored_candidates, recompute
global ranks by iterating scored_candidates in order and updating each
candidate's rank to its new global position (e.g., for i, cand in
enumerate(scored_candidates): set cand.rank = i+1 or rebuild the tuple as
(cand_doc, cand_score, i+1) if candidates are tuples) so
diversify_retrieved_documents() sees correct global ranks when applying
thresholds.
- Around line 3895-3907: The loop over session_id_list (for idx, session_id in
enumerate(session_id_list)) builds all_scored_candidates and
all_indexed_documents but later persistence uses a single session_id, so history
updates and dirty flags are only written for one session; fix by performing
per-session persistence: either move the refusal/success persistence logic into
the loop so each iteration uses the current session_id and secret_list[idx] (or
None) when appending chat history and marking dirty, and compute a
session-scoped cache_key (e.g., include session_id) before using it;
alternatively, keep aggregation but then after the loop iterate over
session_id_list and persist the corresponding subset of results for each
session_id (mapping candidates/documents back to each session), ensuring you
reference session_id_list, secret_list, the for idx, session_id loop,
all_scored_candidates, all_indexed_documents, and cache_key when making the
per-session writes.

---

Outside diff comments:
In `@rag-service/main.py`:
- Around line 3410-3416: The FastAPI route handlers are shadowed by duplicate
function definitions (e.g., the decorated `@app.post`("/ask") def
ask_question(...) currently only calls cleanup_expired_sessions() while a later
def ask_question(data: Question): contains the real logic); remove the
duplicate/unregistered function and move the full handler logic into the
decorated function (keep the dependency require_models_ready in the signature
and call cleanup_expired_sessions() before running the question processing), and
apply the same fix for the /summarize handler so the registered endpoints
execute the retrieval/generation code instead of returning null.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 997f9475-7967-42c1-9fef-16c26836d62d

📥 Commits

Reviewing files that changed from the base of the PR and between be85d26 and 50894a1.

📒 Files selected for processing (2)

• rag-service/main.py
• rag-service/requirements.txt

🚧 Files skipped from review as they are similar to previous changes (1)

• rag-service/requirements.txt

[coderabbitai]

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

rag-service/main.py (1)

3410-3416: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Route handlers are shadowed, so /ask and /summarize never execute their full logic.

Both decorated handlers currently stop after cleanup_expired_sessions(). The later same-named def blocks are not the registered FastAPI endpoints, so these routes return null instead of running retrieval/generation logic.

✅ Minimal patch

 `@app.post`("/ask")
 def ask_question(data: Question, _ready: None = Depends(require_models_ready)):
     cleanup_expired_sessions()
-
-
-def ask_question(data: Question):
     question = (data.question or "").strip()
     ...

 `@app.post`("/summarize")
 def summarize_pdf(data: SummarizeRequest, _ready: None = Depends(require_models_ready)):
     cleanup_expired_sessions()
-def summarize_pdf(data: SummarizeRequest):
     session_id = str(data.session_id)
     ...

Also applies to: 4211-4215

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rag-service/main.py` around lines 3410 - 3416, The FastAPI route handlers are
shadowed by duplicate function definitions (e.g., the decorated
`@app.post`("/ask") def ask_question(...) currently only calls
cleanup_expired_sessions() while a later def ask_question(data: Question):
contains the real logic); remove the duplicate/unregistered function and move
the full handler logic into the decorated function (keep the dependency
require_models_ready in the signature and call cleanup_expired_sessions() before
running the question processing), and apply the same fix for the /summarize
handler so the registered endpoints execute the retrieval/generation code
instead of returning null.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@rag-service/main.py`:
- Around line 3988-3991: The merged list keeps per-session local rank values
which distort cross-session ranking used by diversify_retrieved_documents();
after sorting all_scored_candidates and slicing scored_candidates, recompute
global ranks by iterating scored_candidates in order and updating each
candidate's rank to its new global position (e.g., for i, cand in
enumerate(scored_candidates): set cand.rank = i+1 or rebuild the tuple as
(cand_doc, cand_score, i+1) if candidates are tuples) so
diversify_retrieved_documents() sees correct global ranks when applying
thresholds.
- Around line 3895-3907: The loop over session_id_list (for idx, session_id in
enumerate(session_id_list)) builds all_scored_candidates and
all_indexed_documents but later persistence uses a single session_id, so history
updates and dirty flags are only written for one session; fix by performing
per-session persistence: either move the refusal/success persistence logic into
the loop so each iteration uses the current session_id and secret_list[idx] (or
None) when appending chat history and marking dirty, and compute a
session-scoped cache_key (e.g., include session_id) before using it;
alternatively, keep aggregation but then after the loop iterate over
session_id_list and persist the corresponding subset of results for each
session_id (mapping candidates/documents back to each session), ensuring you
reference session_id_list, secret_list, the for idx, session_id loop,
all_scored_candidates, all_indexed_documents, and cache_key when making the
per-session writes.

---

Outside diff comments:
In `@rag-service/main.py`:
- Around line 3410-3416: The FastAPI route handlers are shadowed by duplicate
function definitions (e.g., the decorated `@app.post`("/ask") def
ask_question(...) currently only calls cleanup_expired_sessions() while a later
def ask_question(data: Question): contains the real logic); remove the
duplicate/unregistered function and move the full handler logic into the
decorated function (keep the dependency require_models_ready in the signature
and call cleanup_expired_sessions() before running the question processing), and
apply the same fix for the /summarize handler so the registered endpoints
execute the retrieval/generation code instead of returning null.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 997f9475-7967-42c1-9fef-16c26836d62d

📥 Commits

Reviewing files that changed from the base of the PR and between be85d26 and 50894a1.

📒 Files selected for processing (2)

• rag-service/main.py
• rag-service/requirements.txt

🚧 Files skipped from review as they are similar to previous changes (1)

• rag-service/requirements.txt

🛑 Comments failed to post (2)

rag-service/main.py (2)

3895-3907: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Multi-session retrieval writes chat history to only one session.

The loop collects documents from multiple sessions, but downstream refusal/success persistence still appends chat and marks dirty using a single session_id value (the last iterated one). That drops history updates for other queried sessions and creates inconsistent per-session state.

💡 Suggested direction

-    for idx, session_id in enumerate(session_id_list):
+    validated_session_ids = []
+    for idx, session_id in enumerate(session_id_list):
         ...
         _require_session_secret(session, secret)
+        validated_session_ids.append(session_id)
         ...

-            with sessions_lock:
-                current_session = sessions.get(session_id)
-                if current_session:
-                    append_chat_exchange(...)
-                _mark_session_dirty(session_id)
+            with sessions_lock:
+                for sid in validated_session_ids:
+                    current_session = sessions.get(sid)
+                    if current_session:
+                        append_chat_exchange(...)
+                    _mark_session_dirty(sid)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rag-service/main.py` around lines 3895 - 3907, The loop over session_id_list
(for idx, session_id in enumerate(session_id_list)) builds all_scored_candidates
and all_indexed_documents but later persistence uses a single session_id, so
history updates and dirty flags are only written for one session; fix by
performing per-session persistence: either move the refusal/success persistence
logic into the loop so each iteration uses the current session_id and
secret_list[idx] (or None) when appending chat history and marking dirty, and
compute a session-scoped cache_key (e.g., include session_id) before using it;
alternatively, keep aggregation but then after the loop iterate over
session_id_list and persist the corresponding subset of results for each
session_id (mapping candidates/documents back to each session), ensuring you
reference session_id_list, secret_list, the for idx, session_id loop,
all_scored_candidates, all_indexed_documents, and cache_key when making the
per-session writes.

---

3988-3991: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Recompute global ranks after merging cross-session retrieval results.

After sorting merged candidates by score, the code keeps per-session local rank values. diversify_retrieved_documents() uses rank thresholds, so local ranks from different sessions distort relevance selection.

🔧 Minimal fix

     all_scored_candidates.sort(key=lambda x: x[1])
-    scored_candidates = all_scored_candidates[:ASK_RETRIEVAL_CANDIDATES]
+    scored_candidates = [
+        (doc, score, global_rank)
+        for global_rank, (doc, score, _local_rank) in enumerate(
+            all_scored_candidates[:ASK_RETRIEVAL_CANDIDATES]
+        )
+    ]
     indexed_documents = all_indexed_documents

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rag-service/main.py` around lines 3988 - 3991, The merged list keeps
per-session local rank values which distort cross-session ranking used by
diversify_retrieved_documents(); after sorting all_scored_candidates and slicing
scored_candidates, recompute global ranks by iterating scored_candidates in
order and updating each candidate's rank to its new global position (e.g., for
i, cand in enumerate(scored_candidates): set cand.rank = i+1 or rebuild the
tuple as (cand_doc, cand_score, i+1) if candidates are tuples) so
diversify_retrieved_documents() sees correct global ranks when applying
thresholds.

[tejask011]

check it now see i made changes